diff --git a/CHANGES b/CHANGES
index 6b4b174435222c48d7ed7bf4f90f2ec215b23817..6be84d728fe0043437961288171c4c81cbd46e4f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+     compiled in by default: it has problems with large keys.
+     [Steve Henson]
+
   *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
      DH private keys and/or callback functions which directly correspond to
      their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index e73b0cbb693df6c96fdba26c833cba7e4cf2a6cc..4ed433e05c32cc52efef9d3d8ac49a9d3e19c12d 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -113,7 +113,7 @@ BIGNUM *a;
 BN_MONT_CTX *mont;
 BN_CTX *ctx;
 	{
-#ifdef BN_RECURSION
+#ifdef BN_RECURSION_MONT
 	if (mont->use_word)
 #endif
 		{
@@ -212,7 +212,7 @@ printf("word BN_from_montgomery %d * %d\n",nl,nl);
 err1:
 		return(retn);
 		}
-#ifdef BN_RECURSION
+#ifdef BN_RECURSION_MONT
 	else /* bignum version */ 
 		{
 		BIGNUM *t1,*t2,*t3;
@@ -316,7 +316,7 @@ BN_CTX *ctx;
 	R= &(mont->RR);					/* grab RR as a temp */
 	BN_copy(&(mont->N),mod);			/* Set N */
 
-#ifdef BN_RECURSION
+#ifdef BN_RECURSION_MONT
 	if (mont->N.top < BN_MONT_CTX_SET_SIZE_WORD)
 #endif
 		{
@@ -364,7 +364,7 @@ BN_CTX *ctx;
 		BN_free(&Ri);
 		/* mod->top=z; */
 		}
-#ifdef BN_RECURSION
+#ifdef BN_RECURSION_MONT
 	else
 		{
 		mont->use_word=0;