use rng.generate_into

pk/z_extra.ml

@@ -126,9 +126,11 @@ let set_msb bits buf =
     go bits 0
 
 let gen_bits ?g ?(msb = 0) bits =
-  let res = Bytes.unsafe_of_string (Mirage_crypto_rng.generate ?g (bits // 8)) in
-  set_msb msb res ;
-  of_octets_be ~bits (Bytes.unsafe_to_string res)
+  let bytelen = bits // 8 in
+  let buf = Bytes.create bytelen in
+  Mirage_crypto_rng.generate_into ?g buf ~off:0 bytelen;
+  set_msb msb buf ;
+  of_octets_be ~bits (Bytes.unsafe_to_string buf)
 
 (* Invalid combinations of ~bits and ~msb will loop forever, but there is no
  * way to quickly determine upfront whether there are any primes in the

src/uncommon.ml

@@ -23,7 +23,7 @@ let xor_into src dst n =
 
 let xor a b =
   assert (String.length a = String.length b);
-  let b' = Bytes.copy (Bytes.unsafe_of_string b) in
+  let b' = Bytes.of_string b in
   xor_into a b' (Bytes.length b');
   Bytes.unsafe_to_string b'
 

tests/test_rsa.ml

@@ -83,12 +83,12 @@ let rsa_selftest ~bits n =
   "selftest" >:: times ~n @@ fun _ ->
     let msg =
       let size = bits // 8 in
-      let cs = Mirage_crypto_rng.generate size
-      and i  = 1 + Randomconv.int ~bound:(pred size) Mirage_crypto_rng.generate in
-      let cs = Bytes.unsafe_of_string cs in
-      Bytes.set_uint8 cs 0 0;
-      Bytes.(set_uint8 cs i (get_uint8 cs i lor 2));
-      Bytes.unsafe_to_string cs
+      let buf = Bytes.create size in
+      Mirage_crypto_rng.generate_into buf ~off:0 size;
+      let i  = 1 + Randomconv.int ~bound:(pred size) Mirage_crypto_rng.generate in
+      Bytes.set_uint8 buf 0 0;
+      Bytes.(set_uint8 buf i (get_uint8 buf i lor 2));
+      Bytes.unsafe_to_string buf
     in
     let key = gen_rsa ~bits in
     let enc = Rsa.(encrypt ~key:(pub_of_priv key) msg) in