Modern Swift bindings for OpenSSL 3.x β a type-safe Swift 6.1 API for SHA-256, Base64URL, and RSA, plus raw libcrypto and libssl products other Swift packages can link for a full OpenSSL runtime.
π Documentation
Caution
Pre-1.0 and cryptographic test vectors are not yet integrated. Do not use in production until proper verification is in place. See the Security Considerations guide for the full MVP-gap list.
OpenSSL complements β rather than replaces β swift-crypto and Apple's CryptoKit. Reach for this package when you need algorithms Apple's frameworks don't cover (PKCS#1 padding variants, PEM I/O, Base64URL with the JOSE alphabet), when you need to interop with existing OpenSSL-based C/C++ code, or when you need to audit the exact OpenSSL version shipping with your binary. For packages like swift-tor that embed C code calling EVP_* / SSL_* symbols, the raw libcrypto and libssl products provide a statically linked, vendor-controlled runtime.
- Modern Swift API for SHA-256 (FIPS 180-4), Base64URL (RFC 4648 Β§5), and RSA PEM ingestion (PKCS#1 / PKCS#8).
- Raw
libcryptoandlibsslC bindings for Swift packages that need a full OpenSSL runtime β used by swift-tor for its Tor daemon. - OpenSSL 3.6.2 statically vendored via subtree β no system OpenSSL dependency at runtime.
- Swift 6.1 strict concurrency,
Sendablethroughout, zero rawOpaquePointerleakage in the public API. - Apple platforms + Linux: macOS 13+, iOS 16+, tvOS 16+, watchOS 9+, visionOS 1+, Ubuntu 22.04+.
Add the package to your Package.swift:
.package(url: "https://github.com/21-DOT-DEV/swift-openssl.git", exact: "0.1.0"),Warning
Pin with exact: while the package is pre-1.0 (SemVer major version zero reserves this range as "anything may change at any time").
Include OpenSSL in your target:
.target(name: "<target>", dependencies: [
.product(name: "OpenSSL", package: "swift-openssl"),
]),Or use Xcode: File β Add Packagesβ¦, then enter https://github.com/21-DOT-DEV/swift-openssl.
import OpenSSL
let digest = SHA256.hash(string: "Hello, World!")
print(digest.hexString)
// dffd6021bb2bd5b0af676290809ec3a53191dd81c7f70a4b28688a362182986fβ Full API: docs.21.dev/documentation/openssl/sha256
For Base64URL encoding, RSA PEM parsing, runtime version auditing, and the product-selection guide (OpenSSL vs libcrypto vs libssl), explore the hosted documentation:
- Getting Started β task-oriented walkthrough of every shipping capability
- Choosing libcrypto vs OpenSSL β product-selection guide for direct-API vs raw-bindings consumers
- Security Considerations β production-readiness caveats, disabled algorithms, CVE auditing
Every example in the DocC catalog under Sources/OpenSSL/OpenSSL.docc/ is backed by an executable SwiftPM snippet and a test, so nothing drifts from the code. Build the full hyperlinked archive locally with swift package generate-documentation --target OpenSSL.
| Tool | Minimum version |
|---|---|
| Swift | 6.1 |
| Xcode | 16.3 |
| macOS | 13 |
| iOS / iPadOS | 16 |
| tvOS | 16 |
| watchOS | 9 |
| visionOS | 1 |
| Linux | Ubuntu 22.04+ (glibc) |
Bug reports and pull requests are welcome. Start with:
- AGENTS.md β project architecture, Swift-target boundaries, extraction flow.
- Vendor/AGENTS.md β OpenSSL subtree sync rules and the Configure regeneration recipe for minor/major bumps.
- 21-DOT-DEV contributing guidelines β branching and commit conventions.
For vulnerability reports, follow the private-disclosure process in SECURITY.md. For shipped-today security caveats β MVP gaps, disabled algorithms, constant-time-comparison rules, and runtime CVE auditing β see the Security Considerations guide.
Released under the MIT License β see LICENSE. OpenSSL itself is licensed under the Apache License 2.0.