This backports testpkcs11.sh from master branch. Some tests were disabled due to the use of features not supported in 3.3.x versions. Namely the missing features are:
- ECC key generation without login
- "--load-pubkey" option
- "--test-sign" option
- Certificates do not inherit its ID from the private key
Previously, certificates were being marked as private objects (CKA_PRIVATE), depending on the PKCS#11 module default. This behaviour was changed to follow the master branch; now p11tool explicitly sets the GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE flag when creating a private key object and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE when creating a certificate or public key object.
Checklist
-
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md -
This feature/change has adequate documentation added -
No obvious mistakes in the code