README.ENGINE revision 68651
1226031Sstas 2 ENGINE 3 ====== 4 5 With OpenSSL 0.9.6, a new component has been added to support external 6 crypto devices, for example accelerator cards. The component is called 7 ENGINE, and has still a pretty experimental status and almost no 8 documentation. It's designed to be faily easily extensible by the 9 calling programs. 10 11 There's currently built-in support for the following crypto devices: 12 13 o CryptoSwift 14 o Compaq Atalla 15 o nCipher CHIL 16 17 A number of things are still needed and are being worked on: 18 19 o An openssl utility command to handle or at least check available 20 engines. 21 o A better way of handling the methods that are handled by the 22 engines. 23 o Documentation! 24 25 What already exists is fairly stable as far as it has been tested, but 26 the test base has been a bit small most of the time. 27 28 Because of this experimental status and what's lacking, the ENGINE 29 component is not yet part of the default OpenSSL distribution. However, 30 we have made a separate kit for those who want to try this out, to be 31 found in the same places as the default OpenSSL distribution, but with 32 "-engine-" being part of the kit file name. For example, version 0.9.6 33 is distributed in the following two files: 34 35 openssl-0.9.6.tar.gz 36 openssl-engine-0.9.6.tar.gz 37 38 NOTES 39 ===== 40 41 openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do 42 not need to download both. 43 44 openssl-engine-0.9.6.tar.gz is usable even if you don't have an external 45 crypto device. The internal OpenSSL functions are contained in the 46 engine "openssl", and will be used by default. 47 48 No external crypto device is chosen unless you say so. You have actively 49 tell the openssl utility commands to use it through a new command line 50 switch called "-engine". And if you want to use the ENGINE library to 51 do something similar, you must also explicitely choose an external crypto 52 device, or the built-in crypto routines will be used, just as in the 53 default OpenSSL distribution. 54 55 56 PROBLEMS 57 ======== 58 59 It seems like the ENGINE part doesn't work too well with Cryptoswift on 60 Win32. A quick test done right before the release showed that trying 61 "openssl speed -engine cswift" generated errors. If the DSO gets enabled, 62 an attempt is made to write at memory address 0x00000002. 63 64