diff --git a/crypto/bn/bn_test.cc b/crypto/bn/bn_test.cc
index fe8cfd05..d909ee28 100644
--- a/crypto/bn/bn_test.cc
+++ b/crypto/bn/bn_test.cc
@@ -850,11 +850,17 @@ static bool test_div_word(FILE *fp) {
       return false;
     }
     BN_ULONG s = b->d[0];
+    BN_ULONG rmod = BN_mod_word(b.get(), s);
     BN_ULONG r = BN_div_word(b.get(), s);
     if (r == (BN_ULONG)-1) {
       return false;
     }
 
+    if (rmod != r) {
+      fprintf(stderr, "Mod (word) test failed!\n");
+      return false;
+    }
+
     if (fp != NULL) {
       BN_print_fp(fp, a.get());
       puts_fp(fp, " / ");
diff --git a/crypto/bn/div.c b/crypto/bn/div.c
index 6f672914..e824458b 100644
--- a/crypto/bn/div.c
+++ b/crypto/bn/div.c
@@ -644,6 +644,20 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) {
     return (BN_ULONG) -1;
   }
 
+#ifndef BN_ULLONG
+  /* If |w| is too long and we don't have |BN_ULLONG| then we need to fall back
+   * to using |BN_div_word|. */
+  if (w > ((BN_ULONG)1 << BN_BITS4)) {
+    BIGNUM *tmp = BN_dup(a);
+    if (tmp == NULL) {
+      return (BN_ULONG)-1;
+    }
+    ret = BN_div_word(tmp, w);
+    BN_free(tmp);
+    return ret;
+  }
+#endif
+
   w &= BN_MASK2;
   for (i = a->top - 1; i >= 0; i--) {
 #ifndef BN_ULLONG