Remove some easy bn_set_minimal_width calls.

Functions that deserialize from bytes and Montgomery multiplication have
no reason to minimize their inputs.

Bug: 232
Change-Id: I121cc9b388033d684057b9df4ad0c08364849f58
Reviewed-on: https://boringssl-review.googlesource.com/25258
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>

crypto/fipsmodule/bn/bn.c

@@ -292,7 +292,6 @@ int bn_set_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
   OPENSSL_memmove(bn->d, words, num * sizeof(BN_ULONG));
   // |bn_wexpand| verified that |num| isn't too large.
   bn->width = (int)num;
-  bn_set_minimal_width(bn);
   bn->neg = 0;
   return 1;
 }

crypto/fipsmodule/bn/bytes.c

@@ -105,9 +105,6 @@ BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
     }
   }
 
-  // need to call this due to clear byte at top if avoiding having the top bit
-  // set (-ve number)
-  bn_set_minimal_width(ret);
   return ret;
 }
 
@@ -142,8 +139,6 @@ BIGNUM *BN_le2bn(const uint8_t *in, size_t len, BIGNUM *ret) {
   // We only support little-endian platforms, so we can simply memcpy the
   // internal representation.
   OPENSSL_memcpy(ret->d, in, len);
-
-  bn_set_minimal_width(ret);
   return ret;
 }
 

crypto/fipsmodule/bn/exponentiation.c

@@ -931,7 +931,6 @@ static int copy_from_prebuf(BIGNUM *b, int top, unsigned char *buf, int idx,
   }
 
   b->width = top;
-  bn_set_minimal_width(b);
   return 1;
 }
 
@@ -1043,7 +1042,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
     RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, mont->n0[0]);
     rr->width = 16;
     rr->neg = 0;
-    bn_set_minimal_width(rr);
     ret = 1;
     goto err;
   }
@@ -1218,7 +1216,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
     ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
     tmp.width = top;
-    bn_set_minimal_width(&tmp);
     if (ret) {
       if (!BN_copy(rr, &tmp)) {
         ret = 0;

crypto/fipsmodule/bn/montgomery.c

@@ -312,21 +312,15 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r,
     return 1;
   }
 
-  int max = (2 * n->width);  // carry is stored separately
+  int max = 2 * n->width;  // carry is stored separately
   if (!bn_resize_words(r, max) ||
       !bn_wexpand(ret, n->width)) {
     return 0;
   }
+
   ret->width = n->width;
-
-  if (!bn_from_montgomery_in_place(ret->d, ret->width, r->d, r->width, mont)) {
-    return 0;
-  }
   ret->neg = 0;
-
-  bn_set_minimal_width(r);
-  bn_set_minimal_width(ret);
-  return 1;
+  return bn_from_montgomery_in_place(ret->d, ret->width, r->d, r->width, mont);
 }
 
 int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, const BN_MONT_CTX *mont,
@@ -363,9 +357,6 @@ int bn_one_to_montgomery(BIGNUM *r, const BN_MONT_CTX *mont, BN_CTX *ctx) {
     }
     r->width = n->width;
     r->neg = 0;
-    // The upper words will be zero if the corresponding words of |n| were
-    // 0xfff[...], so call |bn_set_minimal_width|.
-    bn_set_minimal_width(r);
     return 1;
   }
 
@@ -430,8 +421,6 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
     }
     r->neg = 0;
     r->width = num;
-    bn_set_minimal_width(r);
-
     return 1;
   }
 #endif

crypto/fipsmodule/bn/random.c

@@ -286,7 +286,6 @@ int BN_rand_range_ex(BIGNUM *r, BN_ULONG min_inclusive,
 
   r->neg = 0;
   r->width = max_exclusive->width;
-  bn_set_minimal_width(r);
   return 1;
 }