library: ssl: replace mbedtls_pk_can_do_ext with mbedtls_pk_can_do_psa
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 38db9cd..c6a119f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8147,14 +8147,14 @@
mbedtls_md_psa_alg_from_type(md_alg);
if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA &&
- !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
+ !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key,
PSA_ALG_ECDSA(psa_hash_alg),
PSA_KEY_USAGE_SIGN_HASH)) {
continue;
}
if (sig_alg_received == MBEDTLS_SSL_SIG_RSA &&
- !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
+ !mbedtls_pk_can_do_psa(ssl->handshake->key_cert->key,
PSA_ALG_RSA_PKCS1V15_SIGN(
psa_hash_alg),
PSA_KEY_USAGE_SIGN_HASH)) {
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 256f1b1..b8ee41a 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -693,11 +693,11 @@
int key_type_matches = 0;
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
key_type_matches = ((ssl->conf->f_async_sign_start != NULL ||
- mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage)) &&
- mbedtls_pk_can_do_ext(&cur->cert->pk, pk_alg, pk_usage));
+ mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) &&
+ mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage));
#else
key_type_matches = (
- mbedtls_pk_can_do_ext(cur->key, pk_alg, pk_usage));
+ mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage));
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
if (!key_type_matches) {
MBEDTLS_SSL_DEBUG_MSG(3, ("certificate mismatch: key type"));
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index dc50bee..2ca42f2 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1160,7 +1160,7 @@
if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, &key_cert->cert->pk)
&& psa_alg != PSA_ALG_NONE &&
- mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg,
+ mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg,
PSA_KEY_USAGE_SIGN_HASH) == 1
) {
ssl->handshake->key_cert = key_cert;