sshbn.c (modmul): Prevent buffer underrun.

sshbn.c (modmul): Prevent buffer underrun.

In `modmul', if

  * the topmost bit of mod is clear, so mshift is nonzero; and

  * both p and q are no more than half as long as mod, so 2*pqlen <=
    mlen

then we run this code:

    if (mshift) {
        for (i = 2 * pqlen - mlen - 1; i < 2 * pqlen - 1; i++)
            a[i] = (a[i] << mshift) | (a[i + 1] >> (BIGNUM_INT_BITS - mshift));

But then mlen + 1 > 2*pqlen and therefore i is initially negative
-- and therefore certainly less than 2*pqlen.  So the initial access to
a[] is illegal.

Signed-off-by: Mark Wooding <mdw@distorted.org.uk>