move PKCS#11 setup code to test-exec.sh so it can be reused elsewhere

tidy and refactor PKCS#11 setup code

Replace the use of a perl script to delete the controlling TTY with a
SSH_ASKPASS script to directly load the PIN.

Move PKCS#11 setup code to functions in anticipation of it being used
elsewhere in additional tests.

Reduce stdout spam

typo in error message

Perform the softhsm2 setup as discrete steps rather than as a long
shell pipeline. Makes it easier to figure out what has happened when
it breaks.

Replace OPENSSL as the variable that points to the openssl binary
with OPENSSL_BIN. This will allow us to use the OPENSSL variable from
mk.conf or the make(1) command line indicating if we're building with
our without OpenSSL, and ultimately get the regress tests working in
the OPENSSL=no configuration.

Find openssl binary via environment variable. This allows overriding
if necessary (eg in -portable where we're testing against a specific
version of OpenSSL).

test FIDO2/U2F key types; ok markus@

remove hack to use non-system libcrypto

allow override of ssh-pkcs11-helper binary via $TEST_SSH_SSHPKCS11HELPER
from markus@

adapt agent-pkcs11.sh test to softhsm2 and add support for ECDSA keys

work by markus@, ok djm@

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

fatal if soft-PKCS11 library is missing rather (rather than continue
and fail with a more cryptic error)

test for PKCS#11 support (currently disabled)

typo in error message

Perform the softhsm2 setup as discrete steps rather than as a long
shell pipeline. Makes it easier to figure out what has happened when
it breaks.

Replace OPENSSL as the variable that points to the openssl binary
with OPENSSL_BIN. This will allow us to use the OPENSSL variable from
mk.conf or the make(1) command line indicating if we're building with
our without OpenSSL, and ultimately get the regress tests working in
the OPENSSL=no configuration.

Find openssl binary via environment variable. This allows overriding
if necessary (eg in -portable where we're testing against a specific
version of OpenSSL).

test FIDO2/U2F key types; ok markus@

remove hack to use non-system libcrypto

allow override of ssh-pkcs11-helper binary via $TEST_SSH_SSHPKCS11HELPER
from markus@

adapt agent-pkcs11.sh test to softhsm2 and add support for ECDSA keys

work by markus@, ok djm@

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

fatal if soft-PKCS11 library is missing rather (rather than continue
and fail with a more cryptic error)

test for PKCS#11 support (currently disabled)

Replace OPENSSL as the variable that points to the openssl binary
with OPENSSL_BIN. This will allow us to use the OPENSSL variable from
mk.conf or the make(1) command line indicating if we're building with
our without OpenSSL, and ultimately get the regress tests working in
the OPENSSL=no configuration.

Find openssl binary via environment variable. This allows overriding
if necessary (eg in -portable where we're testing against a specific
version of OpenSSL).

test FIDO2/U2F key types; ok markus@

remove hack to use non-system libcrypto

allow override of ssh-pkcs11-helper binary via $TEST_SSH_SSHPKCS11HELPER
from markus@

adapt agent-pkcs11.sh test to softhsm2 and add support for ECDSA keys

work by markus@, ok djm@

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

fatal if soft-PKCS11 library is missing rather (rather than continue
and fail with a more cryptic error)

test for PKCS#11 support (currently disabled)

Find openssl binary via environment variable. This allows overriding
if necessary (eg in -portable where we're testing against a specific
version of OpenSSL).

test FIDO2/U2F key types; ok markus@

remove hack to use non-system libcrypto

allow override of ssh-pkcs11-helper binary via $TEST_SSH_SSHPKCS11HELPER
from markus@

adapt agent-pkcs11.sh test to softhsm2 and add support for ECDSA keys

work by markus@, ok djm@

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

fatal if soft-PKCS11 library is missing rather (rather than continue
and fail with a more cryptic error)

test for PKCS#11 support (currently disabled)

test FIDO2/U2F key types; ok markus@

remove hack to use non-system libcrypto

allow override of ssh-pkcs11-helper binary via $TEST_SSH_SSHPKCS11HELPER
from markus@

adapt agent-pkcs11.sh test to softhsm2 and add support for ECDSA keys

work by markus@, ok djm@

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

fatal if soft-PKCS11 library is missing rather (rather than continue
and fail with a more cryptic error)

test for PKCS#11 support (currently disabled)

remove hack to use non-system libcrypto

allow override of ssh-pkcs11-helper binary via $TEST_SSH_SSHPKCS11HELPER
from markus@

adapt agent-pkcs11.sh test to softhsm2 and add support for ECDSA keys

work by markus@, ok djm@

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

fatal if soft-PKCS11 library is missing rather (rather than continue
and fail with a more cryptic error)

test for PKCS#11 support (currently disabled)

eliminate explicit specification of protocol in tests and loops over
protocol. We only support SSHv2 now.

fatal if soft-PKCS11 library is missing rather (rather than continue
and fail with a more cryptic error)

test for PKCS#11 support (currently disabled)