Disallow Ed448 signature malleability
Check that s is less than the order before attempting to verify the signature as per RFC8032 5.2.7 Fixes #7706 Reviewed-by:Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/7748) (cherry picked from commit 08afd2f3)
Please register or sign in to comment