diff --git a/src/common/sae.c b/src/common/sae.c
index c83d48e0f..19f9bd3d9 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -227,7 +227,7 @@ static int sae_derive_pwe(struct sae_data *sae, const u8 *addr1,
 
 static int sae_derive_commit(struct sae_data *sae, struct crypto_ec_point *pwe)
 {
-	struct crypto_bignum *x, *bn_rand, *bn_mask, *order;
+	struct crypto_bignum *x, *bn_rand, *bn_mask;
 	struct crypto_ec_point *elem;
 	u8 mask[SAE_MAX_PRIME_LEN];
 	int ret = -1;
@@ -241,15 +241,13 @@ static int sae_derive_commit(struct sae_data *sae, struct crypto_ec_point *pwe)
 	x = crypto_bignum_init();
 	bn_rand = crypto_bignum_init_set(sae->sae_rand, sae->prime_len);
 	bn_mask = crypto_bignum_init_set(mask, sizeof(mask));
-	order = crypto_bignum_init_set(group19_order, sizeof(group19_order));
 	elem = crypto_ec_point_init(sae->ec);
-	if (x == NULL || bn_rand == NULL || bn_mask == NULL || order == NULL ||
-	    elem == NULL)
+	if (x == NULL || bn_rand == NULL || bn_mask == NULL || elem == NULL)
 		goto fail;
 
 	/* commit-scalar = (rand + mask) modulo r */
 	crypto_bignum_add(bn_rand, bn_mask, x);
-	crypto_bignum_mod(x, order, x);
+	crypto_bignum_mod(x, crypto_ec_get_order(sae->ec), x);
 	crypto_bignum_to_bin(x, sae->own_commit_scalar,
 			     sizeof(sae->own_commit_scalar), sae->prime_len);
 	wpa_hexdump(MSG_DEBUG, "SAE: commit-scalar",
@@ -271,7 +269,6 @@ static int sae_derive_commit(struct sae_data *sae, struct crypto_ec_point *pwe)
 	ret = 0;
 fail:
 	crypto_ec_point_deinit(elem, 0);
-	crypto_bignum_deinit(order, 0);
 	crypto_bignum_deinit(bn_mask, 1);
 	os_memset(mask, 0, sizeof(mask));
 	crypto_bignum_deinit(bn_rand, 1);
@@ -378,17 +375,15 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
 	u8 null_key[SAE_KEYSEED_KEY_LEN], val[SAE_MAX_PRIME_LEN];
 	u8 keyseed[SHA256_MAC_LEN];
 	u8 keys[SAE_KCK_LEN + SAE_PMK_LEN];
-	struct crypto_bignum *order, *own_scalar, *peer_scalar, *tmp;
+	struct crypto_bignum *own_scalar, *peer_scalar, *tmp;
 	int ret = -1;
 
-	order = crypto_bignum_init_set(group19_order, sizeof(group19_order));
 	own_scalar = crypto_bignum_init_set(sae->own_commit_scalar,
 					    sae->prime_len);
 	peer_scalar = crypto_bignum_init_set(sae->peer_commit_scalar,
 					     sae->prime_len);
 	tmp = crypto_bignum_init();
-	if (order == NULL || own_scalar == NULL || peer_scalar == NULL ||
-	    tmp == NULL)
+	if (own_scalar == NULL || peer_scalar == NULL || tmp == NULL)
 		goto fail;
 
 	/* keyseed = H(<0>32, k)
@@ -402,7 +397,7 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
 	wpa_hexdump_key(MSG_DEBUG, "SAE: keyseed", keyseed, sizeof(keyseed));
 
 	crypto_bignum_add(own_scalar, peer_scalar, tmp);
-	crypto_bignum_mod(tmp, order, tmp);
+	crypto_bignum_mod(tmp, crypto_ec_get_order(sae->ec), tmp);
 	crypto_bignum_to_bin(tmp, val, sizeof(val), sae->prime_len);
 	wpa_hexdump(MSG_DEBUG, "SAE: PMKID", val, SAE_PMKID_LEN);
 	sha256_prf(keyseed, sizeof(keyseed), "SAE KCK and PMK",
@@ -417,7 +412,6 @@ fail:
 	crypto_bignum_deinit(tmp, 0);
 	crypto_bignum_deinit(peer_scalar, 0);
 	crypto_bignum_deinit(own_scalar, 0);
-	crypto_bignum_deinit(order, 0);
 	return ret;
 }
 
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index da1dfc7f3..63c2fa138 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -549,6 +549,13 @@ void crypto_ec_deinit(struct crypto_ec *e);
  */
 size_t crypto_ec_prime_len(struct crypto_ec *e);
 
+/**
+ * crypto_ec_get_order - Get order of an EC group
+ * @e: EC context from crypto_ec_init()
+ * Returns: Order (bignum) of the group
+ */
+const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e);
+
 /**
  * struct crypto_ec_point - Elliptic curve point
  *
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 386987aa4..c6b5d933a 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -901,6 +901,7 @@ struct crypto_ec {
 	EC_GROUP *group;
 	BN_CTX *bnctx;
 	size_t prime_len;
+	BIGNUM *order;
 };
 
 struct crypto_ec * crypto_ec_init(int group)
@@ -917,7 +918,9 @@ struct crypto_ec * crypto_ec_init(int group)
 	e->prime_len = 32;
 	e->bnctx = BN_CTX_new();
 	e->group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
-	if (e->group == NULL || e->bnctx == NULL) {
+	e->order = BN_new();
+	if (e->group == NULL || e->bnctx == NULL || e->order == NULL ||
+	    !EC_GROUP_get_order(e->group, e->order, e->bnctx)) {
 		crypto_ec_deinit(e);
 		e = NULL;
 	}
@@ -930,6 +933,7 @@ void crypto_ec_deinit(struct crypto_ec *e)
 {
 	if (e == NULL)
 		return;
+	BN_free(e->order);
 	EC_GROUP_free(e->group);
 	BN_CTX_free(e->bnctx);
 	os_free(e);
@@ -950,6 +954,12 @@ size_t crypto_ec_prime_len(struct crypto_ec *e)
 }
 
 
+const struct crypto_bignum * crypto_ec_get_order(struct crypto_ec *e)
+{
+	return (const struct crypto_bignum *) e->order;
+}
+
+
 void crypto_ec_point_deinit(struct crypto_ec_point *p, int clear)
 {
 	if (clear)