My apologies if this is a simple question. I'm fairly new to writing C and
even newer at working with OpenSSL.

I'm trying to take metrics for comparing OpenSSL on an OpenSPARC machine
with and without use of the PKCS11 engine. The code below is an attempt to
time how long it takes to open and process a p12 file a given amount of
times.

When I don't use the PKCS11 engine, the processing is faster by a factor of
10. However, when I do initialize it, not only is it slower, but I also get
an error parsing the file after about 2 or 3 iterations in the loop.

Obviously, I'm doing something wrong. Any suggestions would be greatly
appreciated. Thanks!

=======


void Usage( char *programName )
{
printf( "\t%s -p12 \n", programName );
printf( "\t\t-p12 = the file, in P12 format\n" );
printf( "\t%s -pkcs\n", programName );
printf( "\t\t-pkcs = enables pkcs11 chip\n" );
}

int main( int argc, char **argv )
{
if ( argc >= 3 )
{
/* Configure the Open SSL Library */
SSLeay_add_all_algorithms( );
ERR_load_crypto_strings( );

PKCS12 *p12 = (PKCS12 *)NULL;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;

/*Credential file*/
FILE *fp = (FILE *)NULL;
char *p12File;

int foundFilename = 0;
int usePKCS = 0;

int i = 1; /* Skip program name */
/* Loop through all the command line arguments */
while ( i < argc )
{
if ( strcmp( argv[i], "-p12") == 0 )
{
i++;
if (i < argc){
p12File = argv[i];
foundFilename = 1;
}
}
else if ( strcmp( argv[i], "-pkcs") == 0 )
{
usePKCS = 1;
}
else
{
printf( "\nUnknown argument: %s\n\n", argv[i] );
Usage( argv[0] );
}
i++;
}

/*Check if the file was given*/
if (foundFilename == 0){
printf( "\nNo File Given: \n\n");
Usage( argv[0] );
}
else {
/*check if the file exists*/
if ( !( fp = fopen( p12File, "rb" ) ) ){
printf("Error opening file\n");
}
else{
p12 = d2i_PKCS12_fp( fp, NULL );
fclose( fp );
if ( !p12 ){
printf("Error reading file\n");
}
else
{
clock_t start, end;
double elapsed;
start = clock();

/*Initialize PKCS11 engine if necessary*/
if(usePKCS == 1){

ENGINE_load_builtin_engines();

ENGINE_register_all_complete();
ENGINE_set_default_ciphers(ENGINE_by_id("pkcs11"));

printf( "\nPKCS11 Engine Loaded!! \n\n");

}//end PCKS initalization

int count = 100;
while(count > 0){
/* Parse the PKCS #12 file with password */
ca = NULL;
if (!PKCS12_parse(p12, "password", &pkey, &cert, &ca))
{
printf("Error parsing file\n");
return -3;
}
/* Find PKey */
if ( (EVP_PKEY *)NULL == pkey ){
//printf("No private key!\n");
}
else{
//printf("Private key found!\n");
}

/* Find Cert */
if ( (X509 *)NULL == cert ){
//printf("No X509!\n");
}
else{
//printf("X509 found!\n");
}

/* Find CA */
if ( (STACK_OF(X509) *)NULL == ca ){
//printf("No CA!\n");
}
else{
//printf("CA found!\n");
}
count--;
}//end while


end = clock();
elapsed = ((double) (end - start)) / CLOCKS_PER_SEC;
printf ("%e\n", elapsed);
}
}//end if file exists
}//end if file given
}
else
{
printf( "Usage: Too few arguments - %d!!\n", argc );
Usage( argv[0] );
}

return 0;
}
--
View this message in context: http://www.nabble.com/Error-Using-PK...p18360348.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org