Add some checked operations, just in case

Author: fjarri

src/hazmat/lucas.rs

@@ -187,9 +187,12 @@ fn decompose<const L: usize>(n: &Odd<Uint<L>>) -> (u32, Odd<Uint<L>>) {
 
     let s = n.trailing_ones();
     let d = if s < n.bits_precision() {
-        // This won't overflow since the original `n` was odd, so we right-shifted at least once.
+        // The shift won't overflow because of the check above.
+        // The addition won't overflow since the original `n` was odd,
+        // so we right-shifted at least once.
         n.as_ref()
-            .wrapping_shr(s)
+            .overflowing_shr(s)
+            .expect("shift within range")
             .checked_add(&Uint::ONE)
             .expect("Integer overflow")
     } else {

src/hazmat/miller_rabin.rs

@@ -43,7 +43,10 @@ impl<const L: usize> MillerRabin<L> {
         } else {
             let candidate_minus_one = candidate.wrapping_sub(&Uint::ONE);
             let s = candidate_minus_one.trailing_zeros_vartime();
-            let d = candidate_minus_one.wrapping_shr_vartime(s);
+            // Will not overflow because `candidate` is odd and greater than 1.
+            let d = candidate_minus_one
+                .overflowing_shr_vartime(s)
+                .expect("shift within range");
             (s, d)
         };
 

src/hazmat/sieve.rs

@@ -37,7 +37,10 @@ pub fn random_odd_uint<const L: usize>(
     random |= Uint::<L>::ONE;
 
     // Make sure it's the correct bit size
-    random |= Uint::<L>::ONE.wrapping_shl_vartime(bit_length - 1);
+    // Will not overflow since `bit_length` is ensured to be within the size of the integer.
+    random |= Uint::<L>::ONE
+        .overflowing_shl_vartime(bit_length - 1)
+        .expect("shift within range");
 
     Odd::new(random).expect("ensured to be odd")
 }