From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Fri, 31 Oct 2025 01:16:04 +0000 (+0100)
Subject: crypto/bn/rsaz_exp.h: use constant_time_select_bn in bn_select_words
X-Git-Tag: 4.0-PRE-CLANG-FORMAT-WEBKIT~215
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6edf03eea73fb615c9f5b08b8473924d4c75c00b;p=thirdparty%2Fopenssl.git

crypto/bn/rsaz_exp.h: use constant_time_select_bn in bn_select_words

MSVC complained about possible loss of data on assignment, and it seems
that constant_time_select_bn is more suitable here than
constant_time_select_64, change the call to the former.

Fixes: 6d702cebfce3 "Add an extra reduction step to RSAZ mod_exp implementations"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/29040)
---

diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h
index e5a741a52ba..f1e24700545 100644
--- a/crypto/bn/rsaz_exp.h
+++ b/crypto/bn/rsaz_exp.h
@@ -63,7 +63,7 @@ static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask,
     size_t i;
 
     for (i = 0; i < num; i++) {
-        r[i] = constant_time_select_64(mask, a[i], b[i]);
+        r[i] = constant_time_select_bn(mask, a[i], b[i]);
     }
 }