Upstream NEWS file:

  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:

      o TLS/DTLS heartbeat support.
      o SCTP support.
      o RFC 5705 TLS key material exporter.
      o RFC 5764 DTLS-SRTP negotiation.
      o Next Protocol Negotiation.
      o PSS signatures in certificates, requests and CRLs.
      o Support for password based recipient info for CMS.
      o Support TLS v1.2 and TLS v1.1.
      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
      o SRP support.

  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:

      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
      o Corrected fix for CVE-2011-4619
      o Various DTLS fixes.

Debian changelog:

openssl (1.0.1-2) unstable; urgency=low

  * Properly quote the new cflags in Configure

 -- Kurt Roeckx <email address hidden>  Mon, 19 Mar 2012 19:56:05 +0100

openssl (1.0.1-1) unstable; urgency=low

  * New upstream version
    - Remove kfreebsd-pipe.patch, fixed upstream
    - Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
    - Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
      the new functions.
    - AES-NI support (Closes: #644743)
  * pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
    hidden on amd64, no need to access it PIC anymore.
  * pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
  * Enable hardening using dpkg-buildflags (Closes: #653495)
  * s_client and s_server were forcing SSLv3 only connection when SSLv2 was
    disabled instead of the SSLv2 with upgrade method.  (Closes: #664454)
  * Add Beaks on openssh < 1:5.9p1-4, it has a too strict version check.

 -- Kurt Roeckx <email address hidden>  Mon, 19 Mar 2012 18:23:32 +0100

openssl (1.0.0h-1) unstable; urgency=high

  * New upstream version
    - Fixes CVE-2012-0884
    - Fixes CVE-2012-1165
    - Properly fix CVE-2011-4619
    - pkg-config.patch applied upstream, remove it.
  * Enable assembler for all i386 arches.  The assembler does proper
    detection of CPU support, including cpuid support.
    This should fix a problem with AES 192 and 256 with the padlock
    engine because of the difference in NO_ASM between the between
    the i686 optimized library and the engine.

 -- Kurt Roeckx <email address hidden>  Tue, 13 Mar 2012 21:08:17 +0100

I've done some performance testing, which is in bug 796456 (private, sorry).  I can quote my own numbers from that:

  for x in sha1 rc4 aes-{128,256}-cbc md5; do openssl speed -evp $x 2>/dev/null | grep -A1 ^type; done | sed '2,${/type/d}'

Core 2 Duo T7100 (my laptop, getting on a bit):

amd64 1.0.0g-1ubuntu1:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 32959.34k 85644.07k 174930.39k 243954.98k 266935.33k
rc4 90403.67k 98901.49k 101289.27k 102313.50k 103083.61k
aes-128-cbc 51210.81k 58557.04k 60279.01k 126155.41k 129400.50k
aes-256-cbc 38099.06k 41632.22k 44081.90k 42170.87k 43401.11k
md5 36105.68k 103355.47k 215324.51k 296345.24k 334079.66k

amd64 1.0.1-2ubuntu1 (unreleased):
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 35898.84k 97968.17k 201869.01k 280300.41k 314556.36k
rc4 148796.23k 248179.50k 299200.47k 317167.51k 315630.36k
aes-128-cbc 80029.11k 86546.17k 88989.02k 89460.83k 89581.44k
aes-256-cbc 58424.85k 62711.92k 63304.52k 63263.34k 63661.19k
md5 39243.77k 110190.34k 233141.78k 318653.39k 360757.60k

i386 1.0.0g-1ubuntu1:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 20799.30k 58511.68k 121232.04k 166728.83k 187707.50k
rc4 144625.18k 190355.72k 207533.54k 217030.23k 230849.46k
aes-128-cbc 63992.57k 73048.85k 76678.75k 78265.56k 77791.23k
aes-256-cbc 50812.10k 56796.46k 58252.89k 58130.56k 58776.23k
md5 25959.21k 78649.23k 183409.83k 275312.09k 326038.87k

i386 1.0.1-2ubuntu1 (unreleased):
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 28814.07k 84153.79k 187597.59k 273172.48k 315113.47k
rc4 213104.86k 295053.10k 329978.88k 351678.81k 367037.10k
aes-128-cbc 73415.73k 85662.90k 88118.29k 88727.21k 89155.35k
aes-256-cbc 54117.90k 59359.41k 61571.61k 60992.35k 63965.87k
md5 30211.77k 88190.74k 200825.25k 291140.04k 327380.36k

Xeon X5550 (porter-amd64.canonical.com):

amd64 1.0.0g-1ubuntu1:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 51464.13k 135581.95k 268001.37k 354723.50k 391353.69k
rc4 285698.47k 340625.22k 297458.99k 300018.35k 300826.62k
aes-128-cbc 84038.84k 93140.52k 96024.32k 96636.93k 96952.32k
aes-256-cbc 62973.73k 67858.18k 69276.76k 69656.92k 69716.65k
md5 62959.22k 181574.51k 387815.08k 543501.65k 615374.85k

amd64 1.0.1-2ubuntu1 (unreleased):
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
sha1 59043.94k 165165.57k 345374.63k 474867.03k 532654.76k
rc4 243205.74k 479680.62k 637097.39k 702863.70k 725865.81k
aes-128-cbc 248449.33k 290760.30k 300079.79k 302154.07k 303478.10k
aes-256-cbc 190183.11k 200553.96k 210688.26k 219256.49k 218715.48k
md5 60728.21k 179583.34k 387689.90k 546985.64k 620229.97k

So now my laptop is a bit slower on AES when running amd64, but in i386 mode it's an improvement across the board. That's probably OK given its age.