1 (edited by okba.zoueghi 2019-04-26 01:28:09)

Topic: RSA callbacks


As specified in rfc5246 (TLS v1.2) for signature calculation and verification, the RSASSA-PKCS1-v1_5 signature scheme is used.
I would like to use my own RSA callbacks for for signing and verifiying, however, the role of the callbacks is not clear and confusing for me.

This is what I think that the callbacks shall do:

For the RSA sign callback:
1- encode the message -> EM = EMSA-PKCS1-V1_5-ENCODE (M) with [M -> the message], [EM -> the encoded message]
2- sign the encoded message

For the RSA verify callback:
1- decrypt the signature which will result on the encoded message (EM)
(The role of the verify callback function is to only decrypt the signature? shall it decode the decrypted signature?)

After the verify callback is called, I think another wolfssl function is called to do the following:
1- encode the received message EM' = EMSA-PKCS1-V1_5-ENCODE (M)
2- compare EM' with EM and succeed if EM' is equal to EM

Is my understanding correct? what shall the RSA callbacks do exactly?

Thanks in advance,


Re: RSA callbacks

Hi Okba,

The callbacks are generally used for setting up a hardware based encryption engine. Could you tell us more about your project? Please feel free to use support@wolfssl.com if you'd prefer to keep the thread private.

Kind regards,

Eric Blankenhorn
wolfSSL Support

Re: RSA callbacks

Hi Eric,

Yes exactly, I am willing to use WolfSSL in conjunction with a HSM.
Therefore, I would like to setup the RSA callbacks and use my HSM for RSA signatures.
Could you please answer my question about what the callbacks shall do exactly?

Thanks in advance,


4 (edited by okba.zoueghi 2019-04-26 05:19:25)

Re: RSA callbacks


I am using the functions provided in wolfssl/test.h as callbacks, namely, myRsaSign and myRsaVerify.
I am using TLSv1.2 and the cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256.

I printed the input buffer given to the RSA sign callback and I expect to find ECDH public key as input. However, I don't see the ECDH public in the input.

the data before the signature:

"30 51 30 0D 06 09 60 86 48 01 65 03 04 02 03 05 00 04 40 E7 49 BF 62 C1 24 26 C1 DE 43 D9 BC 95 1A BD 73 F0 CA A3 35 DC 71 E0 FA 4D C2 86 4B 38 97 91 1D 4F 1F C2 07 8E BC 21 44 FE AA 4B 8E 20 4C 7B 63 28 0C 62 81 92 05 DE 48 4B 34 6B 91 39 77 94 BE"

The data after the signature:

"C2 38 81 EC D8 97 B0 21 5B C0 99 0F 2A 6F F5 77 29 0E F2 26 66 F5 2E 99 68 DC 64 9D C4 B0 DB 91 A6 49 ED BC B2 1C 90 F6 C5 12 A0 D8 F1 A9 21 11 FB 07 DD F6 E6 9C FF A3 5F DC F7 B8 DB 48 03 86 3C 5A 14 55 79 E8 D4 49 7C 0B 01 0A 6E 71 E0 87 A9 A7 82 9B 8D D4 77 EF 15 9A A1 3D C7 9F 35 A8 2A BE B2 47 60 23 76 D0 88 CC EF 81 7C 89 B4 8F B7 D9 DE 44 1D 39 24 26 0E BB BF A0 3B 97 F8 AB EB F3 AB 2C 4D B7 B5 5B F3 27 D1 9D 9E B4 CD 42 D4 66 57 47 21 33 F6 F2 B0 84 FD FC 28 57 B1 A3 D0 0A 84 70 06 6E 30 40 9A 36 60 FD 12 62 22 23 64 CA B7 3F 7D E8 5C C2 FC F1 99 7A 29 80 11 A2 7C DD 57 5B 5D 48 CF 1D 9D 11 EF A4 8D F7 B3 1E A8 A8 EB D7 3C 81 CE DF DF 1C C3 13 16 D0 41 BE 0F 4F C9 02 23 86 8F F5 BE 84 D2 8D 6D 93 71 12 38 8D 65 B2 CD 6F 97 1A 85 F9 A8 B3 6B 00 28 CE"

As shown in the figure below, the printed signature is the same as the signature in the server key exchange and this is of course obvious. What I don't understand, What is the input? shouldn't it be the ECDH public key?

Best regards,

Post's attachments

tmp2.png 30.93 kb, 1 downloads since 2019-04-26 

You don't have the permssions to download the attachments of this post.


Re: RSA callbacks

Hi @okba.zoueghi,

If you review the header wolfssl-4.0.0/wolfssl/test.h we have an entire section where we show exactly how to setup the PK Callbacks and we also provide models for each of the callbacks (IE Exactly what they should do and in what order). Simply look for the section wrapped by


and then inside that section look for the sub-section wrapped by

#ifndef NO_RSA

There you will find examples of all the RSA callbacks.

Could you please tell us a bit about the project you are working on and the end goals?

Warm Regards,


Re: RSA callbacks


I'd like to use the callbacks too, and I'm a bit confused about the API. I want to use RsaSign callback instead of a plaintext key, but if I don't set the key with wolfSSL_CTX_use_PrivateKey_file() (which I obviously can't do, because the key is inside my device), then SendCertificate function will send an empty certificate, and the handshake will fail.

The client in examples/client/client.c kind of does both, which I don't quite understand. Would be grateful for a concise example with the callbacks/HSM.



Re: RSA callbacks

Hi Oytis,

Thank you for your request for "A concise PK with HSM callback example". We have noted it in our feature request list and will work on it when we have free engineering cycles. There is no associated timeline with feature requests we work on for free but if you ever decide you want the example work accelerated we do provide custom engineering services, just reach out to support@wolfssl.com and let us know what you need and when you need it by and we can put you in touch with our Business Department to get the details worked out and the feature expedited.

Warm Regards,


Re: RSA callbacks

Actually, the problem with blank certificate is already fixed in master, it's the version in Ubuntu lagging somewhat behind (3.13.0). Everything is working now apart from https://www.wolfssl.com/forums/topic140 … phers.html

Would be great to add a sample with the callbacks to the docs, but didn't mean a feature request or something smile