$ ./configure --prefix=/opt/local
checking for a BSD-compatible install... /opt/local/bin/ginstall -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /opt/local/bin/gmkdir -p
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking build system type... x86_64-apple-darwin14.5.0
checking host system type... x86_64-apple-darwin14.5.0
checking for gcc... clang
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether clang accepts -g... yes
checking for clang option to accept ISO C89... none needed
checking whether clang understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of clang... gcc3
checking for pkg-config... /opt/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... clang -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether byte ordering is bigendian... no
checking how to run the C preprocessor... clang -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /usr/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by clang... /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking for BSD- or MS-compatible name lister (nm)... /opt/local/bin/nm
checking the name lister (/opt/local/bin/nm) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking how to convert x86_64-apple-darwin14.5.0 file names to x86_64-apple-darwin14.5.0 format... func_convert_file_noop
checking how to convert x86_64-apple-darwin14.5.0 file names to toolchain format... func_convert_file_noop
checking for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld option to reload object files... -r
checking for objdump... no
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /opt/local/bin/nm output from clang object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking for dsymutil... dsymutil
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... no
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking for -force_load linker flag... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if clang supports -fno-rtti -fno-exceptions... yes
checking for clang option to produce PIC... -fno-common -DPIC
checking if clang PIC flag -fno-common -DPIC works... yes
checking if clang static flag -static works... no
checking if clang supports -c -o file.o... yes
checking if clang supports -c -o file.o... (cached) yes
checking whether the clang linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... darwin14.5.0 dyld
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for windres... no
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking malloc.h usability... no
checking malloc.h presence... no
checking for malloc.h... no
checking for stdlib.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking for dlfcn.h... (cached) yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking for doxygen... /opt/local/bin/doxygen
checking for library containing dlopen... none required
checking for __register_atfork... no
checking for OPENSSL... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/libp11.pc
config.status: creating src/versioninfo.rc
config.status: creating doc/Makefile
config.status: creating doc/doxygen.conf
config.status: creating examples/Makefile
config.status: creating tests/Makefile
config.status: creating src/config.h
config.status: src/config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands

libp11 has been configured with the following options:


Version:                 0.4.0_git
Libraries:               /opt/local/lib

api doc support:         no

Host:                    x86_64-apple-darwin14.5.0
Compiler:                clang
Preprocessor flags:      
Compiler flags:          -maes -mpclmul -mrdrnd -msse2 -mssse3 -msse4 -msse4.2
Linker flags:            
Libraries:               

PTHREAD_FLAGS:           
OPENSSL_CFLAGS:          -I/opt/local/include -maes -mpclmul -mrdrnd -msse2 -mssse3 -msse4 -msse4.2
OPENSSL_LIBS:            -L/opt/local/lib -lssl -lcrypto

$ make all && make check
Making all in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-am
  CC       libp11_la-libpkcs11.lo
  CC       libp11_la-p11_attr.lo
  CC       libp11_la-p11_cert.lo
  CC       libp11_la-p11_err.lo
  CC       libp11_la-p11_key.lo
  CC       libp11_la-p11_load.lo
  CC       libp11_la-p11_misc.lo
  CC       libp11_la-p11_ops.lo
  CC       libp11_la-p11_rsa.lo
  CC       libp11_la-p11_ec.lo
  CC       libp11_la-p11_slot.lo
  CC       libp11_la-atfork.lo
  CCLD     libp11.la
Undefined symbols for architecture x86_64:
  "_PKCS11_get_ec_key_method", referenced from:
     -exported_symbol[s_list] command line option
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [libp11.la] Error 1
make[1]: *** [all] Error 2
make: *** [all-recursive] Error 1
$ 

$ ./bootstrap
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: /opt/local/bin/aclocal --force -I m4
autoreconf: configure.ac: tracing
autoreconf: running: /opt/local/bin/glibtoolize --copy --force
glibtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, '.'.
glibtoolize: copying file './ltmain.sh'
glibtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
glibtoolize: copying file 'm4/libtool.m4'
glibtoolize: copying file 'm4/ltoptions.m4'
glibtoolize: copying file 'm4/ltsugar.m4'
glibtoolize: copying file 'm4/ltversion.m4'
glibtoolize: copying file 'm4/lt~obsolete.m4'
glibtoolize: Remember to add 'LT_INIT' to configure.ac.
autoreconf: running: /opt/local/bin/autoconf --force
autoreconf: running: /opt/local/bin/autoheader --force
autoreconf: running: /opt/local/bin/automake --add-missing --copy --force-missing
configure.ac:35: installing './compile'
configure.ac:14: installing './missing'
examples/Makefile.am: installing './depcomp'
autoreconf: Leaving directory `.'
$ !./configu
./configure --prefix=/opt/local
checking for a BSD-compatible install... /opt/local/bin/ginstall -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /opt/local/bin/gmkdir -p
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking build system type... x86_64-apple-darwin14.5.0
checking host system type... x86_64-apple-darwin14.5.0
checking for gcc... clang
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether clang accepts -g... yes
checking for clang option to accept ISO C89... none needed
checking whether clang understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of clang... gcc3
checking for pkg-config... /opt/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... clang -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether byte ordering is bigendian... no
checking how to run the C preprocessor... clang -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /usr/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by clang... /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking for BSD- or MS-compatible name lister (nm)... /opt/local/bin/nm
checking the name lister (/opt/local/bin/nm) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking how to convert x86_64-apple-darwin14.5.0 file names to x86_64-apple-darwin14.5.0 format... func_convert_file_noop
checking how to convert x86_64-apple-darwin14.5.0 file names to toolchain format... func_convert_file_noop
checking for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld option to reload object files... -r
checking for objdump... no
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /opt/local/bin/nm output from clang object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking for dsymutil... dsymutil
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... no
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking for -force_load linker flag... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if clang supports -fno-rtti -fno-exceptions... yes
checking for clang option to produce PIC... -fno-common -DPIC
checking if clang PIC flag -fno-common -DPIC works... yes
checking if clang static flag -static works... no
checking if clang supports -c -o file.o... yes
checking if clang supports -c -o file.o... (cached) yes
checking whether the clang linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... darwin14.5.0 dyld
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for windres... no
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking malloc.h usability... no
checking malloc.h presence... no
checking for malloc.h... no
checking for stdlib.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking for dlfcn.h... (cached) yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking for doxygen... /opt/local/bin/doxygen
checking for library containing dlopen... none required
checking for __register_atfork... no
checking for OPENSSL... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/libp11.pc
config.status: creating src/versioninfo.rc
config.status: creating doc/Makefile
config.status: creating doc/doxygen.conf
config.status: creating examples/Makefile
config.status: creating tests/Makefile
config.status: creating src/config.h
config.status: executing depfiles commands
config.status: executing libtool commands

libp11 has been configured with the following options:


Version:                 0.4.0_git
Libraries:               /opt/local/lib

api doc support:         no

Host:                    x86_64-apple-darwin14.5.0
Compiler:                clang
Preprocessor flags:      
Compiler flags:          -maes -mpclmul -mrdrnd -msse2 -mssse3 -msse4 -msse4.2
Linker flags:            
Libraries:               

PTHREAD_FLAGS:           
OPENSSL_CFLAGS:          -I/opt/local/include -maes -mpclmul -mrdrnd -msse2 -mssse3 -msse4 -msse4.2
OPENSSL_LIBS:            -L/opt/local/lib -lssl -lcrypto

$ make all && make check
Making all in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-am
  CC       libp11_la-libpkcs11.lo
  CC       libp11_la-p11_attr.lo
  CC       libp11_la-p11_cert.lo
  CC       libp11_la-p11_err.lo
  CC       libp11_la-p11_key.lo
  CC       libp11_la-p11_load.lo
  CC       libp11_la-p11_misc.lo
  CC       libp11_la-p11_ops.lo
  CC       libp11_la-p11_rsa.lo
  CC       libp11_la-p11_ec.lo
  CC       libp11_la-p11_slot.lo
  CC       libp11_la-atfork.lo
  CCLD     libp11.la
Making all in doc
make[1]: Nothing to be done for `all'.
Making all in examples
  CC       auth.o
  CCLD     auth
  CC       decrypt.o
  CCLD     decrypt
  CC       getrandom.o
  CCLD     getrandom
  CC       listkeys.o
  CCLD     listkeys
  CC       rawrsasign.o
rawrsasign.c:198:9: warning: implicit declaration of function 'EVP_MD_CTX_new' is invalid in C99
      [-Wimplicit-function-declaration]
        mctx = EVP_MD_CTX_new();
               ^
rawrsasign.c:198:7: warning: incompatible integer to pointer conversion assigning to 'EVP_MD_CTX *'
      (aka 'struct env_md_ctx_st *') from 'int' [-Wint-conversion]
        mctx = EVP_MD_CTX_new();
             ^ ~~~~~~~~~~~~~~~~
rawrsasign.c:215:2: warning: implicit declaration of function 'EVP_MD_CTX_free' is invalid in C99
      [-Wimplicit-function-declaration]
        EVP_MD_CTX_free(mctx);
        ^
rawrsasign.c:259:7: warning: incompatible integer to pointer conversion assigning to 'EVP_MD_CTX *'
      (aka 'struct env_md_ctx_st *') from 'int' [-Wint-conversion]
        mctx = EVP_MD_CTX_new();
             ^ ~~~~~~~~~~~~~~~~
4 warnings generated.
  CCLD     rawrsasign
Undefined symbols for architecture x86_64:
  "_EVP_MD_CTX_free", referenced from:
      _main in rawrsasign.o
  "_EVP_MD_CTX_new", referenced from:
      _main in rawrsasign.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [rawrsasign] Error 1
make: *** [all-recursive] Error 1
$ 

$ openssl version
OpenSSL 1.0.2g  1 Mar 2016
$ openssl rsautl -engine pkcs11 -keyform engine -encrypt -pubin -inkey id_03 -pkcs -out t256.dat.enc -in t256.dat
engine "pkcs11" set.
openssl (lock_dbg_cb): already locked (mode=9, type=30) at eng_init.c:149
Segmentation fault: 11
$

Process:               openssl [10944]
Path:                  /opt/local/bin/openssl
Identifier:            openssl
Version:               0
Code Type:             X86-64 (Native)
Parent Process:        bash [68621]
Responsible:           iTerm [342]
User ID:               501

Date/Time:             2016-03-15 19:37:07.929 -0400
OS Version:            Mac OS X 10.11.3 (15D21)
Report Version:        11
Anonymous UUID:        B3544DF6-AE65-3AD0-0E52-DD6C16797F5A

Sleep/Wake UUID:       1186BD79-2A2E-4A50-9A27-BF002CB25182

Time Awake Since Boot: 470000 seconds
Time Since Wake:       940 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000010000000b0

VM Regions Near 0x10000000b0:
    Dispatch continuations 0000000100a00000-0000000101200000 [ 8192K] rw-/rwx SM=PRV  
--> 
    STACK GUARD            0000700000000000-0000700000001000 [    4K] ---/rwx SM=NUL  stack guard for thread 1

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libcrypto.1.0.0.dylib           0x00000001002b7721 ENGINE_finish + 49
1   libcrypto.1.0.0.dylib           0x00000001002d4929 EVP_PKEY_free + 105
2   libp11.2.dylib                  0x000000010065c26e pkcs11_destroy_keys + 78
3   libp11.2.dylib                  0x000000010065e059 pkcs11_release_slot + 153
4   libp11.2.dylib                  0x000000010065ed2b pkcs11_release_all_slots + 43
5   libpkcs11.dylib                 0x0000000100652cb2 pkcs11_finish + 34
6   libpkcs11.dylib                 0x00000001006529ed engine_finish + 109
7   libcrypto.1.0.0.dylib           0x00000001002b75dd engine_unlocked_finish + 109
8   libcrypto.1.0.0.dylib           0x00000001002b83e2 int_cleanup_cb_LHASH_DOALL + 34
9   libcrypto.1.0.0.dylib           0x00000001002c6b7a lh_doall + 74
10  libcrypto.1.0.0.dylib           0x00000001002b8388 engine_table_cleanup + 56
11  libcrypto.1.0.0.dylib           0x00000001002b6aab engine_cleanup_cb_free + 11
12  libcrypto.1.0.0.dylib           0x00000001002c6250 sk_pop_free + 48
13  libcrypto.1.0.0.dylib           0x00000001002b6a8c ENGINE_cleanup + 28
14  openssl                         0x000000010012b782 main + 1122
15  libdyld.dylib                   0x00007fff980135ad start + 1

Thread 1:
0   libsystem_kernel.dylib          0x00007fff8515d6de __workq_kernreturn + 10
1   libsystem_pthread.dylib         0x00007fff85b96729 _pthread_wqthread + 1283
2   libsystem_pthread.dylib         0x00007fff85b94365 start_wqthread + 13

Thread 2:: Dispatch queue: com.apple.libdispatch-manager
0   libsystem_kernel.dylib          0x00007fff8515dff6 kevent_qos + 10
1   libdispatch.dylib               0x00007fff85e37099 _dispatch_mgr_invoke + 216
2   libdispatch.dylib               0x00007fff85e36d01 _dispatch_mgr_thread + 52

Thread 3:
0   libsystem_kernel.dylib          0x00007fff8515d6de __workq_kernreturn + 10
1   libsystem_pthread.dylib         0x00007fff85b96729 _pthread_wqthread + 1283
2   libsystem_pthread.dylib         0x00007fff85b94365 start_wqthread + 13

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x000000000000004a  rbx: 0x0000001000000000  rcx: 0x0000010000000203  rdx: 0x0000020000000200
  rdi: 0x00007fff755031e8  rsi: 0x0000000000012068  rbp: 0x00007fff5fad4a70  rsp: 0x00007fff5fad4a50
   r8: 0x0000000000000040   r9: 0x00007fff755031e0  r10: 0xffffffffffffffff  r11: 0x0000000000000246
  r12: 0x0000000000000000  r13: 0x0000000000000000  r14: 0x00007f8ea160a5d8  r15: 0x00007f8ea1506a70
  rip: 0x00000001002b7721  rfl: 0x0000000000010202  cr2: 0x00000010000000b0

Logical CPU:     2
Error Code:      0x00000006
Trap Number:     14


Binary Images:
       0x10012a000 -        0x100195fff +openssl (0) <8963B755-DE06-351E-A627-4AA2FD07CC7E> /opt/local/bin/openssl
       0x1001b5000 -        0x1001f8fff +libssl.1.0.0.dylib (0) <DEA78E1A-8863-33E3-BF1C-CC861B5B47D2> /opt/local/lib/libssl.1.0.0.dylib
       0x100216000 -        0x10039765f +libcrypto.1.0.0.dylib (0) <66C6C7BD-83F2-3028-87C4-E334EF97A9C7> /opt/local/lib/libcrypto.1.0.0.dylib
       0x100410000 -        0x100420fff +libz.1.dylib (0) <5FCFF38B-5983-3590-B5E9-074CF0950676> /opt/local/lib/libz.1.dylib
       0x100652000 -        0x100655ff7 +libpkcs11.dylib (0) <FCC68CB7-90B9-3722-8C01-711F3749C1CE> /opt/local/lib/*/libpkcs11.dylib
       0x100659000 -        0x100661fff +libp11.2.dylib (0) <848551D4-0AE3-33A1-A367-F10F448D1248> /opt/local/lib/libp11.2.dylib
       0x100666000 -        0x100692ff7 +opensc-pkcs11.so (0) <329E04D7-36BC-3632-99D9-E5CE17DA5475> /Library/OpenSC/*/opensc-pkcs11.so
       0x10069f000 -        0x1008c1ff7 +libopensc.4.dylib (0) <C4E5661F-AA63-3732-967E-E411BF9EA6D1> /Library/OpenSC/*/libopensc.4.dylib
       0x100903000 -        0x100912fff +libgost.dylib (0) <F4F0C018-1BF1-3086-80BF-E429BD54A131> /opt/local/lib/*/libgost.dylib
    0x7fff60b90000 -     0x7fff60bc7007  dyld (360.19) <9D05FDF4-65CE-3B53-86D4-ABE1A5BF35F3> /usr/lib/dyld
    0x7fff83a8e000 -     0x7fff83b05fe7  libcorecrypto.dylib (335.20.1) <C6BD205F-4ECE-37EE-BCAB-A76F39CDCFFA> /usr/lib/system/libcorecrypto.dylib
    0x7fff83e66000 -     0x7fff83e67ffb  libremovefile.dylib (41) <B8D1A5FC-CFD5-3AAB-8A10-14DDC129710A> /usr/lib/system/libremovefile.dylib
    0x7fff8429b000 -     0x7fff8429dff7  libsystem_configuration.dylib (802.20.7) <5FD79070-36CC-3D02-BEA7-BB5D2AE97D5D> /usr/lib/system/libsystem_configuration.dylib
    0x7fff85146000 -     0x7fff85164fff  libsystem_kernel.dylib (3248.30.4) <9CEB6C3B-1CAF-3C32-A9FD-93BC72CBCEA1> /usr/lib/system/libsystem_kernel.dylib
    0x7fff85251000 -     0x7fff8526dff7  libsystem_malloc.dylib (67) <9EECAB18-F025-34C4-8E32-7EFFA6720EFC> /usr/lib/system/libsystem_malloc.dylib
    0x7fff85b93000 -     0x7fff85b9cff7  libsystem_pthread.dylib (138.10.4) <327CECD0-B881-3153-8FCC-4FD4818B7F16> /usr/lib/system/libsystem_pthread.dylib
    0x7fff85e2f000 -     0x7fff85e5cfff  libdispatch.dylib (501.20.1) <324C9189-2AF3-3356-847F-6F4CE1C6E901> /usr/lib/system/libdispatch.dylib
    0x7fff861c8000 -     0x7fff861c9fff  libsystem_blocks.dylib (65) <49D42329-7DE9-3413-92C3-A473A7E9CF35> /usr/lib/system/libsystem_blocks.dylib
    0x7fff86f3a000 -     0x7fff86f63fff  libxpc.dylib (756.20.4) <61AB4610-9304-354C-9E9B-D57198AE9866> /usr/lib/system/libxpc.dylib
    0x7fff886ab000 -     0x7fff888b8ffb  libicucore.A.dylib (551.41) <CFFD7342-A7D6-323A-AC14-B9EECF6EFFED> /usr/lib/libicucore.A.dylib
    0x7fff888b9000 -     0x7fff888caff7  libsystem_trace.dylib (201.10.3) <B485369F-E3A1-319E-998C-89AAF606079E> /usr/lib/system/libsystem_trace.dylib
    0x7fff89165000 -     0x7fff89194ffb  libsystem_m.dylib (3105) <26655445-CA97-321E-B221-801CB378D1AA> /usr/lib/system/libsystem_m.dylib
    0x7fff89440000 -     0x7fff89469fff  libsystem_info.dylib (477.20.1) <6513635B-4ADE-3B45-BF63-ED7AC565B0C9> /usr/lib/system/libsystem_info.dylib
    0x7fff894eb000 -     0x7fff894eeff7  libsystem_sandbox.dylib (460.30.1) <3E0036AF-FC64-3352-8DA4-6B550C2C2562> /usr/lib/system/libsystem_sandbox.dylib
    0x7fff8a370000 -     0x7fff8a378ffb  libsystem_dnssd.dylib (625.20.4) <945B5FB1-DA91-3D45-A961-A8FAD53C1E7E> /usr/lib/system/libsystem_dnssd.dylib
    0x7fff8af69000 -     0x7fff8af69ff7  libkeymgr.dylib (28) <09397E01-6066-3179-A50C-2CE666FDA929> /usr/lib/system/libkeymgr.dylib
    0x7fff8b0b5000 -     0x7fff8b0ccff7  libsystem_asl.dylib (322.30.1) <9B500E4E-E462-321E-828E-5524DC984C1B> /usr/lib/system/libsystem_asl.dylib
    0x7fff8cbb4000 -     0x7fff8cbbfff7  libcommonCrypto.dylib (60075.20.1) <766BC3F5-41F3-3315-BABC-72718A98EA92> /usr/lib/system/libcommonCrypto.dylib
    0x7fff8d336000 -     0x7fff8d347ff7  libz.1.dylib (61.20.1) <B3EBB42F-48E3-3287-9F0D-308E04D407AC> /usr/lib/libz.1.dylib
    0x7fff8d63f000 -     0x7fff8d63fff7  libunc.dylib (29) <1D0F8265-F026-3CBD-93D3-F8DF14FFCE68> /usr/lib/system/libunc.dylib
    0x7fff8df43000 -     0x7fff8df45ff7  libquarantine.dylib (80) <163CF63A-7455-3D1F-AE57-8C4475A9204C> /usr/lib/system/libquarantine.dylib
    0x7fff8df52000 -     0x7fff8e3c8fff  com.apple.CoreFoundation (6.9 - 1256.14) <768A7FB7-9143-3148-8591-7C6ED3162D35> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
    0x7fff8e3c9000 -     0x7fff8e3d1fff  libsystem_networkextension.dylib (385.20.6) <DC8A102A-BF02-31A4-8914-65C34DF6B592> /usr/lib/system/libsystem_networkextension.dylib
    0x7fff8e7bf000 -     0x7fff8e7c7fe7  libsystem_platform.dylib (74.10.3) <D3A27E10-7F08-3603-ACC8-7A92B2C04BAB> /usr/lib/system/libsystem_platform.dylib
    0x7fff8e7c8000 -     0x7fff8e7c9fff  libDiagnosticMessagesClient.dylib (100) <4243B6B4-21E9-355B-9C5A-95A216233B96> /usr/lib/libDiagnosticMessagesClient.dylib
    0x7fff8f1d0000 -     0x7fff8f1dafff  com.apple.pcsc (8.0 - 1) <A6974721-8A6A-361B-8CC5-C57809E1B985> /System/Library/Frameworks/PCSC.framework/Versions/A/PCSC
    0x7fff8fc4e000 -     0x7fff8fc55ff7  libcompiler_rt.dylib (62) <D3C4AB40-23B4-3BC6-8C38-5B8758D14E80> /usr/lib/system/libcompiler_rt.dylib
    0x7fff9159a000 -     0x7fff915b0ff7  libsystem_coretls.dylib (83.20.8) <75C97D88-0A63-3093-AE83-DE33EB7405CE> /usr/lib/system/libsystem_coretls.dylib
    0x7fff916a0000 -     0x7fff916a8fff  libcopyfile.dylib (127) <F5133269-0B22-388C-A57C-079667B6291E> /usr/lib/system/libcopyfile.dylib
    0x7fff91755000 -     0x7fff917b6ff7  libsystem_network.dylib (583.20.10) <865FE79A-A22D-3733-A14F-FC7B37F3AECD> /usr/lib/system/libsystem_network.dylib
    0x7fff917b7000 -     0x7fff91844fff  libsystem_c.dylib (1082.20.4) <EAB38A6C-8671-3B13-B500-90EC1B912063> /usr/lib/system/libsystem_c.dylib
    0x7fff91b22000 -     0x7fff91b24fff  libsystem_coreservices.dylib (19.2) <1B3F5AFC-FFCD-3ECB-8B9A-5538366FB20D> /usr/lib/system/libsystem_coreservices.dylib
    0x7fff91e79000 -     0x7fff91e7dfff  libcache.dylib (75) <6B245C0A-F3EA-383B-A542-5B0D0456A41B> /usr/lib/system/libcache.dylib
    0x7fff9394e000 -     0x7fff93cb0f3f  libobjc.A.dylib (680) <9F45830D-F1D5-3CDF-9461-1A5477ED7D1E> /usr/lib/libobjc.A.dylib
    0x7fff958ff000 -     0x7fff95952ff7  libc++.1.dylib (120.1) <8FC3D139-8055-3498-9AC5-6467CB7F4D14> /usr/lib/libc++.1.dylib
    0x7fff95b3a000 -     0x7fff95b3fff3  libunwind.dylib (35.3) <124E0F05-2350-3774-A32C-7F5BF38EDE73> /usr/lib/system/libunwind.dylib
    0x7fff9615f000 -     0x7fff96188fff  libc++abi.dylib (125) <DCCC8177-3D09-35BC-9784-2A04FEC4C71B> /usr/lib/libc++abi.dylib
    0x7fff97bbf000 -     0x7fff97bc4ff7  libmacho.dylib (875.1) <CB745E1F-4885-3F96-B38B-2093DF488FD5> /usr/lib/system/libmacho.dylib
    0x7fff97db8000 -     0x7fff97dfeff7  libauto.dylib (186) <999E610F-41FC-32A3-ADCA-5EC049B65DFB> /usr/lib/libauto.dylib
    0x7fff98010000 -     0x7fff98013ffb  libdyld.dylib (360.19) <AA629043-C6F6-32FE-8007-E3478E99ACA7> /usr/lib/system/libdyld.dylib
    0x7fff9833a000 -     0x7fff9833bffb  libSystem.B.dylib (1226.10.1) <5A4257EF-3145-3BB3-87A4-0D2404A9462D> /usr/lib/libSystem.B.dylib
    0x7fff98e64000 -     0x7fff98e6dff3  libsystem_notify.dylib (150.20.3) <243FADE1-255A-3B78-8033-F336CD64B817> /usr/lib/system/libsystem_notify.dylib
    0x7fff994dc000 -     0x7fff994ddfff  libsystem_secinit.dylib (20) <FD6ECF2C-1489-32CA-981B-9045B5EB1FAA> /usr/lib/system/libsystem_secinit.dylib
    0x7fff9950f000 -     0x7fff9950fff7  liblaunch.dylib (756.20.4) <EDF719D6-D2BB-38DD-8C94-4272BEFDA2CD> /usr/lib/system/liblaunch.dylib

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 1
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 30723232
    thread_create: 0
    thread_set_state: 30

VM Region Summary:
ReadOnly portion of Libraries: Total=110.5M resident=0K(0%) swapped_out_or_unallocated=110.5M(100%)
Writable regions: Total=55.5M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=55.5M(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
Activity Tracing                  2048K        2 
Dispatch continuations            8192K        2 
Kernel Alloc Once                    4K        2 
MALLOC                            36.2M        8 
MALLOC guard page                   16K        4 
STACK GUARD                       56.0M        5 
Stack                             9304K        5 
VM_ALLOCATE                         20K        3 
__DATA                            3244K       58 
__LINKEDIT                        91.7M       12 
__TEXT                            18.8M       55 
__UNICODE                          552K        2 
shared memory                       12K        4 
===========                     =======  ======= 
TOTAL                            225.5M      149 

.........
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:377:C_FindObjectsInit: Object 0/-473745920: Attribute 0x0 does NOT match.
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:358:C_FindObjectsInit: Object with handle 0x7febe3c339b0
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:377:C_FindObjectsInit: Object 0/-473744976: Attribute 0x0 does NOT match.
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:358:C_FindObjectsInit: Object with handle 0x7febe3c33b30
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:377:C_FindObjectsInit: Object 0/-473744592: Attribute 0x0 does NOT match.
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:358:C_FindObjectsInit: Object with handle 0x7febe3c33b90
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:377:C_FindObjectsInit: Object 0/-473744496: Attribute 0x0 does NOT match.
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:358:C_FindObjectsInit: Object with handle 0x7febe3c33bf0
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:377:C_FindObjectsInit: Object 0/-473744400: Attribute 0x0 does NOT match.
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:358:C_FindObjectsInit: Object with handle 0x7febe3c33c50
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:377:C_FindObjectsInit: Object 0/-473744304: Attribute 0x0 does NOT match.
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:358:C_FindObjectsInit: Object with handle 0x7febe3c33cb0
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:4087:pkcs15_dobj_get_attribute: pkcs15_dobj_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:377:C_FindObjectsInit: Object 0/-473744208: Attribute 0x0 does NOT match.
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:406:C_FindObjectsInit: 4 matching objects
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260752: CKA_KEY_TYPE = CKK_RSA
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32b50) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260752: CKA_LABEL = <size inquiry>
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32b50) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260752: CKA_LABEL = PIV AUTH pubkey
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32b50) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260752: CKA_ID = <size inquiry>
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32b50) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260752: CKA_ID = 01
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32b50) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260752: CKA_ID = 01
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32b50) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260848: CKA_KEY_TYPE = CKK_RSA
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32bb0) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260848: CKA_LABEL = <size inquiry>
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32bb0) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260848: CKA_LABEL = SIGN pubkey
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32bb0) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260848: CKA_ID = <size inquiry>
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32bb0) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260848: CKA_ID = 02
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32bb0) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260848: CKA_ID = 02
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32bb0) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_KEY_TYPE = CKK_RSA
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_LABEL = <size inquiry>
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.998 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_LABEL = KEY MAN pubkey
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_ID = <size inquiry>
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_ID = 03
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_ID = 03
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115261040: CKA_KEY_TYPE = CKK_RSA
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c70) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115261040: CKA_LABEL = <size inquiry>
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c70) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115261040: CKA_LABEL = CARD AUTH pubkey
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c70) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115261040: CKA_ID = <size inquiry>
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c70) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115261040: CKA_ID = 04
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c70) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115261040: CKA_ID = 04
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c70) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:59:sc_find_release: freeing 32 handles used 4  at 0x7febe3d09b70
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_MODULUS = <size inquiry>
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_MODULUS = AB9BF41C92FD23DE9DDF82EB50BA377E3A7EA3EC5DFD8252A0D79668B521E94E
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_PUBLIC_EXPONENT = <size inquiry>
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] framework-pkcs15.c:3824:pkcs15_pubkey_get_attribute: pkcs15_pubkey_get_attribute() called
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:237:C_GetAttributeValue: Object 140651115260944: CKA_PUBLIC_EXPONENT = 010001
0x7fff739f3000 19:40:19.999 [opensc-pkcs11] pkcs11-object.c:259:C_GetAttributeValue: C_GetAttributeValue(hSession=0x7febe3d09ac0, hObject=0x7febe3c32c10) = CKR_OK
0x7fff739f3000 19:40:20.001 [opensc-pkcs11] pkcs11-session.c:164:C_CloseAllSessions: C_CloseAllSessions(0x0)
0x7fff739f3000 19:40:20.001 [opensc-pkcs11] slot.c:397:slot_get_token: Slot(id=0x0): get token
0x7fff739f3000 19:40:20.001 [opensc-pkcs11] slot.c:415:slot_get_token: Slot-get-token returns OK
0x7fff739f3000 19:40:20.001 [opensc-pkcs11] pkcs11-session.c:129:sc_pkcs11_close_all_sessions: real C_CloseAllSessions(0x0) 1
0x7fff739f3000 19:40:20.001 [opensc-pkcs11] pkcs11-session.c:98:sc_pkcs11_close_session: real C_CloseSession(0x7febe3d09ac0)

$ git pull
remote: Counting objects: 34, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 34 (delta 23), reused 23 (delta 23), pack-reused 7
Unpacking objects: 100% (34/34), done.
From https://github.com/mouse07410/libp11
   70a0087..ebb474e  master     -> origin/master
Merge made by the 'recursive' strategy.
 NEWS          |   8 ++++-
 src/p11_ec.c  |   5 +--
 src/p11_rsa.c | 181 ++++++++++++++++++++++++++++++++++++++++---------------------------------------------------------------
 3 files changed, 80 insertions(+), 114 deletions(-)
$ git fetch upstream
From https://github.com/OpenSC/libp11
   85fc97a..eea3700  master     -> upstream/master
$ git merge upstream/master
Already up-to-date.
$ git push
Counting objects: 9, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 1.20 KiB | 0 bytes/s, done.
Total 9 (delta 5), reused 0 (delta 0)
To https://github.com/mouse07410/libp11.git
   ebb474e..e883dbe  master -> master
$ OPENSSL_CFLAGS="-I/Users/ur20980/src/openssl-1.1/include" OPENSSL_LIBS="-L/Users/ur20980/src/openssl-1.1/lib -lssl -lcrypto"  ./configure --prefix=/Users/ur20980/src/openssl-1.1 --with-pkcs11-module="/Library/OpenSC/lib/opensc-pkcs11.so" --with-enginesdir=/Users/ur20980/src/openssl-1.1/lib/engines
checking for a BSD-compatible install... /opt/local/bin/ginstall -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /opt/local/bin/gmkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking build system type... x86_64-apple-darwin14.5.0
checking host system type... x86_64-apple-darwin14.5.0
checking for gcc... clang
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether clang accepts -g... yes
checking for clang option to accept ISO C89... none needed
checking whether clang understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of clang... gcc3
checking for pkg-config... /opt/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... clang -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether byte ordering is bigendian... no
checking how to run the C preprocessor... clang -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /usr/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by clang... /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking for BSD- or MS-compatible name lister (nm)... /opt/local/bin/nm
checking the name lister (/opt/local/bin/nm) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking how to convert x86_64-apple-darwin14.5.0 file names to x86_64-apple-darwin14.5.0 format... func_convert_file_noop
checking how to convert x86_64-apple-darwin14.5.0 file names to toolchain format... func_convert_file_noop
checking for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld option to reload object files... -r
checking for objdump... no
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /opt/local/bin/nm output from clang object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking for dsymutil... dsymutil
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... no
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking for -force_load linker flag... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if clang supports -fno-rtti -fno-exceptions... yes
checking for clang option to produce PIC... -fno-common -DPIC
checking if clang PIC flag -fno-common -DPIC works... yes
checking if clang static flag -static works... no
checking if clang supports -c -o file.o... yes
checking if clang supports -c -o file.o... (cached) yes
checking whether the clang linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... darwin14.5.0 dyld
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for windres... no
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking malloc.h usability... no
checking malloc.h presence... no
checking for malloc.h... no
checking for stdlib.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking for dlfcn.h... (cached) yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking for doxygen... /opt/local/bin/doxygen
checking for library containing dlopen... none required
checking for __register_atfork... no
checking for OPENSSL... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/libp11.pc
config.status: creating src/libp11.rc
config.status: creating src/pkcs11.rc
config.status: creating doc/Makefile
config.status: creating doc/doxygen.conf
config.status: creating examples/Makefile
config.status: creating tests/Makefile
config.status: creating src/config.h
config.status: src/config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands

libp11 has been configured with the following options:

Version:                 0.4.0_git
libp11 directory:        /Users/ur20980/src/openssl-1.1/lib
Engine directory:        /Users/ur20980/src/openssl-1.1/lib/engines
Default PKCS11 module:   /Library/OpenSC/lib/opensc-pkcs11.so
API doc support:         no

Host:                    x86_64-apple-darwin14.5.0
Compiler:                clang
Preprocessor flags:      
Compiler flags:          -maes -mpclmul -mrdrnd -msse2 -mssse3 -msse4 -msse4.2
Linker flags:            
Libraries:               

OPENSSL_CFLAGS:          -I/Users/ur20980/src/openssl-1.1/include
OPENSSL_LIBS:            -L/Users/ur20980/src/openssl-1.1/lib -lssl -lcrypto

$ make all && make check
Making all in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-am
  CC       pkcs11_la-eng_front.lo
  CC       pkcs11_la-eng_back.lo
  CC       pkcs11_la-eng_parse.lo
  CC       libp11_la-libpkcs11.lo
  CC       libp11_la-p11_attr.lo
  CC       libp11_la-p11_cert.lo
p11_cert.c:50:3: warning: implicit declaration of function 'CRYPTO_lock' is invalid in C99 [-Wimplicit-function-declaration]
                pkcs11_w_lock(cpriv->lockid);
                ^
./libp11-int.h:142:11: note: expanded from macro 'pkcs11_w_lock'
        if(type) CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
                 ^
p11_cert.c:50:3: error: use of undeclared identifier 'CRYPTO_LOCK'
./libp11-int.h:142:23: note: expanded from macro 'pkcs11_w_lock'
        if(type) CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
                             ^
p11_cert.c:50:3: error: use of undeclared identifier 'CRYPTO_WRITE'
./libp11-int.h:142:35: note: expanded from macro 'pkcs11_w_lock'
        if(type) CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
                                         ^
p11_cert.c:52:3: error: use of undeclared identifier 'CRYPTO_UNLOCK'
                pkcs11_w_unlock(cpriv->lockid);
                ^
./libp11-int.h:144:23: note: expanded from macro 'pkcs11_w_unlock'
        if(type) CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
                             ^
p11_cert.c:52:3: error: use of undeclared identifier 'CRYPTO_WRITE'
./libp11-int.h:144:37: note: expanded from macro 'pkcs11_w_unlock'
        if(type) CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
                                           ^
1 warning and 4 errors generated.
make[2]: *** [libp11_la-p11_cert.lo] Error 1
make[1]: *** [all] Error 2
make: *** [all-recursive] Error 1
$ 

[0]: error queue: 14179006: error:14179006:SSL routines:tls_construct_server_key_exchange:EVP lib
[0]: SSL_accept: 80004003: error:80004003:PKCS11 library:PKCS11_open_session:Invalid slot ID
[1]: error queue: 14179006: error:14179006:SSL routines:tls_construct_server_key_exchange:EVP lib
[1]: error queue: 800280B3: error:800280B3:PKCS11 library:PKCS11_get_attribute:Session handle invalid
[1]: SSL_accept: 800060B3: error:800060B3:PKCS11 library:PKCS11_enum_keys:Session handle invalid
[2]: error queue: 14179006: error:14179006:SSL routines:tls_construct_server_key_exchange:EVP lib
[2]: SSL_accept: 800280B3: error:800280B3:PKCS11 library:PKCS11_get_attribute:Session handle invalid
[3]: error queue: 14179006: error:14179006:SSL routines:tls_construct_server_key_exchange:EVP lib
[3]: SSL_accept: 800280B3: error:800280B3:PKCS11 library:PKCS11_get_attribute:Session handle invalid
...

$ OPENSSL_CFLAGS="-I/Users/ur20980/include" OPENSSL_LIBS="-L/Users/ur20980/lib -lssl -lcrypto" ./configure --prefix=/Users/ur20980 --with-pkcs11-module="/Library/OpenSC/lib/opensc-pkcs11.so" --with-enginesdir=/Users/ur20980/lib/engines
checking for a BSD-compatible install... /opt/local/bin/ginstall -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /opt/local/bin/gmkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking build system type... x86_64-apple-darwin14.5.0
checking host system type... x86_64-apple-darwin14.5.0
checking for gcc... clang
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether clang accepts -g... yes
checking for clang option to accept ISO C89... none needed
checking whether clang understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of clang... gcc3
checking for pkg-config... /opt/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... clang -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether byte ordering is bigendian... no
checking how to run the C preprocessor... clang -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /usr/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by clang... /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking for BSD- or MS-compatible name lister (nm)... /opt/local/bin/nm
checking the name lister (/opt/local/bin/nm) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking how to convert x86_64-apple-darwin14.5.0 file names to x86_64-apple-darwin14.5.0 format... func_convert_file_noop
checking how to convert x86_64-apple-darwin14.5.0 file names to toolchain format... func_convert_file_noop
checking for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld option to reload object files... -r
checking for objdump... no
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /opt/local/bin/nm output from clang object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking for dsymutil... dsymutil
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... no
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking for -force_load linker flag... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if clang supports -fno-rtti -fno-exceptions... yes
checking for clang option to produce PIC... -fno-common -DPIC
checking if clang PIC flag -fno-common -DPIC works... yes
checking if clang static flag -static works... no
checking if clang supports -c -o file.o... yes
checking if clang supports -c -o file.o... (cached) yes
checking whether the clang linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... darwin14.5.0 dyld
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for windres... no
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking malloc.h usability... no
checking malloc.h presence... no
checking for malloc.h... no
checking for stdlib.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking for dlfcn.h... (cached) yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking for doxygen... doxygen
checking for library containing dlopen... none required
checking for __register_atfork... no
checking for OPENSSL... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/libp11.pc
config.status: creating src/libp11.rc
config.status: creating src/pkcs11.rc
config.status: creating doc/Makefile
config.status: creating doc/doxygen.conf
config.status: creating examples/Makefile
config.status: creating tests/Makefile
config.status: creating src/config.h
config.status: src/config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands

libp11 has been configured with the following options:

Version:                 0.4.0_git
libp11 directory:        /Users/ur20980/lib
Engine directory:        /Users/ur20980/lib/engines
Default PKCS11 module:   /Library/OpenSC/lib/opensc-pkcs11.so
API doc support:         no

Host:                    x86_64-apple-darwin14.5.0
Compiler:                clang
Preprocessor flags:      
Compiler flags:          -maes -mpclmul -msse2 -mssse3 -msse4 -msse4.2 -mrdrnd -mrdseed
Linker flags:            
Libraries:               

OPENSSL_CFLAGS:          -I/Users/ur20980/include
OPENSSL_LIBS:            -L/Users/ur20980/lib -lssl -lcrypto

$ make clean && make all && make check
......... <uneventful stuff> .........
/Applications/Xcode.app/Contents/Developer/usr/bin/make  check-TESTS
PASS: rsa-testpkcs11.softhsm
PASS: rsa-testfork.softhsm
PASS: rsa-testlistkeys.softhsm
FAIL: rsa-evp-sign.softhsm
PASS: ec-testfork.softhsm
============================================================================
Testsuite summary for libp11 0.4.0_git
============================================================================
# TOTAL: 5
# PASS:  4
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
============================================================================
See tests/test-suite.log
============================================================================
make[3]: *** [test-suite.log] Error 1
make[2]: *** [check-TESTS] Error 2
make[1]: *** [check-am] Error 2
make: *** [check-recursive] Error 1
$ cat tests/test-suite.log 
============================================
   libp11 0.4.0_git: tests/test-suite.log
============================================

# TOTAL: 5
# PASS:  4
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: rsa-evp-sign.softhsm
==========================

Current directory: /Users/ur20980/src/libp11-1.1/tests
Source directory: .
Output directory: output.18886
-n * Initializing smart card... 
ok
Using slot 0 with a present token (0x0)
Using slot 0 with a present token (0x0)
Using slot 0 with a present token (0x0)
***************
Listing objects
***************
Using slot 0 with a present token (0x0)
Private Key Object; RSA 
  label:      server-key
  ID:         00010203
  Usage:      decrypt, sign, unwrap
Certificate Object, type = X.509 cert
  label:      server-key
  ID:         00010203
Public Key Object; RSA 2048 bits
  label:      server-key
  ID:         00010203
  Usage:      encrypt, verify, wrap
At main.c:193:
- SSL error:25066067:DSO support routines:dlfcn_load:could not load the shared library: crypto/dso/dso_dlfcn.c:172
- SSL error:25070067:DSO support routines:DSO_load:could not load the shared library: crypto/dso/dso_lib.c:220
- SSL error:260B6084:engine routines:dynamic_load:dso not found: crypto/engine/eng_dyn.c:456
- SSL error:2606A074:engine routines:ENGINE_by_id:no such engine: crypto/engine/eng_list.c:372
Basic PKCS #11 test, using ctrl failed
FAIL rsa-evp-sign.softhsm (exit status: 1)

$ 

......
/Applications/Xcode.app/Contents/Developer/usr/bin/make  check-TESTS
PASS: rsa-testpkcs11.softhsm
PASS: rsa-testfork.softhsm
PASS: rsa-testlistkeys.softhsm
PASS: rsa-evp-sign.softhsm
PASS: ec-testfork.softhsm
============================================================================
Testsuite summary for libp11 0.4.0_git
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============

Found 3 certs in slot 'SoftHSM slot 0'
Using PKCS#11 certificate pkcs11:token=openconnect-test;id=%03
Found 0 keys in slot 'SoftHSM slot 0'
Logging in to PKCS#11 slot 'SoftHSM slot 0'
Logged in to PKCS#11 slot 'SoftHSM slot 0'
Found 2 keys in slot 'SoftHSM slot 0'
Using PKCS#11 key pkcs11:token=openconnect-test;id=%03

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5d77888 in EC_POINT_cmp (group=0x6dd670, a=0x6dc030, b=0x0, ctx=0x0)
    at ec_lib.c:1001
1001        if ((group->meth != a->meth) || (a->meth != b->meth)) {
Missing separate debuginfos, use: dnf debuginfo-install gnome-keyring-3.20.0-1.fc24.x86_64 libp11-0.3.0-2.fc24.x86_64 libpskc-2.6.1-2.fc24.x86_64 libtool-ltdl-2.4.6-11.fc24.x86_64 libxslt-1.1.28-12.fc24.x86_64 xmlsec1-1.2.20-3.fc24.x86_64
(gdb) bt
#0  0x00007ffff5d77888 in EC_POINT_cmp (group=0x6dd670, a=0x6dc030, b=0x0, 
    ctx=0x0) at ec_lib.c:1001
#1  0x00007ffff5d81a0c in eckey_pub_cmp (a=<optimized out>, b=0x6d6e20)
    at ec_ameth.c:224
#2  0x00007ffff5df5fb1 in X509_check_private_key (x=<optimized out>, 
    k=k@entry=0x6d6e20) at x509_cmp.c:333
#3  0x00007ffff6144a00 in ssl_set_pkey (c=0x6496b0, pkey=0x6d6e20)
    at ssl_rsa.c:223
#4  0x00007ffff6145c96 in SSL_CTX_use_PrivateKey (ctx=<optimized out>, 
    pkey=<optimized out>) at ssl_rsa.c:616
#5  0x00007ffff7bba3b1 in load_pkcs11_key (vpninfo=vpninfo@entry=0x643a70)
    at ../openssl-pkcs11.c:574
#6  0x00007ffff7bb7fdb in load_certificate (vpninfo=0x643a70)
    at ../openssl.c:889
#7  openconnect_open_https (vpninfo=vpninfo@entry=0x643a70)
    at ../openssl.c:1633
#8  0x00007ffff7b9bc08 in do_https_request (vpninfo=vpninfo@entry=0x643a70, 
    method=method@entry=0x7ffff7bbde11 "POST", 
    request_body_type=request_body_type@entry=0x7ffff7bbe2a8 "application/x-www-form-urlencoded", request_body=request_body@entry=0x644630, 
    form_buf=form_buf@entry=0x7fffffffdb70, 
    fetch_redirect=fetch_redirect@entry=0) at ../http.c:875
#9  0x00007ffff7bac91f in cstp_obtain_cookie (vpninfo=<optimized out>)

$ tests/.libs/evp-sign default xxxxxxxx /opt/local/etc/openssl/openssl.cnf "pkcs11:object=SIGN%20key;object-type=private" "pkcs11:object=SIGN%20pubkey;object-type=public" /Library/OpenSC/lib/opensc-pkcs11.dylib 
At main.c:261:
- SSL error:FFFFFFFF8000A001:Vendor defined:PKCS11_rsa_sign:Cancel: p11_rsa.c:148
$ tests/.libs/evp-sign ctrl xxxxxxxx /opt/local/etc/openssl/openssl.cnf "pkcs11:object=SIGN%20key;object-type=private" "pkcs11:object=SIGN%20pubkey;object-type=public" /Library/OpenSC/lib/opensc-pkcs11.dylib 
At main.c:261:
- SSL error:FFFFFFFF8000A001:Vendor defined:PKCS11_rsa_sign:Cancel: p11_rsa.c:148
$

......
 [opensc-pkcs11] reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5
 [opensc-pkcs11] sec.c:206:sc_pin_cmd: returning with: 0 (Success)
 [opensc-pkcs11] card-piv.c:2221:piv_set_security_env: called
 [opensc-pkcs11] card-piv.c:2252:piv_set_security_env: returning with: 0 (Success
)
 [opensc-pkcs11] sec.c:72:sc_set_security_env: returning with: 0 (Success)
 [opensc-pkcs11] card-piv.c:2352:piv_compute_signature: called
 [opensc-pkcs11] card-piv.c:2281:piv_validate_general_authentication: called
 [opensc-pkcs11] card-piv.c:454:piv_general_io: called
 [opensc-pkcs11] card-piv.c:2410:piv_compute_signature: returning with: -1211 (Security status not satisfied)
 [opensc-pkcs11] sec.c:58:sc_compute_signature: returning with: -1211 (Security status not satisfied)
 [opensc-pkcs11] card-piv.c:2221:piv_set_security_env: called
 [opensc-pkcs11] card-piv.c:2252:piv_set_security_env: returning with: 0 (Success)
 [opensc-pkcs11] sec.c:72:sc_set_security_env: returning with: 0 (Success)
......

 [opensc-pkcs11] reader-pcsc.c:389:pcsc_detect_card_presence: returning with: 5
 [opensc-pkcs11] sec.c:206:sc_pin_cmd: returning with: 0 (Success)
 [opensc-pkcs11] sec.c:206:sc_pin_cmd: returning with: 0 (Success)
 [opensc-pkcs11] card-piv.c:2221:piv_set_security_env: called
 [opensc-pkcs11] card-piv.c:2252:piv_set_security_env: returning with: 0 (Success)
 [opensc-pkcs11] sec.c:72:sc_set_security_env: returning with: 0 (Success)
 [opensc-pkcs11] card-piv.c:2417:piv_decipher: called
 [opensc-pkcs11] card-piv.c:2281:piv_validate_general_authentication: called
 [opensc-pkcs11] card-piv.c:454:piv_general_io: called
 [opensc-pkcs11] card-piv.c:2419:piv_decipher: returning with: 256
 [opensc-pkcs11] sec.c:44:sc_decipher: returning with: 256
 [opensc-pkcs11] card-piv.c:2819:piv_finish: called
 [opensc-pkcs11] ctx.c:818:sc_release_context: called

int unwrap(const unsigned char *in, const size_t inlen, unsigned char **out, size_t *olen, ENGINE **e) {
    int rv = -1;
    EVP_PKEY *privkey = NULL;
    EVP_PKEY_CTX *ctx = NULL;
    PW_CB_DATA cb_data;
    char *key_pass = NULL;

    cb_data.password = NULL;
    cb_data.prompt_info = "pkcs11:object=KEY%20MAN%20key;object-type=private";

    setup_ui();

    ui_method = ui_console_with_default;
    ui_extra = key_pass;

    /* Load engine */
    if (*e == NULL) {
        *e = load_engine("pkcs11");
        if (*e == NULL) {
            fprintf(stderr, "unwrap: failed to instantiate pkcs11 engine\n");
            goto end;
        }
    }

    privkey = ENGINE_load_private_key(*e, "id_03", ui_method, ui_extra);
    if (privkey == NULL) {
        fprintf(stderr, "unwrap: failed to get handle to privkey id_03\n");
        goto end;
    }
    printf("unwrap: loaded privkey of size %1d\n", EVP_PKEY_size(privkey));

    /* Create context */
    ctx = EVP_PKEY_CTX_new(privkey, NULL);
    EVP_PKEY_free(privkey);
    if (ctx == NULL) {
        fprintf(stderr, "unwrap: failed to create context\n");
        goto end;
    }
    rv = EVP_PKEY_decrypt_init(ctx);
    EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
    if (rv <= 0) {
        fprintf(stderr, "unwrap: failed to initialize decrypt_ctx (rv=%d\n", rv);
        goto end;
    }

    /* Unwrap the encrypted key */
    *olen = 0;
    rv = EVP_PKEY_decrypt(ctx, NULL, olen, in, inlen);
    if ((rv <= 0) || (*olen == 0)) {
        fprintf(stderr, "unwrap: failed to get required output buf len (rv=%d)\n", rv);
        goto end;
    }
    printf("unwrap: allocating %1lu bytes...\n", *olen);
    *out = OPENSSL_malloc(*olen);
    if (*out == NULL) {
        fprintf(stderr, "unwrap: failed to allocate output buf (%1lu bytes)\n", *olen);
        rv = -1;
        goto end;
    }
    rv = EVP_PKEY_decrypt(ctx, *out, olen, in, inlen);
    if (rv <= 0) {
        OPENSSL_free(*out);
        *out = NULL;
        fprintf(stderr, "unwrap: failed to decrypt (rv=%d)\n", rv);
        goto end;
    }
    printf("unwrap: decrypt returned %d (%1lu bytes)\n", rv, *olen);

    /* Cleanup - tear down OpenSSL constructs used */
end:
    ERR_print_errors_fp(stderr);
    if (ctx == NULL)
        EVP_PKEY_CTX_free(ctx);
    //unload_engine(e);
    //clean_openssl();

    return rv;
}

unwrap: loaded privkey of size 256
unwrap: allocating 256 bytes...
unwrap: decrypt returned 1 (0 bytes)
unwrapping returned 1
Decrypted symmetric key (0 bytes):

140735154045776:error:80008001:Vendor defined:PKCS11_rsa_decrypt:Cancel:p11_rsa.c:181:

Current directory: /Users/ur20980/src/libp11/tests
Source directory: .
Output directory: output.40351
-n * Initializing smart card... 
ok
Using slot 0 with a present token (0x0)
Using slot 0 with a present token (0x0)
Using slot 0 with a present token (0x0)
***************
Listing objects
***************
Using slot 0 with a present token (0x0)
Public Key Object; RSA 2048 bits
  label:      server-key
  ID:         00010203
  Usage:      encrypt, verify, wrap
Certificate Object, type = X.509 cert
  label:      server-key
  ID:         00010203
Private Key Object; RSA 
  label:      server-key
  ID:         00010203
  Usage:      decrypt, sign, unwrap
Signature created
Signature verified
Signature created
Signature verified
Signature created
Signature verified
Signature created
Signature verified
Signature created
Signature verified
Signature created
Signature verified
PASS rsa-evp-sign.softhsm (exit status: 0)

-passin arg     pass phrase source
$ openssl pkeyutl -engine pkcs11 -peerform engine -derive -inkey 384priv.pem -peerkey id_03 -hexdump
engine "pkcs11" set.
Error initializing context
140735231131728:error:260C0065:engine routines:ENGINE_get_pkey_meth:unimplemented public key method:tb_pkmeth.c:128:
140735231131728:error:0609D09C:digital envelope routines:INT_CTX_NEW:unsupported algorithm:pmeth_lib.c:164:
Usage: pkeyutl [options]
-in file        input file
-out file       output file
-sigfile file signature file (verify operation only)
-inkey file     input key
-keyform arg    private key format - default PEM
-pubin          input is a public key
-certin         input is a certificate carrying a public key
-pkeyopt X:Y    public key options
-sign           sign with private key
-verify         verify with public key
-verifyrecover  verify with public key, recover original data
-encrypt        encrypt with public key
-decrypt        decrypt with private key
-derive         derive shared secret
-hexdump        hex dump output
-engine e       use engine e, possibly a hardware device.
-passin arg     pass phrase source

$ pkcs15-tool -read-public-key 03 -o 384token-pub.pem
Using reader with a card: Yubico Yubikey 4 OTP+U2F+CCID
Certificate with ID 'ead-public-key' not found.
$ pkcs15-tool --read-public-key 03 -o 384token-pub.pem
Using reader with a card: Yubico Yubikey 4 OTP+U2F+CCID
$ cat !!:$
cat 384token-pub.pem
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDGS7L4T8k+bleEHixoBy/78g5c2T4gXh
jfbSp9mu7QFsQM+GUXPq/vXY/keAvMytU1/J1+IOs60fSojUHTTKBGP37eAirjbP
aPKoCOuwZfU2azEtyfqlEhVZF9RX3Sre
-----END PUBLIC KEY-----
$ openssl pkeyutl -derive -inkey 384priv.pem -peerkey 384token-pub.pem -hexdump
0000 - 49 9d 0c 63 f0 65 24 65-8e 36 43 dd e0 d9 38 61   I..c.e$e.6C...8a
0010 - 96 16 2a 03 49 e3 a1 cf-48 fd e0 f8 d4 b8 5d 1b   ..*.I...H.....].
0020 - e9 9e 31 53 a6 97 10 5f-cb c7 d2 15 ac 7d 84 b5   ..1S..._.....}..
$

Generated random 256-bit AES key:
30 d8 8b e1 b3 a8 b6 36 3f f9 92 36 3f af 08 e6 
43 f1 a2 d7 c7 d2 9e 28 6d 9a 84 83 e7 ea 95 78 

Encrypted symmetric key (256 bytes):
1f e6 08 cb 28 5a 12 ad 96 35 56 c5 17 51 7c 57 
3e 75 6e 8d 34 57 8b 88 22 6d 27 21 22 a2 fd da 
b1 0b c8 84 55 49 ee 3b 04 a3 c5 1f 2b 5f 31 0e 
7f be e3 09 8b 51 90 1b 07 54 48 b1 de 76 d9 24 
03 65 00 e2 92 64 e1 26 eb 7d 75 51 6f 01 d7 b8 
7c a0 ab 5d 9f d9 24 49 eb 2b 91 4e 78 cf 88 c2 
af 7f f6 3d a7 ad d8 cc 38 a5 e7 8f a1 3d 5b ae 
e6 d5 1b c9 ba 4b 53 97 2f e3 29 8e 3c 35 51 89 
e4 2a 6e a6 ae 3f f2 27 2b 3e b8 78 b6 af 95 21 
82 34 62 be 36 c7 91 d8 00 7d 3f fa 98 c4 79 a6 
5a 72 4f 29 18 1f 61 d5 d2 8e d2 31 56 77 98 01 
dd 6e 98 ea 02 ce 50 21 01 c7 c2 0a 6e 33 88 a8 
53 94 2a f7 6a c4 f2 4c 78 21 95 95 b9 f0 48 30 
97 5c 37 08 e1 d4 67 00 b5 f0 ec 7c 0b cb 20 78 
41 12 ee e9 2b 4f 76 f9 4b 82 ac 9e c4 89 b9 91 
ea 13 f8 d1 69 9a 86 38 c2 fb cf 35 57 80 96 94 

PKCS#11 token PIN: xxxxxxxx

unwrap: loaded privkey of size 256
unwrap: allocating 256 bytes (rv=1)
unwrapping returned -1
Decrypted symmetric key (256 bytes):
00 00 00 00 00 00 00 80 00 00 00 00 00 00 00 80 
10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 

unwrap: failed to decrypt (rv=-1)
140735133200464:error:80008001:Vendor defined:PKCS11_rsa_decrypt:Cancel:p11_rsa.c:179:
printed OpenSSL errors, heading to end: label...
unwrap: returning -1...
freeing sym_key...
freeing wrapped_key...
freeing unwrapped_key...
OSSL-Tst2(4412,0x7fff739f3000) malloc: *** error for object 0x7f8871c3e4d0: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug

#include <stdio.h>
#include <string.h>

#include <openssl/conf.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/ui.h>

#undef OPENSSL_CONF
#define OPENSSL_CONF "/opt/local/etc/openssl/openssl.cnf"

# define FORMAT_UNDEF    0
# define FORMAT_ASN1     1
# define FORMAT_TEXT     2
# define FORMAT_PEM      3
# define FORMAT_NETSCAPE 4
# define FORMAT_PKCS12   5
# define FORMAT_SMIME    6
# define FORMAT_ENGINE   7
# define FORMAT_IISSGC   8      /* XXX this stupid macro helps us to avoid
 * adding yet another param to load_*key() */
# define FORMAT_PEMRSA   9      /* PEM RSAPubicKey format */
# define FORMAT_ASN1RSA  10     /* DER RSAPubicKey format */
# define FORMAT_MSBLOB   11     /* MS Key blob format */
# define FORMAT_PVK      12     /* MS PVK file format */
# define FORMAT_HTTP     13     /* Download using HTTP */
# define EXT_COPY_NONE   0
# define EXT_COPY_ADD    1
# define EXT_COPY_ALL    2
# define NETSCAPE_CERT_HDR       "certificate"
# define APP_PASS_LEN    1024
# define SERIAL_RAND_BITS        64

/* 256-bit AES key */
#define AES_KEYSIZE 32

#define APP_PASS_LEN  1024

int wrap(const unsigned char *in, const size_t inlen, unsigned char **out, size_t *olen, ENGINE **e);
int unwrap(const unsigned char *in, const size_t inlen, unsigned char **out, size_t *olen, ENGINE **e);
ENGINE *load_engine(const char *name);
void unload_engine(ENGINE *e);
void init_openssl(void);
void clean_openssl(void);
void print_hex(const unsigned char *buf, const size_t len);

#ifndef HEADER_APPS_H
int setup_ui_method(void);
void destroy_ui_method(void);

#  ifndef NON_MAIN
CONF *config = NULL;
BIO *bio_err = NULL;
#  else
extern CONF *config;
extern BIO *bio_err;
#  endif

# define PW_MIN_LENGTH 4
typedef struct pw_cb_data {
    const void *password;
    const char *prompt_info;
} PW_CB_DATA;

#endif /* HEADER_APPS_H */

int main(int argc, char **argv)
{
    int i = 0;
    size_t ilen = AES_KEYSIZE, olen = 0;
    unsigned char *sym_key = NULL;
    unsigned char *wrapped_key = NULL;
    unsigned char *unwrapped_key = NULL;

    ENGINE *e = NULL;

    init_openssl();

    setup_ui_method();

    /* Allocate symm key and fill with random data */
    sym_key = OPENSSL_malloc(ilen); /* 256-bit AES key */
    RAND_bytes(sym_key, ilen);
    printf("Generated random 256-bit AES key:\n");
    print_hex(sym_key, ilen);
    printf("\n");

    i = wrap(sym_key, ilen, &wrapped_key, &olen, &e);
    //printf("wrapping returned %d\n", i);
    printf("Encrypted symmetric key (%1lu bytes):\n", olen);
    print_hex(wrapped_key, olen);
    printf("\n");

    //goto end; /* TODO for now only testing wrap */
    olen = 0; /* to avoid confusion by decrypter */

    i = unwrap(wrapped_key, ilen, &unwrapped_key, &olen, &e);
    printf("unwrapping returned %d\n", i);
    if (olen > 0) {
        printf("Decrypted symmetric key (%1lu bytes):\n", olen);
        print_hex(unwrapped_key, olen);
    } else {
        printf("Decrypt returned zero bytes - error\n");
    }
    printf("\n");

//end:
    if (sym_key != NULL) {
        fprintf(stderr, "freeing sym_key...\n");
        OPENSSL_free(sym_key);
    }
    if (wrapped_key != NULL) {
        fprintf(stderr, "freeing wrapped_key...\n");
        OPENSSL_free(wrapped_key);
    }
    if (unwrapped_key != NULL) {
        fprintf(stderr, "freeing unwrapped_key...\n");
        OPENSSL_free(unwrapped_key);
    }

    fprintf(stderr, "destroy_ui_method()...\n");
    destroy_ui_method();
    fprintf(stderr, "unload_engine()...\n");
    unload_engine(e);
    fprintf(stderr, "clean_openssl()...\n");
    clean_openssl();
}

#ifndef DONT_INCLUDE_UI_METHOD_HERE
static UI_METHOD *ui_method = NULL;

static int ui_open(UI *ui)
{
    return UI_method_get_opener(UI_OpenSSL())(ui);
}

static int ui_read(UI *ui, UI_STRING *uis)
{
    if ((UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)
        && UI_get0_user_data(ui)) {
        switch (UI_get_string_type(uis)) {
        case UIT_PROMPT:
        case UIT_VERIFY:
            {
                const char *password =
                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
                if (password && password[0] != '\0') {
                    UI_set_result(ui, uis, password);
                    return 1;
                }
            }
            break;
        default:
            break;
        }
    }
    return UI_method_get_reader(UI_OpenSSL())(ui, uis);
}

static int ui_write(UI *ui, UI_STRING *uis)
{
    if ((UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)
        && UI_get0_user_data(ui)) {
        switch (UI_get_string_type(uis)) {
        case UIT_PROMPT:
        case UIT_VERIFY:
            {
                const char *password =
                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
                if (password && password[0] != '\0')
                    return 1;
            }
            break;
        default:
            break;
        }
    }
    return UI_method_get_writer(UI_OpenSSL())(ui, uis);
}

static int ui_close(UI *ui)
{
    return UI_method_get_closer(UI_OpenSSL())(ui);
}

int setup_ui_method(void)
{
    ui_method = UI_create_method("OpenSSL application user interface");
    UI_method_set_opener(ui_method, ui_open);
    UI_method_set_reader(ui_method, ui_read);
    UI_method_set_writer(ui_method, ui_write);
    UI_method_set_closer(ui_method, ui_close);
    return 0;
}

void destroy_ui_method(void)
{
    if (ui_method) {
        UI_destroy_method(ui_method);
        ui_method = NULL;
    }
}

int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
{
    UI *ui = NULL;
    int res = 0;
    const char *prompt_info = NULL;
    const char *password = NULL;
    PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;

    if (cb_data) {
        if (cb_data->password)
            password = cb_data->password;
        if (cb_data->prompt_info)
            prompt_info = cb_data->prompt_info;
    }

    if (password) {
        res = strlen(password);
        if (res > bufsiz)
            res = bufsiz;
        memcpy(buf, password, res);
        return res;
    }

    ui = UI_new_method(ui_method);
    if (ui) {
        int ok = 0;
        char *buff = NULL;
        int ui_flags = 0;
        char *prompt = NULL;

        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
        if (!prompt) {
            BIO_printf(bio_err, "Out of memory\n");
            UI_free(ui);
            return 0;
        }

        ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);

        if (ok >= 0)
            ok = UI_add_input_string(ui, prompt, ui_flags, buf,
                                     PW_MIN_LENGTH, bufsiz - 1);
        if (ok >= 0 && verify) {
            buff = (char *)OPENSSL_malloc(bufsiz);
            if (!buff) {
                BIO_printf(bio_err, "Out of memory\n");
                UI_free(ui);
                OPENSSL_free(prompt);
                return 0;
            }
            ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
                                      PW_MIN_LENGTH, bufsiz - 1, buf);
        }
        if (ok >= 0)
            do {
                ok = UI_process(ui);
            }
            while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));

        if (buff) {
            OPENSSL_cleanse(buff, (unsigned int)bufsiz);
            OPENSSL_free(buff);
        }

        if (ok >= 0)
            res = strlen(buf);
        if (ok == -1) {
            BIO_printf(bio_err, "User interface error\n");
            ERR_print_errors(bio_err);
            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
            res = 0;
        }
        if (ok == -2) {
            BIO_printf(bio_err, "aborted!\n");
            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
            res = 0;
        }
        UI_free(ui);
        OPENSSL_free(prompt);
    }
    return res;
}

static char *app_get_pass(BIO *err, char *arg, int keepbio);

int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
{
    int same;
    if (!arg2 || !arg1 || strcmp(arg1, arg2))
        same = 0;
    else
        same = 1;
    if (arg1) {
        *pass1 = app_get_pass(err, arg1, same);
        if (!*pass1)
            return 0;
    } else if (pass1)
        *pass1 = NULL;
    if (arg2) {
        *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
        if (!*pass2)
            return 0;
    } else if (pass2)
        *pass2 = NULL;
    return 1;
}

static char *app_get_pass(BIO *err, char *arg, int keepbio)
{
    char *tmp, tpass[APP_PASS_LEN];
    static BIO *pwdbio = NULL;
    int i;
    if (!strncmp(arg, "pass:", 5))
        return BUF_strdup(arg + 5);
    if (!strncmp(arg, "env:", 4)) {
        tmp = getenv(arg + 4);
        if (!tmp) {
            BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
            return NULL;
        }
        return BUF_strdup(tmp);
    }
    if (!keepbio || !pwdbio) {
        if (!strncmp(arg, "file:", 5)) {
            pwdbio = BIO_new_file(arg + 5, "r");
            if (!pwdbio) {
                BIO_printf(err, "Can't open file %s\n", arg + 5);
                return NULL;
            }
        } else if (!strncmp(arg, "fd:", 3)) {
            BIO *btmp;
            i = atoi(arg + 3);
            if (i >= 0)
                pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
            if ((i < 0) || !pwdbio) {
                BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
                return NULL;
            }
            /*
             * Can't do BIO_gets on an fd BIO so add a buffering BIO
             */
            btmp = BIO_new(BIO_f_buffer());
            pwdbio = BIO_push(btmp, pwdbio);
        } else if (!strcmp(arg, "stdin")) {
            pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
            if (!pwdbio) {
                BIO_printf(err, "Can't open BIO for stdin\n");
                return NULL;
            }
        } else {
            BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
            return NULL;
        }
    }
    i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
    if (keepbio != 1) {
        BIO_free_all(pwdbio);
        pwdbio = NULL;
    }
    if (i <= 0) {
        BIO_printf(err, "Error reading password from BIO\n");
        return NULL;
    }
    tmp = strchr(tpass, '\n');
    if (tmp)
        *tmp = 0;
    return BUF_strdup(tpass);
}
#endif /* DONT_INCLUDE_UI_METHOD_HERE */

ENGINE* load_engine(const char *engine_name) {
    ENGINE *e = NULL;

    e = ENGINE_by_id("pkcs11");
    if ( e == NULL ) {
        fprintf(stderr, "ENGINE_by_id(\"pkcs11\") returned %lu\n",
                ERR_get_error());
        return NULL;
    }
    if ( ! ENGINE_init(e) ) {
        fprintf(stderr, "ENGINE_init returned %lu\n", ERR_get_error());
        return NULL;
    }

    return e;
}

void unload_engine(ENGINE *e) {
    ENGINE_finish(e);
    ENGINE_free(e);
    ENGINE_cleanup();
}

int wrap(const unsigned char *in, const size_t inlen, unsigned char **out, size_t *olen, ENGINE **e) {
    int rv = -1;
    EVP_PKEY *pubkey = NULL;
    EVP_PKEY_CTX *ctx = NULL;

    /* Sanity checks */
    if (in == NULL) {
        fprintf(stderr, "wrap: missing key to be encrypted...\n");
        return rv;
    }
    if (out == NULL) {
        fprintf(stderr, "wrap: missing ptr to encrypted key...\n");
        return rv;
    }
    if (inlen == 0) {
        fprintf(stderr, "wrap: key to be encrypted cannot have zero length\n");
        return rv;
    }
    /* How to check olen??? */

    /* Initialize OpenSSL crypto library */
    //init_openssl();

    /* Load engine */
    if (*e == NULL) {
        *e = load_engine("pkcs11");
        if (e == NULL) {
            fprintf(stderr, "wrap: failed to instantiate pkcs11 engine\n");
            ERR_print_errors_fp(stderr);
            goto end;
        }
#if 0
        /* Set ui_method for this engine */
        ENGINE_ctrl_cmd(*e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
        if (!ENGINE_set_default(*e, ENGINE_METHOD_ALL)) {
            fprintf(stderr, "Failed to set ui_method\n");
            ENGINE_free(*e);
            goto end;
        }
#endif
    }

    /* Retrieve the public key from the token */
    pubkey = ENGINE_load_public_key(*e, "id_03", NULL, NULL);
    if (pubkey == NULL) {
        fprintf(stderr, "wrap: failed to retrieve pubkey id_03\n");
        ERR_print_errors_fp(stderr);
        goto end;
    }

    /* Create context */
    ctx = EVP_PKEY_CTX_new(pubkey, NULL);
    EVP_PKEY_free(pubkey);
    if (ctx == NULL) {
        fprintf(stderr, "wrap: failed to create context\n");
        ERR_print_errors_fp(stderr);
        goto end;
    }
    rv = EVP_PKEY_encrypt_init(ctx);
    EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
    if (rv <= 0) {
        fprintf(stderr, "wrap: failed to set RSA_PKCS1_OAEP_PADDING (rv=%d)\n", rv);
        ERR_print_errors_fp(stderr);
        goto end;
    }

    /* Wrap/encrypt the symmetric key */
    *olen = 0;
    rv = EVP_PKEY_encrypt(ctx, NULL, olen, in, inlen);
    if (rv <= 0) {
        fprintf(stderr, "wrap: failed to get required output buf len (rv=%d)\n", rv);
        ERR_print_errors_fp(stderr);
        goto end;
    }
    *out = OPENSSL_malloc(olen);
    if (*out == NULL) {
        fprintf(stderr, "wrap: failed to allocate output buf (%1lu bytes)\n", *olen);
        rv = -1;
        goto end;
    }
    rv = EVP_PKEY_encrypt(ctx, *out, olen, in, inlen);
    if (rv <= 0) {
        OPENSSL_free(*out);
        fprintf(stderr, "wrap: failed to encrypt (rv=%d)\n", rv);
        ERR_print_errors_fp(stderr);
        goto end;
    }

    /* Cleanup - tear down the OpenSSL constructs used */
end:
    if (ctx == NULL)
        EVP_PKEY_CTX_free(ctx);
    //unload_engine(pkcs);
    //clean_openssl();

    return rv;
}

int unwrap(const unsigned char *in, const size_t inlen, unsigned char **out, size_t *olen, ENGINE **e) {
    int rv = -1;
    EVP_PKEY *privkey = NULL;
    EVP_PKEY_CTX *ctx = NULL;
    char *passin = NULL;
    PW_CB_DATA cb_data;

    cb_data.password = NULL;
    cb_data.prompt_info = "id_03";

    /* Sanity checks */
    if (in == NULL) {
        fprintf(stderr, "unwrap: missing key to be decrypted...\n");
        return rv;
    }
    if (out == NULL) {
        fprintf(stderr, "unwrap: missing ptr to decrypted key...\n");
        return rv;
    }
    if (inlen == 0) {
        fprintf(stderr, "unwrap: key to be decrypted cannot have zero length\n");
        return rv;
    }
    /* How to check olen??? */

    /* OpenSSL should be initialized before we are called */
    //init_openssl();

    /* Load engine */
    if (*e == NULL) {
        fprintf(stderr, "unwrap: loading PKCS11 engine...\n");
        *e = load_engine("pkcs11");
        if (*e == NULL) {
            fprintf(stderr, "unwrap: failed to instantiate pkcs11 engine\n");
            ERR_print_errors_fp(stderr);
            goto end;
        }
#if 0
        /* Set ui_method for this engine */
        ENGINE_ctrl_cmd(*e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
        if (!ENGINE_set_default(*e, ENGINE_METHOD_ALL)) {
            fprintf(stderr, "Failed to set ui_method\n");
            ENGINE_free(*e);
            goto end;
        }
#endif
    }

    /* ui_method should be configured before this */

    if (!app_passwd(bio_err, NULL, NULL, &passin, NULL)) {
        BIO_printf(bio_err, "Error getting password\n");
        ERR_print_errors_fp(stderr);
        goto end;
    }


    /* Retrieve the handle to private key on the token */
    /* Here need to get user PIN somehow ... */
    cb_data.password = NULL;
    cb_data.prompt_info = "id_03";

    const char *inkey = "pkcs11:object=KEY%20MAN%20key;object-type=private";
    privkey = ENGINE_load_private_key(*e, inkey, ui_method, &cb_data);
    //privkey = load_key(bio_err, inkey, FORMAT_ENGINE, 0, passin, *e, "Private Key");
    if (privkey == NULL) {
        fprintf(stderr, "unwrap: failed to get handle to privkey id_03\n");
        ERR_print_errors_fp(stderr);
        goto end;
    }
    printf("unwrap: loaded privkey of size %1d\n", EVP_PKEY_size(privkey));

    /* Create context */
    ctx = EVP_PKEY_CTX_new(privkey, NULL);
    EVP_PKEY_free(privkey);
    if (ctx == NULL) {
        fprintf(stderr, "unwrap: failed to create context\n");
        ERR_print_errors_fp(stderr);
        goto end;
    }
    rv = EVP_PKEY_decrypt_init(ctx);
    EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);
    if (rv <= 0) {
        fprintf(stderr, "unwrap: failed to set RSA_PKCS1_OAEP_PADDING (rv=%d\n", rv);
        ERR_print_errors_fp(stderr);
        goto end;
    }

    /* Unwrap the encrypted key */
    *olen = 0;
    rv = EVP_PKEY_decrypt(ctx, NULL, olen, in, inlen);
    if ((rv <= 0) || (*olen == 0)) {
        fprintf(stderr, "unwrap: failed to learn needed output buf len (rv=%d)\n", rv);
        ERR_print_errors_fp(stderr);
        goto end;
    }
    printf("unwrap: allocating %1lu bytes (rv=%1d)\n", *olen, rv);
    *out = OPENSSL_malloc(*olen);
    if (*out == NULL) {
        fprintf(stderr, "unwrap: failed to allocate output buf (%1lu bytes)\n", *olen);
        rv = -1;
        goto end;
    }
    /* Somewhere here the code fails to re-authenticate to the token */
    rv = EVP_PKEY_decrypt(ctx, *out, olen, in, inlen);
    if (rv <= 0) {
        OPENSSL_free(*out);
        fprintf(stderr, "unwrap: failed to decrypt (rv=%d)\n", rv);
        ERR_print_errors_fp(stderr);
        fprintf(stderr, "printed OpenSSL errors, heading to end: label...\n");
        goto end;
    }
    printf("unwrap: decrypt returned %1lu bytes (rv=%1d)\n", *olen, rv);

    /* Cleanup - tear down OpenSSL constructs used */
end:
    ERR_print_errors_fp(stderr);
    if (ctx == NULL) {
        fprintf(stderr, "freeing CTX...\n");
        EVP_PKEY_CTX_free(ctx);
        fprintf(stderr, "freed CTX...\n");
    }
    //unload_engine(e);
    //clean_openssl();
    fprintf(stderr, "unwrap: returning %1d...\n", rv);
    return rv;
}

inline
void init_openssl() {
    /* Load the human readable error strings for libcrypto */
    ERR_load_crypto_strings();
    /* Load all digest and cipher algorithms */
    OpenSSL_add_all_algorithms();
    /* Load config file, and other important initialization */
    OPENSSL_config(OPENSSL_CONF);

    ENGINE_load_rdrand(); /* and load RDRAND engine */
}

inline
void clean_openssl() { /* probably not needed if other modules use libcrypto? */
    /* Removes all digests and ciphers */
    EVP_cleanup();
    /* if you omit the next, a small leak may be left when you make use of the
     BIO (low level API) for e.g. base64 transformations */
    CRYPTO_cleanup_all_ex_data();
    /* Remove error strings */
    ERR_free_strings();
}

inline
void print_hex(const unsigned char *buf, const size_t len) {
    for (int i = 0; i < len; i++) {
        if ( ! (i % 16) && i ) printf("\n");
        printf("%02x ", buf[i]);
    }
    printf("\n");
}

Making check in tests
/Applications/Xcode.app/Contents/Developer/usr/bin/make  auth fork-test rawrsasign \
      testpkcs11.softhsm testfork.softhsm
  CC       ../examples/auth.o
  CCLD     auth
libtool: warning: '-no-install' is ignored for x86_64-apple-darwin15.2.0
libtool: warning: assuming '-no-fast-install' instead
  CC       fork-test.o
  CCLD     fork-test
libtool: warning: '-no-install' is ignored for x86_64-apple-darwin15.2.0
libtool: warning: assuming '-no-fast-install' instead
  CC       ../examples/rawrsasign.o
  CCLD     rawrsasign
libtool: warning: '-no-install' is ignored for x86_64-apple-darwin15.2.0
libtool: warning: assuming '-no-fast-install' instead
make[2]: Nothing to be done for `testpkcs11.softhsm'.
make[2]: Nothing to be done for `testfork.softhsm'.
/Applications/Xcode.app/Contents/Developer/usr/bin/make  check-TESTS
SKIP: testpkcs11.softhsm
SKIP: testfork.softhsm
============================================================================
Testsuite summary for libp11 0.3.0_git
============================================================================
# TOTAL: 2
# PASS:  0
# SKIP:  2
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
Making check in examples
  CCLD     auth
$ tests/auth /Library/OpenSC/lib/opensc-pkcs11.so
Slot manufacturer......: OpenSC (www.opensc-project.org)
Slot description.......: Yubico Yubikey NEO OTP+U2F+CCID
Slot token label.......: PIV_II (PIV Card Holder pin)
Slot token manufacturer: piv_II
Slot token model.......: PKCS#15 emulated
Slot token serialnr....: 1e00100269d78e66
Password for token PIV_II (PIV Card Holder pin): authentication successfull.
$ tests/rawrsasign !!:1
tests/rawrsasign /Library/OpenSC/lib/opensc-pkcs11.so
Slot manufacturer......: OpenSC (www.opensc-project.org)
Slot description.......: Yubico Yubikey NEO OTP+U2F+CCID
Slot token label.......: PIV_II (PIV Card Holder pin)
Slot token manufacturer: piv_II
Slot token model.......: PKCS#15 emulated
Slot token serialnr....: 1e00100269d78e66
Password for token PIV_II (PIV Card Holder pin): raw signing operation and signature verification successful.
$ tests/testpkcs11.softhsm
mkdir: /output.88603: Permission denied
Could not find softhsm(2) tool
$

$ openssl pkeyutl -engine pkcs11 -keyform engine -derive -inkey  "pkcs11:object=KEY%20MAN%20key;object-type=private" -peerform DER -peerkey /tmp/derive.62672.pub.der -hexdump
engine "pkcs11" set.
PKCS#11 token PIN: 
0000 - b3 41 58 6a 3e c5 68 23-2f fd ee 16 cb df 31 cf   .AXj>.h#/.....1.
0010 - 0c 0d a4 64 6c e6 33 c3-ed 6b 99 6f d3 c9 98 47   ...dl.3..k.o...G
0020 - a9 0a 45 93 c2 f1 10 32-ba 08 23 5a e1 f9 38 95   ..E....2..#Z..8.

openssl pkeyutl -engine pkcs11 -peerform engine -derive -inkey /tmp/derive.60770.priv.pem -peerkey "pkcs11:object=KEY%20MAN%20pubkey;object-type=public" -out /tmp/derive.60770.shared1
engine "pkcs11" set.
Public Key operation error

$ apps/openssl pkeyutl -engine pkcs11 -keyform PEM -peerform engine -derive -inkey /tmp/derive.1017.priv.pem -peerkey "pkcs11:object=KEY%20MAN%20pubkey;object-type=public" -hexdump
engine "pkcs11" set.
0000 - 74 68 17 49 f2 4a d0 0f-73 4e ed c8 81 68 58 87   th.I.J..sN...hX.
0010 - 19 61 ba 11 d9 e8 05 d5-d7 fd cf e4 62 52 52 35   .a..........bRR5

$ ./configure --prefix=/opt/local --with-pkcs11-module="/Library/OpenSC/lib/opensc-pkcs11.so" --with-enginesdir=/opt/local/lib/engines
checking for a BSD-compatible install... /opt/local/bin/ginstall -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /opt/local/bin/gmkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking build system type... x86_64-apple-darwin15.3.0
checking host system type... x86_64-apple-darwin15.3.0
checking for gcc... clang
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether clang accepts -g... yes
checking for clang option to accept ISO C89... none needed
checking whether clang understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of clang... gcc3
checking for pkg-config... /opt/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... clang -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether byte ordering is bigendian... no
checking how to run the C preprocessor... clang -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /opt/local/bin/gsed
checking whether make sets $(MAKE)... (cached) yes
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /opt/local/bin/gsed
checking for fgrep... /usr/bin/grep -F
checking for ld used by clang... /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking for BSD- or MS-compatible name lister (nm)... /opt/local/bin/nm
checking the name lister (/opt/local/bin/nm) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking how to convert x86_64-apple-darwin15.3.0 file names to x86_64-apple-darwin15.3.0 format... func_convert_file_noop
checking how to convert x86_64-apple-darwin15.3.0 file names to toolchain format... func_convert_file_noop
checking for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld option to reload object files... -r
checking for objdump... no
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /opt/local/bin/nm output from clang object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking for dsymutil... dsymutil
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... no
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking for -force_load linker flag... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if clang supports -fno-rtti -fno-exceptions... yes
checking for clang option to produce PIC... -fno-common -DPIC
checking if clang PIC flag -fno-common -DPIC works... yes
checking if clang static flag -static works... no
checking if clang supports -c -o file.o... yes
checking if clang supports -c -o file.o... (cached) yes
checking whether the clang linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... darwin15.3.0 dyld
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for windres... no
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking malloc.h usability... no
checking malloc.h presence... no
checking for malloc.h... no
checking for stdlib.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking for dlfcn.h... (cached) yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking for doxygen... no
checking for library containing dlopen... none required
checking for __register_atfork... no
checking for OPENSSL... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/libp11.pc
config.status: creating src/libp11.rc
config.status: creating src/pkcs11.rc
config.status: creating doc/Makefile
config.status: creating doc/doxygen.conf
config.status: creating examples/Makefile
config.status: creating tests/Makefile
config.status: creating src/config.h
config.status: src/config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands

libp11 has been configured with the following options:

Version:                 0.4.0_git
libp11 directory:        /opt/local/lib
Engine directory:        /opt/local/lib/engines
API doc support:         no
Default PKCS11 module:   /Library/OpenSC/lib/opensc-pkcs11.so

Host:                    x86_64-apple-darwin15.3.0
Compiler:                clang
Preprocessor flags:      -I/opt/local/include
Compiler flags:          -maes -mpclmul -mrdrnd -msse2 -mssse3 -msse4.2 -mtune=native -Os -Ofast
Linker flags:            -L/opt/local/lib
Libraries:

LIBP11_CFLAGS:
LIBP11_LIBS:
OPENSSL_CFLAGS:          -I/opt/local/include
OPENSSL_LIBS:            -L/opt/local/lib -lssl -lcrypto

$ make clean && make all
Making clean in src
test -z "libpkcs11.la" || rm -f libpkcs11.la
rm -f ./so_locations
test -z "libp11.pc" || rm -f libp11.pc
test -z "libp11.la" || rm -f libp11.la
rm -f ./so_locations
rm -rf .libs _libs
rm -f *.o
rm -f *.lo
Making clean in doc
rm -rf .libs _libs
rm -fr api.out
rm -f *.lo
Making clean in examples
rm -rf .libs _libs
 rm -f auth decrypt getrandom listkeys rawrsasign
rm -f *.o
rm -f *.lo
Making clean in tests
 rm -f fork-test
rm -rf .libs _libs
rm -f *.o
test -z "testpkcs11.softhsm.log testfork.softhsm.log testlistkeys.softhsm.log" || rm -f testpkcs11.softhsm.log testfork.softhsm.log testlistkeys.softhsm.log
test -z "testpkcs11.softhsm.trs testfork.softhsm.trs testlistkeys.softhsm.trs" || rm -f testpkcs11.softhsm.trs testfork.softhsm.trs testlistkeys.softhsm.trs
test -z "test-suite.log" || rm -f test-suite.log
rm -f *.lo
rm -rf .libs _libs
rm -f *.lo
Making all in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-am
  CC       libpkcs11_la-eng_front.lo
  CC       libpkcs11_la-eng_back.lo
  CCLD     libpkcs11.la
Undefined symbols for architecture x86_64:
  "_PKCS11_CTX_free", referenced from:
      _pkcs11_finish in libpkcs11_la-eng_back.o
  "_PKCS11_CTX_init_args", referenced from:
      _pkcs11_init in libpkcs11_la-eng_back.o
  "_PKCS11_CTX_load", referenced from:
      _pkcs11_init in libpkcs11_la-eng_back.o
  "_PKCS11_CTX_new", referenced from:
      _pkcs11_init in libpkcs11_la-eng_back.o
  "_PKCS11_CTX_unload", referenced from:
      _pkcs11_finish in libpkcs11_la-eng_back.o
  "_PKCS11_ecdsa_method_free", referenced from:
      _pkcs11_engine_destroy in libpkcs11_la-eng_front.o
  "_PKCS11_enumerate_certs", referenced from:
      _load_cert_ctrl in libpkcs11_la-eng_back.o
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_enumerate_keys", referenced from:
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_enumerate_public_keys", referenced from:
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_enumerate_slots", referenced from:
      _load_cert_ctrl in libpkcs11_la-eng_back.o
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_find_token", referenced from:
      _load_cert_ctrl in libpkcs11_la-eng_back.o
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_get_ecdsa_method", referenced from:
      _bind_engine in libpkcs11_la-eng_front.o
  "_PKCS11_get_private_key", referenced from:
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_get_public_key", referenced from:
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_get_rsa_method", referenced from:
      _bind_engine in libpkcs11_la-eng_front.o
  "_PKCS11_get_slotid_from_slot", referenced from:
      _load_cert_ctrl in libpkcs11_la-eng_back.o
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_login", referenced from:
      _load_cert_ctrl in libpkcs11_la-eng_back.o
      _pkcs11_load_key in libpkcs11_la-eng_back.o
  "_PKCS11_release_all_slots", referenced from:
      _load_cert_ctrl in libpkcs11_la-eng_back.o
      _pkcs11_load_key in libpkcs11_la-eng_back.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [libpkcs11.la] Error 1
make[1]: *** [all] Error 2
make: *** [all-recursive] Error 1

$ examples/listkeys /Library/OpenSC/lib/opensc-pkcs11.so
PKCS11_CTX_new generated errors:
140735231131728:error:0F067064:common libcrypto routines:func(103):reason(100):cryptlib.c:248:
Slot manufacturer......: OpenSC (www.opensc-project.org)
Slot description.......: Yubico Yubikey NEO OTP+U2F+CCID
Slot token label.......: PIV_II (PIV Card Holder pin)
Slot token manufacturer: piv_II
Slot token model.......: PKCS#15 emulated
Slot token serialnr....: 17369f0af7841e2a

Public keys:
 * Public key: PIV AUTH pubkey
 * Public key: SIGN pubkey
 * Public key: KEY MAN pubkey
 * Public key: CARD AUTH pubkey

Private keys:
 * Private key: CARD AUTH key
Success.

$ OPENSSL_CFLAGS="-I/Users/ur20980/src/openssl-1.1/include" OPENSSL_LIBS="-L/Users/ur20980/src/openssl-1.1/lib -lcrypto" ./configure --prefix=/Users/ur20980/src/openssl-1.1 --with-pkcs11-module="/Library/OpenSC/lib/opensc-pkcs11.so" --with-enginesdir=/Users/ur20980/src/openssl-1.1/lib/engines
checking for a BSD-compatible install... /opt/local/bin/ginstall -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /opt/local/bin/gmkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking build system type... x86_64-apple-darwin15.4.0
checking host system type... x86_64-apple-darwin15.4.0
checking for gcc... clang
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether clang accepts -g... yes
checking for clang option to accept ISO C89... none needed
checking whether clang understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of clang... gcc3
checking for pkg-config... /opt/local/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... clang -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking whether byte ordering is bigendian... no
checking how to run the C preprocessor... clang -E
checking whether ln -s works... yes
checking for a sed that does not truncate output... /usr/bin/sed
checking whether make sets $(MAKE)... (cached) yes
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /usr/bin/sed
checking for fgrep... /usr/bin/grep -F
checking for ld used by clang... /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld
checking if the linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) is GNU ld... no
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking how to convert x86_64-apple-darwin15.4.0 file names to x86_64-apple-darwin15.4.0 format... func_convert_file_noop
checking how to convert x86_64-apple-darwin15.4.0 file names to toolchain format... func_convert_file_noop
checking for /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld option to reload object files... -r
checking for objdump... no
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from clang object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking for dsymutil... dsymutil
checking for nmedit... nmedit
checking for lipo... lipo
checking for otool... otool
checking for otool64... no
checking for -single_module linker flag... yes
checking for -exported_symbols_list linker flag... yes
checking for -force_load linker flag... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if clang supports -fno-rtti -fno-exceptions... yes
checking for clang option to produce PIC... -fno-common -DPIC
checking if clang PIC flag -fno-common -DPIC works... yes
checking if clang static flag -static works... no
checking if clang supports -c -o file.o... yes
checking if clang supports -c -o file.o... (cached) yes
checking whether the clang linker (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... darwin15.4.0 dyld
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for windres... no
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking malloc.h usability... no
checking malloc.h presence... no
checking for malloc.h... no
checking for stdlib.h... (cached) yes
checking for inttypes.h... (cached) yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking for dlfcn.h... (cached) yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking for doxygen... /opt/local/bin/doxygen
checking for library containing dlopen... none required
checking for __register_atfork... no
checking for OPENSSL... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/libp11.pc
config.status: creating src/libp11.rc
config.status: creating src/pkcs11.rc
config.status: creating doc/Makefile
config.status: creating doc/doxygen.conf
config.status: creating examples/Makefile
config.status: creating tests/Makefile
config.status: creating src/config.h
config.status: src/config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands

libp11 has been configured with the following options:

Version:                 0.4.1_git
libp11 directory:        /Users/ur20980/src/openssl-1.1/lib
Engine directory:        /Users/ur20980/src/openssl-1.1/lib/engines
Default PKCS11 module:   /Library/OpenSC/lib/opensc-pkcs11.so
API doc support:         no

Host:                    x86_64-apple-darwin15.4.0
Compiler:                clang
Preprocessor flags:      
Compiler flags:          -maes -mpclmul -mrdrnd -msse2 -mssse3 -msse4.1 -msse4.2
Linker flags:            
Libraries:               

OPENSSL_CFLAGS:          -I/Users/ur20980/src/openssl-1.1/include
OPENSSL_LIBS:            -L/Users/ur20980/src/openssl-1.1/lib -lcrypto

$ ~/src/openssl-1.1/bin/openssl version
OpenSSL 1.1.0-pre6-dev  xx XXX xxxx
$ make all && make check && make install
Making all in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-am
  CC       pkcs11_la-eng_front.lo
  CC       pkcs11_la-eng_back.lo
  CC       pkcs11_la-eng_parse.lo
  CC       libp11_la-libpkcs11.lo
  CC       libp11_la-p11_attr.lo
  CC       libp11_la-p11_cert.lo
  CC       libp11_la-p11_err.lo
  CC       libp11_la-p11_key.lo
p11_key.c:241:50: error: incomplete definition of type 'struct rsa_st'
                pkcs11_addattr_bn(attrs + n++, CKA_MODULUS, rsa->n);
                                                            ~~~^
/Users/ur20980/src/openssl-1.1/include/openssl/ossl_typ.h:154:16: note: forward declaration of
      'struct rsa_st'
typedef struct rsa_st RSA;
               ^
p11_key.c:242:58: error: incomplete definition of type 'struct rsa_st'
                pkcs11_addattr_bn(attrs + n++, CKA_PUBLIC_EXPONENT, rsa->e);
                                                                    ~~~^
/Users/ur20980/src/openssl-1.1/include/openssl/ossl_typ.h:154:16: note: forward declaration of
      'struct rsa_st'
typedef struct rsa_st RSA;
               ^
p11_key.c:244:60: error: incomplete definition of type 'struct rsa_st'
                        pkcs11_addattr_bn(attrs + n++, CKA_PRIVATE_EXPONENT, rsa->d);
                                                                             ~~~^
/Users/ur20980/src/openssl-1.1/include/openssl/ossl_typ.h:154:16: note: forward declaration of
      'struct rsa_st'
typedef struct rsa_st RSA;
               ^
p11_key.c:245:51: error: incomplete definition of type 'struct rsa_st'
                        pkcs11_addattr_bn(attrs + n++, CKA_PRIME_1, rsa->p);
                                                                    ~~~^
/Users/ur20980/src/openssl-1.1/include/openssl/ossl_typ.h:154:16: note: forward declaration of
      'struct rsa_st'
typedef struct rsa_st RSA;
               ^
p11_key.c:246:51: error: incomplete definition of type 'struct rsa_st'
                        pkcs11_addattr_bn(attrs + n++, CKA_PRIME_2, rsa->q);
                                                                    ~~~^
/Users/ur20980/src/openssl-1.1/include/openssl/ossl_typ.h:154:16: note: forward declaration of
      'struct rsa_st'
typedef struct rsa_st RSA;
               ^
5 errors generated.
make[2]: *** [libp11_la-p11_key.lo] Error 1
make[1]: *** [all] Error 2
make: *** [all-recursive] Error 1
$ 

OpenSSL> engine -t dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libpkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:/usr/local/lib/libp11.so
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libpkcs11.so
[Success]: ID:pkcs11
[Success]: LIST_ADD:1
[Failure]: LOAD
140621404858016:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:185:filename(/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libpkcs11.so): libp11.so.2: cannot open shared object file: No such file or directory
140621404858016:error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:244:
140621404858016:error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:450:
[Failure]: MODULE_PATH:/usr/local/lib/libp11.so
140621404858016:error:260AC089:engine routines:INT_CTRL_HELPER:invalid cmd name:eng_ctrl.c:134:
140621404858016:error:260AB089:engine routines:ENGINE_ctrl_cmd_string:invalid cmd name:eng_ctrl.c:316:
     [ unavailable ]

cd .libs && ln -s -f pkcs11.so libpkcs11.so
/bin/bash: line 0: cd: .libs: No such file or directory
make[2]: *** [all-local] Error 1
make[2]: *** Waiting for unfinished jobs....