diff --git a/Cargo.lock b/Cargo.lock
index 4fc2821..85bb352 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -739,8 +739,7 @@ dependencies = [
 [[package]]
 name = "signature"
 version = "2.3.0-pre.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4633ec5613e4218fbab07568ca79ee388e3c041af75f0f83a15f040f096f94cf"
+source = "git+https://github.com/RustCrypto/traits.git#96dfc4a608c5ddf2972ff926ae3d695cae0275c7"
 dependencies = [
  "digest",
  "rand_core 0.9.2",
diff --git a/Cargo.toml b/Cargo.toml
index 11652cf..1d45b20 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -79,3 +79,7 @@ crypto-bigint = { git = "https://github.com/RustCrypto/crypto-bigint.git" }
 
 # https://github.com/entropyxyz/crypto-primes/pull/74
 crypto-primes = { git = "https://github.com/entropyxyz/crypto-primes.git" }
+
+# https://github.com/RustCrypto/traits/pull/1765
+# https://github.com/RustCrypto/traits/pull/1766
+signature = { git = "https://github.com/RustCrypto/traits.git" }
diff --git a/src/algorithms/generate.rs b/src/algorithms/generate.rs
index e977514..808f979 100644
--- a/src/algorithms/generate.rs
+++ b/src/algorithms/generate.rs
@@ -31,7 +31,7 @@ pub struct RsaPrivateKeyComponents {
 ///
 /// [1]: https://patents.google.com/patent/US4405829A/en
 /// [2]: http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf
-pub(crate) fn generate_multi_prime_key_with_exp<R: CryptoRng>(
+pub(crate) fn generate_multi_prime_key_with_exp<R: CryptoRng + ?Sized>(
     rng: &mut R,
     nprimes: usize,
     bit_size: usize,
@@ -120,7 +120,7 @@ pub(crate) fn generate_multi_prime_key_with_exp<R: CryptoRng>(
     })
 }
 
-fn generate_prime_with_rng<R: CryptoRng>(rng: &mut R, bit_length: u32) -> BoxedUint {
+fn generate_prime_with_rng<R: CryptoRng + ?Sized>(rng: &mut R, bit_length: u32) -> BoxedUint {
     sieve_and_find(
         rng,
         SmallPrimesSieveFactory::new(bit_length, SetBits::TwoMsb),
diff --git a/src/algorithms/oaep.rs b/src/algorithms/oaep.rs
index 8af9934..da069bb 100644
--- a/src/algorithms/oaep.rs
+++ b/src/algorithms/oaep.rs
@@ -4,7 +4,7 @@ use alloc::boxed::Box;
 use alloc::vec::Vec;
 
 use digest::{Digest, DynDigest, FixedOutputReset};
-use rand_core::CryptoRng;
+use rand_core::TryCryptoRng;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 use zeroize::Zeroizing;
 
@@ -19,7 +19,7 @@ use crate::errors::{Error, Result};
 const MAX_LABEL_LEN: u64 = 1 << 61;
 
 #[inline]
-fn encrypt_internal<R: CryptoRng + ?Sized, MGF: FnMut(&mut [u8], &mut [u8])>(
+fn encrypt_internal<R: TryCryptoRng + ?Sized, MGF: FnMut(&mut [u8], &mut [u8])>(
     rng: &mut R,
     msg: &[u8],
     p_hash: &[u8],
@@ -35,7 +35,7 @@ fn encrypt_internal<R: CryptoRng + ?Sized, MGF: FnMut(&mut [u8], &mut [u8])>(
 
     let (_, payload) = em.split_at_mut(1);
     let (seed, db) = payload.split_at_mut(h_size);
-    rng.fill_bytes(seed);
+    rng.try_fill_bytes(seed).map_err(|_| Error::Rng)?;
 
     // Data block DB =  pHash || PS || 01 || M
     let db_len = k - h_size - 1;
@@ -57,7 +57,7 @@ fn encrypt_internal<R: CryptoRng + ?Sized, MGF: FnMut(&mut [u8], &mut [u8])>(
 ///
 /// [PKCS#1 OAEP]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1
 #[inline]
-pub(crate) fn oaep_encrypt<R: CryptoRng + ?Sized>(
+pub(crate) fn oaep_encrypt<R: TryCryptoRng + ?Sized>(
     rng: &mut R,
     msg: &[u8],
     digest: &mut dyn DynDigest,
@@ -90,7 +90,7 @@ pub(crate) fn oaep_encrypt<R: CryptoRng + ?Sized>(
 /// [PKCS#1 OAEP]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1
 #[inline]
 pub(crate) fn oaep_encrypt_digest<
-    R: CryptoRng + ?Sized,
+    R: TryCryptoRng + ?Sized,
     D: Digest,
     MGD: Digest + FixedOutputReset,
 >(
diff --git a/src/algorithms/pkcs1v15.rs b/src/algorithms/pkcs1v15.rs
index 2c10d51..2553b45 100644
--- a/src/algorithms/pkcs1v15.rs
+++ b/src/algorithms/pkcs1v15.rs
@@ -9,7 +9,7 @@
 use alloc::vec::Vec;
 use digest::Digest;
 use pkcs8::AssociatedOid;
-use rand_core::CryptoRng;
+use rand_core::TryCryptoRng;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 use zeroize::Zeroizing;
 
@@ -18,17 +18,22 @@ use crate::errors::{Error, Result};
 /// Fills the provided slice with random values, which are guaranteed
 /// to not be zero.
 #[inline]
-fn non_zero_random_bytes<R: CryptoRng + ?Sized>(rng: &mut R, data: &mut [u8]) {
-    rng.fill_bytes(data);
+fn non_zero_random_bytes<R: TryCryptoRng + ?Sized>(
+    rng: &mut R,
+    data: &mut [u8],
+) -> core::result::Result<(), R::Error> {
+    rng.try_fill_bytes(data)?;
 
     for el in data {
         if *el == 0u8 {
             // TODO: break after a certain amount of time
             while *el == 0u8 {
-                rng.fill_bytes(core::slice::from_mut(el));
+                rng.try_fill_bytes(core::slice::from_mut(el))?;
             }
         }
     }
+
+    Ok(())
 }
 
 /// Applied the padding scheme from PKCS#1 v1.5 for encryption.  The message must be no longer than
@@ -39,7 +44,7 @@ pub(crate) fn pkcs1v15_encrypt_pad<R>(
     k: usize,
 ) -> Result<Zeroizing<Vec<u8>>>
 where
-    R: CryptoRng + ?Sized,
+    R: TryCryptoRng + ?Sized,
 {
     if msg.len() + 11 > k {
         return Err(Error::MessageTooLong);
@@ -48,7 +53,7 @@ where
     // EM = 0x00 || 0x02 || PS || 0x00 || M
     let mut em = Zeroizing::new(vec![0u8; k]);
     em[1] = 2;
-    non_zero_random_bytes(rng, &mut em[2..k - msg.len() - 1]);
+    non_zero_random_bytes(rng, &mut em[2..k - msg.len() - 1]).map_err(|_: R::Error| Error::Rng)?;
     em[k - msg.len() - 1] = 0;
     em[k - msg.len()..].copy_from_slice(msg);
     Ok(em)
@@ -189,7 +194,7 @@ mod tests {
         for _ in 0..10 {
             let mut rng = ChaCha8Rng::from_seed([42; 32]);
             let mut b = vec![0u8; 512];
-            non_zero_random_bytes(&mut rng, &mut b);
+            non_zero_random_bytes(&mut rng, &mut b).unwrap();
             for el in &b {
                 assert_ne!(*el, 0u8);
             }
diff --git a/src/algorithms/rsa.rs b/src/algorithms/rsa.rs
index d251efa..5bea4db 100644
--- a/src/algorithms/rsa.rs
+++ b/src/algorithms/rsa.rs
@@ -4,7 +4,7 @@ use core::cmp::Ordering;
 
 use crypto_bigint::modular::{BoxedMontyForm, BoxedMontyParams};
 use crypto_bigint::{BoxedUint, Gcd, NonZero, Odd, RandomMod, Wrapping};
-use rand_core::CryptoRng;
+use rand_core::TryCryptoRng;
 use zeroize::Zeroize;
 
 use crate::errors::{Error, Result};
@@ -31,8 +31,8 @@ pub fn rsa_encrypt<K: PublicKeyParts>(key: &K, m: &BoxedUint) -> Result<BoxedUin
 /// Use this function with great care! Raw RSA should never be used without an appropriate padding
 /// or signature scheme. See the [module-level documentation][crate::hazmat] for more information.
 #[inline]
-pub fn rsa_decrypt<R: CryptoRng + ?Sized>(
-    mut rng: Option<&mut R>,
+pub fn rsa_decrypt<R: TryCryptoRng + ?Sized>(
+    rng: Option<&mut R>,
     priv_key: &impl PrivateKeyParts,
     c: &BoxedUint,
 ) -> Result<BoxedUint> {
@@ -48,8 +48,8 @@ pub fn rsa_decrypt<R: CryptoRng + ?Sized>(
     let n_params = priv_key.n_params();
     let bits = d.bits_precision();
 
-    let c = if let Some(ref mut rng) = rng {
-        let (blinded, unblinder) = blind(rng, priv_key, c, n_params);
+    let c = if let Some(rng) = rng {
+        let (blinded, unblinder) = blind(rng, priv_key, c, n_params)?;
         ir = Some(unblinder);
         blinded.widen(bits)
     } else {
@@ -123,7 +123,7 @@ pub fn rsa_decrypt<R: CryptoRng + ?Sized>(
 /// Use this function with great care! Raw RSA should never be used without an appropriate padding
 /// or signature scheme. See the [module-level documentation][crate::hazmat] for more information.
 #[inline]
-pub fn rsa_decrypt_and_check<R: CryptoRng + ?Sized>(
+pub fn rsa_decrypt_and_check<R: TryCryptoRng + ?Sized>(
     priv_key: &impl PrivateKeyParts,
     rng: Option<&mut R>,
     c: &BoxedUint,
@@ -142,12 +142,12 @@ pub fn rsa_decrypt_and_check<R: CryptoRng + ?Sized>(
 }
 
 /// Returns the blinded c, along with the unblinding factor.
-fn blind<R: CryptoRng, K: PublicKeyParts>(
+fn blind<R: TryCryptoRng + ?Sized, K: PublicKeyParts>(
     rng: &mut R,
     key: &K,
     c: &BoxedUint,
     n_params: &BoxedMontyParams,
-) -> (BoxedUint, BoxedUint) {
+) -> Result<(BoxedUint, BoxedUint)> {
     // Blinding involves multiplying c by r^e.
     // Then the decryption operation performs (m^e * r^e)^d mod n
     // which equals mr mod n. The factor of r can then be removed
@@ -158,7 +158,7 @@ fn blind<R: CryptoRng, K: PublicKeyParts>(
     let mut r: BoxedUint = BoxedUint::one_with_precision(bits);
     let mut ir: Option<BoxedUint> = None;
     while ir.is_none() {
-        r = BoxedUint::random_mod(rng, key.n());
+        r = BoxedUint::try_random_mod(rng, key.n()).map_err(|_| Error::Rng)?;
         if r.is_zero().into() {
             r = BoxedUint::one_with_precision(bits);
         }
@@ -181,7 +181,7 @@ fn blind<R: CryptoRng, K: PublicKeyParts>(
     debug_assert_eq!(blinded.bits_precision(), bits);
     debug_assert_eq!(ir.bits_precision(), bits);
 
-    (blinded, ir)
+    Ok((blinded, ir))
 }
 
 /// Given an m and and unblinding factor, unblind the m.
diff --git a/src/errors.rs b/src/errors.rs
index 50ea15e..d90c48e 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -69,6 +69,9 @@ pub enum Error {
 
     /// Decoding error.
     Decode(crypto_bigint::DecodeError),
+
+    /// Random number generator error.
+    Rng,
 }
 
 #[cfg(feature = "std")]
@@ -99,6 +102,7 @@ impl core::fmt::Display for Error {
             Error::InvalidPadLen => write!(f, "invalid padding length"),
             Error::InvalidArguments => write!(f, "invalid arguments"),
             Error::Decode(err) => write!(f, "{:?}", err),
+            Error::Rng => write!(f, "rng error"),
         }
     }
 }
diff --git a/src/key.rs b/src/key.rs
index 77880a7..718ab5a 100644
--- a/src/key.rs
+++ b/src/key.rs
@@ -169,7 +169,7 @@ impl PublicKeyParts for RsaPublicKey {
 
 impl RsaPublicKey {
     /// Encrypt the given message.
-    pub fn encrypt<R: CryptoRng, P: PaddingScheme>(
+    pub fn encrypt<R: CryptoRng + ?Sized, P: PaddingScheme>(
         &self,
         rng: &mut R,
         padding: P,
@@ -254,7 +254,7 @@ impl RsaPrivateKey {
     const EXP: u64 = 65537;
 
     /// Generate a new Rsa key pair of the given bit size using the passed in `rng`.
-    pub fn new<R: CryptoRng>(rng: &mut R, bit_size: usize) -> Result<RsaPrivateKey> {
+    pub fn new<R: CryptoRng + ?Sized>(rng: &mut R, bit_size: usize) -> Result<RsaPrivateKey> {
         Self::new_with_exp(rng, bit_size, BoxedUint::from(Self::EXP))
     }
 
@@ -262,7 +262,7 @@ impl RsaPrivateKey {
     /// using the passed in `rng`.
     ///
     /// Unless you have specific needs, you should use `RsaPrivateKey::new` instead.
-    pub fn new_with_exp<R: CryptoRng>(
+    pub fn new_with_exp<R: CryptoRng + ?Sized>(
         rng: &mut R,
         bit_size: usize,
         exp: BoxedUint,
@@ -493,7 +493,7 @@ impl RsaPrivateKey {
     /// Decrypt the given message.
     ///
     /// Uses `rng` to blind the decryption process.
-    pub fn decrypt_blinded<R: CryptoRng, P: PaddingScheme>(
+    pub fn decrypt_blinded<R: CryptoRng + ?Sized, P: PaddingScheme>(
         &self,
         rng: &mut R,
         padding: P,
@@ -517,7 +517,7 @@ impl RsaPrivateKey {
     ///   [`Pss::new`][`crate::Pss::new`] for a standard RSASSA-PSS signature, or
     ///   [`Pss::new_blinded`][`crate::Pss::new_blinded`] for RSA-BSSA blind
     ///   signatures.
-    pub fn sign_with_rng<R: CryptoRng, S: SignatureScheme>(
+    pub fn sign_with_rng<R: CryptoRng + ?Sized, S: SignatureScheme>(
         &self,
         rng: &mut R,
         padding: S,
diff --git a/src/oaep.rs b/src/oaep.rs
index 6fcdecc..3cdb419 100644
--- a/src/oaep.rs
+++ b/src/oaep.rs
@@ -15,7 +15,7 @@ use core::fmt;
 use crypto_bigint::BoxedUint;
 
 use digest::{Digest, DynDigest, FixedOutputReset};
-use rand_core::CryptoRng;
+use rand_core::TryCryptoRng;
 
 use crate::algorithms::oaep::*;
 use crate::algorithms::pad::{uint_to_be_pad, uint_to_zeroizing_be_pad};
@@ -135,7 +135,7 @@ impl Oaep {
 }
 
 impl PaddingScheme for Oaep {
-    fn decrypt<Rng: CryptoRng>(
+    fn decrypt<Rng: TryCryptoRng + ?Sized>(
         mut self,
         rng: Option<&mut Rng>,
         priv_key: &RsaPrivateKey,
@@ -151,7 +151,7 @@ impl PaddingScheme for Oaep {
         )
     }
 
-    fn encrypt<Rng: CryptoRng>(
+    fn encrypt<Rng: TryCryptoRng + ?Sized>(
         mut self,
         rng: &mut Rng,
         pub_key: &RsaPublicKey,
@@ -186,7 +186,7 @@ impl fmt::Debug for Oaep {
 ///
 /// [PKCS#1 OAEP]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1
 #[inline]
-fn encrypt<R: CryptoRng + ?Sized>(
+fn encrypt<R: TryCryptoRng + ?Sized>(
     rng: &mut R,
     pub_key: &RsaPublicKey,
     msg: &[u8],
@@ -209,7 +209,7 @@ fn encrypt<R: CryptoRng + ?Sized>(
 /// `2 + (2 * hash.size())`.
 ///
 /// [PKCS#1 OAEP]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1
-fn encrypt_digest<R: CryptoRng + ?Sized, D: Digest, MGD: Digest + FixedOutputReset>(
+fn encrypt_digest<R: TryCryptoRng + ?Sized, D: Digest, MGD: Digest + FixedOutputReset>(
     rng: &mut R,
     pub_key: &RsaPublicKey,
     msg: &[u8],
@@ -236,7 +236,7 @@ fn encrypt_digest<R: CryptoRng + ?Sized, D: Digest, MGD: Digest + FixedOutputRes
 ///
 /// [PKCS#1 OAEP]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1
 #[inline]
-fn decrypt<R: CryptoRng + ?Sized>(
+fn decrypt<R: TryCryptoRng + ?Sized>(
     rng: Option<&mut R>,
     priv_key: &RsaPrivateKey,
     ciphertext: &[u8],
@@ -269,7 +269,7 @@ fn decrypt<R: CryptoRng + ?Sized>(
 ///
 /// [PKCS#1 OAEP]: https://datatracker.ietf.org/doc/html/rfc8017#section-7.1
 #[inline]
-fn decrypt_digest<R: CryptoRng + ?Sized, D: Digest, MGD: Digest + FixedOutputReset>(
+fn decrypt_digest<R: TryCryptoRng + ?Sized, D: Digest, MGD: Digest + FixedOutputReset>(
     rng: Option<&mut R>,
     priv_key: &RsaPrivateKey,
     ciphertext: &[u8],
diff --git a/src/pkcs1v15.rs b/src/pkcs1v15.rs
index 6252e73..5267cfd 100644
--- a/src/pkcs1v15.rs
+++ b/src/pkcs1v15.rs
@@ -22,7 +22,7 @@ use core::fmt::Debug;
 use crypto_bigint::BoxedUint;
 use digest::Digest;
 use pkcs8::AssociatedOid;
-use rand_core::CryptoRng;
+use rand_core::TryCryptoRng;
 
 use crate::algorithms::pad::{uint_to_be_pad, uint_to_zeroizing_be_pad};
 use crate::algorithms::pkcs1v15::*;
@@ -36,7 +36,7 @@ use crate::traits::{PaddingScheme, PublicKeyParts, SignatureScheme};
 pub struct Pkcs1v15Encrypt;
 
 impl PaddingScheme for Pkcs1v15Encrypt {
-    fn decrypt<Rng: CryptoRng>(
+    fn decrypt<Rng: TryCryptoRng + ?Sized>(
         self,
         rng: Option<&mut Rng>,
         priv_key: &RsaPrivateKey,
@@ -45,7 +45,7 @@ impl PaddingScheme for Pkcs1v15Encrypt {
         decrypt(rng, priv_key, ciphertext)
     }
 
-    fn encrypt<Rng: CryptoRng>(
+    fn encrypt<Rng: TryCryptoRng + ?Sized>(
         self,
         rng: &mut Rng,
         pub_key: &RsaPublicKey,
@@ -100,7 +100,7 @@ impl Pkcs1v15Sign {
 }
 
 impl SignatureScheme for Pkcs1v15Sign {
-    fn sign<Rng: CryptoRng>(
+    fn sign<Rng: TryCryptoRng + ?Sized>(
         self,
         rng: Option<&mut Rng>,
         priv_key: &RsaPrivateKey,
@@ -135,7 +135,7 @@ impl SignatureScheme for Pkcs1v15Sign {
 /// scheme from PKCS#1 v1.5.  The message must be no longer than the
 /// length of the public modulus minus 11 bytes.
 #[inline]
-fn encrypt<R: CryptoRng + ?Sized>(
+fn encrypt<R: TryCryptoRng + ?Sized>(
     rng: &mut R,
     pub_key: &RsaPublicKey,
     msg: &[u8],
@@ -157,7 +157,7 @@ fn encrypt<R: CryptoRng + ?Sized>(
 /// forge signatures as if they had the private key. See
 /// `decrypt_session_key` for a way of solving this problem.
 #[inline]
-fn decrypt<R: CryptoRng + ?Sized>(
+fn decrypt<R: TryCryptoRng + ?Sized>(
     rng: Option<&mut R>,
     priv_key: &RsaPrivateKey,
     ciphertext: &[u8],
@@ -185,7 +185,7 @@ fn decrypt<R: CryptoRng + ?Sized>(
 /// messages to signatures and identify the signed messages. As ever,
 /// signatures provide authenticity, not confidentiality.
 #[inline]
-fn sign<R: CryptoRng + ?Sized>(
+fn sign<R: TryCryptoRng + ?Sized>(
     rng: Option<&mut R>,
     priv_key: &RsaPrivateKey,
     prefix: &[u8],
diff --git a/src/pkcs1v15/signing_key.rs b/src/pkcs1v15/signing_key.rs
index 2e643a2..302b694 100644
--- a/src/pkcs1v15/signing_key.rs
+++ b/src/pkcs1v15/signing_key.rs
@@ -49,7 +49,7 @@ where
     }
 
     /// Generate a new signing key with a prefix for the digest `D`.
-    pub fn random<R: CryptoRng>(rng: &mut R, bit_size: usize) -> Result<Self> {
+    pub fn random<R: CryptoRng + ?Sized>(rng: &mut R, bit_size: usize) -> Result<Self> {
         Ok(Self {
             inner: RsaPrivateKey::new(rng, bit_size)?,
             prefix: pkcs1v15_generate_prefix::<D>(),
@@ -65,7 +65,7 @@ where
 
     /// Generate a new signing key with a prefix for the digest `D`.
     #[deprecated(since = "0.9.0", note = "use SigningKey::random instead")]
-    pub fn random_with_prefix<R: CryptoRng>(rng: &mut R, bit_size: usize) -> Result<Self> {
+    pub fn random_with_prefix<R: CryptoRng + ?Sized>(rng: &mut R, bit_size: usize) -> Result<Self> {
         Self::random(rng, bit_size)
     }
 }
@@ -88,7 +88,7 @@ where
     }
 
     /// Generate a new signing key with an empty prefix.
-    pub fn random_unprefixed<R: CryptoRng>(rng: &mut R, bit_size: usize) -> Result<Self> {
+    pub fn random_unprefixed<R: CryptoRng + ?Sized>(rng: &mut R, bit_size: usize) -> Result<Self> {
         Ok(Self {
             inner: RsaPrivateKey::new(rng, bit_size)?,
             prefix: Vec::new(),
@@ -127,19 +127,14 @@ impl<D> RandomizedDigestSigner<D, Signature> for SigningKey<D>
 where
     D: Digest,
 {
-    fn try_sign_digest_with_rng<R: TryCryptoRng>(
+    fn try_sign_digest_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
         digest: D,
     ) -> signature::Result<Signature> {
-        sign(
-            Some(&mut rng.unwrap_mut()),
-            &self.inner,
-            &self.prefix,
-            &digest.finalize(),
-        )?
-        .as_slice()
-        .try_into()
+        sign(Some(rng), &self.inner, &self.prefix, &digest.finalize())?
+            .as_slice()
+            .try_into()
     }
 }
 
@@ -147,19 +142,14 @@ impl<D> RandomizedSigner<Signature> for SigningKey<D>
 where
     D: Digest,
 {
-    fn try_sign_with_rng<R: TryCryptoRng>(
+    fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
         msg: &[u8],
     ) -> signature::Result<Signature> {
-        sign(
-            Some(&mut rng.unwrap_mut()),
-            &self.inner,
-            &self.prefix,
-            &D::digest(msg),
-        )?
-        .as_slice()
-        .try_into()
+        sign(Some(rng), &self.inner, &self.prefix, &D::digest(msg))?
+            .as_slice()
+            .try_into()
     }
 }
 
diff --git a/src/pss.rs b/src/pss.rs
index b795655..b860fac 100644
--- a/src/pss.rs
+++ b/src/pss.rs
@@ -27,7 +27,7 @@ use const_oid::AssociatedOid;
 use digest::{Digest, DynDigest, FixedOutputReset};
 use pkcs1::RsaPssParams;
 use pkcs8::spki::{AlgorithmIdentifierOwned, der::Any};
-use rand_core::CryptoRng;
+use rand_core::TryCryptoRng;
 
 use crate::algorithms::pad::{uint_to_be_pad, uint_to_zeroizing_be_pad};
 use crate::algorithms::pss::*;
@@ -86,7 +86,7 @@ impl Pss {
 }
 
 impl SignatureScheme for Pss {
-    fn sign<Rng: CryptoRng>(
+    fn sign<Rng: TryCryptoRng + ?Sized>(
         mut self,
         rng: Option<&mut Rng>,
         priv_key: &RsaPrivateKey,
@@ -165,7 +165,7 @@ where
 /// Note that hashed must be the result of hashing the input message using the
 /// given hash function. The opts argument may be nil, in which case sensible
 /// defaults are used.
-pub(crate) fn sign<T: CryptoRng>(
+pub(crate) fn sign<T: TryCryptoRng + ?Sized>(
     rng: &mut T,
     blind: bool,
     priv_key: &RsaPrivateKey,
@@ -174,12 +174,12 @@ pub(crate) fn sign<T: CryptoRng>(
     digest: &mut dyn DynDigest,
 ) -> Result<Vec<u8>> {
     let mut salt = vec![0; salt_len];
-    rng.fill_bytes(&mut salt[..]);
+    rng.try_fill_bytes(&mut salt[..]).map_err(|_| Error::Rng)?;
 
     sign_pss_with_salt(blind.then_some(rng), priv_key, hashed, &salt, digest)
 }
 
-pub(crate) fn sign_digest<T: CryptoRng + ?Sized, D: Digest + FixedOutputReset>(
+pub(crate) fn sign_digest<T: TryCryptoRng + ?Sized, D: Digest + FixedOutputReset>(
     rng: &mut T,
     blind: bool,
     priv_key: &RsaPrivateKey,
@@ -187,7 +187,7 @@ pub(crate) fn sign_digest<T: CryptoRng + ?Sized, D: Digest + FixedOutputReset>(
     salt_len: usize,
 ) -> Result<Vec<u8>> {
     let mut salt = vec![0; salt_len];
-    rng.fill_bytes(&mut salt[..]);
+    rng.try_fill_bytes(&mut salt[..]).map_err(|_| Error::Rng)?;
 
     sign_pss_with_salt_digest::<_, D>(blind.then_some(rng), priv_key, hashed, &salt)
 }
@@ -197,7 +197,7 @@ pub(crate) fn sign_digest<T: CryptoRng + ?Sized, D: Digest + FixedOutputReset>(
 /// Note that hashed must be the result of hashing the input message using the
 /// given hash function. salt is a random sequence of bytes whose length will be
 /// later used to verify the signature.
-fn sign_pss_with_salt<T: CryptoRng>(
+fn sign_pss_with_salt<T: TryCryptoRng + ?Sized>(
     blind_rng: Option<&mut T>,
     priv_key: &RsaPrivateKey,
     hashed: &[u8],
@@ -213,7 +213,7 @@ fn sign_pss_with_salt<T: CryptoRng>(
     uint_to_zeroizing_be_pad(raw, priv_key.size())
 }
 
-fn sign_pss_with_salt_digest<T: CryptoRng + ?Sized, D: Digest + FixedOutputReset>(
+fn sign_pss_with_salt_digest<T: TryCryptoRng + ?Sized, D: Digest + FixedOutputReset>(
     blind_rng: Option<&mut T>,
     priv_key: &RsaPrivateKey,
     hashed: &[u8],
diff --git a/src/pss/blinded_signing_key.rs b/src/pss/blinded_signing_key.rs
index e7c64f4..b20dea0 100644
--- a/src/pss/blinded_signing_key.rs
+++ b/src/pss/blinded_signing_key.rs
@@ -56,13 +56,13 @@ where
     /// Create a new random RSASSA-PSS signing key which produces "blinded"
     /// signatures.
     /// Digest output size is used as a salt length.
-    pub fn random<R: CryptoRng>(rng: &mut R, bit_size: usize) -> Result<Self> {
+    pub fn random<R: CryptoRng + ?Sized>(rng: &mut R, bit_size: usize) -> Result<Self> {
         Self::random_with_salt_len(rng, bit_size, <D as Digest>::output_size())
     }
 
     /// Create a new random RSASSA-PSS signing key which produces "blinded"
     /// signatures with a salt of the given length.
-    pub fn random_with_salt_len<R: CryptoRng>(
+    pub fn random_with_salt_len<R: CryptoRng + ?Sized>(
         rng: &mut R,
         bit_size: usize,
         salt_len: usize,
@@ -88,20 +88,14 @@ impl<D> RandomizedSigner<Signature> for BlindedSigningKey<D>
 where
     D: Digest + FixedOutputReset,
 {
-    fn try_sign_with_rng<R: TryCryptoRng>(
+    fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
         msg: &[u8],
     ) -> signature::Result<Signature> {
-        sign_digest::<_, D>(
-            &mut rng.unwrap_mut(),
-            true,
-            &self.inner,
-            &D::digest(msg),
-            self.salt_len,
-        )?
-        .as_slice()
-        .try_into()
+        sign_digest::<_, D>(rng, true, &self.inner, &D::digest(msg), self.salt_len)?
+            .as_slice()
+            .try_into()
     }
 }
 
@@ -109,20 +103,14 @@ impl<D> RandomizedDigestSigner<D, Signature> for BlindedSigningKey<D>
 where
     D: Digest + FixedOutputReset,
 {
-    fn try_sign_digest_with_rng<R: TryCryptoRng>(
+    fn try_sign_digest_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
         digest: D,
     ) -> signature::Result<Signature> {
-        sign_digest::<_, D>(
-            &mut rng.unwrap_mut(),
-            true,
-            &self.inner,
-            &digest.finalize(),
-            self.salt_len,
-        )?
-        .as_slice()
-        .try_into()
+        sign_digest::<_, D>(rng, true, &self.inner, &digest.finalize(), self.salt_len)?
+            .as_slice()
+            .try_into()
     }
 }
 
@@ -130,20 +118,14 @@ impl<D> RandomizedPrehashSigner<Signature> for BlindedSigningKey<D>
 where
     D: Digest + FixedOutputReset,
 {
-    fn sign_prehash_with_rng<R: TryCryptoRng>(
+    fn sign_prehash_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
         prehash: &[u8],
     ) -> signature::Result<Signature> {
-        sign_digest::<_, D>(
-            &mut rng.unwrap_mut(),
-            true,
-            &self.inner,
-            prehash,
-            self.salt_len,
-        )?
-        .as_slice()
-        .try_into()
+        sign_digest::<_, D>(rng, true, &self.inner, prehash, self.salt_len)?
+            .as_slice()
+            .try_into()
     }
 }
 
diff --git a/src/pss/signing_key.rs b/src/pss/signing_key.rs
index dd4e949..1a8110f 100644
--- a/src/pss/signing_key.rs
+++ b/src/pss/signing_key.rs
@@ -24,7 +24,7 @@ use {
 
 #[cfg(feature = "getrandom")]
 use {
-    rand_core::{OsRng, TryRngCore},
+    rand_core::OsRng,
     signature::{Signer, hazmat::PrehashSigner},
 };
 
@@ -63,12 +63,12 @@ where
 
     /// Generate a new random RSASSA-PSS signing key.
     /// Digest output size is used as a salt length.
-    pub fn random<R: CryptoRng>(rng: &mut R, bit_size: usize) -> Result<Self> {
+    pub fn random<R: CryptoRng + ?Sized>(rng: &mut R, bit_size: usize) -> Result<Self> {
         Self::random_with_salt_len(rng, bit_size, <D as Digest>::output_size())
     }
 
     /// Generate a new random RSASSA-PSS signing key with a salt of the given length.
-    pub fn random_with_salt_len<R: CryptoRng>(
+    pub fn random_with_salt_len<R: CryptoRng + ?Sized>(
         rng: &mut R,
         bit_size: usize,
         salt_len: usize,
@@ -94,20 +94,14 @@ impl<D> RandomizedDigestSigner<D, Signature> for SigningKey<D>
 where
     D: Digest + FixedOutputReset,
 {
-    fn try_sign_digest_with_rng<R: TryCryptoRng>(
+    fn try_sign_digest_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
         digest: D,
     ) -> signature::Result<Signature> {
-        sign_digest::<_, D>(
-            &mut rng.unwrap_mut(),
-            false,
-            &self.inner,
-            &digest.finalize(),
-            self.salt_len,
-        )?
-        .as_slice()
-        .try_into()
+        sign_digest::<_, D>(rng, false, &self.inner, &digest.finalize(), self.salt_len)?
+            .as_slice()
+            .try_into()
     }
 }
 
@@ -115,7 +109,7 @@ impl<D> RandomizedSigner<Signature> for SigningKey<D>
 where
     D: Digest + FixedOutputReset,
 {
-    fn try_sign_with_rng<R: TryCryptoRng>(
+    fn try_sign_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
         msg: &[u8],
@@ -128,20 +122,14 @@ impl<D> RandomizedPrehashSigner<Signature> for SigningKey<D>
 where
     D: Digest + FixedOutputReset,
 {
-    fn sign_prehash_with_rng<R: TryCryptoRng>(
+    fn sign_prehash_with_rng<R: TryCryptoRng + ?Sized>(
         &self,
         rng: &mut R,
         prehash: &[u8],
     ) -> signature::Result<Signature> {
-        sign_digest::<_, D>(
-            &mut rng.unwrap_mut(),
-            false,
-            &self.inner,
-            prehash,
-            self.salt_len,
-        )?
-        .as_slice()
-        .try_into()
+        sign_digest::<_, D>(rng, false, &self.inner, prehash, self.salt_len)?
+            .as_slice()
+            .try_into()
     }
 }
 
@@ -151,7 +139,7 @@ where
     D: Digest + FixedOutputReset,
 {
     fn sign_prehash(&self, prehash: &[u8]) -> signature::Result<Signature> {
-        self.sign_prehash_with_rng(&mut OsRng.unwrap_err(), prehash)
+        self.sign_prehash_with_rng(&mut OsRng, prehash)
     }
 }
 
@@ -161,7 +149,7 @@ where
     D: Digest + FixedOutputReset,
 {
     fn try_sign(&self, msg: &[u8]) -> signature::Result<Signature> {
-        self.try_sign_with_rng(&mut OsRng.unwrap_err(), msg)
+        self.try_sign_with_rng(&mut OsRng, msg)
     }
 }
 
diff --git a/src/traits/padding.rs b/src/traits/padding.rs
index 2ce5841..568c76d 100644
--- a/src/traits/padding.rs
+++ b/src/traits/padding.rs
@@ -2,7 +2,7 @@
 
 use alloc::vec::Vec;
 
-use rand_core::CryptoRng;
+use rand_core::TryCryptoRng;
 
 use crate::errors::Result;
 use crate::key::{RsaPrivateKey, RsaPublicKey};
@@ -13,7 +13,7 @@ pub trait PaddingScheme {
     ///
     /// If an `rng` is passed, it uses RSA blinding to help mitigate timing
     /// side-channel attacks.
-    fn decrypt<Rng: CryptoRng>(
+    fn decrypt<Rng: TryCryptoRng + ?Sized>(
         self,
         rng: Option<&mut Rng>,
         priv_key: &RsaPrivateKey,
@@ -21,7 +21,7 @@ pub trait PaddingScheme {
     ) -> Result<Vec<u8>>;
 
     /// Encrypt the given message using the given public key.
-    fn encrypt<Rng: CryptoRng>(
+    fn encrypt<Rng: TryCryptoRng + ?Sized>(
         self,
         rng: &mut Rng,
         pub_key: &RsaPublicKey,
@@ -32,7 +32,7 @@ pub trait PaddingScheme {
 /// Digital signature scheme.
 pub trait SignatureScheme {
     /// Sign the given digest.
-    fn sign<Rng: CryptoRng>(
+    fn sign<Rng: TryCryptoRng + ?Sized>(
         self,
         rng: Option<&mut Rng>,
         priv_key: &RsaPrivateKey,