[tls12|tls13]_server: fix usage being checked on the certificate key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index b8ee41a..07641cb 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -694,7 +694,8 @@
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
key_type_matches = ((ssl->conf->f_async_sign_start != NULL ||
mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage)) &&
- mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg, pk_usage));
+ mbedtls_pk_can_do_psa(&cur->cert->pk, pk_alg,
+ PSA_KEY_USAGE_VERIFY_HASH));
#else
key_type_matches = (
mbedtls_pk_can_do_psa(cur->key, pk_alg, pk_usage));
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 8b60a7b..982e6f8 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1161,7 +1161,7 @@
*sig_alg, &key_cert->cert->pk)
&& psa_alg != PSA_ALG_NONE &&
mbedtls_pk_can_do_psa(&key_cert->cert->pk, psa_alg,
- PSA_KEY_USAGE_SIGN_HASH) == 1
+ PSA_KEY_USAGE_VERIFY_HASH) == 1
) {
ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_MSG(3,