QUBIP: OpenSSL Providers in Rust (for the PQC transition)

The post-quantum cryptography (PQC) transition is more than a drop-in key exchange replacement—it’s a deep transformation in how cryptographic software is designed, built, and integrated. OpenSSL 3.0 introduced the concept of Providers, a flexible plugin architecture that enables new cryptographic algorithms to be implemented outside of the core library. This opens the door for innovation, modularity—and Rust. In this session, we introduce Aurora, a third-party OpenSSL provider implemented in Rust as part of the EU-funded QUBIP project. Aurora enables transparent PQC adoption for OpenSSL-based applications, including hybrid certificate validation, algorithm agility, and integration with Rust’s cryptographic ecosystem. We’ll walk through the motivation behind building a provider in Rust, the challenges we faced (e.g., FFI safety, Provider interface complexity), and how Aurora leverages Rust’s guarantees to offer a robust foundation for cryptographic experimentation and deployment. The session includes a live demo showing how Aurora can inject PQC algorithms into existing OpenSSL workflows without modifying the application code. We’ll also explore tooling such as openssl-provider-forge, our Rust crate that simplifies authoring and testing custom providers. Whether you’re maintaining a TLS stack, building HSM software, or researching cryptographic agility, this talk will provide hands-on insight into the real-world journey of enabling PQC inside OpenSSL using modern language tools.