Update the relevant parts of the docs with the ENGINE changes. I've also

unbolded a few bits that looked unecessary.

doc/apps/s_client.pod

@@ -32,6 +32,7 @@ B<openssl> B<s_client>
 [B<-no_tls1>]
 [B<-bugs>]
 [B<-cipher cipherlist>]
+[B<-engine id>]
 
 =head1 DESCRIPTION
 
@@ -156,6 +157,13 @@ the server determines which cipher suite is used it should take the first
 supported cipher in the list sent by the client. See the B<ciphers>
 command for more information.
 
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_client>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
 =back
 
 =head1 CONNECTED COMMANDS

doc/apps/s_server.pod

@@ -39,6 +39,7 @@ B<openssl> B<s_client>
 [B<-hack>]
 [B<-www>]
 [B<-WWW>]
+[B<-engine id>]
 
 =head1 DESCRIPTION
 
@@ -186,6 +187,13 @@ emulates a simple web server. Pages will be resolved relative to the
 current directory, for example if the URL https://myhost/page.html is
 requested the file ./page.html will be loaded.
 
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_server>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
 =back
 
 =head1 CONNECTED COMMANDS

doc/apps/speed.pod

@@ -7,6 +7,7 @@ speed - test library performance
 =head1 SYNOPSIS
 
 B<openssl speed>
+[B<-engine id>]
 [B<md2>]
 [B<mdc2>]
 [B<md5>]
@@ -39,6 +40,17 @@ This command is used to test the performance of cryptographic algorithms.
 
 =head1 OPTIONS
 
+=over 4
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<speed>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<[zero or more test algorithms]>
+
 If any options are given, B<speed> tests those algorithms, otherwise all of
 the above are tested.
 

doc/crypto/DH_set_method.pod

@@ -2,20 +2,21 @@
 
 =head1 NAME
 
-DH_set_default_method, DH_get_default_method, DH_set_method,
+DH_set_default_openssl_method, DH_get_default_openssl_method,
-DH_new_method, DH_OpenSSL - select DH method
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method
 
 =head1 SYNOPSIS
 
  #include <openssl/dh.h>
+ #include <openssl/engine.h>
 
- void DH_set_default_method(DH_METHOD *meth);
+ void DH_set_default_openssl_method(DH_METHOD *meth);
 
- DH_METHOD *DH_get_default_method(void);
+ DH_METHOD *DH_get_default_openssl_method(void);
 
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ int DH_set_method(DH *dh, ENGINE *engine);
 
- DH *DH_new_method(DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
 
  DH_METHOD *DH_OpenSSL(void);
 
@@ -28,17 +29,26 @@ such as hardware accelerators may be used.
 Initially, the default is to use the OpenSSL internal implementation.
 DH_OpenSSL() returns a pointer to that method.
 
-DH_set_default_method() makes B<meth> the default method for all B<DH>
+DH_set_default_openssl_method() makes B<meth> the default method for all DH
-structures created later.
+structures created later. B<NB:> This is true only whilst the default engine
+for Diffie-Hellman operations remains as "openssl". ENGINEs provide an
+encapsulation for implementations of one or more algorithms, and all the DH
+functions mentioned here operate within the scope of the default
+"openssl" engine.
 
-DH_get_default_method() returns a pointer to the current default
+DH_get_default_openssl_method() returns a pointer to the current default
-method.
+method for the "openssl" engine.
 
-DH_set_method() selects B<meth> for all operations using the structure B<dh>.
+DH_set_method() selects B<engine> as the engine that will be responsible for
+all operations using the structure B<dh>. If this function completes successfully,
+then the B<dh> structure will have its own functional reference of B<engine>, so
+the caller should remember to free their own reference to B<engine> when they are
+finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by
+ENGINE_get_DH() or ENGINE_set_DH().
 
-DH_new_method() allocates and initializes a B<DH> structure so that
+DH_new_method() allocates and initializes a DH structure so that
-B<method> will be used for the DH operations. If B<method> is B<NULL>,
+B<engine> will be used for the DH operations. If B<engine> is NULL,
-the default method is used.
+the default engine for Diffie-Hellman opertaions is used.
 
 =head1 THE DH_METHOD STRUCTURE
 
@@ -73,16 +83,16 @@ the default method is used.
 =head1 RETURN VALUES
 
 DH_OpenSSL() and DH_get_default_method() return pointers to the respective
-B<DH_METHOD>s.
+DH_METHODs.
 
-DH_set_default_method() returns no value.
+DH_set_default_openssl_method() returns no value.
 
-DH_set_method() returns a pointer to the B<DH_METHOD> previously
+DH_set_method() returns non-zero if the ENGINE associated with B<dh>
-associated with B<dh>.
+was successfully changed to B<engine>.
 
-DH_new_method() returns B<NULL> and sets an error code that can be
+DH_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails.
-returns a pointer to the newly allocated structure.
+Otherwise it returns a pointer to the newly allocated structure.
 
 =head1 SEE ALSO
 
@@ -93,4 +103,9 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
 DH_set_default_method(), DH_get_default_method(), DH_set_method(),
 DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
 
+DH_set_default_openssl_method() and DH_get_default_openssl_method()
+replaced DH_set_default_method() and DH_get_default_method() respectively,
+and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s
+rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut

doc/crypto/DSA_set_method.pod

@@ -2,20 +2,21 @@
 
 =head1 NAME
 
-DSA_set_default_method, DSA_get_default_method, DSA_set_method,
+DSA_set_default_openssl_method, DSA_get_default_openssl_method,
-DSA_new_method, DSA_OpenSSL - select DSA method
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
 
 =head1 SYNOPSIS
 
  #include <openssl/dsa.h>
+ #include <openssl/engine.h>
 
- void DSA_set_default_method(DSA_METHOD *meth);
+ void DSA_set_default_openssl_method(DSA_METHOD *meth);
 
- DSA_METHOD *DSA_get_default_method(void);
+ DSA_METHOD *DSA_get_default_openssl_method(void);
 
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ int DSA_set_method(DSA *dsa, ENGINE *engine);
 
- DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
 
  DSA_METHOD *DSA_OpenSSL(void);
 
@@ -28,17 +29,21 @@ such as hardware accelerators may be used.
 Initially, the default is to use the OpenSSL internal implementation.
 DSA_OpenSSL() returns a pointer to that method.
 
-DSA_set_default_method() makes B<meth> the default method for all B<DSA>
+DSA_set_default_openssl_method() makes B<meth> the default method for
-structures created later.
+all DSA structures created later. B<NB:> This is true only whilst the
+default engine for DSA operations remains as "openssl". ENGINEs
+provide an encapsulation for implementations of one or more algorithms at a
+time, and all the DSA functions mentioned here operate within the scope
+of the default "openssl" engine.
 
-DSA_get_default_method() returns a pointer to the current default
+DSA_get_default_openssl_method() returns a pointer to the current default
-method.
+method for the "openssl" engine.
 
-DSA_set_method() selects B<meth> for all operations using the structure B<dsa>.
+DSA_set_method() selects B<engine> for all operations using the structure B<dsa>.
 
-DSA_new_method() allocates and initializes a B<DSA> structure so that
+DSA_new_method() allocates and initializes a DSA structure so that
-B<method> will be used for the DSA operations. If B<method> is B<NULL>,
+B<engine> will be used for the DSA operations. If B<engine> is NULL,
-the default method is used.
+the default engine for DSA operations is used.
 
 =head1 THE DSA_METHOD STRUCTURE
 
@@ -84,18 +89,17 @@ struct
 
 =head1 RETURN VALUES
 
-DSA_OpenSSL() and DSA_get_default_method() return pointers to the
+DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the
-respective B<DSA_METHOD>s.
+respective DSA_METHODs.
 
-DSA_set_default_method() returns no value.
+DSA_set_default_openssl_method() returns no value.
 
-DSA_set_method() returns a pointer to the B<DSA_METHOD> previously
+DSA_set_method() returns non-zero if the ENGINE associated with B<dsa>
-associated with B<dsa>.
+was successfully changed to B<engine>.
 
-DSA_new_method() returns B<NULL> and sets an error code that can be
+DSA_new_method() returns NULL and sets an error code that can be
 obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
-fails. Otherwise it returns a pointer to the newly allocated
+fails. Otherwise it returns a pointer to the newly allocated structure.
-structure.
 
 =head1 SEE ALSO
 
@@ -106,4 +110,9 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
 DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
 DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
 
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method()
+replaced DSA_set_default_method() and DSA_get_default_method() respectively,
+and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s
+rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut

doc/crypto/RSA_set_method.pod

@@ -9,12 +9,13 @@ RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method
 =head1 SYNOPSIS
 
  #include <openssl/rsa.h>
+ #include <openssl/engine.h>
 
- void RSA_set_default_method(RSA_METHOD *meth);
+ void RSA_set_default_openssl_method(RSA_METHOD *meth);
 
- RSA_METHOD *RSA_get_default_method(void);
+ RSA_METHOD *RSA_get_default_openssl_method(void);
 
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ RSA_METHOD *RSA_set_method(RSA *rsa, ENGINE *engine);
 
  RSA_METHOD *RSA_get_method(RSA *rsa);
 
@@ -26,7 +27,7 @@ RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method
 
  int RSA_flags(RSA *rsa);
 
- RSA *RSA_new_method(RSA_METHOD *method);
+ RSA *RSA_new_method(ENGINE *engine);
 
 =head1 DESCRIPTION
 
@@ -46,23 +47,27 @@ the RSA transformation. It is the default if OpenSSL is compiled with
 C<-DRSA_NULL>. These methods may be useful in the USA because of a
 patent on the RSA cryptosystem.
 
-RSA_set_default_method() makes B<meth> the default method for all B<RSA>
+RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA>
-structures created later.
+structures created later. B<NB:> This is true only whilst the default engine
+for RSA operations remains as "openssl". ENGINEs provide an
+encapsulation for implementations of one or more algorithms at a time, and all
+the RSA functions mentioned here operate within the scope of the default
+"openssl" engine.
 
-RSA_get_default_method() returns a pointer to the current default
+RSA_get_default_openssl_method() returns a pointer to the current default
-method.
+method for the "openssl" engine.
 
-RSA_set_method() selects B<meth> for all operations using the key
+RSA_set_method() selects B<engine> for all operations using the key
 B<rsa>.
 
-RSA_get_method() returns a pointer to the method currently selected
+RSA_get_method() returns a pointer to the RSA_METHOD from the currently
-for B<rsa>.
+selected ENGINE for B<rsa>.
 
 RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
 
-RSA_new_method() allocates and initializes an B<RSA> structure so that
+RSA_new_method() allocates and initializes an RSA structure so that
-B<method> will be used for the RSA operations. If B<method> is B<NULL>,
+B<engine> will be used for the RSA operations. If B<engine> is NULL,
-the default method is used.
+the default engine for RSA operations is used.
 
 =head1 THE RSA_METHOD STRUCTURE
 
@@ -128,17 +133,21 @@ the default method is used.
 =head1 RETURN VALUES
 
 RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(),
-RSA_get_default_method() and RSA_get_method() return pointers to the
+RSA_get_default_openssl_method() and RSA_get_method() return pointers to
-respective B<RSA_METHOD>s.
+the respective RSA_METHODs.
 
-RSA_set_default_method() returns no value.
+RSA_set_default_openssl_method() returns no value.
 
-RSA_set_method() returns a pointer to the B<RSA_METHOD> previously
+RSA_set_method() selects B<engine> as the engine that will be responsible for
-associated with B<rsa>.
+all operations using the structure B<rsa>. If this function completes successfully,
+then the B<rsa> structure will have its own functional reference of B<engine>, so
+the caller should remember to free their own reference to B<engine> when they are
+finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by
+ENGINE_get_RSA() or ENGINE_set_RSA().
 
-RSA_new_method() returns B<NULL> and sets an error code that can be
+RSA_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
-returns a pointer to the newly allocated structure.
+it returns a pointer to the newly allocated structure.
 
 =head1 SEE ALSO
 
@@ -151,4 +160,9 @@ RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
 well as the rsa_sign and rsa_verify components of RSA_METHOD were
 added in OpenSSL 0.9.4.
 
+RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
+replaced RSA_set_default_method() and RSA_get_default_method() respectively,
+and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s
+rather than B<DH_METHOD>s during development of OpenSSL 0.9.6.
+
 =cut

doc/crypto/dh.pod

@@ -7,6 +7,7 @@ dh - Diffie-Hellman key agreement
 =head1 SYNOPSIS
 
  #include <openssl/dh.h>
+ #include <openssl/engine.h>
 
  DH *	DH_new(void);
  void	DH_free(DH *dh);
@@ -20,10 +21,10 @@ dh - Diffie-Hellman key agreement
  int	DH_generate_key(DH *dh);
  int	DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
 
- void DH_set_default_method(DH_METHOD *meth);
+ void DH_set_default_openssl_method(DH_METHOD *meth);
- DH_METHOD *DH_get_default_method(void);
+ DH_METHOD *DH_get_default_openssl_method(void);
- DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
+ int DH_set_method(DH *dh, ENGINE *engine);
- DH *DH_new_method(DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
  DH_METHOD *DH_OpenSSL(void);
 
  int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),

doc/crypto/dsa.pod

@@ -7,6 +7,7 @@ dsa - Digital Signature Algorithm
 =head1 SYNOPSIS
 
  #include <openssl/dsa.h>
+ #include <openssl/engine.h>
 
  DSA *	DSA_new(void);
  void	DSA_free(DSA *dsa);
@@ -28,10 +29,10 @@ dsa - Digital Signature Algorithm
  int	DSA_verify(int dummy, const unsigned char *dgst, int len,
 		unsigned char *sigbuf, int siglen, DSA *dsa);
 
- void DSA_set_default_method(DSA_METHOD *meth);
+ void DSA_set_default_openssl_method(DSA_METHOD *meth);
- DSA_METHOD *DSA_get_default_method(void);
+ DSA_METHOD *DSA_get_default_openssl_method(void);
- DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth);
+ int DSA_set_method(DSA *dsa, ENGINE *engine);
- DSA *DSA_new_method(DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
  DSA_METHOD *DSA_OpenSSL(void);
 
  int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),

doc/crypto/rsa.pod

@@ -7,6 +7,7 @@ rsa - RSA public key cryptosystem
 =head1 SYNOPSIS
 
  #include <openssl/rsa.h>
+ #include <openssl/engine.h>
 
  RSA * RSA_new(void);
  void RSA_free(RSA *rsa);
@@ -31,15 +32,15 @@ rsa - RSA public key cryptosystem
  int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
  void RSA_blinding_off(RSA *rsa);
 
- void RSA_set_default_method(RSA_METHOD *meth);
+ void RSA_set_default_openssl_method(RSA_METHOD *meth);
- RSA_METHOD *RSA_get_default_method(void);
+ RSA_METHOD *RSA_get_default_openssl_method(void);
- RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
+ int RSA_set_method(RSA *rsa, ENGINE *engine);
  RSA_METHOD *RSA_get_method(RSA *rsa);
  RSA_METHOD *RSA_PKCS1_SSLeay(void);
  RSA_METHOD *RSA_PKCS1_RSAref(void);
  RSA_METHOD *RSA_null_method(void);
  int RSA_flags(RSA *rsa);
- RSA *RSA_new_method(RSA_METHOD *method);
+ RSA *RSA_new_method(ENGINE *engine);
 
  int RSA_print(BIO *bp, RSA *x, int offset);
  int RSA_print_fp(FILE *fp, RSA *x, int offset);