library: x509: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa()

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

Author: valeriosetti

library/x509_crt.c

@@ -38,6 +38,7 @@
 #include "psa_util_internal.h"
 #include "mbedtls/psa_util.h"
 #include "pk_internal.h"
+#include "mbedtls_utils.h"
 
 #include "mbedtls/platform.h"
 
@@ -2111,7 +2112,9 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     /* Skip expensive computation on obvious mismatch */
-    if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) {
+    if (!mbedtls_pk_can_do_psa(&parent->pk,
+                               mbedtls_psa_alg_from_pk_sigalg(child->sig_pk, hash_alg),
+                                                              PSA_KEY_USAGE_VERIFY_HASH)) {
         return -1;
     }