DNSSEC PKCS11 support

Added 193 commits:

• 2ce2a757...7e8072e2 - 127 commits from branch master
• 512b2030 - dnssec: pkcs11 placeholder API
• c013881b - dnssec: manual pkcs11 initialization
• cbd12e04 - dnssec: add DNSSEC_PKCS11_FAILED_TO_LOAD
• 2836f2f3 - dnssec: add cleanup macro for gnutls_pubkey_t
• abc390f9 - dnssec: PKCS11 generate key with fixed CKA_ID
• 768052bc - dnssec: initial unit tests for PKCS11 interface
• 22cc3bdc - dnssec: conditional compilation of PKCS11 support
• 9cf192fa - dnssec: dnssec_key_t remove key ID
• af23f7a1 - dnssec: key ID required to import private key from keystore
• a73b2907 - dnssec: fix missing includes
• f12c5d00 - dnssec: KASP store key ID in dnssec_kasp_key_t
• 54f95867 - dnssec: keymgr, update to new key ID location
• c2765dff - dnssec/tests: validate empty zone in KASP zone_load callback
• 81dd3656 - dnssec: validate zone before serializing into KASP
• 80610225 - server: adapt to new key loading API
• 6f68da36 - online signing: adapt to new key loading API
• cef80ba4 - dnssec: fix gnutls_pkcs11_privkey_generate3 detection
• b3799a65 - dnssec: PKCS11, generate key with random CKA_ID
• 82f978ac - dnssec: PKCS11, generate key unique URL
• 85f5a892 - dnssec: PKCS11, delete key from token
• bc3a9659 - dnssec: PKCS11, load private key
• c0d7ffe2 - dnssec: PKCS11, refactor variable names
• 0b4f52c5 - dnssec: pkcs11 keystore close is no-op
• 59edb801 - dnssec: pkcs11, implement keystore content listing
• df6b0e67 - dnssec: pkcs11 key delete, fix error code processing
• bc6eee03 - indicate PKCS 11 supported in configure summary
• 1ce8d660 - libtap: add test_mkdtemp() and test_rm_rf()
• adaa36bf - dnssec: conditional PKCS 11 crypto initialization
• 98a55ce4 - dnssec: tests for PKCS 11 keystore
• f9b4fa5f - dnssec: fix leak in PKCS 11 keystore deinit
• 08452521 - dnssec: remove unused context variable
• ed1c42c4 - dnssec: tidy up the internal PEM interface
• 72cec143 - dnssec: fix config name in PKCS 11 test
• 41e91c85 - dnssec: prepare for internal keyid API
• cc0f4df8 - dnssec: key ID conversions for GnuTLS in internal API
• e3e4a5a8 - dnssec: PEM, use new key ID API
• c46dfcac - dnssec: fix typo in tests
• c0a9cea5 - dnssec: add expected signature into PKCS 11 test
• 15f61248 - dnssec: share flags for all objects added to PKCS 11 token
• 320883f1 - dnssec: implement key import into PKCS 11 token
• 1c3fb5ce - dnssec: fix error code for invalid key lookup in PKCS11 token
• 934aa2bf - dnssec: use default GnuTLS key ID flags
• 7ea80342 - dnssec: skelet for KASP keystore entity
• 6f152e46 - dnssec: add tests for KASP keystore
• 37c8a4c1 - dnssec: fix memory leak in dnssec_kasp_keystore_free
• 05440fc8 - dnssec: KASP dir storage, keystore placeholder implementation
• be84ffbc - dnssec: refactor entity access in KASP dir implementation
• b759e27e - dnssec: remove KASP dir store implementation from module scope
• c54c6bc3 - dnssec: add kasp_keystore_cleanup into internal API
• 9dd60a7e - dnssec: KASP string attribute encoding in JSON
• 23c32c12 - dnssec: KASP keystore serialization
• 2ea0fe47 - dnssec: fix JSON string serialization
• 21e3f572 - dnssec: fix configuration path construction in KASP dir storage
• 1d85cc2b - dnssec: internal API providing KASP base path
• fa416144 - dnssec: interface to open key store from the KASP configuration
• 40e2f321 - dnssec: add 'manual' flag into policy
• 8c298aa4 - dnssec: algorithm aware default policy
• 2f7ce9c5 - server: manual policy based on libdnssec defaults
• 82cf91aa - fix different enum values comparison
• 454ba99d - dnssec: fix key ID setting in automatic key generating
• 980bf56f - dnssec: set keystore in policy
• c4ab2569 - dnssec: use constants for backend specification
• 3e485752 - dnssec: require module name in PKCS 11 config
• 5a70bb8c - server: pick correct dnssec keystore
• 6a9a6a58 - dnssec: remove useless comment
• a4c56124 - dnssec: fix shared linking by moving keyid to shared

Added 6 commits:

• 240976b4 - dnssec: more details in keymgr keystore show
• 88f68903 - dnssec: keymgr man, provide new description of keystore subcommand
• d3051aff - dnssec: keymgr man, init command adds default policy and default key store
• cd196686 - dnssec: keymgr man, add new policy attributes
• 42acb42a - dnssec: keymgr man, fix wrapping of long commands
• 6ec6a9b3 - dnssec: keymgr man, regenerate manual page

Added 4 commits:

• cf516272 - doc: DNSSEC changes realted to new keystore support
• 2e64ea6d - dnssec: switch default algorithm to ECDSA-P256-SHA256
• 85523853 - doc: new default DNSSEC algorithm
• 958d641e - doc: add new DNSSEC policy options

Added 6 commits:

• e0ad606e - dnssec: keystore open/init with path fix workaround
• f8b74011 - dnssec: remove outdated TODO
• 0a00aa12 - dnssec: retain reference to keystore when clearing policy settings
• 1d2d0cce - dnssec: keymgr, enforce policy and keystore setting
• 4b8403c5 - server: policy loading in server with updated API
• 95e9dad7 - tests-extra: manual signing policy in all KASP databases

Added 1 commit:

• 6d36fc6b - dnssec: fix memory leak in KASP zone freeing

Added 3 commits:

• 5b348126 - tests-extra: update KASP database in dnssec/dnskey_algorithms
• 7b0ec0c5 - tests-extra: update policy in dnssec/dnskey_timestamps
• 7c204b5e - tests-extra: fix policy in dnssec/no_resign

Title changed from WIP: DNSSEC PKCS11 support to DNSSEC PKCS11 support

mentioned in commit 0b60906a

Status changed to merged