In the latest release of the wolfSSL embedded TLS library (version 3.14), functionality was added to allow users to define and utilize custom Diffie-Hellman Agreement callbacks. This functionality was added in the form of a new API method, whose title and signature are shown below:
void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, CallbackDhAgree cb)
This function takes in a WOLFSSL_CTX struct (titled "ctx"), and assigns the callback member of that struct to the method "cb" that is being passed. At runtime, when a wolfSSL SSL/TLS connection needs to generate a shared secret, it will use the callback function (cb)that has been registered with the context (ctx)instead of wolfSSL’s default DH implementation.
When users define their own callback functions for this method, they need to match the following signature:
int (*CallbackDhAgree) (WOLFSSL* ssl, struct DhKey* key, const unsigned char* priv, unsigned int privSz, const unsigned char* otherPubKeyDer, unsigned int otherPubKeySz, unsigned char* out, unsigned int* outLength, void* usrCtx);