Skip to content
Commit f807ad17 authored by Matt Caswell's avatar Matt Caswell
Browse files

Disallow Ed448 signature malleability



Check that s is less than the order before attempting to verify the
signature as per RFC8032 5.2.7

Fixes #7706

Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7748)

(cherry picked from commit 08afd2f3)
parent 488521d7
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment