Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT

When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2025-05-09 11:21:21 +08:00 · 2023-04-26 10:24:12 -05:00 · 2023-04-26 10:24:12 -05:00 · 06ee052ec0
commit 06ee052ec0
parent 2ca00d2e19
2 changed files with 16 additions and 13 deletions
--- a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
+++ b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
@ -0,0 +1,3 @@
+Bugfix
+   * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+     MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@ -234,6 +234,19 @@ cleanup:
 }
 #endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */

+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
+{
+    switch (gid) {
+#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
+        case MBEDTLS_ECP_DP_CURVE25519: return 0;
+#endif
+#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
+        case MBEDTLS_ECP_DP_CURVE448: return 0;
+#endif
+        default: return 1;
+    }
+}
+
 #if !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
 * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
@ -373,19 +386,6 @@ cleanup:
    return ret;
 }

-int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
-{
-    switch (gid) {
-#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
-        case MBEDTLS_ECP_DP_CURVE25519: return 0;
-#endif
-#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
-        case MBEDTLS_ECP_DP_CURVE448: return 0;
-#endif
-        default: return 1;
-    }
-}
-
 /*
 * Compute ECDSA signature of a hashed message
 */