Hello, I'm currently trying to configure some pre-existing code using EVP signing to offload work to the PKCS #11 engine on an OpenSPARC T2. Since I'm new to this, I tried initializing the PKCS11 engine two different ways which can be triggered by command line argument. By default, the program will run without the PKCS11 engine initialized. Here are the two ways I attempt to initialize the PKCS11 engine.
if (usePKCS == 1){ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); ENGINE_set_default_RSA(ENGINE_by_id("pkcs11")); } else if (usePKCS2 == 1){ ENGINE_load_builtin_engines(); ENGINE *e = ENGINE_by_id("pkcs11"); ENGINE_init(e); ENGINE_set_default_RSA(e); } Below is the section of code in which the actual signing takes place. /*initialize*/ EVP_MD_CTX_init( &ctx ); EVP_SignInit_ex( &ctx, EVP_sha1(), NULL ); /*update*/ EVP_SignUpdate( &ctx, signedData, dataLength); /*Finalize*/ signatureLength = EVP_PKEY_size( pkey ); signatureData = (unsigned char *) calloc( signatureLength, sizeof( unsigned char ) ); EVP_SignFinal( &ctx, signatureData, &signatureLength, pkey); EVP_MD_CTX_cleanup( &ctx ); However, I'm seeing no significant change in processing time regardless of whether or not I execute the program with or without the PKCS11 engines initialized as I have above. Is it possible that I'm missing a step? Or did I misunderstand the function of the PKCS11 engine and incorrectly assume that I should see significant improvement in my processing time? -Chris