3 Engine Load

This chapter describes the support for loading encryption engines in the crypto application.

3.1  Background

OpenSSL exposes an Engine API, which makes it possible to plug in alternative implementations for some or all of the cryptographic operations implemented by OpenSSL. When configured appropriately, OpenSSL calls the engine's implementation of these operations instead of its own.

Typically, OpenSSL engines provide a hardware implementation of specific cryptographic operations. The hardware implementation usually offers improved performance over its software-based counterpart, which is known as cryptographic acceleration.

Note

The file name requirement on the engine dynamic library can differ between SSL versions.

3.2  Use Cases

Dynamically load an engine from default directory

If the engine is located in the OpenSSL/LibreSSL installation engines directory.

1> {ok, Engine} = crypto:engine_load(<<"otp_test_engine">>, [], []).
 {ok, #Ref}

Load an engine with the dynamic engine

Load an engine with the help of the dynamic engine by giving the path to the library.

 2> {ok, Engine} = crypto:engine_load(<<"dynamic">>,
                                      [{<<"SO_PATH">>,
                                        <<"/some/path/otp_test_engine.so">>},
                                       {<<"ID">>, <<"MD5">>},
                                       <<"LOAD">>],
                                      []).
 {ok, #Ref}

Load an engine and replace some methods

Load an engine with the help of the dynamic engine and just replace some engine methods.

 3> Methods = crypto:engine_get_all_methods() -- [engine_method_dh,engine_method_rand,
engine_method_ciphers,engine_method_digests, engine_method_store,
engine_method_pkey_meths, engine_method_pkey_asn1_meths].
[engine_method_rsa,engine_method_dsa,
 engine_method_ecdh,engine_method_ecdsa]
 4> {ok, Engine} = crypto:engine_load(<<"dynamic">>,
                                      [{<<"SO_PATH">>,
                                        <<"/some/path/otp_test_engine.so">>},
                                       {<<"ID">>, <<"MD5">>},
                                       <<"LOAD">>],
                                      [],
		                      Methods).
 {ok, #Ref}

Load with the ensure loaded function

This function makes sure the engine is loaded just once and the ID is added to the internal engine list of OpenSSL. The following calls to the function will check if the ID is loaded and then just get a new reference to the engine.

 5> {ok, Engine} = crypto:ensure_engine_loaded(<<"MD5">>,
                                               <<"/some/path/otp_test_engine.so">>).
 {ok, #Ref}

To unload it use crypto:ensure_engine_unloaded/1 which removes the ID from the internal list before unloading the engine.

 6> crypto:ensure_engine_unloaded(<<"MD5">>).
 ok

List all engines currently loaded

 5> crypto:engine_list().
[<<"dynamic">>, <<"MD5">>]