Send the supported_groups extension in EE where applicable

# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME             459

# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET          460

# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST          461

# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS        544

# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP                462

# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO        521

# define SSL_F_TLS_GET_MESSAGE_BODY                       351

     "tls_construct_stoc_session_ticket"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST),

     "tls_construct_stoc_status_request"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS),

     "tls_construct_stoc_supported_groups"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP),

     "tls_construct_stoc_use_srtp"},

    {ERR_FUNC(SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO),

        TLSEXT_TYPE_supported_groups,

        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,

        NULL, tls_parse_ctos_supported_groups, NULL,

        NULL /* TODO(TLS1.3): Need to add this */,

        tls_construct_stoc_supported_groups,

        tls_construct_ctos_supported_groups, NULL

    },

#else

}

#endif

int tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,

                                        unsigned int context, X509 *x,

                                        size_t chainidx, int *al)

{

    const unsigned char *groups;

    size_t numgroups, i, first = 1;

    /* s->s3->group_id is non zero if we accepted a key_share */

    if (s->s3->group_id == 0)

        return 1;

    /* Get our list of supported groups */

    if (!tls1_get_curvelist(s, 0, &groups, &numgroups) || numgroups == 0) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR);

        return 0;

    }

    /* Copy group ID if supported */

    for (i = 0; i < numgroups; i++, groups += 2) {

        if (tls_curve_allowed(s, groups, SSL_SECOP_CURVE_SUPPORTED)) {

            if (first) {

                /*

                 * Check if the client is already using our preferred group. If

                 * so we don't need to add this extension

                 */

                if (s->s3->group_id == GET_GROUP_ID(groups, 0))

                    return 1;

                /* Add extension header */

                if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)

                           /* Sub-packet for supported_groups extension */

                        || !WPACKET_start_sub_packet_u16(pkt)

                        || !WPACKET_start_sub_packet_u16(pkt)) {

                    SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,

                           ERR_R_INTERNAL_ERROR);

                    return 0;

                }

                first = 0;

            }

            if (!WPACKET_put_bytes_u8(pkt, groups[0])

                || !WPACKET_put_bytes_u8(pkt, groups[1])) {

                    SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,

                           ERR_R_INTERNAL_ERROR);

                    return 0;

                }

        }

    }

    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR);

        return 0;

    }

    return 1;

}

int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,

                                      unsigned int context, X509 *x,

                                      size_t chainidx, int *al)

        return 0;

    for (i = 0; i < num_groups; i++, groups += 2) {

        unsigned int share_id = (groups[0] << 8) | (groups[1]);

        if (group_id == share_id

        if (group_id == GET_GROUP_ID(groups, 0)

                && (!checkallow

                    || tls_curve_allowed(s, groups, SSL_SECOP_CURVE_CHECK))) {

            return 1;