Hello, I tried to find out how about to use the hardware crypto engines under Solaris (Sun Fire T2000). It seems, that its not just a compilation issue:
For operations that are to be offloaded, it is necessary to restrict use to subset of OpenSSL functions (the EVP_ functions) and explicitly indicate the use of the PKCS11 engine; something like the following works for bulk ciphers (the process for RSA is similar):
ENGINE *e; ENGINE_load_builtin_engines(); e = ENGINE_by_id("pkcs11"); ENGINE_set_default_ciphers(e); EVP_CIPHER_CTX_init (&ctx); EVP_EncryptInit (&ctx, EVP_des_cbc (), key, iv); EVP_EncryptUpdate (.....);
Since I'm not familiar with SSL programming, I wonder if it's possible to modify the dovecot 1.2.x source code. Maybe someone has already tried this or can give me hint.
Regards. Martin