Hello,
I'm currently trying to configure some pre-existing code using EVP signing
to offload work to the PKCS #11 engine on an OpenSPARC T2. Since I'm new to
this, I tried initializing the PKCS11 engine two different ways which can be
triggered by command line argument. By default, the program will run without
the PKCS11 engine initialized. Here are the two ways I attempt to initialize
the PKCS11 engine.
if (usePKCS == 1){
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
ENGINE_set_default_RSA(ENGINE_by_id("pkcs11"));
}
else if (usePKCS2 == 1){
ENGINE_load_builtin_engines();
ENGINE *e = ENGINE_by_id("pkcs11");
ENGINE_init(e);
ENGINE_set_default_RSA(e);
}
Below is the section of code in which the actual signing takes place.
/*initialize*/
EVP_MD_CTX_init( &ctx );
EVP_SignInit_ex( &ctx, EVP_sha1(), NULL );
/*update*/
EVP_SignUpdate( &ctx, signedData, dataLength);
/*Finalize*/
signatureLength = EVP_PKEY_size( pkey );
signatureData = (unsigned char *) calloc( signatureLength,
sizeof( unsigned char ) );
EVP_SignFinal( &ctx, signatureData, &signatureLength, pkey);
EVP_MD_CTX_cleanup( &ctx );
However, I'm seeing no significant change in processing time regardless of
whether or not I execute the program with or without the PKCS11 engines
initialized as I have above. Is it possible that I'm missing a step? Or did
I misunderstand the function of the PKCS11 engine and incorrectly assume
that I should see significant improvement in my processing time?
-Chris
