Simplify some unnecessary sign bit juggling

Some functions try to accomodate negative moduli by figuring out whether
to BN_add or BN_sub. Under the hood, those functions will do further
sign bits and comparisons to decide whether to BN_uadd or BN_usub. We
can just call the right one from the start.

Change-Id: I2e64b05522c93ee831f6d6e9f7d1380411fbb71b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/70813
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/bn/div.c.inc b/crypto/fipsmodule/bn/div.c.inc
index b321ff5..06c4db5 100644
--- a/crypto/fipsmodule/bn/div.c.inc
+++ b/crypto/fipsmodule/bn/div.c.inc
@@ -372,8 +372,9 @@
     return 1;
   }
 
-  // now -|d| < r < 0, so we have to set r := r + |d|.
-  return (d->neg ? BN_sub : BN_add)(r, r, d);
+  // now -d < r < 0, so we have to set r := r + d. Ignoring the sign bits, this
+  // is r = d - r.
+  return BN_usub(r, d, r);
 }
 
 BN_ULONG bn_reduce_once(BN_ULONG *r, const BN_ULONG *a, BN_ULONG carry,
diff --git a/crypto/fipsmodule/bn/sqrt.c.inc b/crypto/fipsmodule/bn/sqrt.c.inc
index f976753..4cc8d6e 100644
--- a/crypto/fipsmodule/bn/sqrt.c.inc
+++ b/crypto/fipsmodule/bn/sqrt.c.inc
@@ -236,7 +236,7 @@
         goto end;
       }
       if (BN_ucmp(y, p) >= 0) {
-        if (!(p->neg ? BN_add : BN_sub)(y, y, p)) {
+        if (BN_usub(y, y, p)) {
           goto end;
         }
       }