BN_RECURSION causes the stuff in bn_mont.c to fall over for large keys. For
now change it to BN_RECURSION_MONT so it isn't compiled in.
diff --git a/CHANGES b/CHANGES
index 6b4b174..6be84d7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
Changes between 0.9.1c and 0.9.2
+ *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+ compiled in by default: it has problems with large keys.
+ [Steve Henson]
+
*) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
DH private keys and/or callback functions which directly correspond to
their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index e73b0cb..4ed433e 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -113,7 +113,7 @@
BN_MONT_CTX *mont;
BN_CTX *ctx;
{
-#ifdef BN_RECURSION
+#ifdef BN_RECURSION_MONT
if (mont->use_word)
#endif
{
@@ -212,7 +212,7 @@
err1:
return(retn);
}
-#ifdef BN_RECURSION
+#ifdef BN_RECURSION_MONT
else /* bignum version */
{
BIGNUM *t1,*t2,*t3;
@@ -316,7 +316,7 @@
R= &(mont->RR); /* grab RR as a temp */
BN_copy(&(mont->N),mod); /* Set N */
-#ifdef BN_RECURSION
+#ifdef BN_RECURSION_MONT
if (mont->N.top < BN_MONT_CTX_SET_SIZE_WORD)
#endif
{
@@ -364,7 +364,7 @@
BN_free(&Ri);
/* mod->top=z; */
}
-#ifdef BN_RECURSION
+#ifdef BN_RECURSION_MONT
else
{
mont->use_word=0;
