+
+sub modify_sigalgs_filter
+{
+ my $proxy = shift;
+
+ # We're only interested in the initial ClientHello
+ return if ($proxy->flight != 0);
+
+ foreach my $message (@{$proxy->message_list}) {
+ my $ext;
+ my @algs;
+
+ if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
+ if ($testtype == PURE_SIGALGS) {
+ my $ok = 1;
+ $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
+ @algs = unpack('S>*', $ext);
+ # unpack will unpack the length as well
+ shift @algs;
+ foreach (@algs) {
+ if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
+ || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
+ || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512
+ || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
+ || $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
+ || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
+ || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
+ $ok = 0;
+ }
+ }
+ $sha1_status = $dsa_status = $sha224_status = 1 if ($ok);
+ } elsif ($testtype == COMPAT_SIGALGS) {
+ $ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
+ @algs = unpack('S>*', $ext);
+ # unpack will unpack the length as well
+ shift @algs;
+ foreach (@algs) {
+ if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
+ || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
+ || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) {
+ $dsa_status = 1;
+ }
+ if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
+ || $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
+ || $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
+ $sha1_status = 1;
+ }
+ if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224
+ || $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
+ || $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) {
+ $sha224_status = 1;
+ }
+ }
+ }
+ }
+ }
+}