A pkcs11-spy shows the public key is read from card by OpenSC (which is using same version of OpenSSL as provider)
(gdb) run
Starting program: /opt/ossl-dev/bin/openssl pkey -in pkcs11:type=public\;id=%01\;pin-value=123456 -pubin -pubout -out /tmp/xxx.pub
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
../openssl/crypto/evp/evp_fetch.c:112: OpenSSL internal error: Assertion failed: name_id > 0 && name_id <= METHOD_ID_NAME_MAX
Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737352845120) at ./nptl/pthread_kill.c:44
44 ./nptl/pthread_kill.c: No such file or directory.
(gdb) where
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737352845120) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140737352845120) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=140737352845120, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00007ffff7442476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff74287f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x00007ffff7a73533 in OPENSSL_die (message=0x7ffff7cc5608 "Assertion failed: name_id > 0 && name_id <= METHOD_ID_NAME_MAX",
file=0x7ffff7cc55e0 "../openssl/crypto/evp/evp_fetch.c", line=112) at ../openssl/crypto/cryptlib.c:260
#6 0x00007ffff7a3dca9 in ossl_assert_int (expr=0, exprstr=0x7ffff7cc5608 "Assertion failed: name_id > 0 && name_id <= METHOD_ID_NAME_MAX",
file=0x7ffff7cc55e0 "../openssl/crypto/evp/evp_fetch.c", line=112) at ../openssl/include/internal/common.h:28
#7 0x00007ffff7a3de30 in evp_method_id (name_id=0, operation_id=10) at ../openssl/crypto/evp/evp_fetch.c:112
#8 0x00007ffff7a3e5a6 in inner_evp_generic_fetch (methdata=0x7fffffffd430, prov=0x555555690470, operation_id=10,
name=0x7ffff7ebadd8 "RSA:rsaEncryption:1.2.840.113549.1.1.1", properties=0x0, new_method=0x7ffff7a4b518 <keymgmt_from_algorithm>,
up_ref_method=0x7ffff7a4bc30 <EVP_KEYMGMT_up_ref>, free_method=0x7ffff7a4bc90 <EVP_KEYMGMT_free>) at ../openssl/crypto/evp/evp_fetch.c:323
#9 0x00007ffff7a3e7a6 in evp_generic_fetch (libctx=0x0, operation_id=10, name=0x7ffff7ebadd8 "RSA:rsaEncryption:1.2.840.113549.1.1.1", properties=0x0,
new_method=0x7ffff7a4b518 <keymgmt_from_algorithm>, up_ref_method=0x7ffff7a4bc30 <EVP_KEYMGMT_up_ref>, free_method=0x7ffff7a4bc90 <EVP_KEYMGMT_free>)
at ../openssl/crypto/evp/evp_fetch.c:364
#10 0x00007ffff7a4bc2a in EVP_KEYMGMT_fetch (ctx=0x0, algorithm=0x7ffff7ebadd8 "RSA:rsaEncryption:1.2.840.113549.1.1.1", properties=0x0)
at ../openssl/crypto/evp/keymgmt_meth.c:221
#11 0x00007ffff7bc57ca in try_key_ref (data=0x7fffffffd620, ctx=0x555555693a20, provider=0x555555690a20, libctx=0x0, propq=0x0)
at ../openssl/crypto/store/store_result.c:200
#12 0x00007ffff7bc5e9d in try_key (data=0x7fffffffd620, v=0x7fffffffd7f0, ctx=0x555555693a20, provider=0x555555690a20, libctx=0x0, propq=0x0)
at ../openssl/crypto/store/store_result.c:398
#13 0x00007ffff7bc54ed in ossl_store_handle_load_result (params=0x7fffffffd710, arg=0x7fffffffd7f0) at ../openssl/crypto/store/store_result.c:134
--Type <RET> for more, q to quit, c to continue without paging--
#14 0x00007ffff7eb2073 in p11prov_store_load (pctx=0x5555556a0540, object_cb=0x7ffff7bc5207 <ossl_store_handle_load_result>, object_cbarg=0x7fffffffd7f0,
pw_cb=0x7ffff7a832a1 <ossl_pw_passphrase_callback_dec>, pw_cbarg=0x555555693a68) at ../../src/src/store.c:493
#15 0x00007ffff7bc1fcd in OSSL_STORE_load (ctx=0x555555693a20) at ../openssl/crypto/store/store_lib.c:432
#16 0x000055555561085e in load_key_certs_crls (uri=0x7fffffffe1dd "pkcs11:type=public;id=%01;pin-value=123456", format=0, maybe_stdin=1, pass=0x0,
desc=0x5555556389c2 "Public Key", ppkey=0x0, ppubkey=0x7fffffffda08, pparams=0x0, pcert=0x0, pcerts=0x0, pcrl=0x0, pcrls=0x0)
at ../openssl/apps/lib/apps.c:987
#17 0x000055555560f615 in load_pubkey (uri=0x7fffffffe1dd "pkcs11:type=public;id=%01;pin-value=123456", format=0, maybe_stdin=1, pass=0x0, e=0x0,
desc=0x5555556389c2 "Public Key") at ../openssl/apps/lib/apps.c:606
#18 0x00005555555d5d90 in pkey_main (argc=7, argv=0x7fffffffde00) at ../openssl/apps/pkey.c:216
#19 0x00005555555cd53c in do_cmd (prog=0x555555692460, argc=7, argv=0x7fffffffde00) at ../openssl/apps/openssl.c:418
#20 0x00005555555cd0c6 in main (argc=7, argv=0x7fffffffde00) at ../openssl/apps/openssl.c:298
#!/bin/sh
#set -xv
OSSL=/opt/ossl-dev
# debug pkcs11-provider
export PKCS11_PROVIDER_DEBUG="file:/tmp/pp-debug"
export OPENSSL_CONF=$OSSL/ssl/openssl-pp.cnf
# Incase we are using pkcs11-spy.so in openssl-pp.cnf:
export PKCS11SPY=$OSSL/lib/opensc-pkcs11.so
export PKCS11SPY_OUTPUT=/tmp/pkcs11-spy.log
# may be in opensc.conf
#export OPENSC_DEBUG=3
gdb --args $OSSL/bin/openssl pkey \
-in "pkcs11:type=public;id=%01;pin-value=123456" \
-pubin -pubout -out /tmp/xxx.pub
+++ openssl-pp.cnf 2022-11-06 06:53:00.983719361 -0600
@@ -13,7 +13,7 @@
# defined.
HOME = .
-# Use this in order to automatically load providers.
+ # Use this in order to automatically load providers.
openssl_conf = openssl_init
# Comment out the next line to ignore configuration errors
@@ -60,6 +60,20 @@
# included fipsmodule.cnf.
# fips = fips_sect
+base = base_sect
+pkcs11 = pkcs11_sect
+
+[base_sect]
+activate = 1
+
+[pkcs11_sect]
+module = /opt/ossl-dev/lib/pkcs11_provider.so
+#pkcs11-module-path = /opt/ossl-dev/lib/opensc-pkcs11.so
+pkcs11-module-path = /opt/ossl-dev/lib/pkcs11-spy.so
+pkcs11-module-allow-export = 1
+activate = 1
+
+
# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
@@ -69,7 +83,7 @@
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
-# activate = 1
+ activate = 1