Avoid allocations in BoxedUint::{add_mod, sub_mod} (#321)

src/boxed/uint/add_mod.rs

@@ -16,14 +16,12 @@ impl BoxedUint {
 
         // Attempt to subtract the modulus, to ensure the result is in the field.
         let (w, borrow) = w.sbb(p, Limb::ZERO);
-        let (_, borrow) = carry.sbb(Limb::ZERO, borrow);
+        let (_, mask) = carry.sbb(Limb::ZERO, borrow);
 
         // If underflow occurred on the final limb, borrow = 0xfff...fff, otherwise
         // borrow = 0x000...000. Thus, we use it as a mask to conditionally add the
         // modulus.
-        let mask = Self::from_words(vec![borrow.0; p.nlimbs()]);
-
-        w.wrapping_add(&p.bitand(&mask))
+        w.wrapping_add(&p.bitand_limb(mask))
     }
 }
 

src/boxed/uint/bit_and.rs

@@ -12,6 +12,13 @@ impl BoxedUint {
         Self::chain(self, rhs, Limb::ZERO, |a, b, z| (a.bitand(b), z)).0
     }
 
+    /// Bitwise `AND` against the given limb.
+    pub fn bitand_limb(&self, rhs: Limb) -> Self {
+        Self {
+            limbs: self.limbs.iter().map(|limb| limb.bitand(rhs)).collect(),
+        }
+    }
+
     /// Perform wrapping bitwise `AND`.
     ///
     /// There's no way wrapping could ever happen.

src/boxed/uint/sub_mod.rs

@@ -12,13 +12,11 @@ impl BoxedUint {
         debug_assert!(self < p);
         debug_assert!(rhs < p);
 
-        let (out, borrow) = self.sbb(rhs, Limb::ZERO);
+        let (out, mask) = self.sbb(rhs, Limb::ZERO);
 
         // If underflow occurred on the final limb, borrow = 0xfff...fff, otherwise
         // borrow = 0x000...000. Thus, we use it as a mask to conditionally add the modulus.
-        let mask = Self::from_words(vec![borrow.0; p.nlimbs()]);
-
-        out.wrapping_add(&p.bitand(&mask))
+        out.wrapping_add(&p.bitand_limb(mask))
     }
 }