Fix over-allocated bounds on bn_mul_part_recursive.

Same mistake as bn_mul_recursive.

Change-Id: I2374d37e5da61c82ccb1ad79da55597fa3f10640
Reviewed-on: https://boringssl-review.googlesource.com/25405
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>

crypto/fipsmodule/bn/mul.c

@@ -597,10 +597,8 @@ static int bn_mul_impl(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
         // We know |al| and |bl| are at most one from each other, so if al > j,
         // bl >= j, and vice versa. Thus we can use |bn_mul_part_recursive|.
         assert(al >= j && bl >= j);
-        // TODO(davidben): Check that these are correctly-sized, after rewriting
-        // |bn_mul_part_recursive|.
         if (!bn_wexpand(t, j * 8) ||
-            !bn_wexpand(rr, j * 8)) {
+            !bn_wexpand(rr, j * 4)) {
           goto err;
         }
         bn_mul_part_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);