/* Ask: is ANY ECC cipher suite enabled on this socket? */
static PRBool
ssl_IsECCEnabled(sslSocket *ss)
{
PK11SlotInfo *slot;
/* make sure we can do ECC */
slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg);
if (!slot) {
return PR_FALSE;
}
PK11_FreeSlot(slot);
/* make sure an ECC cipher is enabled */
return ssl_IsSuiteEnabled(ss, ssl_all_ec_suites);
}
/* Send our Supported Groups extension. */
PRInt32
ssl_SendSupportedGroupsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes)
{
PRInt32 extension_length;
unsigned char enabledGroups[64];
unsigned int enabledGroupsLen = 0;
unsigned int i;
PRBool ec;
PRBool ff = PR_FALSE;
if (!ss)
return 0;
ec = ssl_IsECCEnabled(ss);
/* We only send FF supported groups if we require DH named groups or if TLS
* 1.3 is a possibility. */
if (ss->opt.requireDHENamedGroups ||
ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3) {
ff = ssl_IsSuiteEnabled(ss, ssl_dhe_suites);
}
if (!ec && !ff) {
return 0;
}
PORT_Assert(sizeof(enabledGroups) > ssl_named_group_count * 2);
for (i = 0; i < ssl_named_group_count; ++i) {
if (ssl_named_groups[i].type == group_type_ec && !ec) {
continue;
}
if (ssl_named_groups[i].type == group_type_ff && !ff) {
continue;
}
if (!ssl_NamedGroupEnabled(ss, &ssl_named_groups[i])) {
continue;
}
if (append) {
enabledGroups[enabledGroupsLen++] = ssl_named_groups[i].name >> 8;
enabledGroups[enabledGroupsLen++] = ssl_named_groups[i].name & 0xff;
} else {
enabledGroupsLen += 2;
}
}
PRBool
ssl_IsDHEEnabled(sslSocket *ss)
{
return ssl_IsSuiteEnabled(ss, ssl_dhe_suites);
}
