From d507436a26d6cf525f3a9ad2aefd6c5aa673de06 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Tue, 2 Feb 2021 17:55:50 +0100 Subject: [PATCH] Add deprecation note to the README-ENGINES file Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14042) --- README-ENGINES.md | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/README-ENGINES.md b/README-ENGINES.md index 9783a211a5..80c1c55cf4 100644 --- a/README-ENGINES.md +++ b/README-ENGINES.md @@ -1,14 +1,23 @@ -ENGINES +Engines ======= -With OpenSSL 0.9.6, a new component was added to support alternative -cryptography implementations, most commonly for interfacing with external -crypto devices (eg. accelerator cards). This component is called ENGINE, -and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases) -caused a little confusion as 0.9.6** releases were rolled in two -versions, a "standard" and an "engine" version. In development for 0.9.7, -the ENGINE code has been merged into the main branch and will be present -in the standard releases from 0.9.7 forwards. +Deprecation Note +---------------- + +The ENGINE API was introduced in OpenSSL version 0.9.6 as a low level +interface for adding alternative implementations of cryptographic +primitives, most notably for integrating hardware crypto devices. + +The ENGINE interface has its limitations and it has been superseeded +by the [PROVIDER API](README-Provider.md), it is deprecated in OpenSSL +version 3.0. The following documentation is retained as an aid for +users who need to maintain or support existing ENGINE implementations. +Support for new hardware devices or new algorithms should be added +via providers, and existing engines should be converted to providers +as soon as possible. + +Built-in ENGINE implementations +------------------------------- There are currently built-in ENGINE implementations for the following crypto devices: