From 7e3e74b6aafd8c09abf059035860ee6ea3745a52 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Tue, 14 Feb 2023 18:01:15 +0000
Subject: [PATCH] Make BN_set_negative() closer to constant time.

ok tb@
---
 lib/libcrypto/bn/bn_lib.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c
index e00909bb3ba..32ac7ae606e 100644
--- a/lib/libcrypto/bn/bn_lib.c
+++ b/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.73 2023/02/13 04:03:38 jsing Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.74 2023/02/14 18:01:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -66,6 +66,7 @@
 #include <openssl/err.h>
 
 #include "bn_local.h"
+#include "bn_internal.h"
 
 BIGNUM *
 BN_new(void)
@@ -730,7 +731,7 @@ BN_mask_bits(BIGNUM *a, int n)
 void
 BN_set_negative(BIGNUM *bn, int neg)
 {
-	bn->neg = (neg != 0) && !BN_is_zero(bn);
+	bn->neg = ~BN_is_zero(bn) & bn_ct_ne_zero(neg);
 }
 
 int
-- 
2.20.1