From a4d905a0306c2350e0541b933b0291272c22fb37 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Tue, 29 Aug 2017 16:41:08 +0200
Subject: [PATCH] make sure fast_mp_montgomery_reduce() doesn't BOF

This fixes #63
---
 bn_fast_mp_montgomery_reduce.c | 4 ++++
 bn_mp_montgomery_reduce.c      | 1 +
 2 files changed, 5 insertions(+)

diff --git a/bn_fast_mp_montgomery_reduce.c b/bn_fast_mp_montgomery_reduce.c
index 54d9b0a..43a4d37 100644
--- a/bn_fast_mp_montgomery_reduce.c
+++ b/bn_fast_mp_montgomery_reduce.c
@@ -28,6 +28,10 @@ int fast_mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho)
    int     ix, res, olduse;
    mp_word W[MP_WARRAY];
 
+   if (x->used > MP_WARRAY) {
+      return MP_VAL;
+   }
+
    /* get old used count */
    olduse = x->used;
 
diff --git a/bn_mp_montgomery_reduce.c b/bn_mp_montgomery_reduce.c
index a38173e..a9c7752 100644
--- a/bn_mp_montgomery_reduce.c
+++ b/bn_mp_montgomery_reduce.c
@@ -29,6 +29,7 @@ int mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho)
     */
    digs = (n->used * 2) + 1;
    if ((digs < MP_WARRAY) &&
+       (x->used <= MP_WARRAY) &&
        (n->used <
         (1 << ((CHAR_BIT * sizeof(mp_word)) - (2 * DIGIT_BIT))))) {
       return fast_mp_montgomery_reduce(x, n, rho);