[master] better error output when initializing pkcs11

3786.	[func]		Provide more detailed error codes when using
			native PKCS#11. "pkcs11-tokens" now fails robustly
			rather than asserting when run against an HSM with
			an incomplete PCKS#11 API implementation. [RT #35479]

CHANGES

+3786.	[func]		Provide more detailed error codes when using
+			native PKCS#11. "pkcs11-tokens" now fails robustly
+			rather than asserting when run against an HSM with
+			an incomplete PCKS#11 API implementation. [RT #35479]
+
 3785.	[bug]		Debugging code dumphex didn't accept arbitarily long
 			input (only compiled with -DDEBUG). [RT #35544]
 

bin/dnssec/dnssec-dsfromkey.c

@@ -49,6 +49,10 @@
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #ifndef PATH_MAX
@@ -370,6 +374,9 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("out of memory");
 
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;

bin/dnssec/dnssec-importkey.c

@@ -47,6 +47,10 @@
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #ifndef PATH_MAX
@@ -302,6 +306,9 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("out of memory");
 
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;

bin/dnssec/dnssec-keyfromlabel.c

@@ -43,6 +43,10 @@
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #define MAX_RSA 4096 /* should be long enough... */
@@ -174,6 +178,9 @@ main(int argc, char **argv) {
 
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;

bin/dnssec/dnssec-keygen.c

@@ -58,6 +58,10 @@
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #define MAX_RSA 4096 /* should be long enough... */
@@ -254,6 +258,9 @@ main(int argc, char **argv) {
 	if (argc == 1)
 		usage();
 
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;

bin/dnssec/dnssec-revoke.c

@@ -38,6 +38,10 @@
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 const char *program = "dnssec-revoke";
@@ -103,6 +107,9 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		fatal("Out of memory");
 
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;

bin/dnssec/dnssec-settime.c

@@ -41,6 +41,10 @@
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 const char *program = "dnssec-settime";
@@ -168,6 +172,9 @@ main(int argc, char **argv) {
 
 	setup_logging(verbose, mctx, &log);
 
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;

bin/dnssec/dnssec-signzone.c

@@ -86,6 +86,10 @@
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 #ifndef PATH_MAX
@@ -3136,6 +3140,9 @@ main(int argc, char *argv[]) {
 	if (result != ISC_R_SUCCESS)
 		fatal("out of memory");
 
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;

bin/dnssec/dnssec-verify.c

@@ -69,6 +69,10 @@
 
 #include <dst/dst.h>
 
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
+
 #include "dnssectool.h"
 
 const char *program = "dnssec-verify";
@@ -199,6 +203,9 @@ main(int argc, char *argv[]) {
 	if (result != ISC_R_SUCCESS)
 		fatal("out of memory");
 
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = ISC_FALSE;

bin/named/main.c

@@ -50,9 +50,13 @@
 #include <dns/view.h>
 
 #include <dst/result.h>
+#ifdef PKCS11CRYPTO
+#include <pk11/result.h>
+#endif
 
 #include <dlz/dlz_dlopen_driver.h>
 
+
 /*
  * Defining NS_MAIN provides storage declarations (rather than extern)
  * for variables in named/globals.h.
@@ -1131,6 +1135,9 @@ main(int argc, char *argv[]) {
 	dns_result_register();
 	dst_result_register();
 	isccc_result_register();
+#ifdef PKCS11CRYPTO
+	pk11_result_register();
+#endif
 
 	parse_command_line(argc, argv);
 

bin/pkcs11/Makefile.in

@@ -26,6 +26,10 @@ CDEFINES =
 
 ISCLIBS =	../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
 
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+
+DEPLIBS =	${ISCDEPLIBS}
+
 # if FORCE_STATIC_PROVIDER: LIBS += ${PROVIDER}
 LIBS =		${ISCLIBS} @LIBS@
 
@@ -47,19 +51,19 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-pkcs11-list@EXEEXT@: @srcdir@/pkcs11-list.@O@
+pkcs11-list@EXEEXT@: @srcdir@/pkcs11-list.@O@ ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
 		-o $@ @srcdir@/pkcs11-list.@O@ ${LIBS}
 
-pkcs11-destroy@EXEEXT@: @srcdir@/pkcs11-destroy.@O@
+pkcs11-destroy@EXEEXT@: @srcdir@/pkcs11-destroy.@O@ ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
 		-o $@ @srcdir@/pkcs11-destroy.@O@ ${LIBS}
 
-pkcs11-keygen@EXEEXT@: @srcdir@/pkcs11-keygen.@O@
+pkcs11-keygen@EXEEXT@: @srcdir@/pkcs11-keygen.@O@ ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
 		-o $@ @srcdir@/pkcs11-keygen.@O@ ${LIBS}
 
-pkcs11-tokens@EXEEXT@: @srcdir@/pkcs11-tokens.@O@
+pkcs11-tokens@EXEEXT@: @srcdir@/pkcs11-tokens.@O@ ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
 		-o $@ @srcdir@/pkcs11-tokens.@O@ ${LIBS}
 

bin/pkcs11/pkcs11-destroy.c

@@ -61,6 +61,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #ifdef WIN32
 #define sleep(x)	Sleep(x)
@@ -142,6 +143,8 @@ main(int argc, char *argv[]) {
 		search_template[0].ulValueLen = strlen(label);
 	}
 
+	pk11_result_register();
+
 	/* Initialize the CRYPTOKI library */
 	if (lib_name != NULL)
 		pk11_set_lib_name(lib_name);
@@ -149,11 +152,17 @@ main(int argc, char *argv[]) {
 	if (pin == NULL)
 		pin = getpassphrase("Enter Pin: ");
 
-	result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-				  (const char *) pin, slot);
-	if (result != ISC_R_SUCCESS) {
-		fprintf(stderr, "Error initializing PKCS#11: %s\n",
-			isc_result_totext(result));
+	result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_TRUE,
+				  ISC_TRUE, (const char *) pin, slot);
+	if (result == PK11_R_NORANDOMSERVICE ||
+	    result == PK11_R_NODIGESTSERVICE ||
+	    result == PK11_R_NOAESSERVICE) {
+		fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+		fprintf(stderr, "This HSM will not work with BIND 9 "
+				"using native PKCS#11.\n");
+	} else if (result != ISC_R_SUCCESS) {
+		fprintf(stderr, "Unrecoverable error initializing "
+				"PKCS#11: %s\n", isc_result_totext(result));
 		exit(1);
 	}
 
@@ -253,7 +262,7 @@ main(int argc, char *argv[]) {
 
  exit_session:
 	pk11_return_session(&pctx);
-	pk11_shutdown();
+	(void) pk11_finalize();
 
 	exit(error);
 }

bin/pkcs11/pkcs11-keygen.c

@@ -68,6 +68,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 #define WANT_DH_PRIMES
 #define WANT_ECC_CURVES
 #include <pk11/constants.h>
@@ -291,6 +292,7 @@ main(int argc, char *argv[]) {
 	CK_ULONG public_attrcnt = 0, private_attrcnt = PRIVATE_ATTRS;
 	CK_ULONG domain_attrcnt = 0, param_attrcnt = 0;
 	key_class_t keyclass = key_rsa;
+	pk11_optype_t op_type = OP_ANY;
 
 #define OPTIONS ":a:b:ei:l:m:Pp:qSs:"
 	while ((c = isc_commandline_parse(argc, argv, OPTIONS)) != -1) {
@@ -364,6 +366,7 @@ main(int argc, char *argv[]) {
 
 	switch (keyclass) {
 	case key_rsa:
+		op_type = OP_RSA;
 		if (expsize == 0)
 			expsize = 3;
 		if (bits == 0)
@@ -394,6 +397,7 @@ main(int argc, char *argv[]) {
 		public_template[RSA_PUBLIC_EXPONENT].ulValueLen = expsize;
 		break;
 	case key_ecc:
+		op_type = OP_EC;
 		if (bits == 0)
 			bits = 256;
 		else if (bits != 256 && bits != 384) {
@@ -422,6 +426,7 @@ main(int argc, char *argv[]) {
 
 		break;
 	case key_dsa:
+		op_type = OP_DSA;
 		if (bits == 0)
 			usage();
 
@@ -445,6 +450,7 @@ main(int argc, char *argv[]) {
 		domain_template[DSA_DOMAIN_PRIMEBITS].ulValueLen = sizeof(bits);
 		break;
 	case key_dh:
+		op_type = OP_DH;
 		if (special && bits == 0)
 			bits = 1024;
 		else if (special &&
@@ -511,6 +517,8 @@ main(int argc, char *argv[]) {
 		private_template[PRIVATE_ID].ulValueLen = idlen;
 	}
 
+	pk11_result_register();
+
 	/* Initialize the CRYPTOKI library */
 	if (lib_name != NULL)
 		pk11_set_lib_name(lib_name);
@@ -518,11 +526,17 @@ main(int argc, char *argv[]) {
 	if (pin == NULL)
 		pin = getpassphrase("Enter Pin: ");
 
-	result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-				  (const char *) pin, slot);
-	if (result != ISC_R_SUCCESS) {
-		fprintf(stderr, "Error initializing PKCS#11: %s\n",
-			isc_result_totext(result));
+	result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+				  ISC_TRUE, (const char *) pin, slot);
+	if (result == PK11_R_NORANDOMSERVICE ||
+	    result == PK11_R_NODIGESTSERVICE ||
+	    result == PK11_R_NOAESSERVICE) {
+		fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+		fprintf(stderr, "This HSM will not work with BIND 9 "
+				"using native PKCS#11.\n");
+	} else if (result != ISC_R_SUCCESS) {
+		fprintf(stderr, "Unrecoverable error initializing "
+				"PKCS#11: %s\n", isc_result_totext(result));
 		exit(1);
 	}
 
@@ -684,7 +698,7 @@ main(int argc, char *argv[]) {
 
  exit_session:
 	pk11_return_session(&pctx);
-	pk11_shutdown();
+	(void) pk11_finalize();
 
 	exit(error);
 }

bin/pkcs11/pkcs11-list.c

@@ -58,6 +58,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)		getpass(x)
@@ -141,6 +142,8 @@ main(int argc, char *argv[]) {
 		search_template[0].ulValueLen = strlen(label);
 	}
 
+	pk11_result_register();
+
 	/* Initialize the CRYPTOKI library */
 	if (lib_name != NULL)
 		pk11_set_lib_name(lib_name);
@@ -148,11 +151,19 @@ main(int argc, char *argv[]) {
 	if (logon && pin == NULL)
 		pin = getpassphrase("Enter Pin: ");
 
-	result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, logon,
-				  pin, slot);
-	if (result != ISC_R_SUCCESS) {
-		fprintf(stderr, "Error initializing PKCS#11: %s\n",
-			isc_result_totext(result));
+	result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
+				  logon, pin, slot);
+	if (result == PK11_R_NORANDOMSERVICE ||
+	    result == PK11_R_NODIGESTSERVICE ||
+	    result == PK11_R_NOAESSERVICE) {
+		fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+		fprintf(stderr, "This HSM will not work with BIND 9 "
+				"using native PKCS#11.\n");
+	} else if (result != ISC_R_SUCCESS) {
+		fprintf(stderr, "Unrecoverable error initializing "
+			"PKCS#11: %s\n", isc_result_totext(result));
+		fprintf(stderr, "Unrecoverable error initializing "
+				"PKCS#11: %s\n", isc_result_totext(result));
 		exit(1);
 	}
 
@@ -246,7 +257,7 @@ main(int argc, char *argv[]) {
 
  exit_session:
 	pk11_return_session(&pctx);
-	pk11_shutdown();
+	(void) pk11_finalize();
 
 	exit(error);
 }

bin/pkcs11/pkcs11-tokens.c

@@ -35,14 +35,15 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
-
-extern void dst__pkcs11_init(isc_mem_t *mctx, const char *engine);
+#include <pk11/result.h>
 
 int
 main(int argc, char *argv[]) {
+	isc_result_t result;
 	char *lib_name = NULL;
 	int c, errflg = 0;
 	isc_mem_t *mctx = NULL;
+	pk11_context_t pctx;
 
 	while ((c = isc_commandline_parse(argc, argv, ":m:")) != -1) {
 		switch (c) {
@@ -73,11 +74,31 @@ main(int argc, char *argv[]) {
 		exit(1);
 	}
 
-	dst__pkcs11_init(mctx, lib_name);
+	pk11_result_register();
+
+	/* Initialize the CRYPTOKI library */
+	if (lib_name != NULL)
+		pk11_set_lib_name(lib_name);
+
+	result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_FALSE,
+				  ISC_FALSE, NULL, 0);
+	if (result == PK11_R_NORANDOMSERVICE ||
+	    result == PK11_R_NODIGESTSERVICE ||
+	    result == PK11_R_NOAESSERVICE) {
+		fprintf(stderr, "Warning: %s\n", isc_result_totext(result));
+		fprintf(stderr, "This HSM will not work with BIND 9 "
+				"using native PKCS#11.\n\n");
+	} else if (result != ISC_R_SUCCESS) {
+		fprintf(stderr, "Unrecoverable error initializing "
+				"PKCS#11: %s\n", isc_result_totext(result));
+		exit(1);
+	}
 
 	pk11_dump_tokens();
 
-	pk11_shutdown();
+	if (pctx.handle != NULL)
+		pk11_return_session(&pctx);
+	(void) pk11_finalize();
 
 	isc_mem_destroy(&mctx);
 

bin/tests/pkcs11/benchmarks/create.c

@@ -58,6 +58,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)	getpass(x)
@@ -155,6 +156,8 @@ main(int argc, char *argv[]) {
 		exit(1);
 	}
 
+	pk11_result_register();
+
 	/* Allocate hanles */
 	hKey = (CK_SESSION_HANDLE *)
 		malloc(count * sizeof(CK_SESSION_HANDLE));
@@ -173,8 +176,11 @@ main(int argc, char *argv[]) {
 		pin = getpassphrase("Enter Pin: ");
 
 	result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-				  (const char *) pin, slot);
-	if (result != ISC_R_SUCCESS) {
+				  ISC_TRUE, (const char *) pin, slot);
+	if ((result != ISC_R_SUCCESS) &&
+	    (result != PK11_R_NORANDOMSERVICE) &&
+	    (result != PK11_R_NODIGESTSERVICE) &&
+	    (result != PK11_R_NOAESSERVICE)) {
 		fprintf(stderr, "Error initializing PKCS#11: %s\n",
 			isc_result_totext(result));
 		exit(1);
@@ -249,7 +255,7 @@ main(int argc, char *argv[]) {
 
 	free(hKey);
 	pk11_return_session(&pctx);
-	pk11_shutdown();
+	(void) pk11_finalize();
 
 	exit(error);
 }

bin/tests/pkcs11/benchmarks/find.c

@@ -55,6 +55,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)	getpass(x)
@@ -95,6 +96,7 @@ main(int argc, char *argv[]) {
 	CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE;
 	CK_ULONG found = 0;
 	pk11_context_t pctx;
+	pk11_optype_t op_type = OP_RSA;
 	char *lib_name = NULL;
 	char *pin = NULL;
 	int error = 0;
@@ -111,6 +113,7 @@ main(int argc, char *argv[]) {
 			break;
 		case 's':
 			slot = atoi(isc_commandline_argument);
+			op_type = OP_ANY;
 			break;
 		case 'p':
 			pin = isc_commandline_argument;
@@ -139,6 +142,8 @@ main(int argc, char *argv[]) {
 		exit(1);
 	}
 
+	pk11_result_register();
+
 	/* Initialize the CRYPTOKI library */
 	if (lib_name != NULL)
 		pk11_set_lib_name(lib_name);
@@ -146,9 +151,12 @@ main(int argc, char *argv[]) {
 	if (pin == NULL)
 		pin = getpassphrase("Enter Pin: ");
 
-	result = pk11_get_session(&pctx, OP_ANY, ISC_FALSE, ISC_TRUE,
-				  (const char *) pin, slot);
-	if (result != ISC_R_SUCCESS) {
+	result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE,
+				  ISC_TRUE, (const char *) pin, slot);
+	if ((result != ISC_R_SUCCESS) &&
+	    (result != PK11_R_NORANDOMSERVICE) &&
+	    (result != PK11_R_NODIGESTSERVICE) &&
+	    (result != PK11_R_NOAESSERVICE)) {
 		fprintf(stderr, "Error initializing PKCS#11: %s\n",
 			isc_result_totext(result));
 		exit(1);
@@ -213,7 +221,7 @@ main(int argc, char *argv[]) {
 
     exit_objects:
 	pk11_return_session(&pctx);
-	pk11_shutdown();
+	(void) pk11_finalize();
 
 	exit(error);
 }

bin/tests/pkcs11/benchmarks/genrsa.c

@@ -57,6 +57,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)	getpass(x)
@@ -118,6 +119,7 @@ main(int argc, char *argv[]) {
 		{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
 	};
 	pk11_context_t pctx;
+	pk11_optype_t op_type = OP_RSA;
 	char *lib_name = NULL;
 	char *pin = NULL;
 	int error = 0;
@@ -135,6 +137,7 @@ main(int argc, char *argv[]) {
 			break;
 		case 's':
 			slot = atoi(isc_commandline_argument);
+			op_type = OP_ANY;
 			break;
 		case 'p':
 			pin = isc_commandline_argument;
@@ -170,6 +173,8 @@ main(int argc, char *argv[]) {
 		exit(1);
 	}
 
+	pk11_result_register();
+
 	/* Allocate hanles */
 	pubKey = (CK_SESSION_HANDLE *)
 		malloc(count * sizeof(CK_SESSION_HANDLE));
@@ -196,9 +201,12 @@ main(int argc, char *argv[]) {
 	if (pin == NULL)
 		pin = getpassphrase("Enter Pin: ");
 
-	result = pk11_get_session(&pctx, OP_ANY, ISC_TRUE, ISC_TRUE,
-				  (const char *) pin, slot);
-	if (result != ISC_R_SUCCESS) {
+	result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
+				  ISC_TRUE, (const char *) pin, slot);
+	if ((result != ISC_R_SUCCESS) &&
+	    (result != PK11_R_NORANDOMSERVICE) &&
+	    (result != PK11_R_NODIGESTSERVICE) &&
+	    (result != PK11_R_NOAESSERVICE)) {
 		fprintf(stderr, "Error initializing PKCS#11: %s\n",
 			isc_result_totext(result));
 		exit(1);
@@ -281,7 +289,7 @@ main(int argc, char *argv[]) {
 	free(privKey);
 
 	pk11_return_session(&pctx);
-	pk11_shutdown();
+	(void) pk11_finalize();
 
 	exit(error);
 }

bin/tests/pkcs11/benchmarks/privrsa.c

@@ -58,6 +58,7 @@
 #include <isc/types.h>
 
 #include <pk11/pk11.h>
+#include <pk11/result.h>
 
 #if !(defined(HAVE_GETPASSPHRASE) || (defined (__SVR4) && defined (__sun)))
 #define getpassphrase(x)	getpass(x)
@@ -209,6 +210,7 @@ main(int argc, char *argv[]) {
 		{ CKA_COEFFICIENT, coeff, (CK_ULONG) sizeof(coeff) }
 	};
 	pk11_context_t pctx;
+	pk11_optype_t op_type = OP_RSA;
 	char *lib_name = NULL;
 	char *pin = NULL;
 	int error = 0;
@@ -226,6 +228,7 @@ main(int argc, char *argv[]) {
 			break;
 		case 's':
 			slot = atoi(isc_commandline_argument);