wolfSSL 5.8.4 (PR#9309) has expanded the crypto callback api to include support for copy and free operations. This addition addresses a lifecycle management challenge for developers integrating hardware security modules (HSM) or hardware accelerators.
Download wolfSSL →
The Capability
Previously, wolfSSL’s default behavior for duplicating a hash context was a standard memory copy. While efficient for software, this created “shallow copies” of hardware context pointers. If a user copied a context, both the source and destination pointed to the same hardware stream, leading to race conditions and “use-after-free” errors when one context was closed.
With the new copy callback, you can now intercept the copy operation to perform a “deep copy” on the hardware side. This means:
- Allocating a fresh hardware stream for the destination context.
- Importing the state from the source hardware context to the new one.
- Ensuring the two contexts operate completely independently.
We also added a free callback, allowing your driver to explicitly handle the tear-down of these hardware resources when wolfSSL finishes with a context.
What This Means for Your Drivers
If you are writing a custom callback solution for hardware that requires strict stream management, you now have granular control over the context lifecycle:
- Independent Contexts: Support complex hashing flows (like context cloning) without state corruption.
- Resource Tracking: Match every init or copy with a specific free, preventing memory leaks on the device.
- Hardware Syncing: Ensures that software state matches hardware state at the exact moment of duplication.
Supported Algorithms
This feature is currently available for the SHA family:
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- SHA-3
Questions?
If you have questions about any of the above or want to see expanded support for other algorithms, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

