Fix BN_gcd errors for some curves

Those even order that do not play nicely with Montgomery arithmetic (back-ported from commit 3a6a4a93518fbb3d96632bfdcb538d340f29c56b) Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6810)
author: Billy Brumley <bbrumley@gmail.com> 2016-01-20 13:18:21 +0200
committer: Andy Polyakov <appro@openssl.org> 2018-08-01 16:33:06 +0200
commit: e3ab8cc460d1a43fe6310c8d9a92589db1d4f8a3 (patch)
tree: dea244e3ddcc00cf48f5aa634e04a388d2f4c254
parent: 6a815969776e3329fdffcc12c77e047e3a15be78 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 3241aa51d9..0890109980 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -319,12 +319,16 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
         BN_zero(&group->cofactor);
 
     /*
-     * We ignore the return value because some groups have an order with
+     * Some groups have an order with
      * factors of two, which makes the Montgomery setup fail.
      * |group->mont_data| will be NULL in this case.
      */
-    ec_precompute_mont_data(group);
+    if (BN_is_odd(&group->order)) {
+        return ec_precompute_mont_data(group);
+    }
 
+    BN_MONT_CTX_free(group->mont_data);
+    group->mont_data = NULL;
     return 1;
 }
author	Billy Brumley <bbrumley@gmail.com>	2016-01-20 13:18:21 +0200
committer	Andy Polyakov <appro@openssl.org>	2018-08-01 16:33:06 +0200
commit	e3ab8cc460d1a43fe6310c8d9a92589db1d4f8a3 (patch)
tree	dea244e3ddcc00cf48f5aa634e04a388d2f4c254
parent	6a815969776e3329fdffcc12c77e047e3a15be78 (diff)