Rephrase expect messages according to the stdlib guidelines

src/hazmat/gcd.rs

@@ -18,7 +18,7 @@ pub(crate) fn gcd_vartime<const L: usize>(n: &Uint<L>, m: Word) -> Word {
     // Normalize input: the resulting (a, b) are both small, a >= b, and b != 0.
     let (mut a, mut b): (Word, Word) = if n.bits() > Word::BITS {
         // `m` is non-zero, so we can unwrap.
-        let r = n.rem_limb(NonZero::new(Limb::from(m)).expect("divisor ensured to be non-zero"));
+        let r = n.rem_limb(NonZero::new(Limb::from(m)).expect("divisor should be non-zero here"));
         (m, r.0)
     } else {
         // In this branch `n` is `Word::BITS` bits or shorter,

src/hazmat/jacobi.rs

@@ -110,7 +110,8 @@ pub(crate) fn jacobi_symbol_vartime<const L: usize>(
         let (result, a_long, p) = swap(result, a, p_long.get());
         // Can unwrap here, since `p` is swapped with `a`,
         // and `a` would be odd after `reduce_numerator()`.
-        let a = a_long.rem_limb(NonZero::new(Limb::from(p)).expect("ensured to be non-zero"));
+        let a =
+            a_long.rem_limb(NonZero::new(Limb::from(p)).expect("divisor should be non-zero here"));
         (result, a.0, p)
     };
 

src/hazmat/lucas.rs

@@ -192,14 +192,14 @@ fn decompose<const L: usize>(n: &Odd<Uint<L>>) -> (u32, Odd<Uint<L>>) {
         // so we right-shifted at least once.
         n.as_ref()
             .overflowing_shr(s)
-            .expect("shift within range")
+            .expect("shift should be within range by construction")
             .checked_add(&Uint::ONE)
-            .expect("Integer overflow")
+            .expect("addition should not overflow by construction")
     } else {
         Uint::ONE
     };
 
-    (s, Odd::new(d).expect("ensured to be odd"))
+    (s, Odd::new(d).expect("`d` should be odd by construction"))
 }
 
 /// The checks to perform in the Lucas test.

src/hazmat/miller_rabin.rs

@@ -46,7 +46,7 @@ impl<const L: usize> MillerRabin<L> {
             // Will not overflow because `candidate` is odd and greater than 1.
             let d = candidate_minus_one
                 .overflowing_shr_vartime(s)
-                .expect("shift within range");
+                .expect("shift should be within range by construction");
             (s, d)
         };
 
@@ -108,12 +108,13 @@ impl<const L: usize> MillerRabin<L> {
 
         let range = self.candidate.wrapping_sub(&Uint::<L>::from(4u32));
         // Can unwrap here since `candidate` is odd, and `candidate >= 4` (as checked above)
-        let range_nonzero = NonZero::new(range).expect("ensured to be non-zero");
+        let range_nonzero =
+            NonZero::new(range).expect("the range should be non-zero by construction");
         // This should not overflow as long as `random_mod()` behaves according to the contract
         // (that is, returns a number within the given range).
         let random = Uint::<L>::random_mod(rng, &range_nonzero)
             .checked_add(&Uint::<L>::from(3u32))
-            .expect("Integer overflow");
+            .expect("addition should not overflow by construction");
         self.test(&random)
     }
 }

src/hazmat/precomputed.rs

@@ -152,7 +152,7 @@ const fn create_reciprocals() -> [Reciprocal; SMALL_PRIMES.len()] {
         arr[i] = Reciprocal::new(
             Limb(SMALL_PRIMES[i] as Word)
                 .to_nz()
-                .expect("ensured to be non-zero"),
+                .expect("divisor should be non-zero"),
         );
         i += 1;
     }

src/hazmat/sieve.rs

@@ -40,9 +40,9 @@ pub fn random_odd_uint<const L: usize>(
     // Will not overflow since `bit_length` is ensured to be within the size of the integer.
     random |= Uint::<L>::ONE
         .overflowing_shl_vartime(bit_length - 1)
-        .expect("shift within range");
+        .expect("shift should be within range by construction");
 
-    Odd::new(random).expect("ensured to be odd")
+    Odd::new(random).expect("the number should be odd by construction")
 }
 
 // The type we use to calculate incremental residues.
@@ -164,7 +164,7 @@ impl<const L: usize> Sieve<L> {
         self.base = self
             .base
             .checked_add(&self.incr.into())
-            .expect("Integer overflow");
+            .expect("addition should not overflow by construction");
 
         self.incr = 0;
 
@@ -190,7 +190,7 @@ impl<const L: usize> Sieve<L> {
             // and `INCR_LIMIT` fits into `Residue`.
             let incr_limit_small: Residue = incr_limit.as_words()[0]
                 .try_into()
-                .expect("ensured to fit within `Residue`");
+                .expect("the increment limit should fit within `Residue`");
             incr_limit_small
         };
 
@@ -233,7 +233,7 @@ impl<const L: usize> Sieve<L> {
             let mut num: Uint<L> = self
                 .base
                 .checked_add(&self.incr.into())
-                .expect("Integer overflow");
+                .expect("addition should not overflow by construction");
             if self.safe_primes {
                 num = num.wrapping_shl_vartime(1) | Uint::<L>::ONE;
             }

src/presets.rs

@@ -125,11 +125,12 @@ pub fn is_prime_with_rng<const L: usize>(rng: &mut impl CryptoRngCore, num: &Uin
     if num == &Uint::<L>::from(2u32) {
         return true;
     }
-    if num.is_even().into() {
-        return false;
-    }
 
-    let odd_num = Odd::new(*num).expect("ensured to be odd");
+    let odd_num = match Odd::new(*num).into() {
+        Some(x) => x,
+        None => return false,
+    };
+
     _is_prime_with_rng(rng, &odd_num)
 }
 
@@ -148,8 +149,8 @@ pub fn is_safe_prime_with_rng<const L: usize>(rng: &mut impl CryptoRngCore, num:
     }
 
     // These are ensured to be odd by the check above.
-    let odd_num = Odd::new(*num).expect("ensured to be odd");
-    let odd_half_num = Odd::new(num.wrapping_shr_vartime(1)).expect("ensured to be odd");
+    let odd_num = Odd::new(*num).expect("`num` should be odd here");
+    let odd_half_num = Odd::new(num.wrapping_shr_vartime(1)).expect("`num/2` should be odd here");
 
     _is_prime_with_rng(rng, &odd_num) && _is_prime_with_rng(rng, &odd_half_num)
 }