Fork of OpenSSL that includes quantum-resistant algorithms and ciphersuites based on liboqs.
C Perl Makefile C++ Assembly DIGITAL Command Language Other
Switch branches/tags
rsaref master-pre-reformat master-pre-auto-reformat master-post-reformat master-post-auto-reformat STATE_before_zlib STATE_after_zlib SSLeay_0_9_1b SSLeay_0_9_0b SSLeay_0_8_1b OpenSSL_1_1_0 OpenSSL_1_1_0f OpenSSL_1_1_0e OpenSSL_1_1_0d OpenSSL_1_1_0c OpenSSL_1_1_0b OpenSSL_1_1_0a OpenSSL_1_1_0-pre6 OpenSSL_1_1_0-pre5 OpenSSL_1_1_0-pre4 OpenSSL_1_1_0-pre3 OpenSSL_1_1_0-pre2 OpenSSL_1_1_0-pre1 OpenSSL_1_0_2 OpenSSL_1_0_2l OpenSSL_1_0_2k OpenSSL_1_0_2j OpenSSL_1_0_2i OpenSSL_1_0_2h OpenSSL_1_0_2g OpenSSL_1_0_2f OpenSSL_1_0_2e OpenSSL_1_0_2d OpenSSL_1_0_2c OpenSSL_1_0_2b OpenSSL_1_0_2a OpenSSL_1_0_2-pre-reformat OpenSSL_1_0_2-pre-auto-reformat OpenSSL_1_0_2-post-reformat OpenSSL_1_0_2-post-auto-reformat OpenSSL_1_0_2-beta3 OpenSSL_1_0_2-beta2 OpenSSL_1_0_2-beta1 OpenSSL_1_0_1 OpenSSL_1_0_1u OpenSSL_1_0_1t OpenSSL_1_0_1s OpenSSL_1_0_1r OpenSSL_1_0_1q OpenSSL_1_0_1p OpenSSL_1_0_1o OpenSSL_1_0_1n OpenSSL_1_0_1m OpenSSL_1_0_1l OpenSSL_1_0_1k OpenSSL_1_0_1j OpenSSL_1_0_1i OpenSSL_1_0_1h OpenSSL_1_0_1g OpenSSL_1_0_1f OpenSSL_1_0_1e OpenSSL_1_0_1d OpenSSL_1_0_1c OpenSSL_1_0_1b OpenSSL_1_0_1a OpenSSL_1_0_1-pre-reformat OpenSSL_1_0_1-pre-auto-reformat OpenSSL_1_0_1-post-reformat OpenSSL_1_0_1-post-auto-reformat OpenSSL_1_0_1-beta3 OpenSSL_1_0_1-beta2 OpenSSL_1_0_1-beta1 OpenSSL_1_0_0 OpenSSL_1_0_0t OpenSSL_1_0_0s OpenSSL_1_0_0r OpenSSL_1_0_0q OpenSSL_1_0_0p OpenSSL_1_0_0o OpenSSL_1_0_0n OpenSSL_1_0_0m OpenSSL_1_0_0l OpenSSL_1_0_0k OpenSSL_1_0_0j OpenSSL_1_0_0i OpenSSL_1_0_0h OpenSSL_1_0_0g OpenSSL_1_0_0f OpenSSL_1_0_0e OpenSSL_1_0_0d OpenSSL_1_0_0c OpenSSL_1_0_0b OpenSSL_1_0_0a OpenSSL_1_0_0-pre-reformat OpenSSL_1_0_0-pre-auto-reformat OpenSSL_1_0_0-post-reformat OpenSSL_1_0_0-post-auto-reformat OpenSSL_1_0_0-beta5 OpenSSL_1_0_0-beta4 OpenSSL_1_0_0-beta3
Nothing to show
Clone or download
Pull request Compare This branch is 3998 commits ahead, 13710 commits behind openssl:master.
Failed to load latest commit information.
MacOS Standardize syntax around sizeof(foo) Dec 8, 2017
Netware Update netware to use new SHA2 assembly language modules. Jan 4, 2008
VMS Teach to have a look for disabled algorithms in opensslc… Oct 30, 2011
apps Merge remote-tracking branch 'openssl/OpenSSL_1_0_2-stable' into OQS-… May 26, 2018
bugs Run util/openssl-format-source -v -c . Jan 22, 2015
certs grammar May 27, 2008
crypto Fix a bogus warning about an uninitialised var May 23, 2018
demos Standardize syntax around sizeof(foo) Dec 8, 2017
doc Fix typo 'is an error occurred' in documentation May 11, 2018
engines fix several typos in README.gost Jan 23, 2018
ms Revert "RT4526: Call TerminateProcess, not ExitProcess" Jun 16, 2016
os2 Make a number of changes to the OS/2 build. Submitter's comment below. Nov 28, 2003
shlib Apply mingw patches as supplied by Roumen Petrov an Alon Bar-Lev Apr 17, 2008
ssl Merge remote-tracking branch 'openssl/OpenSSL_1_0_2-stable' into OQS-… May 26, 2018
test Merge remote-tracking branch 'openssl/OpenSSL_1_0_2-stable' into OQS-… May 26, 2018
tools RT4044: Remove .cvsignore files. Sep 15, 2015
util util/domd: harmonize with compiler detection in Configure. May 18, 2018
.gitignore Add OQS KEM to speed Apr 10, 2018 Adapt the OS X build to use the OS X tar Dec 8, 2015
.travis.yml Add echo for each build phase Jul 4, 2017
ACKNOWLEDGMENTS Refer to website for acknowledgements. Dec 8, 2015
CHANGES In cases where we ask PEM_def_callback for minimum 0 length, accept 0… May 12, 2018
CHANGES.SSLeay PR: 1894 Apr 16, 2009
CONTRIBUTING Updated to CONTRIBUTING to reflect GitHub, etc. Apr 7, 2018
Configure When configuring 'no-comp', zlib support should be disabled too May 14, 2018
FAQ Move FAQ to the web. Aug 16, 2015
GitConfigure Backport single makefile from master. Jun 13, 2013
GitMake Backport single makefile from master. Jun 13, 2013
INSTALL Remove an out of date reference to RT Aug 25, 2017
INSTALL.MacOS Typos (Chris Pepper <>) Oct 1, 2001
INSTALL.NW Netware support. Jan 3, 2008
INSTALL.OS2 Add support for shared libraries with OS/2. Jul 17, 2002
INSTALL.VMS Change INSTALL.VMS to reflect the changes done on the build and Mar 19, 2011
INSTALL.W32 Windows: Add CRYPT32.LIB to the libraries to link your app with May 16, 2016
INSTALL.W64 Pull up Win64 support from 0.9.8. Jul 5, 2005
INSTALL.WCE First draft for WCE PortSDK support. Once again! It's *draft* which r… Nov 6, 2005
LICENSE Update the license end year Jan 21, 2018 Fix make clean error Apr 11, 2018
Makefile.shared Add support for RC / WINDRES env variables May 17, 2016
NEWS Prepare for 1.0.2p-dev Mar 27, 2018
PROBLEMS ./Configure: libcrypto.a can grow to many GB on Solaris 10, because o… Aug 13, 2012
README Prepare for 1.0.2p-dev Mar 27, 2018
README.ASN1 Merge from the ASN1 branch of new ASN1 code Dec 8, 2000
README.ENGINE oops, there were other cases of "ENGINE_ID" to change too. Jul 8, 2002 Link against libm on Linux and add xsltproc instruction May 31, 2018 Update release notes May 31, 2018
TABLE Configure: add back /WX to VC-WIN32. Nov 13, 2017
appveyor.yml Remove notification settings from appveyor.yml May 17, 2017
config Better way to recognise mingw64 in config script Mar 13, 2017
e_os.h Use both sun and __sun Nov 24, 2015
e_os2.h Add the macro OPENSSL_SYS_WIN64 Jun 2, 2015 Apply all the changes submitted by Steven M. Schweda <> Mar 19, 2011 Define CFLAGS as cflags on VMS as well Jan 13, 2015
openssl.doxy Add functions to add certs to stacks, used for CA file/path stuff in … Feb 28, 1999
openssl.spec Prepare for 1.0.2p-dev Mar 27, 2018

open-quantum-safe/openssl - OQS fork of OpenSSL 1.0.2

OpenSSL is an open-source TLS/SSL and crypto library (View the original README file for OpenSSL.)

This repository contains a fork of OpenSSL that adds quantum-safe cryptographic algorithms and ciphersuites.

See the OpenSSL_1_0_2-stable branch for a version enabling PQC authentication, using a different version of liboqs. (This branch will be updated once liboqs's master branch refactoring is completed.)


The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography.

liboqs is an open source C library for quantum-safe cryptographic algorithms. liboqs initially focuses on key exchange algorithms. See more about liboqs at, including a list of supported algorithms.

open-quantum-safe/openssl is an integration of liboqs into (a fork of) OpenSSL. The goal of this integration is to provide easy prototyping of quantum-resistant cryptography. The integration should not be considered "production quality".

More information on OQS can be found on our website:

Limitations and security

liboqs is designed for prototyping and evaluating quantum-resistant cryptography. Security of proposed quantum-resistant algorithms may rapidly change as research advances, and may ultimately be completely insecure against either classical or quantum computers.

We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying potentially quantum-resistant algorithms. liboqs does not intend to "pick winners", and we strongly recommend that applications and protocols rely on the outcomes of the NIST standardization project when deploying post-quantum cryptography.

We acknowledge that some parties may want to begin deploying post-quantum cryptography prior to the conclusion of the NIST standardization project. We strongly recommend that any attempts to do make use of so-called hybrid cryptography, in which post-quantum public-key algorithms are used alongside traditional public key algorithms (like RSA or elliptic curves) so that the solution is at least no less secure than existing traditional cryptography.

liboqs is provided "as is", without warranty of any kind. See LICENSE.txt for the full disclaimer.

In addition, implementations that we have included on nist-branch of liboqs have received no quality control or vetting by OQS. THE NIST-BRANCH OF LIBOQS SHOULD BE USED EXCLUSIVELY FOR EXPERIMENTATION AND PROTOTYPING, AND SHOULD NEVER BE USED IN ANY PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA.

The integration of liboqs into our fork of OpenSSL is currently at an experimental stage, and has not received significant review. At this stage, we do not recommend relying on it in any production environment or to protect any sensitive data.

The OQS fork of OpenSSL is not endorsed by with the OpenSSL project.

Proofs of TLS such as [JKSS12] and [KPW13] require a key exchange mechanism that has a form of active security, either in the form of the PRF-ODH assumption, or an IND-CCA KEM. Most basic post-quantum key exchange mechanisms do not achieve active security, and would need to have an IND-CPA to IND-CCA KEM transform applied or be protected from active attacks using a signature scheme. The DEFAULT KEM built in liboqs may not necessarily provide active security, in which case existing proofs of security of TLS against active attackers do not apply.


open-quantum-safe/openssl currently contains:

  • Integration of post-quantum key exchange primitives from liboqs into OpenSSL's speed command
  • Ciphersuites using post-quantum key exchange based on primitives from liboqs, including hybrid ciphersuites which also use ECDHE key exchange

Our modifications are currently only for OpenSSL v1.0.2 (and correspondingly TLS 1.2).

liboqs version

An earlier version of liboqs exposed a key exchange (KEX) API, while a newer version exposes a key encapsulation mechanism (KEM) API. This branch of our OpenSSL fork works with the KEM version of liboqs.

Currently, the KEM API of liboqs is only available on liboqs' nist-branch. Thus, this branch of liboqs' OpenSSL fork must be compiled against liboqs' nist-branch.


For each post-quantum KEM exposed X, there are the following ciphersuites:


Currently, only one KEM from liboqs is exposed:

  • X = DEFAULT: this uses whichever key exchange primitive is configured as the default key exchange primitive in liboqs.

Note that when liboqs' master branch is ported to the new liboqs API, we intend that all KEMs present in liboqs master branch will be exposed in our OpenSSL fork. However, we intend that any algorithms in liboqs nist-branch that are not present in liboqs master branch will only be accessible via recompiling liboqs with that algorithm set to DEFAULT.

Building on Linux and macOS

Builds have been tested on macOS 10.13.3 (clang), Ubuntu 14.04.5 (gcc-7).

Step 1: Build liboqs

First, you must download and build liboqs. You must use a version of liboqs that uses the new KEM API. Currently, the only version that does so is nist-branch.

Follow the instructions there to download and build that branch of liboqs.

Step 2: Download fork of OpenSSL

Clone or download the source from Github:

git clone --branch OQS-OpenSSL_1_0_2-stable
cd openssl

Step 3: Install liboqs into OpenSSL directory

Go back to the directory where you built liboqs.

cd /path/to/liboqs
make install PREFIX=<path-to-openssl-dir>/oqs

This will create a directory oqs in your newly download OpenSSL directory, with subdirectories include and lib containing the headers and library files of liboqs.

Step 4: Build fork of OpenSSL

Now we follow the standard instructions for building OpenSSL.

To configure OpenSSL, on Linux type:

./Configure linux-x86_64 -lm

and on macOS type:

./Configure darwin64-x86_64-cc

Then type:

make depend


See the liboqs documentation for information on test programs in liboqs.

openssl speed

OpenSSL's speed command performs basic benchmarking of cryptographic primitives. You can see results for primitives from liboqs by typing

apps/openssl speed oqskem

TLS demo

OpenSSL contains a basic TLS server (s_server) and TLS client (s_client) which can be used to demonstrate and test SSL/TLS connections.

To see the list of supported ciphersuites from OQS, type:


To run a server, we first need to generate a self-signed X.509 certificate. Run the following command:

apps/openssl req -x509 -new -newkey rsa:2048 -keyout server.key -nodes -out server.cer -sha256 -days 365 -config apps/openssl.cnf

Hit enter in response to all the prompts to accept the defaults.

When done, type to combine the key and certificate (as required by s_server):

cat server.key server.cer > server.pem

To run a basic TLS server with all OQS ciphersuites enabled:

apps/openssl s_server -cipher OQSKEM-DEFAULT:OQSKEM-DEFAULT-ECDHE

In another terminal window, you can run a TLS client for any or all of the supported ciphersuites, for example:

apps/openssl s_client -cipher OQSKEM-DEFAULT
apps/openssl s_client -cipher OQSKEM-DEFAULT-ECDHE


All modifications in the open-quantum-safe/openssl repository are released under the same terms as OpenSSL, namely as described in the file LICENSE.


The Open Quantum Safe project is lead by Michele Mosca (University of Waterloo) and Douglas Stebila (McMaster University).


Contributors to the liboqs fork of OpenSSL include:

  • Kevin Kane (Microsoft)
  • Tancrède Lepoint (SRI)
  • Shravan Mishra (University of Waterloo)
  • Christian Paquin (Microsoft Research)

See the liboqs documentation for a list of contributors to liboqs.


Development of Open Quantum Safe has been supported in part by the Tutte Institute for Mathematics and Computing. Research projects which developed specific components of Open Quantum Safe have been supported by various research grants; see the source papers for funding acknowledgements.