wolfcrypt-sys 0.1.4

Auto-generated Rust FFI bindings to wolfSSL via bindgen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

# wolfcrypt-sys

Raw FFI bindings to wolfCrypt, generated by bindgen.  This is the foundation
crate for the wolfssl-rs workspace.

Prefer the higher-level crates (`wolfcrypt`, `wolfcrypt-ring-compat`,
`wolfcrypt-tls`) over depending on this directly.

## Why

`wolfcrypt-sys` separates the generated FFI from the safe wrappers so that:

- The bindgen output can be regenerated (by updating the wolfSSL source)
  without a breaking-change version bump on `wolfcrypt` or `wolfcrypt-rs`.
- It emits `DEP_WOLFCRYPT_SYS_*` cargo metadata (include paths, cfg flags,
  lib dirs) via the `links = "wolfcrypt_sys"` key so downstream crates do not
  need to re-discover the wolfSSL installation.
- Per-algorithm cfg flags (`wolfssl_aes_gcm`, `wolfssl_ecc_p384`, …) are
  parsed from the compiled wolfSSL and emitted here; higher-level crates use
  these flags to gate algorithm support at compile time.

## Usage

```toml
wolfcrypt-sys = { version = "0.1", features = ["vendored"] }
```

## How it works

```text
wolfssl-src       Compiles wolfSSL C source; emits DEP_WOLFSSL_SRC_* metadata
wolfcrypt-sys     build.rs reads wolfSSL metadata; runs bindgen over wolfssl/
      │           headers; emits DEP_WOLFCRYPT_SYS_{CFGS,INCLUDE,ROOT,…}
      │           (links = "wolfcrypt_sys")
wolfcrypt-rs      Reads DEP_WOLFCRYPT_SYS_* to compile compat_shim.c
```

The generated `bindings.rs` is written to `$OUT_DIR` and `include!`-d into
`lib.rs`.  The allowlist covers wolfCrypt algorithm structs and functions;
wolfSSL TLS types are excluded.

## Finding wolfSSL

The build script searches in order:

1. `WOLFSSL_LIB_DIR` + `WOLFSSL_INCLUDE_DIR` environment variables
2. `WOLFSSL_DIR` install prefix
3. `vendored` feature + `WOLFSSL_SRC` — compiles from source via `wolfssl-src`
4. `pkg-config`

## Features

| Feature | Description |
|---------|-------------|
| `vendored` | Compile wolfSSL from source (requires `WOLFSSL_SRC`) |
| `fips` | Enable the FIPS 140-3 code path |
| `riscv-bare-metal` | Bare-metal RISC-V configuration (Caliptra) |

Need FIPS 140-3 validation in your Rust application?  wolfCrypt is FIPS 140-3
validated.  [Contact wolfSSL](https://www.wolfssl.com/license/) for a
commercial FIPS license and the validated source tree.

## Copyright

Copyright (C) 2006-2026 wolfSSL Inc.

## License

MIT — see [LICENSE](LICENSE).

The [MIT License](https://opensource.org/licenses/MIT) applies to the Rust
source code in this crate.  The underlying wolfSSL/wolfCrypt C library is
licensed under GPL-2.0-or-later with a commercial option available from
[wolfSSL Inc.](https://www.wolfssl.com/license/)