Fix over-allocated bounds on bn_mul_part_recursive. Same mistake as bn_mul_recursive. Change-Id: I2374d37e5da61c82ccb1ad79da55597fa3f10640 Reviewed-on: https://boringssl-review.googlesource.com/25405 Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Adam Langley <agl@google.com>

commit: 6488f4e2bafd2bc13690a79067abde8f139288b0 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Jan 26 14:03:26 2018 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Tue Feb 06 02:57:55 2018 +0000
tree: cff3f519179b42b1f6680f7debd70d17c0602afa
parent: 2bf82975add2b758e6430f54d8de305cfb306479 [diff]
diff --git a/crypto/fipsmodule/bn/mul.c b/crypto/fipsmodule/bn/mul.c
index 92389fe..0f905b1 100644
--- a/crypto/fipsmodule/bn/mul.c
+++ b/crypto/fipsmodule/bn/mul.c

@@ -597,10 +597,8 @@
         // We know |al| and |bl| are at most one from each other, so if al > j,
         // bl >= j, and vice versa. Thus we can use |bn_mul_part_recursive|.
         assert(al >= j && bl >= j);
-        // TODO(davidben): Check that these are correctly-sized, after rewriting
-        // |bn_mul_part_recursive|.
         if (!bn_wexpand(t, j * 8) ||
-            !bn_wexpand(rr, j * 8)) {
+            !bn_wexpand(rr, j * 4)) {
           goto err;
         }
         bn_mul_part_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
commit	6488f4e2bafd2bc13690a79067abde8f139288b0	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Jan 26 14:03:26 2018 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Tue Feb 06 02:57:55 2018 +0000
tree	cff3f519179b42b1f6680f7debd70d17c0602afa
parent	2bf82975add2b758e6430f54d8de305cfb306479 [diff]