The engine is the hardware or software implementation used for performing cryptographic operations. The default engine ID is openssl and uses the built-in functions of OpenSSL.
Assume we have a hardware device with a super fast implementation of AES. Now when we use AES encryption we can set the engine to that hardware device (instead of NULL), which means that the operations are now computed by the hardware device instead of the default OpenSSL software layer.
This is explained in Section 4.6 of the Network Security with OpenSSL book.
OpenSSL has built-in support for cryptographic acceleration. Using the
ENGINE object type, an application can get a reference to a
changeable, underlying representation, most often a hardware device.
(...)
The general idea is simple: we retrieve an object representing the
type of hardware we wish to utilize, then we tell OpenSSL to use the
device we chose.
Example 4-17 shows a small code example of how we would perform this operation.
ENGINE *e;
if (!(e = ENGINE_by_id("cswift")))
fprintf(stderr, "Error finding specified ENGINE\n");
else if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
fprintf(stderr, "Error using ENGINE\n");
else
fprintf(stderr, "Engine successfully enabled\n");
The function call ENGINE_by_id will look up an implementation from
the built-in methods available and return an ENGINE object. The
single argument to this function should be the string identifier of
the underlying implementation we wish to use. (...)
The ENGINE object that we receive from the lookup should be used in
the call to ENGINE_set_default to allow cryptographic functions to
utilize the capabilities of the specific ENGINE. The second
parameter allows us to specify constraints on what we allow the engine
to implement. (...)
NOTE: cswift is "used for CryptoSwift" acceleration hardware."
