/* Ask: is ANY ECC cipher suite enabled on this socket? */ static PRBool ssl_IsECCEnabled(sslSocket *ss) { PK11SlotInfo *slot; /* make sure we can do ECC */ slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg); if (!slot) { return PR_FALSE; } PK11_FreeSlot(slot); /* make sure an ECC cipher is enabled */ return ssl_IsSuiteEnabled(ss, ssl_all_ec_suites); }
/* Send our Supported Groups extension. */ PRInt32 ssl_SendSupportedGroupsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { PRInt32 extension_length; unsigned char enabledGroups[64]; unsigned int enabledGroupsLen = 0; unsigned int i; PRBool ec; PRBool ff = PR_FALSE; if (!ss) return 0; ec = ssl_IsECCEnabled(ss); /* We only send FF supported groups if we require DH named groups or if TLS * 1.3 is a possibility. */ if (ss->opt.requireDHENamedGroups || ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3) { ff = ssl_IsSuiteEnabled(ss, ssl_dhe_suites); } if (!ec && !ff) { return 0; } PORT_Assert(sizeof(enabledGroups) > ssl_named_group_count * 2); for (i = 0; i < ssl_named_group_count; ++i) { if (ssl_named_groups[i].type == group_type_ec && !ec) { continue; } if (ssl_named_groups[i].type == group_type_ff && !ff) { continue; } if (!ssl_NamedGroupEnabled(ss, &ssl_named_groups[i])) { continue; } if (append) { enabledGroups[enabledGroupsLen++] = ssl_named_groups[i].name >> 8; enabledGroups[enabledGroupsLen++] = ssl_named_groups[i].name & 0xff; } else { enabledGroupsLen += 2; } }
PRBool ssl_IsDHEEnabled(sslSocket *ss) { return ssl_IsSuiteEnabled(ss, ssl_dhe_suites); }