mirage · hannesm · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024 · Mar 19, 2024
diff --git a/pk/rsa.ml b/pk/rsa.ml
@@ -307,10 +307,10 @@ end
 
 module MGF1 (H : Digestif.S) = struct
 
-  let _buf = Bytes.create 4
   let repr n =
-    Bytes.set_int32_be _buf 0 n;
-    Bytes.unsafe_to_string _buf
+    let buf = Bytes.create 4 in
+    Bytes.set_int32_be buf 0 n;
+    Bytes.unsafe_to_string buf
 
   (* Assumes len < 2^32 * H.digest_size. *)
   let mgf ~seed len =

diff --git a/rng/entropy.ml b/rng/entropy.ml
@@ -121,12 +121,11 @@ let bootstrap id =
   | Ok cpu_rng_bootstrap ->
     try cpu_rng_bootstrap id with Failure _ -> whirlwind_bootstrap id
 
-let interrupt_hook () =
+let interrupt_hook () () =
   let buf = Bytes.create 4 in
-  fun () ->
-    let a = Cpu_native.cycles () in
-    Bytes.set_int32_le buf 0 (Int32.of_int a) ;
-    Bytes.unsafe_to_string buf
+  let a = Cpu_native.cycles () in
+  Bytes.set_int32_le buf 0 (Int32.of_int a) ;
+  Bytes.unsafe_to_string buf
 
 let timer_accumulator g =
   let g = match g with None -> Some (Rng.default_generator ()) | Some g -> Some g in
@@ -152,8 +151,8 @@ let cpu_rng =
         let s = match insn with `Rdrand -> "rdrand" | `Rdseed -> "rdseed" in
         register_source s
       in
-      let buf = Bytes.create 8 in
       let f () =
+        let buf = Bytes.create 8 in
         Bytes.set_int64_le buf 0 (Int64.of_int (randomf ()));
         Bytes.unsafe_to_string buf
       in

diff --git a/rng/fortuna.ml b/rng/fortuna.ml
@@ -105,15 +105,14 @@ let generate_into ~g buf ~off len =
   in
   chunk off len
 
-let _buf = Bytes.create 2
-
 let add ~g (source, _) ~pool data =
-    let pool   = pool land (pools - 1)
-    and source = source land 0xff in
-    Bytes.set_uint8 _buf 0 source;
-    Bytes.set_uint8 _buf 1 (String.length data);
-    g.pools.(pool) <- SHAd256.feedi g.pools.(pool) (iter2 (Bytes.unsafe_to_string _buf) data);
-    if pool = 0 then g.pool0_size <- g.pool0_size + String.length data
+  let buf = Bytes.create 2
+  and pool   = pool land (pools - 1)
+  and source = source land 0xff in
+  Bytes.set_uint8 buf 0 source;
+  Bytes.set_uint8 buf 1 (String.length data);
+  g.pools.(pool) <- SHAd256.feedi g.pools.(pool) (iter2 (Bytes.unsafe_to_string buf) data);
+  if pool = 0 then g.pool0_size <- g.pool0_size + String.length data
 
 (* XXX
  * Schneier recommends against using generator-imposed pool-seeding schedule

diff --git a/src/cipher_block.ml b/src/cipher_block.ml
@@ -261,21 +261,21 @@ module Modes = struct
 
     let tag_size = GHASH.tagsize
     let key_sizes, block_size = C.(key, block)
-    let z128, h = String.make block_size '\x00', Bytes.create block_size
+    let z128 = String.make block_size '\x00'
 
     let of_secret cs =
+      let h = Bytes.create block_size in
       let key = C.e_of_secret cs in
       C.encrypt ~key ~blocks:1 z128 0 h 0;
       { key ; hkey = GHASH.derive (Bytes.unsafe_to_string h) }
 
     let bits64 cs = Int64.of_int (String.length cs * 8)
 
-    let pack64s =
-      let _cs = Bytes.create 16 in
-      fun a b ->
-        Bytes.set_int64_be _cs 0 a;
-        Bytes.set_int64_be _cs 8 b;
-        Bytes.unsafe_to_string _cs
+    let pack64s a b =
+      let cs = Bytes.create 16 in
+      Bytes.set_int64_be cs 0 a;
+      Bytes.set_int64_be cs 8 b;
+      Bytes.unsafe_to_string cs
 
     (* OCaml 4.13 *)
     let string_get_int64 s idx =