- switch (lu->sig) {
-#ifndef OPENSSL_NO_RSA
- /* Any RSA-PSS signature algorithms also mean we allow RSA */
- case EVP_PKEY_RSA_PSS:
- case EVP_PKEY_RSA:
- if (!have_rsa && tls12_sigalg_allowed(s, op, lu))
- have_rsa = 1;
- break;
-#endif
-#ifndef OPENSSL_NO_DSA
- case EVP_PKEY_DSA:
- if (!have_dsa && tls12_sigalg_allowed(s, op, lu))
- have_dsa = 1;
- break;
-#endif
-#ifndef OPENSSL_NO_EC
- case EVP_PKEY_ED25519:
- case EVP_PKEY_EC:
- if (!have_ecdsa && tls12_sigalg_allowed(s, op, lu))
- have_ecdsa = 1;
- break;
-#endif
- }
+
+ clu = ssl_cert_lookup_by_idx(lu->sig_idx);
+
+ /* If algorithm is disabled see if we can enable it */
+ if ((clu->amask & disabled_mask) != 0
+ && tls12_sigalg_allowed(s, op, lu))
+ disabled_mask &= ~clu->amask;