Hello, I'm currently trying to configure some pre-existing code using EVP signing to offload work to the PKCS #11 engine on an OpenSPARC. Since I'm new to this, I tried initializing the PKCS11 engine two different ways which can be triggered by command line argument. By default, the program will run without the PKCS11 engine initialized. Here are the two ways I attempt to initialize the PKCS11 engine.
if (usePKCS == 1){ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); ENGINE_set_default_RSA(ENGINE_by_id("pkcs11")); } else if (usePKCS2 == 1){ ENGINE_load_builtin_engines(); ENGINE *e = ENGINE_by_id("pkcs11"); ENGINE_init(e); ENGINE_set_default_RSA(e); } Below is the section of code in which the actual signing takes place. /*initialize*/ EVP_MD_CTX_init( &ctx ); EVP_SignInit_ex( &ctx, EVP_sha1(), NULL ); /*update*/ EVP_SignUpdate( &ctx, signedData, dataLength); /*Finalize*/ signatureLength = EVP_PKEY_size( pkey ); signatureData = (unsigned char *) calloc( signatureLength, sizeof( unsigned char ) ); EVP_SignFinal( &ctx, signatureData, &signatureLength, pkey); EVP_MD_CTX_cleanup( &ctx ); However, I'm seeing no significant change in processing time regardless of whether or not I execute the program with or without the PKCS11 engines initialized as I have above. Is it possible that I'm missing a step? Or did I misunderstand the function of the PKCS11 engine and incorrectly assume that I should see significant improvement in my processing time? -Chris -- View this message in context: http://www.nabble.com/Configuring-Signing-through-the-PKCS-11-tp18506992p18506992.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]