o New 'rsautl' application, low level RSA utility.
o MD4 now included.
o Bugfix for SSL rollback padding check.
+ o Support for external crypto device[1].
+
+ [1] The support for external crypto devices is currently a separate
+ distribution. See the file README.ENGINE.
Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
--- /dev/null
+
+ ENGINE
+ ======
+
+ With OpenSSL 0.9.6, a new component has been added to support external
+ crypto devices, for example accelerator cards. The component is called
+ ENGINE, and has still a pretty experimental status and almost no
+ documentation. It's designed to be faily easily extensible by the
+ calling programs.
+
+ There's currently built-in support for the following crypto devices:
+
+ o CryptoSwift
+ o Compaq Atalla
+ o nCipher CHIL
+
+ A number of things are still needed and are being worked on:
+
+ o An openssl utility command to handle or at least check available
+ engines.
+ o A better way of handling the methods that are handled by the
+ engines.
+ o Documentation!
+
+ What already exists is fairly stable as far as it has been tested, but
+ the test base has been a bit small most of the time.
+
+ Because of this experimental status and what's lacking, the ENGINE
+ component is not yet part of the default OpenSSL distribution. However,
+ we have made a separate kit for those who want to try this out, to be
+ found in the same places as the default OpenSSL distribution, but with
+ "-engine-" being part of the kit file name. For example, version 0.9.6
+ is distributed in the following two files:
+
+ openssl-0.9.6.tar.gz
+ openssl-engine-0.9.6.tar.gz
+
+ NOTES
+ =====
+
+ openssl-engine-0.9.6.tar.gz does not depend on openssl-0.9.6.tar, you do
+ not need to download both.
+
+ openssl-engine-0.9.6.tar.gz is usable even if you don't have an external
+ crypto device. The internal OpenSSL functions are contained in the
+ engine "openssl", and will be used by default.
+
+ No external crypto device is chosen unless you say so. You have actively
+ tell the openssl utility commands to use it through a new command line
+ switch called "-engine". And if you want to use the ENGINE library to
+ do something similar, you must also explicitely choose an external crypto
+ device, or the built-in crypto routines will be used, just as in the
+ default OpenSSL distribution.
+