Use checked_add() instead of wrapping_add()

fjarri · fjarri · commit 6675a217e74b · 2023-06-28T13:28:05.000-07:00
diff --git a/src/hazmat/lucas.rs b/src/hazmat/lucas.rs
@@ -1,7 +1,7 @@
 //! Lucas primality test.
 use crypto_bigint::{
     modular::runtime_mod::{DynResidue, DynResidueParams},
-    Integer, Limb, Uint, Word,
+    CheckedAdd, Integer, Limb, Uint, Word,
 };
 
 use super::{
@@ -187,7 +187,7 @@ fn decompose<const L: usize>(n: &Uint<L>) -> (u32, Uint<L>) {
     }
 
     // This won't overflow since the original `n` was odd, so we right-shifted at least once.
-    (s, n.wrapping_add(&Uint::<L>::ONE))
+    (s, n.checked_add(&Uint::<L>::ONE).expect("Integer overflow"))
 }
 
 /// The checks to perform in the Lucas test.
diff --git a/src/hazmat/miller_rabin.rs b/src/hazmat/miller_rabin.rs
@@ -4,7 +4,7 @@ use rand_core::CryptoRngCore;
 
 use crypto_bigint::{
     modular::runtime_mod::{DynResidue, DynResidueParams},
-    Integer, NonZero, RandomMod, Uint,
+    CheckedAdd, Integer, NonZero, RandomMod, Uint,
 };
 
 use super::Primality;
@@ -104,8 +104,11 @@ impl<const L: usize> MillerRabin<L> {
 
         let range = self.candidate.wrapping_sub(&Uint::<L>::from(4u32));
         let range_nonzero = NonZero::new(range).unwrap();
-        let random =
-            Uint::<L>::random_mod(rng, &range_nonzero).wrapping_add(&Uint::<L>::from(3u32));
+        // This should not overflow as long as `random_mod()` behaves according to the contract
+        // (that is, returns a number within the given range).
+        let random = Uint::<L>::random_mod(rng, &range_nonzero)
+            .checked_add(&Uint::<L>::from(3u32))
+            .expect("Integer overflow");
         self.test(&random)
     }
 }
diff --git a/src/hazmat/sieve.rs b/src/hazmat/sieve.rs
@@ -3,7 +3,7 @@
 
 use alloc::{vec, vec::Vec};
 
-use crypto_bigint::{Random, Uint};
+use crypto_bigint::{CheckedAdd, Random, Uint};
 use rand_core::CryptoRngCore;
 
 use crate::hazmat::precomputed::{SmallPrime, RECIPROCALS, SMALL_PRIMES};
@@ -152,7 +152,13 @@ impl<const L: usize> Sieve<L> {
         }
 
         // Set the new base.
-        self.base = self.base.wrapping_add(&self.incr.into());
+        // Should not overflow since `incr` is never greater than `incr_limit`,
+        // and the latter is chosen such that it doesn't overflow when added to `base`
+        // (see the rest of this method).
+        self.base = self
+            .base
+            .checked_add(&self.incr.into())
+            .expect("Integer overflow");
 
         self.incr = 0;
 
@@ -210,7 +216,13 @@ impl<const L: usize> Sieve<L> {
         let result = if self.current_is_composite() {
             None
         } else {
-            let mut num = self.base.wrapping_add(&self.incr.into());
+            // The overflow should never happen here since `incr`
+            // is never greater than `incr_limit`, and the latter is chosen such that
+            // it does not overflow when added to `base` (see `update_residues()`).
+            let mut num = self
+                .base
+                .checked_add(&self.incr.into())
+                .expect("Integer overflow");
             if self.safe_primes {
                 num = (num << 1) | Uint::<L>::ONE;
             }

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`//! Lucas primality test.`
`2`	`2`	`use crypto_bigint::{`
`3`	`3`	`modular::runtime_mod::{DynResidue, DynResidueParams},`
`4`		`- Integer, Limb, Uint, Word,`
	`4`	`+ CheckedAdd, Integer, Limb, Uint, Word,`
`5`	`5`	`};`
`6`	`6`
`7`	`7`	`use super::{`
`@@ -187,7 +187,7 @@ fn decompose<const L: usize>(n: &Uint<L>) -> (u32, Uint<L>) {`
`187`	`187`	`}`
`188`	`188`
`189`	`189`	// This won't overflow since the original `n` was odd, so we right-shifted at least once.
`190`		`- (s, n.wrapping_add(&Uint::<L>::ONE))`
	`190`	`+ (s, n.checked_add(&Uint::<L>::ONE).expect("Integer overflow"))`
`191`	`191`	`}`
`192`	`192`
`193`	`193`	`/// The checks to perform in the Lucas test.`