# native-ossl-sys
Raw FFI bindings to OpenSSL 3.x, generated by `bindgen` at build time.
This crate is an implementation detail of [`native-ossl`](../native-ossl).
**Do not depend on it directly** — use `native-ossl` instead.
## What this crate does
- Runs `pkg-config` to locate the system OpenSSL (≥ 3.0.7).
- Generates `ossl_bindings.rs` via `bindgen` from the public OpenSSL headers.
- Detects the installed version and algorithm support, emitting `rustc-cfg`
flags that `native-ossl` uses to gate version-specific APIs:
| Flag | Meaning |
|------|---------|
| `ossl307` | OpenSSL ≥ 3.0.7 (always set at the minimum floor) |
| `ossl320` | OpenSSL ≥ 3.2.0 |
| `ossl350` | OpenSSL ≥ 3.5.0 |
| `ossl400` | OpenSSL ≥ 4.0.0 |
| `ossl_slhdsa` | SLH-DSA algorithm family present |
| `ossl_mldsa` | ML-DSA algorithm family present |
| `ossl_mlkem` | ML-KEM algorithm family present |
| `param_clear_free` | `OSSL_PARAM_clear_free` available |
- With the `fips-provider` feature: performs a second `bindgen` pass against
non-public OpenSSL headers (`OPENSSL_SOURCE_DIR` required) and compiles a
C probe to determine the `evp_pkey_st::keydata` field offset for the
current target ABI.
## `links = "ssl"`
The manifest key `links = "ssl"` causes Cargo to forward any
`cargo::metadata=KEY=VALUE` emitted here to direct dependents as
`DEP_SSL_KEY` environment variables. `native-ossl/build.rs` reads these
to re-emit the cfg flags for the safe wrapper crate.
## License
Apache-2.0