remove supported check from parse sig algs

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2025-03-29 13:20:21 +00:00 · 2022-06-29 10:02:38 +08:00 · 2022-06-29 10:02:38 +08:00 · 2fe6c638e2
commit 2fe6c638e2
parent 959e5e030b
1 changed files with 10 additions and 2 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -4915,9 +4915,17 @@ int mbedtls_ssl_parse_sig_alg_ext( mbedtls_ssl_context *ssl,
        MBEDTLS_SSL_DEBUG_MSG( 4, ( "received signature algorithm: 0x%x %s",
                                    sig_alg,
                                    mbedtls_ssl_sig_alg_to_str( sig_alg ) ) );
-
-        if( ! mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) )
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+        if(
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+            ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_2 &&
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+            ( ! ( mbedtls_ssl_sig_alg_is_supported( ssl, sig_alg ) &&
+                  mbedtls_ssl_sig_alg_is_offered( ssl, sig_alg ) ) ) )
+        {
            continue;
+        }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */

        MBEDTLS_SSL_DEBUG_MSG( 4, ( "valid signature algorithm: %s",
                                    mbedtls_ssl_sig_alg_to_str( sig_alg ) ) );