From 9eb4dc8303750bccddf380066dee5d37712df51f Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 18 Jun 2022 15:52:35 +0000
Subject: Fix prime recognition when doing trial divisions

If gcd(a, primes[i]) == 0 then a could still be a prime, namely in the
case that a == primes[i], so check for that case as well.

Problem noted by Martin Grenouilloux

ok jsing
---
 src/lib/libcrypto/bn/bn_prime.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
index e78c5686ab..9ab89695d8 100644
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_prime.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: bn_prime.c,v 1.19 2022/06/18 15:52:35 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -282,7 +282,7 @@ BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
 			if (mod == (BN_ULONG)-1)
 				goto err;
 			if (mod == 0)
-				return 0;
+				return BN_is_word(a, primes[i]);
 		}
 		if (!BN_GENCB_call(cb, 1, -1))
 			goto err;
-- 
cgit v1.2.3-55-g6feb