21-dot-dev/swift-openssl

Modern Swift bindings for OpenSSL 3.x — a type-safe Swift 6.1 API for SHA-256, Base64URL, and RSA, plus raw libcrypto and libssl products other Swift packages can link for a full OpenSSL runtime.

Why swift-openssl?

OpenSSL complements — rather than replaces — swift-crypto and Apple's CryptoKit. Reach for this package when you need algorithms Apple's frameworks don't cover (PKCS#1 padding variants, PEM I/O, Base64URL with the JOSE alphabet), when you need to interop with existing OpenSSL-based C/C++ code, or when you need to audit the exact OpenSSL version shipping with your binary. For packages like swift-tor that embed C code calling EVP_ / SSL_ symbols, the raw libcrypto and libssl products provide a statically linked, vendor-controlled runtime.

Features

Modern Swift API for SHA-256 (FIPS 180-4), Base64URL (RFC 4648 §5), and RSA PEM ingestion (PKCS#1 / PKCS#8).
Raw libcrypto and libssl C bindings for Swift packages that need a full OpenSSL runtime — used by swift-tor for its Tor daemon.
OpenSSL 3.6.2 statically vendored via subtree — no system OpenSSL dependency at runtime.
Swift 6.1 strict concurrency, Sendable throughout, zero raw OpaquePointer leakage in the public API.
Apple platforms + Linux: macOS 13+, iOS 16+, tvOS 16+, watchOS 9+, visionOS 1+, Ubuntu 22.04+.

Installation

Add the package to your Package.swift:

.package(url: "https://github.com/21-DOT-DEV/swift-openssl.git", exact: "0.1.0"),

[!WARNING] Pin with exact: while the package is pre-1.0 (SemVer major version zero reserves this range as "anything may change at any time").

Include OpenSSL in your target:

.target(name: "<target>", dependencies: [
    .product(name: "OpenSSL", package: "swift-openssl"),
]),

Or use Xcode: File → Add Packages…, then enter https://github.com/21-DOT-DEV/swift-openssl.

Quick Start

import OpenSSL

let digest = SHA256.hash(string: "Hello, World!")
print(digest.hexString)
// dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986f

→ Full API: docs.21.dev/documentation/openssl/sha256

For Base64URL encoding, RSA PEM parsing, runtime version auditing, and the product-selection guide (OpenSSL vs libcrypto vs libssl), explore the hosted documentation:

Getting Started — task-oriented walkthrough of every shipping capability
Choosing libcrypto vs OpenSSL — product-selection guide for direct-API vs raw-bindings consumers
Security Considerations — production-readiness caveats, disabled algorithms, CVE auditing

Every example in the DocC catalog under Sources/OpenSSL/OpenSSL.docc/ is backed by an executable SwiftPM snippet and a test, so nothing drifts from the code. Build the full hyperlinked archive locally with swift package generate-documentation --target OpenSSL.

Requirements

| Tool | Minimum version | | --- | --- | | Swift | 6.1 | | Xcode | 16.3 | | macOS | 13 | | iOS / iPadOS | 16 | | tvOS | 16 | | watchOS | 9 | | visionOS | 1 | | Linux | Ubuntu 22.04+ (glibc) |

Contributing

Bug reports and pull requests are welcome. Start with:

AGENTS.md — project architecture, Swift-target boundaries, extraction flow.
Vendor/AGENTS.md — OpenSSL subtree sync rules and the Configure regeneration recipe for minor/major bumps.
21-DOT-DEV contributing guidelines — branching and commit conventions.

Security

For vulnerability reports, follow the private-disclosure process in SECURITY.md. For shipped-today security caveats — MVP gaps, disabled algorithms, constant-time-comparison rules, and runtime CVE auditing — see the Security Considerations guide.

License

Released under the MIT License — see LICENSE. OpenSSL itself is licensed under the Apache License 2.0.

Package Metadata

Repository: 21-dot-dev/swift-openssl

Default branch: main

README: README.md