diff options
author | Billy Brumley <bbrumley@gmail.com> | 2016-01-20 13:18:21 +0200 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-02-04 08:02:48 -0500 |
commit | 3a6a4a93518fbb3d96632bfdcb538d340f29c56b (patch) | |
tree | 35b8cdf40c9efee53d88c424bac5bcfb9c514280 /crypto/ec | |
parent | b1413d9bd9d2222823ca1ba2d6cdf4849e635231 (diff) |
Fix BN_gcd errors for some curves
Those even order that do not play nicely with Montgomery arithmetic
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec_lib.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index abb15a5076..a34113c953 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -327,13 +327,18 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, } else BN_zero(group->cofactor); + /* - * We ignore the return value because some groups have an order with + * Some groups have an order with * factors of two, which makes the Montgomery setup fail. * |group->mont_data| will be NULL in this case. */ - ec_precompute_mont_data(group); + if (BN_is_odd(group->order)) { + return ec_precompute_mont_data(group); + } + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; return 1; } |