When using OpenSSL via the command-line, I am able to change the default engine by setting my openssl.cnf (see Sample code below). I now want to change the default engine while using the EVP API, ideally by changing a config file.
The larger context is that I am using a Go wrapper around EVP, which supports neither setting the engine globally nor setting the engine for signing/verifying (the only operations I care about). I am investigating options (e.g. using cgo to set the engine globally or forking the library) involving code changes, but it would be ideal if I could avoid them.
EVP does not seem to read the config file and I can't find/understand documentation online on whether this is possible or not. Is the configuration file automatically loaded (and I'm just doing it wrong?) or do I need to do something like call OPENSSL_INIT_LOAD_CONFIG?
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/local/Cellar/engine_pkcs11/0.1.8/lib/engines/engine_pkcs11.so
MODULE_PATH = /usr/local/Cellar/opensc/0.19.0/lib/pkcs11/opensc-pkcs11.so
PIN = "123456"
init = 0
$ openssl engine
(rdrand) Intel RDRAND engine
(dynamic) Dynamic engine loading support
(pkcs11) pkcs11 engine
Assuming you are using OpenSSL 1.1.0 or later then try inserting the following at the beginning of your program (before you do any other OpenSSL call):
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);