wolfCrypt Support for Cryptographic Callbacks

wolfCrypt adds support for cryptographic callbacks that can be registered for replacing stock software calls with your own custom implementations. The goal is to make adding hardware cryptographic support easier.

Currently supported crypto callbacks:

  • RNG and RNG Seed
  • ECC (key gen, sign/verify and shared secret)
  • RSA (key gen, sign/verify, encrypt/decrypt)
  • AES CBC and GCM
  • SHA1 and SHA256
  • HMAC

This feature is enabled using “–enable-cryptocb” or “#define WOLF_CRYPTO_CB”.

To register a cryptographic callback function use the “wc_CryptoCb_RegisterDevice” API. This takes a unique device ID (devId), callback function and optional user context.

typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx);
WOLFSSL_API int wc_CryptoCb_RegisterDevice(
    int devId,
    CryptoDevCallbackFunc cb,
    void* ctx);

To enable use of the crypto callbacks you must supply the “devId” arguments on initialization.

For TLS use:  

  • wolfSSL_CTX_SetDevId(ctx, devId);
  • wolfSSL_SetDevId(ssl, devId);

For wolfCrypt API’s use the init functions that accept “devId” such as:

  • wc_InitRsaKey_ex
  • wc_ecc_init_ex
  • wc_AesInit
  • wc_InitSha256_ex
  • wc_InitSha_ex
  • wc_HmacInit


For questions please email us at facts@wolfssl.com.