README.ENGINE revision 68651 
168651Skris
268651Skris  ENGINE
368651Skris  ======
468651Skris
568651Skris  With OpenSSL 0.9.6, a new component has been added to support external 
668651Skris  crypto devices, for example accelerator cards.  The component is called
768651Skris  ENGINE, and has still a pretty experimental status and almost no
868651Skris  documentation.  It's designed to be faily easily extensible by the
968651Skris  calling programs.
1068651Skris
1168651Skris  There's currently built-in support for the following crypto devices:
1268651Skris
1368651Skris      o CryptoSwift
1468651Skris      o Compaq Atalla
1568651Skris      o nCipher CHIL
1668651Skris
1768651Skris  A number of things are still needed and are being worked on:
1868651Skris
1968651Skris      o An openssl utility command to handle or at least check available
2068651Skris        engines.
2168651Skris      o A better way of handling the methods that are handled by the
2268651Skris        engines.
2368651Skris      o Documentation!
2468651Skris
2568651Skris  What already exists is fairly stable as far as it has been tested, but
2668651Skris  the test base has been a bit small most of the time.
2768651Skris
2868651Skris  Because of this experimental status and what's lacking, the ENGINE
2968651Skris  component is not yet part of the default OpenSSL distribution.  However,
3068651Skris  we have made a separate kit for those who want to try this out, to be
3168651Skris  found in the same places as the default OpenSSL distribution, but with
3268651Skris  "-engine-" being part of the kit file name.  For example, version 0.9.6
3368651Skris  is distributed in the following two files:
3468651Skris
3568651Skris      openssl-0.9.6.tar.gz
3668651Skris      openssl-engine-0.9.6.tar.gz
3768651Skris
3868651Skris  NOTES
3968651Skris  =====
4068651Skris
4168651Skris  openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
4268651Skris  not need to download both.
4368651Skris
4468651Skris  openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
4568651Skris  crypto device.  The internal OpenSSL functions are contained in the
4668651Skris  engine "openssl", and will be used by default.
4768651Skris
4868651Skris  No external crypto device is chosen unless you say so.  You have actively
4968651Skris  tell the openssl utility commands to use it through a new command line
5068651Skris  switch called "-engine".  And if you want to use the ENGINE library to
5168651Skris  do something similar, you must also explicitely choose an external crypto
5268651Skris  device, or the built-in crypto routines will be used, just as in the
5368651Skris  default OpenSSL distribution.
5468651Skris
5568651Skris
5668651Skris  PROBLEMS
5768651Skris  ========
5868651Skris
5968651Skris  It seems like the ENGINE part doesn't work too well with Cryptoswift on
6068651Skris  Win32.  A quick test done right before the release showed that trying
6168651Skris  "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
6268651Skris  an attempt is made to write at memory address 0x00000002.
6368651Skris
64