README.ENGINE - third_party/openssl - Git at Google


   ENGINE
   ======

   With OpenSSL 0.9.6, a new component has been added to support external
   crypto devices, for example accelerator cards.  The component is called
   ENGINE, and has still a pretty experimental status and almost no
   documentation.  It's designed to be faily easily extensible by the
   calling programs.

   There's currently built-in support for the following crypto devices:

       o CryptoSwift
       o Compaq Atalla
       o nCipher CHIL

   A number of things are still needed and are being worked on:

       o An openssl utility command to handle or at least check available
         engines.
       o A better way of handling the methods that are handled by the
         engines.
       o Documentation!

   What already exists is fairly stable as far as it has been tested, but
   the test base has been a bit small most of the time.

   Because of this experimental status and what's lacking, the ENGINE
   component is not yet part of the default OpenSSL distribution.  However,
   we have made a separate kit for those who want to try this out, to be
   found in the same places as the default OpenSSL distribution, but with
   "-engine-" being part of the kit file name.  For example, version 0.9.6
   is distributed in the following two files:

       openssl-0.9.6.tar.gz
       openssl-engine-0.9.6.tar.gz

   NOTES
   =====

   openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
   not need to download both.

   openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
   crypto device.  The internal OpenSSL functions are contained in the
   engine "openssl", and will be used by default.

   No external crypto device is chosen unless you say so.  You have actively
   tell the openssl utility commands to use it through a new command line
   switch called "-engine".  And if you want to use the ENGINE library to
   do something similar, you must also explicitely choose an external crypto
   device, or the built-in crypto routines will be used, just as in the
   default OpenSSL distribution.


   PROBLEMS
   ========

   It seems like the ENGINE part doesn't work too well with Cryptoswift on
   Win32.  A quick test done right before the release showed that trying
   "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
   an attempt is made to write at memory address 0x00000002.

	ENGINE
	======

	With OpenSSL 0.9.6, a new component has been added to support external
	crypto devices, for example accelerator cards. The component is called
	ENGINE, and has still a pretty experimental status and almost no
	documentation. It's designed to be faily easily extensible by the
	calling programs.

	There's currently built-in support for the following crypto devices:

	o CryptoSwift
	o Compaq Atalla
	o nCipher CHIL

	A number of things are still needed and are being worked on:

	o An openssl utility command to handle or at least check available
	engines.
	o A better way of handling the methods that are handled by the
	engines.
	o Documentation!

	What already exists is fairly stable as far as it has been tested, but
	the test base has been a bit small most of the time.

	Because of this experimental status and what's lacking, the ENGINE
	component is not yet part of the default OpenSSL distribution. However,
	we have made a separate kit for those who want to try this out, to be
	found in the same places as the default OpenSSL distribution, but with
	"-engine-" being part of the kit file name. For example, version 0.9.6
	is distributed in the following two files:

	openssl-0.9.6.tar.gz
	openssl-engine-0.9.6.tar.gz

	NOTES
	=====

	openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
	not need to download both.

	openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
	crypto device. The internal OpenSSL functions are contained in the
	engine "openssl", and will be used by default.

	No external crypto device is chosen unless you say so. You have actively
	tell the openssl utility commands to use it through a new command line
	switch called "-engine". And if you want to use the ENGINE library to
	do something similar, you must also explicitely choose an external crypto
	device, or the built-in crypto routines will be used, just as in the
	default OpenSSL distribution.


	PROBLEMS
	========

	It seems like the ENGINE part doesn't work too well with Cryptoswift on
	Win32. A quick test done right before the release showed that trying
	"openssl speed -engine cswift" generated errors. If the DSO gets enabled,
	an attempt is made to write at memory address 0x00000002.