diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 1dd7fdc10d..e351a24209 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -927,6 +927,40 @@ int mbedtls_ssl_tls13_check_sig_alg_cert_key_match( uint16_t sig_alg,
     return( 0 );
 }
 
+static psa_algorithm_t ssl_tls13_select_sig_alg_to_psa_alg( uint16_t sig_alg )
+{
+    psa_algorithm_t psa_alg = 0;
+    switch( sig_alg )
+    {
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
+            psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
+            psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_384 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
+            psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_512 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
+            psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+            psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+            psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
+            break;
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
+        case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
+            psa_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
+            break;
+        default:
+            break;
+    }
+    return( psa_alg );
+}
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_tls13_select_sig_alg_for_certificate_verify(
                                           mbedtls_ssl_context *ssl,
@@ -939,34 +973,7 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify(
     *algorithm = MBEDTLS_TLS1_3_SIG_NONE;
     for( ; *sig_alg != MBEDTLS_TLS1_3_SIG_NONE ; sig_alg++ )
     {
-        switch( *sig_alg )
-        {
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256:
-                psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384:
-                psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_384 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512:
-                psa_alg = PSA_ALG_ECDSA( PSA_ALG_SHA_512 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
-                psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
-                psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_384 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
-                psa_alg = PSA_ALG_RSA_PSS( PSA_ALG_SHA_512 );
-                break;
-            case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
-            case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
-            case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
-                psa_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
-                break;
-            default:
-                break;
-        }
+        psa_alg = ssl_tls13_select_sig_alg_to_psa_alg( *sig_alg );
 
         if( mbedtls_ssl_sig_alg_is_offered( ssl, *sig_alg ) &&
             mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( *sig_alg ) &&