From 405ec94ea2b6663e5fc4267530bec85e3f56e4c3 Mon Sep 17 00:00:00 2001
From: JonathanWitthoeft <jonw@gridconnect.com>
Date: Wed, 26 Apr 2023 10:24:12 -0500
Subject: [PATCH 1/3] Bug Fix: mbedtls_ecdsa_verify_restartable fails with
 ECDSA_SIGN_ALT

When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail

Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
---
 library/ecdsa.c | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/library/ecdsa.c b/library/ecdsa.c
index eb3c303197..618c7b0598 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -234,6 +234,24 @@ cleanup:
 }
 #endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
 
+#if !defined(MBEDTLS_ECDSA_SIGN_ALT)     || \
+    !defined(MBEDTLS_ECDSA_VERIFY_ALT)
+
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
+{
+    switch (gid) {
+#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
+        case MBEDTLS_ECP_DP_CURVE25519: return 0;
+#endif
+#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
+        case MBEDTLS_ECP_DP_CURVE448: return 0;
+#endif
+        default: return 1;
+    }
+}
+
+#endif /* !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
+
 #if !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
  * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
@@ -373,19 +391,6 @@ cleanup:
     return ret;
 }
 
-int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
-{
-    switch (gid) {
-#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
-        case MBEDTLS_ECP_DP_CURVE25519: return 0;
-#endif
-#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
-        case MBEDTLS_ECP_DP_CURVE448: return 0;
-#endif
-        default: return 1;
-    }
-}
-
 /*
  * Compute ECDSA signature of a hashed message
  */

From 9b265180ccb05f94991f7ecb301c7e25b5ebf283 Mon Sep 17 00:00:00 2001
From: JonathanWitthoeft <jonw@gridconnect.com>
Date: Wed, 26 Apr 2023 16:06:42 -0500
Subject: [PATCH 2/3] Make mbedtls_ecdsa_can_do definition unconditional

Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
---
 ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt | 4 ++++
 library/ecdsa.c                                           | 5 -----
 2 files changed, 4 insertions(+), 5 deletions(-)
 create mode 100644 ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt

diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
new file mode 100644
index 0000000000..fe420ac05a
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Removes !ECDSA_SIGN_ALT condition around mbedtls_ecdsa_can_do 
+     definition, so that mbedtls_ecdsa_verify_restartable will not 
+     automatically fail.
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 618c7b0598..c627cde25f 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -234,9 +234,6 @@ cleanup:
 }
 #endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
 
-#if !defined(MBEDTLS_ECDSA_SIGN_ALT)     || \
-    !defined(MBEDTLS_ECDSA_VERIFY_ALT)
-
 int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
 {
     switch (gid) {
@@ -250,8 +247,6 @@ int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
     }
 }
 
-#endif /* !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
-
 #if !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
  * Compute ECDSA signature of a hashed message (SEC1 4.1.3)

From 2a878a85a6cf77e1c5ca302f10f3ea9656345aae Mon Sep 17 00:00:00 2001
From: JonathanWitthoeft <jonw@gridconnect.com>
Date: Wed, 26 Apr 2023 16:17:12 -0500
Subject: [PATCH 3/3] Adjust ChangeLog

Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
---
 ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
index fe420ac05a..22e8adbc58 100644
--- a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
+++ b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
@@ -1,4 +1,3 @@
 Bugfix
-   * Removes !ECDSA_SIGN_ALT condition around mbedtls_ecdsa_can_do 
-     definition, so that mbedtls_ecdsa_verify_restartable will not 
-     automatically fail.
+   * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+     MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.