crypto/bn/rsaz_exp.h: use constant_time_select_bn in bn_select_words

MSVC complained about possible loss of data on assignment, and it seems
that constant_time_select_bn is more suitable here than
constant_time_select_64, change the call to the former.

Fixes: 6d702cebfce3 "Add an extra reduction step to RSAZ mod_exp implementations"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/29040)

diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
index e5a741a52ba7a860ca1a6cee61cb92ec80545779..f1e24700545b6ae0428323062545752dc230f313 100644 (file)
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
@@ -63,7 +63,7 @@ static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask,
     size_t i;
 
     for (i = 0; i < num; i++) {
-        r[i] = constant_time_select_64(mask, a[i], b[i]);
+        r[i] = constant_time_select_bn(mask, a[i], b[i]);
     }
 }