OpenSSL 3.3, 3.4, 3.5 features to expose

[h-vetinari]

This is a continuation of #9795 for newer versions. The points here are simply harvested from the feature list in openssl's NEWS.md, not all of them are necessarily applicable to cryptography (but I don't know how to make that determination, so I opted to err on the side of completeness). Please feel free to prune/edit/expand the list as you see fit.

• OpenSSL v3.3

  • Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple times with different output sizes.
  • New atexit configuration switch, which controls whether the OPENSSL_cleanup is registered when libcrypto is unloaded.

• OpenSSL v3.4

• OpenSSL v3.5

  • Support for PQC algorithms (ML-KEM, ML-DSA, SLH-DSA)
  • Support added for opaque symmetric key objects (EVP_SKEY).

[ralienpp]

In this context I'd like to revive the discussion: #11473

OpenSSL 3.5 extends the default provider with support for NIST finalists of the post-quantum algorithm competition, so I hope this brings the possibility of using PQ algorithms via cryptography closer to reality.

[alex]

Once 3.5 is out, I'd like to add PQ algorithms.

This is somewhat tempered by the fact that they're all behind atrocious new OpenSSL APIs.

(I don't think the current list of everything from the OpenSSL changelogs is especially useful, as the vast majority of these ideas have no implications for our APIs.)

[h-vetinari]

I don't think the current list of everything from the OpenSSL changelogs is especially useful, as the vast majority of these ideas have no implications for our APIs.

Please just wantonly delete what has no place here. I find it hard to tell which pieces may affect cryptography, so I didn't prune the list.