From 18d061007c2e482ee9e669a3e951bb501ff4bb32 Mon Sep 17 00:00:00 2001
From: Franziskus Kiefer <franziskuskiefer@gmail.com>
Date: Thu, 5 Oct 2023 09:08:14 +0200
Subject: [PATCH] update to hacl 1a20576fc736d51e1ab3c317b46ba81560b75786

---
 sys/hacl/build.rs                             |  13 +-
 sys/hacl/c/include/EverCrypt_AEAD.h           |   4 +
 sys/hacl/c/include/EverCrypt_DRBG.h           |   1 -
 sys/hacl/c/include/Hacl_Frodo1344.h           |   1 -
 sys/hacl/c/include/Hacl_Frodo64.h             |   1 -
 sys/hacl/c/include/Hacl_Frodo640.h            |   1 -
 sys/hacl/c/include/Hacl_Frodo976.h            |   1 -
 sys/hacl/c/include/Hacl_Hash_Blake2.h         |   1 -
 sys/hacl/c/include/Hacl_Hash_Blake2b_256.h    |   1 -
 sys/hacl/c/include/Hacl_Hash_Blake2s_128.h    |   1 -
 sys/hacl/c/include/Hacl_Krmllib.h             |   4 +-
 sys/hacl/c/include/Hacl_RSAPSS.h              |  45 +-
 sys/hacl/c/include/Lib_Memzero0.h             |  46 +-
 sys/hacl/c/include/TestLib.h                  |   3 +-
 .../c/include/internal/Hacl_Bignum25519_51.h  |   4 +
 .../c/include/internal/Hacl_Bignum_Base.h     |   4 +
 sys/hacl/c/include/internal/Hacl_Krmllib.h    |   8 +-
 sys/hacl/c/include/lib_intrinsics.h           |  60 +-
 sys/hacl/c/include/msvc/EverCrypt_AEAD.h      |   4 +
 sys/hacl/c/include/msvc/EverCrypt_DRBG.h      |   1 -
 sys/hacl/c/include/msvc/Hacl_Frodo1344.h      |   1 -
 sys/hacl/c/include/msvc/Hacl_Frodo64.h        |   1 -
 sys/hacl/c/include/msvc/Hacl_Frodo640.h       |   1 -
 sys/hacl/c/include/msvc/Hacl_Frodo976.h       |   1 -
 sys/hacl/c/include/msvc/Hacl_Hash_Blake2.h    |   1 -
 .../c/include/msvc/Hacl_Hash_Blake2b_256.h    |   1 -
 .../c/include/msvc/Hacl_Hash_Blake2s_128.h    |   1 -
 sys/hacl/c/include/msvc/Hacl_Krmllib.h        |   4 +-
 sys/hacl/c/include/msvc/Hacl_RSAPSS.h         |  45 +-
 sys/hacl/c/include/msvc/Lib_Memzero0.h        |  46 +-
 sys/hacl/c/include/msvc/TestLib.h             |   3 +-
 .../msvc/internal/Hacl_Bignum25519_51.h       |   4 +
 .../include/msvc/internal/Hacl_Bignum_Base.h  |   4 +
 .../c/include/msvc/internal/Hacl_Krmllib.h    |   8 +-
 sys/hacl/c/include/msvc/lib_intrinsics.h      |  60 +-
 .../karamel/include/krml/internal/callconv.h  |  21 +-
 .../c/karamel/include/krml/internal/target.h  | 215 +++--
 .../karamel/include/krml/lowstar_endianness.h |   5 +-
 .../krmllib/dist/minimal/FStar_UInt128.h      |   4 +-
 .../dist/minimal/FStar_UInt128_Verified.h     |   3 +-
 .../dist/minimal/FStar_UInt_8_16_32_64.h      |  52 +-
 .../krmllib/dist/minimal/LowStar_Endianness.h |   4 +-
 .../krmllib/dist/minimal/Makefile.basic       |   2 +-
 .../dist/minimal/fstar_uint128_gcc64.h        |   4 +-
 sys/hacl/c/src/EverCrypt_AEAD.c               | 746 +++++++++--------
 sys/hacl/c/src/EverCrypt_AutoConfig2.c        |  48 +-
 sys/hacl/c/src/EverCrypt_Chacha20Poly1305.c   |  12 +-
 sys/hacl/c/src/EverCrypt_Curve25519.c         |  31 +-
 sys/hacl/c/src/EverCrypt_DRBG.c               | 773 +++++++++---------
 sys/hacl/c/src/EverCrypt_HMAC.c               |  60 +-
 sys/hacl/c/src/EverCrypt_Hash.c               |  45 +-
 sys/hacl/c/src/EverCrypt_Poly1305.c           |  11 +-
 sys/hacl/c/src/Hacl_Bignum.c                  |  16 +
 sys/hacl/c/src/Hacl_Bignum256.c               |  11 +
 sys/hacl/c/src/Hacl_Bignum256_32.c            |  11 +
 sys/hacl/c/src/Hacl_Bignum32.c                |   3 +
 sys/hacl/c/src/Hacl_Bignum4096.c              |   7 +
 sys/hacl/c/src/Hacl_Bignum4096_32.c           |   7 +
 sys/hacl/c/src/Hacl_Bignum64.c                |   3 +
 sys/hacl/c/src/Hacl_Chacha20_Vec128.c         |   6 +-
 sys/hacl/c/src/Hacl_Chacha20_Vec256.c         |   6 +-
 sys/hacl/c/src/Hacl_Chacha20_Vec32.c          |   6 +-
 sys/hacl/c/src/Hacl_Curve25519_64.c           |  18 +-
 sys/hacl/c/src/Hacl_Ed25519.c                 | 108 +--
 sys/hacl/c/src/Hacl_FFDHE.c                   |   7 +-
 sys/hacl/c/src/Hacl_Frodo1344.c               |  49 +-
 sys/hacl/c/src/Hacl_Frodo64.c                 |  49 +-
 sys/hacl/c/src/Hacl_Frodo640.c                |  49 +-
 sys/hacl/c/src/Hacl_Frodo976.c                |  49 +-
 sys/hacl/c/src/Hacl_Frodo_KEM.c               |   2 +-
 sys/hacl/c/src/Hacl_GenericField32.c          |   1 +
 sys/hacl/c/src/Hacl_GenericField64.c          |   1 +
 sys/hacl/c/src/Hacl_HMAC.c                    |  60 +-
 sys/hacl/c/src/Hacl_HMAC_Blake2b_256.c        |  10 +-
 sys/hacl/c/src/Hacl_HMAC_Blake2s_128.c        |  10 +-
 sys/hacl/c/src/Hacl_HMAC_DRBG.c               |  31 +-
 sys/hacl/c/src/Hacl_Hash_Blake2.c             |  23 +-
 sys/hacl/c/src/Hacl_Hash_Blake2b_256.c        |  12 +-
 sys/hacl/c/src/Hacl_Hash_Blake2s_128.c        |  12 +-
 sys/hacl/c/src/Hacl_Hash_SHA3.c               |   9 +-
 sys/hacl/c/src/Hacl_K256_ECDSA.c              |  32 +-
 sys/hacl/c/src/Hacl_P256.c                    |  16 +
 sys/hacl/c/src/Hacl_RSAPSS.c                  |  45 +-
 sys/hacl/c/src/Hacl_Salsa20.c                 |   8 +-
 sys/hacl/c/src/Hacl_Streaming_Poly1305_128.c  |   2 +-
 sys/hacl/c/src/Hacl_Streaming_Poly1305_256.c  |   2 +-
 sys/hacl/c/src/Lib_Memzero0.c                 |   5 +-
 sys/hacl/c/src/msvc/EverCrypt_AEAD.c          | 746 +++++++++--------
 sys/hacl/c/src/msvc/EverCrypt_AutoConfig2.c   |  48 +-
 .../c/src/msvc/EverCrypt_Chacha20Poly1305.c   |  12 +-
 sys/hacl/c/src/msvc/EverCrypt_Curve25519.c    |  31 +-
 sys/hacl/c/src/msvc/EverCrypt_DRBG.c          | 773 +++++++++---------
 sys/hacl/c/src/msvc/EverCrypt_HMAC.c          |  60 +-
 sys/hacl/c/src/msvc/EverCrypt_Hash.c          |  45 +-
 sys/hacl/c/src/msvc/EverCrypt_Poly1305.c      |  11 +-
 sys/hacl/c/src/msvc/Hacl_Bignum.c             |  16 +
 sys/hacl/c/src/msvc/Hacl_Bignum256.c          |  11 +
 sys/hacl/c/src/msvc/Hacl_Bignum256_32.c       |  11 +
 sys/hacl/c/src/msvc/Hacl_Bignum32.c           |   3 +
 sys/hacl/c/src/msvc/Hacl_Bignum4096.c         |   7 +
 sys/hacl/c/src/msvc/Hacl_Bignum4096_32.c      |   7 +
 sys/hacl/c/src/msvc/Hacl_Bignum64.c           |   3 +
 sys/hacl/c/src/msvc/Hacl_Chacha20_Vec128.c    |   6 +-
 sys/hacl/c/src/msvc/Hacl_Chacha20_Vec256.c    |   6 +-
 sys/hacl/c/src/msvc/Hacl_Chacha20_Vec32.c     |   6 +-
 sys/hacl/c/src/msvc/Hacl_Curve25519_64.c      |  18 +-
 sys/hacl/c/src/msvc/Hacl_Ed25519.c            | 108 +--
 sys/hacl/c/src/msvc/Hacl_FFDHE.c              |   7 +-
 sys/hacl/c/src/msvc/Hacl_Frodo1344.c          |  49 +-
 sys/hacl/c/src/msvc/Hacl_Frodo64.c            |  49 +-
 sys/hacl/c/src/msvc/Hacl_Frodo640.c           |  49 +-
 sys/hacl/c/src/msvc/Hacl_Frodo976.c           |  49 +-
 sys/hacl/c/src/msvc/Hacl_Frodo_KEM.c          |   2 +-
 sys/hacl/c/src/msvc/Hacl_GenericField32.c     |   1 +
 sys/hacl/c/src/msvc/Hacl_GenericField64.c     |   1 +
 sys/hacl/c/src/msvc/Hacl_HMAC.c               |  60 +-
 sys/hacl/c/src/msvc/Hacl_HMAC_Blake2b_256.c   |  10 +-
 sys/hacl/c/src/msvc/Hacl_HMAC_Blake2s_128.c   |  10 +-
 sys/hacl/c/src/msvc/Hacl_HMAC_DRBG.c          |  31 +-
 sys/hacl/c/src/msvc/Hacl_Hash_Blake2.c        |  23 +-
 sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_256.c   |  12 +-
 sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_128.c   |  12 +-
 sys/hacl/c/src/msvc/Hacl_Hash_SHA3.c          |   9 +-
 sys/hacl/c/src/msvc/Hacl_K256_ECDSA.c         |  32 +-
 sys/hacl/c/src/msvc/Hacl_P256.c               |  16 +
 sys/hacl/c/src/msvc/Hacl_RSAPSS.c             |  45 +-
 sys/hacl/c/src/msvc/Hacl_Salsa20.c            |   8 +-
 .../c/src/msvc/Hacl_Streaming_Poly1305_128.c  |   2 +-
 .../c/src/msvc/Hacl_Streaming_Poly1305_256.c  |   2 +-
 sys/hacl/c/src/msvc/Lib_Memzero0.c            |   5 +-
 sys/hacl/c/vale/src/cpuid-x86_64-linux.S      |   2 +-
 sys/hacl/c/vale/src/curve25519-x86_64-linux.S |   2 +-
 132 files changed, 2873 insertions(+), 2650 deletions(-)

diff --git a/sys/hacl/build.rs b/sys/hacl/build.rs
index 991338003..698200c4c 100644
--- a/sys/hacl/build.rs
+++ b/sys/hacl/build.rs
@@ -169,12 +169,16 @@ fn compile_files(
         .files(
             files
                 .iter()
-                .map(|fname| src_prefix.join(fname))
+                .map(|fname| {
+                    if fname == "hacl.c" {
+                        home_path.join("c").join("config").join(fname)
+                    } else {
+                        src_prefix.join(fname)
+                    }
+                })
                 .chain(vale_files.iter().map(|fname| vale_prefix.join(fname))),
         )
-        .file(home_path.join("c").join("config").join("hacl.c"))
-        // XXX: There are too many warnings for now
-        .warnings(false);
+        .warnings_into_errors(true);
 
     for include in includes(platform, home_path, "") {
         build.include(include);
@@ -193,6 +197,7 @@ fn compile_files(
 
 fn build(platform: &Platform, home_path: &Path) {
     let files = svec![
+        "hacl.c",
         "Hacl_NaCl.c",
         "Hacl_Salsa20.c",
         "Hacl_Poly1305_32.c",
diff --git a/sys/hacl/c/include/EverCrypt_AEAD.h b/sys/hacl/c/include/EverCrypt_AEAD.h
index 4797df684..5d52493bc 100644
--- a/sys/hacl/c/include/EverCrypt_AEAD.h
+++ b/sys/hacl/c/include/EverCrypt_AEAD.h
@@ -42,6 +42,10 @@ extern "C" {
 
 typedef struct EverCrypt_AEAD_state_s_s EverCrypt_AEAD_state_s;
 
+/**
+Both encryption and decryption require a state that holds the key.
+The state may be reused as many times as desired.
+*/
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee);
 
 /**
diff --git a/sys/hacl/c/include/EverCrypt_DRBG.h b/sys/hacl/c/include/EverCrypt_DRBG.h
index aee4e8006..b3161bfec 100644
--- a/sys/hacl/c/include/EverCrypt_DRBG.h
+++ b/sys/hacl/c/include/EverCrypt_DRBG.h
@@ -36,7 +36,6 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Lib_RandomBuffer_System.h"
-#include "Lib_Memzero0.h"
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_HMAC_DRBG.h"
 
diff --git a/sys/hacl/c/include/Hacl_Frodo1344.h b/sys/hacl/c/include/Hacl_Frodo1344.h
index 85d29c9f2..9fca4c82c 100644
--- a/sys/hacl/c/include/Hacl_Frodo1344.h
+++ b/sys/hacl/c/include/Hacl_Frodo1344.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo1344_crypto_bytes;
diff --git a/sys/hacl/c/include/Hacl_Frodo64.h b/sys/hacl/c/include/Hacl_Frodo64.h
index eb17defed..05aecb59c 100644
--- a/sys/hacl/c/include/Hacl_Frodo64.h
+++ b/sys/hacl/c/include/Hacl_Frodo64.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 /*
diff --git a/sys/hacl/c/include/Hacl_Frodo640.h b/sys/hacl/c/include/Hacl_Frodo640.h
index c4bf30d71..10c9bd478 100644
--- a/sys/hacl/c/include/Hacl_Frodo640.h
+++ b/sys/hacl/c/include/Hacl_Frodo640.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo640_crypto_bytes;
diff --git a/sys/hacl/c/include/Hacl_Frodo976.h b/sys/hacl/c/include/Hacl_Frodo976.h
index 458ebd2f8..c2d5f84f9 100644
--- a/sys/hacl/c/include/Hacl_Frodo976.h
+++ b/sys/hacl/c/include/Hacl_Frodo976.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo976_crypto_bytes;
diff --git a/sys/hacl/c/include/Hacl_Hash_Blake2.h b/sys/hacl/c/include/Hacl_Hash_Blake2.h
index aff1c7a99..3ee290150 100644
--- a/sys/hacl/c/include/Hacl_Hash_Blake2.h
+++ b/sys/hacl/c/include/Hacl_Hash_Blake2.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Krmllib.h"
 
 void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn);
diff --git a/sys/hacl/c/include/Hacl_Hash_Blake2b_256.h b/sys/hacl/c/include/Hacl_Hash_Blake2b_256.h
index 88bf9ab2d..2379fd752 100644
--- a/sys/hacl/c/include/Hacl_Hash_Blake2b_256.h
+++ b/sys/hacl/c/include/Hacl_Hash_Blake2b_256.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Krmllib.h"
 #include "libintvector.h"
 
diff --git a/sys/hacl/c/include/Hacl_Hash_Blake2s_128.h b/sys/hacl/c/include/Hacl_Hash_Blake2s_128.h
index 0e4241526..2af827cd4 100644
--- a/sys/hacl/c/include/Hacl_Hash_Blake2s_128.h
+++ b/sys/hacl/c/include/Hacl_Hash_Blake2s_128.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "libintvector.h"
 
 void
diff --git a/sys/hacl/c/include/Hacl_Krmllib.h b/sys/hacl/c/include/Hacl_Krmllib.h
index 6916db3de..c0ea70bf2 100644
--- a/sys/hacl/c/include/Hacl_Krmllib.h
+++ b/sys/hacl/c/include/Hacl_Krmllib.h
@@ -35,9 +35,9 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
+static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
 
-static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
+static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
 
 static inline FStar_UInt128_uint128
 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
diff --git a/sys/hacl/c/include/Hacl_RSAPSS.h b/sys/hacl/c/include/Hacl_RSAPSS.h
index 8f4de9492..90bd69ce5 100644
--- a/sys/hacl/c/include/Hacl_RSAPSS.h
+++ b/sys/hacl/c/include/Hacl_RSAPSS.h
@@ -43,9 +43,9 @@ extern "C" {
 Sign a message `msg` and write the signature to `sgnt`.
 
 @param a Hash algorithm to use. Allowed values for `a` are ...
-  * Spec_Hash_Definitions_SHA2_256,
-  * Spec_Hash_Definitions_SHA2_384, and
-  * Spec_Hash_Definitions_SHA2_512.
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
@@ -75,7 +75,10 @@ Hacl_RSAPSS_rsapss_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.
@@ -105,10 +108,10 @@ Load a public key from key parts.
 
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 
-@return Returns an allocated public key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb);
@@ -119,11 +122,11 @@ Load a secret key from key parts.
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 
-@return Returns an allocated secret key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_skey(
@@ -138,13 +141,16 @@ uint64_t
 /**
 Sign a message `msg` and write the signature to `sgnt`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param salt Pointer to `saltLen` bytes where the salt is read from.
 @param msgLen Length of message.
@@ -172,11 +178,14 @@ Hacl_RSAPSS_rsapss_skey_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param sgntLen Length of signature.
 @param sgnt Pointer to `sgntLen` bytes where the signature is read from.
diff --git a/sys/hacl/c/include/Lib_Memzero0.h b/sys/hacl/c/include/Lib_Memzero0.h
index 9a7c7ac5d..506dd50ff 100644
--- a/sys/hacl/c/include/Lib_Memzero0.h
+++ b/sys/hacl/c/include/Lib_Memzero0.h
@@ -1,45 +1,5 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
+#include <inttypes.h>
 
+void Lib_Memzero0_memzero0(void *dst, uint64_t len);
 
-#ifndef __Lib_Memzero0_H
-#define __Lib_Memzero0_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-extern void Lib_Memzero0_memzero(void *x0, uint64_t x1);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Lib_Memzero0_H_DEFINED
-#endif
+#define Lib_Memzero0_memzero(dst, len, t) Lib_Memzero0_memzero0(dst, len * sizeof(t))
diff --git a/sys/hacl/c/include/TestLib.h b/sys/hacl/c/include/TestLib.h
index 3928a4629..62399c0c4 100644
--- a/sys/hacl/c/include/TestLib.h
+++ b/sys/hacl/c/include/TestLib.h
@@ -55,7 +55,8 @@ extern void TestLib_checku32(uint32_t uu___, uint32_t uu___1);
 
 extern void TestLib_checku64(uint64_t uu___, uint64_t uu___1);
 
-extern void TestLib_compare_and_print(C_String_t uu___, uint8_t *b1, uint8_t *b2, uint32_t l);
+extern void
+TestLib_compare_and_print(Prims_string uu___, uint8_t *b1, uint8_t *b2, uint32_t l);
 
 extern uint8_t *TestLib_unsafe_malloc(uint32_t l);
 
diff --git a/sys/hacl/c/include/internal/Hacl_Bignum25519_51.h b/sys/hacl/c/include/internal/Hacl_Bignum25519_51.h
index 9fe5e9fc1..25a105031 100644
--- a/sys/hacl/c/include/internal/Hacl_Bignum25519_51.h
+++ b/sys/hacl/c/include/internal/Hacl_Bignum25519_51.h
@@ -84,6 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul(
   FStar_UInt128_uint128 *uu___
 )
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -167,6 +168,7 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   FStar_UInt128_uint128 *uu___
 )
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -371,6 +373,7 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f0 = f[0U];
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
@@ -446,6 +449,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f[0U];
   uint64_t f11 = f[1U];
   uint64_t f12 = f[2U];
diff --git a/sys/hacl/c/include/internal/Hacl_Bignum_Base.h b/sys/hacl/c/include/internal/Hacl_Bignum_Base.h
index 06e1d373b..2cfb0066e 100644
--- a/sys/hacl/c/include/internal/Hacl_Bignum_Base.h
+++ b/sys/hacl/c/include/internal/Hacl_Bignum_Base.h
@@ -401,6 +401,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     res[i0 + i0] = r;
   }
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res);
+  KRML_HOST_IGNORE(c0);
   KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen);
   uint32_t tmp[aLen + aLen];
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t));
@@ -413,6 +414,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
   }
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void
@@ -450,6 +452,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     res[i0 + i0] = r;
   }
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res);
+  KRML_HOST_IGNORE(c0);
   KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen);
   uint64_t tmp[aLen + aLen];
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t));
@@ -462,6 +465,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
   }
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 #if defined(__cplusplus)
diff --git a/sys/hacl/c/include/internal/Hacl_Krmllib.h b/sys/hacl/c/include/internal/Hacl_Krmllib.h
index 278cb15bd..70c849169 100644
--- a/sys/hacl/c/include/internal/Hacl_Krmllib.h
+++ b/sys/hacl/c/include/internal/Hacl_Krmllib.h
@@ -37,13 +37,13 @@ extern "C" {
 
 #include "../Hacl_Krmllib.h"
 
-static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
+static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
 
-static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
+static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
 
-static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
+static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
 
-static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
+static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
 
 static inline FStar_UInt128_uint128
 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
diff --git a/sys/hacl/c/include/lib_intrinsics.h b/sys/hacl/c/include/lib_intrinsics.h
index 0c35026e8..8fa75b37a 100644
--- a/sys/hacl/c/include/lib_intrinsics.h
+++ b/sys/hacl/c/include/lib_intrinsics.h
@@ -8,15 +8,20 @@
 #endif
 #endif
 
-#if defined(HACL_CAN_COMPILE_INTRINSICS)
-#if defined(_MSC_VER)
-#include <immintrin.h>
-#else
-#include <x86intrin.h>
-#endif
-#endif
+/*
+   GCC versions prior to 5.5 incorrectly optimize certain intrinsics.
+
+   See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81300
+
+   CLANG versions prior to 5 crash on certain intrinsics.
+
+   See https://bugs.llvm.org/show_bug.cgi?id=24943
+*/
 
-#if !defined(HACL_CAN_COMPILE_INTRINSICS)
+#if !defined(HACL_CAN_COMPILE_INTRINSICS) || \
+    (defined(__clang__) && (__clang_major__ < 5)) || \
+    (defined(__GNUC__) && !defined(__clang__) &&  \
+     (__GNUC__ < 5 || (__GNUC__ == 5 && (__GNUC_MINOR__ < 5))))
 
 #include "Hacl_IntTypes_Intrinsics.h"
 
@@ -25,35 +30,40 @@
 #include "Hacl_IntTypes_Intrinsics_128.h"
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4))
 
 #else
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4))
 
 #endif // defined(HACL_CAN_COMPILE_UINT128)
 
 #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4))
 
 #else // !defined(HACL_CAN_COMPILE_INTRINSICS)
 
+#if defined(_MSC_VER)
+#include <immintrin.h>
+#else
+#include <x86intrin.h>
+#endif
+
 #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \
-  (_addcarry_u32(x1, x2, x3, (unsigned int *) x4))
+    (_addcarry_u32(x1, x2, x3, (unsigned int *)x4))
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (_addcarry_u64(x1, x2, x3, (long long unsigned int *) x4))
-
+    (_addcarry_u64(x1, x2, x3, (long long unsigned int *)x4))
 
 /*
    GCC versions prior to 7.2 pass arguments to _subborrow_u{32,64}
@@ -61,22 +71,22 @@
 
    See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81294
 */
-#if defined(__GNUC__) && !defined (__clang__) && \
-  (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2)))
+#if defined(__GNUC__) && !defined(__clang__) && \
+    (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2)))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
-  (_subborrow_u32(x1, x3, x2, (unsigned int *) x4))
+    (_subborrow_u32(x1, x3, x2, (unsigned int *)x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (_subborrow_u64(x1, x3, x2, (long long unsigned int *) x4))
+    (_subborrow_u64(x1, x3, x2, (long long unsigned int *)x4))
 
 #else
 
-#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)  \
-  (_subborrow_u32(x1, x2, x3, (unsigned int *) x4))
+#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
+    (_subborrow_u32(x1, x2, x3, (unsigned int *)x4))
 
-#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)  \
-  (_subborrow_u64(x1, x2, x3, (long long unsigned int *) x4))
+#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
+    (_subborrow_u64(x1, x2, x3, (long long unsigned int *)x4))
 
 #endif // GCC < 7.2
 
diff --git a/sys/hacl/c/include/msvc/EverCrypt_AEAD.h b/sys/hacl/c/include/msvc/EverCrypt_AEAD.h
index 4797df684..5d52493bc 100644
--- a/sys/hacl/c/include/msvc/EverCrypt_AEAD.h
+++ b/sys/hacl/c/include/msvc/EverCrypt_AEAD.h
@@ -42,6 +42,10 @@ extern "C" {
 
 typedef struct EverCrypt_AEAD_state_s_s EverCrypt_AEAD_state_s;
 
+/**
+Both encryption and decryption require a state that holds the key.
+The state may be reused as many times as desired.
+*/
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee);
 
 /**
diff --git a/sys/hacl/c/include/msvc/EverCrypt_DRBG.h b/sys/hacl/c/include/msvc/EverCrypt_DRBG.h
index aee4e8006..b3161bfec 100644
--- a/sys/hacl/c/include/msvc/EverCrypt_DRBG.h
+++ b/sys/hacl/c/include/msvc/EverCrypt_DRBG.h
@@ -36,7 +36,6 @@ extern "C" {
 #include "krml/internal/target.h"
 
 #include "Lib_RandomBuffer_System.h"
-#include "Lib_Memzero0.h"
 #include "Hacl_Streaming_Types.h"
 #include "Hacl_HMAC_DRBG.h"
 
diff --git a/sys/hacl/c/include/msvc/Hacl_Frodo1344.h b/sys/hacl/c/include/msvc/Hacl_Frodo1344.h
index 85d29c9f2..9fca4c82c 100644
--- a/sys/hacl/c/include/msvc/Hacl_Frodo1344.h
+++ b/sys/hacl/c/include/msvc/Hacl_Frodo1344.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo1344_crypto_bytes;
diff --git a/sys/hacl/c/include/msvc/Hacl_Frodo64.h b/sys/hacl/c/include/msvc/Hacl_Frodo64.h
index eb17defed..05aecb59c 100644
--- a/sys/hacl/c/include/msvc/Hacl_Frodo64.h
+++ b/sys/hacl/c/include/msvc/Hacl_Frodo64.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 /*
diff --git a/sys/hacl/c/include/msvc/Hacl_Frodo640.h b/sys/hacl/c/include/msvc/Hacl_Frodo640.h
index c4bf30d71..10c9bd478 100644
--- a/sys/hacl/c/include/msvc/Hacl_Frodo640.h
+++ b/sys/hacl/c/include/msvc/Hacl_Frodo640.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo640_crypto_bytes;
diff --git a/sys/hacl/c/include/msvc/Hacl_Frodo976.h b/sys/hacl/c/include/msvc/Hacl_Frodo976.h
index 458ebd2f8..c2d5f84f9 100644
--- a/sys/hacl/c/include/msvc/Hacl_Frodo976.h
+++ b/sys/hacl/c/include/msvc/Hacl_Frodo976.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Hash_SHA3.h"
 
 extern uint32_t Hacl_Frodo976_crypto_bytes;
diff --git a/sys/hacl/c/include/msvc/Hacl_Hash_Blake2.h b/sys/hacl/c/include/msvc/Hacl_Hash_Blake2.h
index aff1c7a99..3ee290150 100644
--- a/sys/hacl/c/include/msvc/Hacl_Hash_Blake2.h
+++ b/sys/hacl/c/include/msvc/Hacl_Hash_Blake2.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Krmllib.h"
 
 void Hacl_Blake2b_32_blake2b_init(uint64_t *hash, uint32_t kk, uint32_t nn);
diff --git a/sys/hacl/c/include/msvc/Hacl_Hash_Blake2b_256.h b/sys/hacl/c/include/msvc/Hacl_Hash_Blake2b_256.h
index 88bf9ab2d..2379fd752 100644
--- a/sys/hacl/c/include/msvc/Hacl_Hash_Blake2b_256.h
+++ b/sys/hacl/c/include/msvc/Hacl_Hash_Blake2b_256.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "Hacl_Krmllib.h"
 #include "libintvector.h"
 
diff --git a/sys/hacl/c/include/msvc/Hacl_Hash_Blake2s_128.h b/sys/hacl/c/include/msvc/Hacl_Hash_Blake2s_128.h
index 0e4241526..2af827cd4 100644
--- a/sys/hacl/c/include/msvc/Hacl_Hash_Blake2s_128.h
+++ b/sys/hacl/c/include/msvc/Hacl_Hash_Blake2s_128.h
@@ -35,7 +35,6 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-#include "Lib_Memzero0.h"
 #include "libintvector.h"
 
 void
diff --git a/sys/hacl/c/include/msvc/Hacl_Krmllib.h b/sys/hacl/c/include/msvc/Hacl_Krmllib.h
index 6916db3de..c0ea70bf2 100644
--- a/sys/hacl/c/include/msvc/Hacl_Krmllib.h
+++ b/sys/hacl/c/include/msvc/Hacl_Krmllib.h
@@ -35,9 +35,9 @@ extern "C" {
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/target.h"
 
-static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
+static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b);
 
-static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
+static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b);
 
 static inline FStar_UInt128_uint128
 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
diff --git a/sys/hacl/c/include/msvc/Hacl_RSAPSS.h b/sys/hacl/c/include/msvc/Hacl_RSAPSS.h
index 8f4de9492..90bd69ce5 100644
--- a/sys/hacl/c/include/msvc/Hacl_RSAPSS.h
+++ b/sys/hacl/c/include/msvc/Hacl_RSAPSS.h
@@ -43,9 +43,9 @@ extern "C" {
 Sign a message `msg` and write the signature to `sgnt`.
 
 @param a Hash algorithm to use. Allowed values for `a` are ...
-  * Spec_Hash_Definitions_SHA2_256,
-  * Spec_Hash_Definitions_SHA2_384, and
-  * Spec_Hash_Definitions_SHA2_512.
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
@@ -75,7 +75,10 @@ Hacl_RSAPSS_rsapss_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.
@@ -105,10 +108,10 @@ Load a public key from key parts.
 
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 
-@return Returns an allocated public key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb);
@@ -119,11 +122,11 @@ Load a secret key from key parts.
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 
-@return Returns an allocated secret key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_skey(
@@ -138,13 +141,16 @@ uint64_t
 /**
 Sign a message `msg` and write the signature to `sgnt`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param salt Pointer to `saltLen` bytes where the salt is read from.
 @param msgLen Length of message.
@@ -172,11 +178,14 @@ Hacl_RSAPSS_rsapss_skey_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param sgntLen Length of signature.
 @param sgnt Pointer to `sgntLen` bytes where the signature is read from.
diff --git a/sys/hacl/c/include/msvc/Lib_Memzero0.h b/sys/hacl/c/include/msvc/Lib_Memzero0.h
index 9a7c7ac5d..506dd50ff 100644
--- a/sys/hacl/c/include/msvc/Lib_Memzero0.h
+++ b/sys/hacl/c/include/msvc/Lib_Memzero0.h
@@ -1,45 +1,5 @@
-/* MIT License
- *
- * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
- * Copyright (c) 2022-2023 HACL* Contributors
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in all
- * copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
+#include <inttypes.h>
 
+void Lib_Memzero0_memzero0(void *dst, uint64_t len);
 
-#ifndef __Lib_Memzero0_H
-#define __Lib_Memzero0_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include <string.h>
-#include "krml/internal/types.h"
-#include "krml/lowstar_endianness.h"
-#include "krml/internal/target.h"
-
-extern void Lib_Memzero0_memzero(void *x0, uint64_t x1);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#define __Lib_Memzero0_H_DEFINED
-#endif
+#define Lib_Memzero0_memzero(dst, len, t) Lib_Memzero0_memzero0(dst, len * sizeof(t))
diff --git a/sys/hacl/c/include/msvc/TestLib.h b/sys/hacl/c/include/msvc/TestLib.h
index 3928a4629..62399c0c4 100644
--- a/sys/hacl/c/include/msvc/TestLib.h
+++ b/sys/hacl/c/include/msvc/TestLib.h
@@ -55,7 +55,8 @@ extern void TestLib_checku32(uint32_t uu___, uint32_t uu___1);
 
 extern void TestLib_checku64(uint64_t uu___, uint64_t uu___1);
 
-extern void TestLib_compare_and_print(C_String_t uu___, uint8_t *b1, uint8_t *b2, uint32_t l);
+extern void
+TestLib_compare_and_print(Prims_string uu___, uint8_t *b1, uint8_t *b2, uint32_t l);
 
 extern uint8_t *TestLib_unsafe_malloc(uint32_t l);
 
diff --git a/sys/hacl/c/include/msvc/internal/Hacl_Bignum25519_51.h b/sys/hacl/c/include/msvc/internal/Hacl_Bignum25519_51.h
index 9fe5e9fc1..25a105031 100644
--- a/sys/hacl/c/include/msvc/internal/Hacl_Bignum25519_51.h
+++ b/sys/hacl/c/include/msvc/internal/Hacl_Bignum25519_51.h
@@ -84,6 +84,7 @@ Hacl_Impl_Curve25519_Field51_fmul(
   FStar_UInt128_uint128 *uu___
 )
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -167,6 +168,7 @@ Hacl_Impl_Curve25519_Field51_fmul2(
   FStar_UInt128_uint128 *uu___
 )
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f1[0U];
   uint64_t f11 = f1[1U];
   uint64_t f12 = f1[2U];
@@ -371,6 +373,7 @@ static inline void Hacl_Impl_Curve25519_Field51_fmul1(uint64_t *out, uint64_t *f
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f0 = f[0U];
   uint64_t f1 = f[1U];
   uint64_t f2 = f[2U];
@@ -446,6 +449,7 @@ Hacl_Impl_Curve25519_Field51_fsqr(uint64_t *out, uint64_t *f, FStar_UInt128_uint
 static inline void
 Hacl_Impl_Curve25519_Field51_fsqr2(uint64_t *out, uint64_t *f, FStar_UInt128_uint128 *uu___)
 {
+  KRML_HOST_IGNORE(uu___);
   uint64_t f10 = f[0U];
   uint64_t f11 = f[1U];
   uint64_t f12 = f[2U];
diff --git a/sys/hacl/c/include/msvc/internal/Hacl_Bignum_Base.h b/sys/hacl/c/include/msvc/internal/Hacl_Bignum_Base.h
index 590fcbd02..e4d35fe99 100644
--- a/sys/hacl/c/include/msvc/internal/Hacl_Bignum_Base.h
+++ b/sys/hacl/c/include/msvc/internal/Hacl_Bignum_Base.h
@@ -401,6 +401,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     res[i0 + i0] = r;
   }
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, res, res);
+  KRML_HOST_IGNORE(c0);
   KRML_CHECK_SIZE(sizeof (uint32_t), aLen + aLen);
   uint32_t *tmp = (uint32_t *)alloca((aLen + aLen) * sizeof (uint32_t));
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint32_t));
@@ -413,6 +414,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u32(uint32_t aLen, uint32_t *a, uint32_t *res)
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
   }
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32(aLen + aLen, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void
@@ -450,6 +452,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     res[i0 + i0] = r;
   }
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, res, res);
+  KRML_HOST_IGNORE(c0);
   KRML_CHECK_SIZE(sizeof (uint64_t), aLen + aLen);
   uint64_t *tmp = (uint64_t *)alloca((aLen + aLen) * sizeof (uint64_t));
   memset(tmp, 0U, (aLen + aLen) * sizeof (uint64_t));
@@ -462,6 +465,7 @@ Hacl_Bignum_Multiplication_bn_sqr_u64(uint32_t aLen, uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;
   }
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64(aLen + aLen, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 #if defined(__cplusplus)
diff --git a/sys/hacl/c/include/msvc/internal/Hacl_Krmllib.h b/sys/hacl/c/include/msvc/internal/Hacl_Krmllib.h
index 278cb15bd..70c849169 100644
--- a/sys/hacl/c/include/msvc/internal/Hacl_Krmllib.h
+++ b/sys/hacl/c/include/msvc/internal/Hacl_Krmllib.h
@@ -37,13 +37,13 @@ extern "C" {
 
 #include "../Hacl_Krmllib.h"
 
-static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
+static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b);
 
-static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
+static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b);
 
-static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
+static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b);
 
-static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
+static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b);
 
 static inline FStar_UInt128_uint128
 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
diff --git a/sys/hacl/c/include/msvc/lib_intrinsics.h b/sys/hacl/c/include/msvc/lib_intrinsics.h
index 0c35026e8..8fa75b37a 100644
--- a/sys/hacl/c/include/msvc/lib_intrinsics.h
+++ b/sys/hacl/c/include/msvc/lib_intrinsics.h
@@ -8,15 +8,20 @@
 #endif
 #endif
 
-#if defined(HACL_CAN_COMPILE_INTRINSICS)
-#if defined(_MSC_VER)
-#include <immintrin.h>
-#else
-#include <x86intrin.h>
-#endif
-#endif
+/*
+   GCC versions prior to 5.5 incorrectly optimize certain intrinsics.
+
+   See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81300
+
+   CLANG versions prior to 5 crash on certain intrinsics.
+
+   See https://bugs.llvm.org/show_bug.cgi?id=24943
+*/
 
-#if !defined(HACL_CAN_COMPILE_INTRINSICS)
+#if !defined(HACL_CAN_COMPILE_INTRINSICS) || \
+    (defined(__clang__) && (__clang_major__ < 5)) || \
+    (defined(__GNUC__) && !defined(__clang__) &&  \
+     (__GNUC__ < 5 || (__GNUC__ == 5 && (__GNUC_MINOR__ < 5))))
 
 #include "Hacl_IntTypes_Intrinsics.h"
 
@@ -25,35 +30,40 @@
 #include "Hacl_IntTypes_Intrinsics_128.h"
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_128_add_carry_u64(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_128_sub_borrow_u64(x1, x2, x3, x4))
 
 #else
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4))
 
 #endif // defined(HACL_CAN_COMPILE_UINT128)
 
 #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
-  (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4))
+    (Hacl_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4))
 
 #else // !defined(HACL_CAN_COMPILE_INTRINSICS)
 
+#if defined(_MSC_VER)
+#include <immintrin.h>
+#else
+#include <x86intrin.h>
+#endif
+
 #define Lib_IntTypes_Intrinsics_add_carry_u32(x1, x2, x3, x4) \
-  (_addcarry_u32(x1, x2, x3, (unsigned int *) x4))
+    (_addcarry_u32(x1, x2, x3, (unsigned int *)x4))
 
 #define Lib_IntTypes_Intrinsics_add_carry_u64(x1, x2, x3, x4) \
-  (_addcarry_u64(x1, x2, x3, (long long unsigned int *) x4))
-
+    (_addcarry_u64(x1, x2, x3, (long long unsigned int *)x4))
 
 /*
    GCC versions prior to 7.2 pass arguments to _subborrow_u{32,64}
@@ -61,22 +71,22 @@
 
    See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81294
 */
-#if defined(__GNUC__) && !defined (__clang__) && \
-  (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2)))
+#if defined(__GNUC__) && !defined(__clang__) && \
+    (__GNUC__ < 7 || (__GNUC__ == 7 && (__GNUC_MINOR__ < 2)))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
-  (_subborrow_u32(x1, x3, x2, (unsigned int *) x4))
+    (_subborrow_u32(x1, x3, x2, (unsigned int *)x4))
 
 #define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
-  (_subborrow_u64(x1, x3, x2, (long long unsigned int *) x4))
+    (_subborrow_u64(x1, x3, x2, (long long unsigned int *)x4))
 
 #else
 
-#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4)  \
-  (_subborrow_u32(x1, x2, x3, (unsigned int *) x4))
+#define Lib_IntTypes_Intrinsics_sub_borrow_u32(x1, x2, x3, x4) \
+    (_subborrow_u32(x1, x2, x3, (unsigned int *)x4))
 
-#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4)  \
-  (_subborrow_u64(x1, x2, x3, (long long unsigned int *) x4))
+#define Lib_IntTypes_Intrinsics_sub_borrow_u64(x1, x2, x3, x4) \
+    (_subborrow_u64(x1, x2, x3, (long long unsigned int *)x4))
 
 #endif // GCC < 7.2
 
diff --git a/sys/hacl/c/karamel/include/krml/internal/callconv.h b/sys/hacl/c/karamel/include/krml/internal/callconv.h
index 11ca0e9ef..aeca0ba71 100644
--- a/sys/hacl/c/karamel/include/krml/internal/callconv.h
+++ b/sys/hacl/c/karamel/include/krml/internal/callconv.h
@@ -5,7 +5,7 @@
 #define __KRML_CALLCONV_H
 
 /******************************************************************************/
-/* Some macros to ease compatibility                                          */
+/* Some macros to ease compatibility (TODO: move to miTLS)                    */
 /******************************************************************************/
 
 /* We want to generate __cdecl safely without worrying about it being undefined.
@@ -24,23 +24,4 @@
 #endif
 #endif
 
-/* Since KaRaMeL emits the inline keyword unconditionally, we follow the
- * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this
- * __inline__ to ensure the code compiles with -std=c90 and earlier. */
-#ifdef __GNUC__
-#  define inline __inline__
-#endif
-
-/* GCC-specific attribute syntax; everyone else gets the standard C inline
- * attribute. */
-#ifdef __GNU_C__
-#  ifndef __clang__
-#    define force_inline inline __attribute__((always_inline))
-#  else
-#    define force_inline inline
-#  endif
-#else
-#  define force_inline inline
-#endif
-
 #endif
diff --git a/sys/hacl/c/karamel/include/krml/internal/target.h b/sys/hacl/c/karamel/include/krml/internal/target.h
index e22e326ba..634c20fc8 100644
--- a/sys/hacl/c/karamel/include/krml/internal/target.h
+++ b/sys/hacl/c/karamel/include/krml/internal/target.h
@@ -4,13 +4,20 @@
 #ifndef __KRML_TARGET_H
 #define __KRML_TARGET_H
 
-#include <stdlib.h>
-#include <stdio.h>
-#include <stdbool.h>
+#include <assert.h>
 #include <inttypes.h>
 #include <limits.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
 
-#include "krml/internal/callconv.h"
+/* Since KaRaMeL emits the inline keyword unconditionally, we follow the
+ * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this
+ * __inline__ to ensure the code compiles with -std=c90 and earlier. */
+#ifdef __GNUC__
+#  define inline __inline__
+#endif
 
 /******************************************************************************/
 /* Macros that KaRaMeL will generate.                                         */
@@ -46,6 +53,23 @@
 #  define KRML_HOST_FREE free
 #endif
 
+#ifndef KRML_HOST_IGNORE
+#  define KRML_HOST_IGNORE(x) (void)(x)
+#endif
+
+#ifndef KRML_NOINLINE
+#  if defined(_MSC_VER)
+#    define KRML_NOINLINE __declspec(noinline)
+#  elif defined (__GNUC__)
+#    define KRML_NOINLINE __attribute__((noinline,unused))
+#  else
+#    define KRML_NOINLINE
+#    warning "The KRML_NOINLINE macro is not defined for this toolchain!"
+#    warning "The compiler may defeat side-channel resistance with optimizations."
+#    warning "Please locate target.h and try to fill it out with a suitable definition for this compiler."
+#  endif
+#endif
+
 #ifndef KRML_PRE_ALIGN
 #  ifdef _MSC_VER
 #    define KRML_PRE_ALIGN(X) __declspec(align(X))
@@ -62,16 +86,33 @@
 #  endif
 #endif
 
+/* MinGW-W64 does not support C11 aligned_alloc, but it supports
+ * MSVC's _aligned_malloc.
+ */
 #ifndef KRML_ALIGNED_MALLOC
-#  ifdef _MSC_VER
+#  ifdef __MINGW32__
+#    include <_mingw.h>
+#  endif
+#  if (                                                                        \
+      defined(_MSC_VER) ||                                                     \
+      (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR)))
 #    define KRML_ALIGNED_MALLOC(X, Y) _aligned_malloc(Y, X)
 #  else
 #    define KRML_ALIGNED_MALLOC(X, Y) aligned_alloc(X, Y)
 #  endif
 #endif
 
+/* Since aligned allocations with MinGW-W64 are done with
+ * _aligned_malloc (see above), such pointers must be freed with
+ * _aligned_free.
+ */
 #ifndef KRML_ALIGNED_FREE
-#  ifdef _MSC_VER
+#  ifdef __MINGW32__
+#    include <_mingw.h>
+#  endif
+#  if (                                                                        \
+      defined(_MSC_VER) ||                                                     \
+      (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR)))
 #    define KRML_ALIGNED_FREE(X) _aligned_free(X)
 #  else
 #    define KRML_ALIGNED_FREE(X) free(X)
@@ -83,7 +124,7 @@
 #  include <time.h>
 
 /* Prims_nat not yet in scope */
-inline static int32_t krml_time() {
+inline static int32_t krml_time(void) {
   return (int32_t)time(NULL);
 }
 
@@ -107,8 +148,7 @@ inline static int32_t krml_time() {
 /* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of
  * *elements*. Do an ugly, run-time check (some of which KaRaMeL can eliminate).
  */
-
-#ifdef __GNUC__
+#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4))
 #  define _KRML_CHECK_SIZE_PRAGMA                                              \
     _Pragma("GCC diagnostic ignored \"-Wtype-limits\"")
 #else
@@ -128,14 +168,15 @@ inline static int32_t krml_time() {
   } while (0)
 
 #if defined(_MSC_VER) && _MSC_VER < 1900
-#  define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) _snprintf_s(buf, sz, _TRUNCATE, fmt, arg)
+#  define KRML_HOST_SNPRINTF(buf, sz, fmt, arg)                                \
+    _snprintf_s(buf, sz, _TRUNCATE, fmt, arg)
 #else
 #  define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg)
 #endif
 
-#if defined(__GNUC__) && __GNUC__ >= 4 && __GNUC_MINOR__ > 4
+#if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4))
 #  define KRML_DEPRECATED(x) __attribute__((deprecated(x)))
-#elif  defined(__GNUC__)
+#elif defined(__GNUC__)
 /* deprecated attribute is not defined in GCC < 4.5. */
 #  define KRML_DEPRECATED(x)
 #elif defined(_MSC_VER)
@@ -146,184 +187,186 @@ inline static int32_t krml_time() {
 #define KRML_LOOP1(i, n, x) { \
   x \
   i += n; \
+  (void) i; \
 }
 
-#define KRML_LOOP2(i, n, x) \
-  KRML_LOOP1(i, n, x) \
+#define KRML_LOOP2(i, n, x)                                                    \
+  KRML_LOOP1(i, n, x)                                                          \
   KRML_LOOP1(i, n, x)
 
-#define KRML_LOOP3(i, n, x) \
-  KRML_LOOP2(i, n, x) \
+#define KRML_LOOP3(i, n, x)                                                    \
+  KRML_LOOP2(i, n, x)                                                          \
   KRML_LOOP1(i, n, x)
 
-#define KRML_LOOP4(i, n, x) \
-  KRML_LOOP2(i, n, x) \
+#define KRML_LOOP4(i, n, x)                                                    \
+  KRML_LOOP2(i, n, x)                                                          \
   KRML_LOOP2(i, n, x)
 
-#define KRML_LOOP5(i, n, x) \
-  KRML_LOOP4(i, n, x) \
+#define KRML_LOOP5(i, n, x)                                                    \
+  KRML_LOOP4(i, n, x)                                                          \
   KRML_LOOP1(i, n, x)
 
-#define KRML_LOOP6(i, n, x) \
-  KRML_LOOP4(i, n, x) \
+#define KRML_LOOP6(i, n, x)                                                    \
+  KRML_LOOP4(i, n, x)                                                          \
   KRML_LOOP2(i, n, x)
 
-#define KRML_LOOP7(i, n, x) \
-  KRML_LOOP4(i, n, x) \
+#define KRML_LOOP7(i, n, x)                                                    \
+  KRML_LOOP4(i, n, x)                                                          \
   KRML_LOOP3(i, n, x)
 
-#define KRML_LOOP8(i, n, x) \
-  KRML_LOOP4(i, n, x) \
+#define KRML_LOOP8(i, n, x)                                                    \
+  KRML_LOOP4(i, n, x)                                                          \
   KRML_LOOP4(i, n, x)
 
-#define KRML_LOOP9(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP9(i, n, x)                                                    \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP1(i, n, x)
 
-#define KRML_LOOP10(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP10(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP2(i, n, x)
 
-#define KRML_LOOP11(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP11(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP3(i, n, x)
 
-#define KRML_LOOP12(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP12(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP4(i, n, x)
 
-#define KRML_LOOP13(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP13(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP5(i, n, x)
 
-#define KRML_LOOP14(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP14(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP6(i, n, x)
 
-#define KRML_LOOP15(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP15(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP7(i, n, x)
 
-#define KRML_LOOP16(i, n, x) \
-  KRML_LOOP8(i, n, x) \
+#define KRML_LOOP16(i, n, x)                                                   \
+  KRML_LOOP8(i, n, x)                                                          \
   KRML_LOOP8(i, n, x)
 
-#define KRML_UNROLL_FOR(i, z, n, k, x) do { \
-  uint32_t i = z; \
-  KRML_LOOP##n(i, k, x) \
-} while (0)
+#define KRML_UNROLL_FOR(i, z, n, k, x)                                         \
+  do {                                                                         \
+    uint32_t i = z;                                                            \
+    KRML_LOOP##n(i, k, x)                                                      \
+  } while (0)
 
-#define KRML_ACTUAL_FOR(i, z, n, k, x) \
-  do { \
-    for (uint32_t i = z; i < n; i += k) { \
-      x \
-    } \
+#define KRML_ACTUAL_FOR(i, z, n, k, x)                                         \
+  do {                                                                         \
+    for (uint32_t i = z; i < n; i += k) {                                      \
+      x                                                                        \
+    }                                                                          \
   } while (0)
 
 #ifndef KRML_UNROLL_MAX
-#define KRML_UNROLL_MAX 16
+#  define KRML_UNROLL_MAX 16
 #endif
 
 /* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */
 #if 0 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR0(i, z, n, k, x)
+#  define KRML_MAYBE_FOR0(i, z, n, k, x)
 #else
-#define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 1 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x)
+#  define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x)
 #else
-#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 2 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x)
+#  define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x)
 #else
-#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 3 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x)
+#  define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x)
 #else
-#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 4 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x)
+#  define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x)
 #else
-#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 5 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x)
+#  define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x)
 #else
-#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 6 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x)
+#  define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x)
 #else
-#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 7 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x)
+#  define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x)
 #else
-#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 8 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x)
+#  define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x)
 #else
-#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 9 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x)
+#  define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x)
 #else
-#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 10 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x)
+#  define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x)
 #else
-#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 11 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x)
+#  define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x)
 #else
-#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 12 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x)
+#  define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x)
 #else
-#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 13 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x)
+#  define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x)
 #else
-#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 14 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x)
+#  define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x)
 #else
-#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 15 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x)
+#  define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x)
 #else
-#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 
 #if 16 <= KRML_UNROLL_MAX
-#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x)
+#  define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x)
 #else
-#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
+#  define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x)
 #endif
 #endif
diff --git a/sys/hacl/c/karamel/include/krml/lowstar_endianness.h b/sys/hacl/c/karamel/include/krml/lowstar_endianness.h
index 32a7391e8..1aa2ccd64 100644
--- a/sys/hacl/c/karamel/include/krml/lowstar_endianness.h
+++ b/sys/hacl/c/karamel/include/krml/lowstar_endianness.h
@@ -77,7 +77,7 @@
 #  define le64toh(x) (x)
 
 /* ... for Windows (GCC-like, e.g. mingw or clang) */
-#elif (defined(_WIN32) || defined(_WIN64)) &&                                  \
+#elif (defined(_WIN32) || defined(_WIN64) || defined(__EMSCRIPTEN__)) &&       \
     (defined(__GNUC__) || defined(__clang__))
 
 #  define htobe16(x) __builtin_bswap16(x)
@@ -96,7 +96,8 @@
 #  define le64toh(x) (x)
 
 /* ... generic big-endian fallback code */
-#elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+/* ... AIX doesn't have __BYTE_ORDER__ (with XLC compiler) & is always big-endian */
+#elif (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || defined(_AIX)
 
 /* byte swapping code inspired by:
  * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h
diff --git a/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt128.h b/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt128.h
index a6db3a20a..ecc90213c 100644
--- a/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt128.h
+++ b/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt128.h
@@ -7,15 +7,13 @@
 #ifndef __FStar_UInt128_H
 #define __FStar_UInt128_H
 
-
-
-
 #include <inttypes.h>
 #include <stdbool.h>
 #include "krml/internal/compat.h"
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/types.h"
 #include "krml/internal/target.h"
+
 static inline FStar_UInt128_uint128
 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b);
 
diff --git a/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h b/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h
index be0e6225b..4bf0a34a0 100644
--- a/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h
+++ b/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h
@@ -7,13 +7,12 @@
 #ifndef __FStar_UInt128_Verified_H
 #define __FStar_UInt128_Verified_H
 
-
-
 #include "FStar_UInt_8_16_32_64.h"
 #include <inttypes.h>
 #include <stdbool.h>
 #include "krml/internal/types.h"
 #include "krml/internal/target.h"
+
 static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b)
 {
   return (a ^ ((a ^ b) | ((a - b) ^ b))) >> (uint32_t)63U;
diff --git a/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h b/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
index 513c5a2ba..84356c61e 100644
--- a/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
+++ b/sys/hacl/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h
@@ -7,24 +7,22 @@
 #ifndef __FStar_UInt_8_16_32_64_H
 #define __FStar_UInt_8_16_32_64_H
 
-
-
-
 #include <inttypes.h>
 #include <stdbool.h>
 #include "krml/internal/compat.h"
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/types.h"
 #include "krml/internal/target.h"
-extern Prims_int FStar_UInt64_n;
+
+extern krml_checked_int_t FStar_UInt64_n;
 
 extern bool FStar_UInt64_uu___is_Mk(uint64_t projectee);
 
-extern Prims_int FStar_UInt64___proj__Mk__item__v(uint64_t projectee);
+extern krml_checked_int_t FStar_UInt64___proj__Mk__item__v(uint64_t projectee);
 
-extern Prims_int FStar_UInt64_v(uint64_t x);
+extern krml_checked_int_t FStar_UInt64_v(uint64_t x);
 
-extern uint64_t FStar_UInt64_uint_to_t(Prims_int x);
+extern uint64_t FStar_UInt64_uint_to_t(krml_checked_int_t x);
 
 extern uint64_t FStar_UInt64_zero;
 
@@ -34,7 +32,7 @@ extern uint64_t FStar_UInt64_minus(uint64_t a);
 
 extern uint32_t FStar_UInt64_n_minus_one;
 
-static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
+static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
 {
   uint64_t x = a ^ b;
   uint64_t minus_x = ~x + (uint64_t)1U;
@@ -43,7 +41,7 @@ static inline uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b)
   return xnx - (uint64_t)1U;
 }
 
-static inline uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
+static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b)
 {
   uint64_t x = a;
   uint64_t y = b;
@@ -64,15 +62,15 @@ extern Prims_string FStar_UInt64_to_string_hex_pad(uint64_t uu___);
 
 extern uint64_t FStar_UInt64_of_string(Prims_string uu___);
 
-extern Prims_int FStar_UInt32_n;
+extern krml_checked_int_t FStar_UInt32_n;
 
 extern bool FStar_UInt32_uu___is_Mk(uint32_t projectee);
 
-extern Prims_int FStar_UInt32___proj__Mk__item__v(uint32_t projectee);
+extern krml_checked_int_t FStar_UInt32___proj__Mk__item__v(uint32_t projectee);
 
-extern Prims_int FStar_UInt32_v(uint32_t x);
+extern krml_checked_int_t FStar_UInt32_v(uint32_t x);
 
-extern uint32_t FStar_UInt32_uint_to_t(Prims_int x);
+extern uint32_t FStar_UInt32_uint_to_t(krml_checked_int_t x);
 
 extern uint32_t FStar_UInt32_zero;
 
@@ -82,7 +80,7 @@ extern uint32_t FStar_UInt32_minus(uint32_t a);
 
 extern uint32_t FStar_UInt32_n_minus_one;
 
-static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
+static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
 {
   uint32_t x = a ^ b;
   uint32_t minus_x = ~x + (uint32_t)1U;
@@ -91,7 +89,7 @@ static inline uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b)
   return xnx - (uint32_t)1U;
 }
 
-static inline uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
+static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b)
 {
   uint32_t x = a;
   uint32_t y = b;
@@ -112,15 +110,15 @@ extern Prims_string FStar_UInt32_to_string_hex_pad(uint32_t uu___);
 
 extern uint32_t FStar_UInt32_of_string(Prims_string uu___);
 
-extern Prims_int FStar_UInt16_n;
+extern krml_checked_int_t FStar_UInt16_n;
 
 extern bool FStar_UInt16_uu___is_Mk(uint16_t projectee);
 
-extern Prims_int FStar_UInt16___proj__Mk__item__v(uint16_t projectee);
+extern krml_checked_int_t FStar_UInt16___proj__Mk__item__v(uint16_t projectee);
 
-extern Prims_int FStar_UInt16_v(uint16_t x);
+extern krml_checked_int_t FStar_UInt16_v(uint16_t x);
 
-extern uint16_t FStar_UInt16_uint_to_t(Prims_int x);
+extern uint16_t FStar_UInt16_uint_to_t(krml_checked_int_t x);
 
 extern uint16_t FStar_UInt16_zero;
 
@@ -130,7 +128,7 @@ extern uint16_t FStar_UInt16_minus(uint16_t a);
 
 extern uint32_t FStar_UInt16_n_minus_one;
 
-static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
+static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
 {
   uint16_t x = a ^ b;
   uint16_t minus_x = ~x + (uint16_t)1U;
@@ -139,7 +137,7 @@ static inline uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b)
   return xnx - (uint16_t)1U;
 }
 
-static inline uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
+static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b)
 {
   uint16_t x = a;
   uint16_t y = b;
@@ -160,15 +158,15 @@ extern Prims_string FStar_UInt16_to_string_hex_pad(uint16_t uu___);
 
 extern uint16_t FStar_UInt16_of_string(Prims_string uu___);
 
-extern Prims_int FStar_UInt8_n;
+extern krml_checked_int_t FStar_UInt8_n;
 
 extern bool FStar_UInt8_uu___is_Mk(uint8_t projectee);
 
-extern Prims_int FStar_UInt8___proj__Mk__item__v(uint8_t projectee);
+extern krml_checked_int_t FStar_UInt8___proj__Mk__item__v(uint8_t projectee);
 
-extern Prims_int FStar_UInt8_v(uint8_t x);
+extern krml_checked_int_t FStar_UInt8_v(uint8_t x);
 
-extern uint8_t FStar_UInt8_uint_to_t(Prims_int x);
+extern uint8_t FStar_UInt8_uint_to_t(krml_checked_int_t x);
 
 extern uint8_t FStar_UInt8_zero;
 
@@ -178,7 +176,7 @@ extern uint8_t FStar_UInt8_minus(uint8_t a);
 
 extern uint32_t FStar_UInt8_n_minus_one;
 
-static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
+static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
 {
   uint8_t x = a ^ b;
   uint8_t minus_x = ~x + (uint8_t)1U;
@@ -187,7 +185,7 @@ static inline uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b)
   return xnx - (uint8_t)1U;
 }
 
-static inline uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
+static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b)
 {
   uint8_t x = a;
   uint8_t y = b;
diff --git a/sys/hacl/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h b/sys/hacl/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h
index e4b786d33..e851c15c9 100644
--- a/sys/hacl/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h
+++ b/sys/hacl/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h
@@ -7,15 +7,13 @@
 #ifndef __LowStar_Endianness_H
 #define __LowStar_Endianness_H
 
-
-
-#include "FStar_UInt128.h"
 #include <inttypes.h>
 #include <stdbool.h>
 #include "krml/internal/compat.h"
 #include "krml/lowstar_endianness.h"
 #include "krml/internal/types.h"
 #include "krml/internal/target.h"
+
 static inline void store128_le(uint8_t *x0, FStar_UInt128_uint128 x1);
 
 static inline FStar_UInt128_uint128 load128_le(uint8_t *x0);
diff --git a/sys/hacl/c/karamel/krmllib/dist/minimal/Makefile.basic b/sys/hacl/c/karamel/krmllib/dist/minimal/Makefile.basic
index 672b58015..d7a1fdfd7 100644
--- a/sys/hacl/c/karamel/krmllib/dist/minimal/Makefile.basic
+++ b/sys/hacl/c/karamel/krmllib/dist/minimal/Makefile.basic
@@ -46,7 +46,7 @@ AR ?= ar
 
 %.d: %.c
 	@set -e; rm -f $@; \
-	  $(CC) -MM $(CFLAGS) $< > $@.$$$$; \
+	  $(CC) -MM -MG $(CFLAGS) $< > $@.$$$$; \
 	  sed 's,\($(notdir $*)\)\.o[ :]*,$(dir $@)\1.o $@ : ,g' < $@.$$$$ > $@; \
 	  rm -f $@.$$$$
 
diff --git a/sys/hacl/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h b/sys/hacl/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h
index e40304b25..ae109004f 100644
--- a/sys/hacl/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h
+++ b/sys/hacl/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h
@@ -110,7 +110,7 @@ inline static uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) {
 inline static uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) {
   uint64_t mask =
       FStar_UInt64_eq_mask((uint64_t)(x >> 64), (uint64_t)(y >> 64)) &
-      FStar_UInt64_eq_mask(x, y);
+      FStar_UInt64_eq_mask((uint64_t)x, (uint64_t)y);
   return ((uint128_t)mask) << 64 | mask;
 }
 
@@ -118,7 +118,7 @@ inline static uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) {
   uint64_t mask =
       (FStar_UInt64_gte_mask(x >> 64, y >> 64) &
        ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) |
-      (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask(x, y));
+      (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask((uint64_t)x, (uint64_t)y));
   return ((uint128_t)mask) << 64 | mask;
 }
 
diff --git a/sys/hacl/c/src/EverCrypt_AEAD.c b/sys/hacl/c/src/EverCrypt_AEAD.c
index a4b306b77..21039bd4c 100644
--- a/sys/hacl/c/src/EverCrypt_AEAD.c
+++ b/sys/hacl/c/src/EverCrypt_AEAD.c
@@ -40,8 +40,14 @@ typedef struct EverCrypt_AEAD_state_s_s
 }
 EverCrypt_AEAD_state_s;
 
+/**
+Both encryption and decryption require a state that holds the key.
+The state may be reused as many times as desired.
+*/
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee)
 {
+  KRML_HOST_IGNORE(a);
+  KRML_HOST_IGNORE(projectee);
   return true;
 }
 
@@ -54,8 +60,7 @@ Return the algorithm used in the AEAD state.
 */
 Spec_Agile_AEAD_alg EverCrypt_AEAD_alg_of_state(EverCrypt_AEAD_state_s *s)
 {
-  EverCrypt_AEAD_state_s scrut = *s;
-  Spec_Cipher_Expansion_impl impl = scrut.impl;
+  Spec_Cipher_Expansion_impl impl = (*s).impl;
   switch (impl)
   {
     case Spec_Cipher_Expansion_Hacl_CHACHA20:
@@ -93,53 +98,57 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
     uint8_t *hkeys_b = ek + (uint32_t)176U;
-    uint64_t scrut = aes128_key_expansion(k, keys_b);
-    uint64_t scrut0 = aes128_keyhash_init(keys_b, hkeys_b);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b, hkeys_b));
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek });
     *dst = p;
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 static EverCrypt_Error_error_code
 create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
     uint8_t *hkeys_b = ek + (uint32_t)240U;
-    uint64_t scrut = aes256_key_expansion(k, keys_b);
-    uint64_t scrut0 = aes256_keyhash_init(keys_b, hkeys_b);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b, hkeys_b));
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek });
     *dst = p;
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 /**
@@ -204,8 +213,7 @@ encrypt_aes128_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -215,8 +223,12 @@ encrypt_aes128_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -242,9 +254,7 @@ encrypt_aes128_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t
-    scrut0 =
-      gcm128_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -260,7 +270,7 @@ encrypt_aes128_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   else
   {
@@ -273,9 +283,7 @@ encrypt_aes128_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
-    uint64_t
-    scrut0 =
-      gcm128_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -291,7 +299,7 @@ encrypt_aes128_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
     inout_b,
@@ -328,8 +336,7 @@ encrypt_aes256_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -339,8 +346,12 @@ encrypt_aes256_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -366,9 +377,7 @@ encrypt_aes256_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t
-    scrut0 =
-      gcm256_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -384,7 +393,7 @@ encrypt_aes256_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   else
   {
@@ -397,9 +406,7 @@ encrypt_aes256_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
-    uint64_t
-    scrut0 =
-      gcm256_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -415,7 +422,7 @@ encrypt_aes256_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
     inout_b,
@@ -521,23 +528,21 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  uint64_t scrut0 = aes128_key_expansion(k, keys_b0);
-  uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_Error_error_code r;
   if (s == NULL)
   {
-    r = EverCrypt_Error_InvalidKey;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
   else if (iv_len == (uint32_t)0U)
   {
-    r = EverCrypt_Error_InvalidIVLength;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
-    EverCrypt_AEAD_state_s scrut = *s;
-    uint8_t *ek0 = scrut.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -547,8 +552,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -574,9 +583,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t
-      scrut2 =
-        gcm128_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -592,7 +599,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     else
     {
@@ -605,9 +612,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
-      uint64_t
-      scrut2 =
-        gcm128_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -623,12 +628,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
       inout_b,
       (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    r = EverCrypt_Error_Success;
+    KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
   #else
@@ -665,23 +670,21 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  uint64_t scrut0 = aes256_key_expansion(k, keys_b0);
-  uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_Error_error_code r;
   if (s == NULL)
   {
-    r = EverCrypt_Error_InvalidKey;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
   else if (iv_len == (uint32_t)0U)
   {
-    r = EverCrypt_Error_InvalidIVLength;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
-    EverCrypt_AEAD_state_s scrut = *s;
-    uint8_t *ek0 = scrut.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -691,8 +694,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -718,9 +725,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t
-      scrut2 =
-        gcm256_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -736,7 +741,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     else
     {
@@ -749,9 +754,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
-      uint64_t
-      scrut2 =
-        gcm256_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -767,12 +770,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
       inout_b,
       (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    r = EverCrypt_Error_Success;
+    KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
   #else
@@ -797,34 +800,32 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   uint8_t *tag
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    uint64_t scrut0 = aes128_key_expansion(k, keys_b0);
-    uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
-    EverCrypt_Error_error_code r;
     if (s == NULL)
     {
-      r = EverCrypt_Error_InvalidKey;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
     else if (iv_len == (uint32_t)0U)
     {
-      r = EverCrypt_Error_InvalidIVLength;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
-      EverCrypt_AEAD_state_s scrut = *s;
-      uint8_t *ek0 = scrut.ek;
+      uint8_t *ek0 = (*s).ek;
       uint8_t *scratch_b = ek0 + (uint32_t)304U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
@@ -834,8 +835,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
       uint32_t bytes_len = len * (uint32_t)16U;
       uint8_t *iv_b = iv;
       memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+          (uint64_t)iv_len,
+          (uint64_t)len,
+          tmp_iv,
+          tmp_iv,
+          hkeys_b));
       uint8_t *inout_b = scratch_b;
       uint8_t *abytes_b = scratch_b + (uint32_t)16U;
       uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -861,9 +866,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128x6_ = len128x6 / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm128_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -879,7 +882,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       else
       {
@@ -892,9 +895,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
         uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm128_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -910,17 +911,19 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
         inout_b,
         (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      r = EverCrypt_Error_Success;
+      KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -936,34 +939,32 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   uint8_t *tag
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    uint64_t scrut0 = aes256_key_expansion(k, keys_b0);
-    uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
-    EverCrypt_Error_error_code r;
     if (s == NULL)
     {
-      r = EverCrypt_Error_InvalidKey;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
     else if (iv_len == (uint32_t)0U)
     {
-      r = EverCrypt_Error_InvalidIVLength;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
-      EverCrypt_AEAD_state_s scrut = *s;
-      uint8_t *ek0 = scrut.ek;
+      uint8_t *ek0 = (*s).ek;
       uint8_t *scratch_b = ek0 + (uint32_t)368U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
@@ -973,8 +974,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
       uint32_t bytes_len = len * (uint32_t)16U;
       uint8_t *iv_b = iv;
       memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+          (uint64_t)iv_len,
+          (uint64_t)len,
+          tmp_iv,
+          tmp_iv,
+          hkeys_b));
       uint8_t *inout_b = scratch_b;
       uint8_t *abytes_b = scratch_b + (uint32_t)16U;
       uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1000,9 +1005,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128x6_ = len128x6 / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm256_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -1018,7 +1021,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       else
       {
@@ -1031,9 +1034,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
         uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm256_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -1049,17 +1050,19 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
         inout_b,
         (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      r = EverCrypt_Error_Success;
+      KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -1075,12 +1078,12 @@ EverCrypt_AEAD_encrypt_expand_chacha20_poly1305(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(iv_len);
   uint8_t ek[32U] = { 0U };
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek };
   memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek0 = scrut.ek;
+  uint8_t *ek0 = (*s).ek;
   EverCrypt_Chacha20Poly1305_aead_encrypt(ek0, iv, ad_len, ad, plain_len, plain, cipher, tag);
   return EverCrypt_Error_Success;
 }
@@ -1170,8 +1173,7 @@ decrypt_aes128_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -1181,8 +1183,12 @@ decrypt_aes128_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1210,7 +1216,7 @@ decrypt_aes128_gcm(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1228,7 +1234,6 @@ decrypt_aes128_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   else
@@ -1243,7 +1248,7 @@ decrypt_aes128_gcm(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1261,7 +1266,6 @@ decrypt_aes128_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1304,8 +1308,7 @@ decrypt_aes256_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -1315,8 +1318,12 @@ decrypt_aes256_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1344,7 +1351,7 @@ decrypt_aes256_gcm(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1362,7 +1369,6 @@ decrypt_aes256_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   else
@@ -1377,7 +1383,7 @@ decrypt_aes256_gcm(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1395,7 +1401,6 @@ decrypt_aes256_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1437,8 +1442,7 @@ decrypt_chacha20_poly1305(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint32_t
   r = EverCrypt_Chacha20Poly1305_aead_decrypt(ek, iv, ad_len, ad, cipher_len, dst, cipher, tag);
   if (r == (uint32_t)0U)
@@ -1496,8 +1500,7 @@ EverCrypt_AEAD_decrypt(
   {
     return EverCrypt_Error_InvalidKey;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  Spec_Cipher_Expansion_impl i = scrut.impl;
+  Spec_Cipher_Expansion_impl i = (*s).impl;
   switch (i)
   {
     case Spec_Cipher_Expansion_Vale_AES128:
@@ -1545,8 +1548,8 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  uint64_t scrut = aes128_key_expansion(k, keys_b0);
-  uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
@@ -1557,8 +1560,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut1 = *s;
-  uint8_t *ek0 = scrut1.ek;
+  uint8_t *ek0 = (*s).ek;
   uint8_t *scratch_b = ek0 + (uint32_t)304U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
@@ -1568,8 +1570,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1597,7 +1603,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1615,7 +1621,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   else
@@ -1630,7 +1635,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1648,7 +1653,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1694,8 +1698,8 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  uint64_t scrut = aes256_key_expansion(k, keys_b0);
-  uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
@@ -1706,8 +1710,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut1 = *s;
-  uint8_t *ek0 = scrut1.ek;
+  uint8_t *ek0 = (*s).ek;
   uint8_t *scratch_b = ek0 + (uint32_t)368U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
@@ -1717,8 +1720,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1746,7 +1753,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1764,7 +1771,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   else
@@ -1779,7 +1785,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1797,7 +1803,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1831,141 +1836,138 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   uint8_t *dst
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    uint64_t scrut = aes128_key_expansion(k, keys_b0);
-    uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       return EverCrypt_Error_InvalidKey;
     }
-    else if (iv_len == (uint32_t)0U)
+    if (iv_len == (uint32_t)0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
+    uint8_t *ek0 = (*s).ek;
+    uint8_t *scratch_b = ek0 + (uint32_t)304U;
+    uint8_t *ek1 = ek0;
+    uint8_t *keys_b = ek1;
+    uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+    uint8_t tmp_iv[16U] = { 0U };
+    uint32_t len = iv_len / (uint32_t)16U;
+    uint32_t bytes_len = len * (uint32_t)16U;
+    uint8_t *iv_b = iv;
+    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
+    uint8_t *inout_b = scratch_b;
+    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
+    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *cipher_b_ = cipher;
+    uint8_t *out_b_ = dst;
+    uint8_t *auth_b_ = ad;
+    memcpy(inout_b,
+      cipher + cipher_len_,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    memcpy(abytes_b,
+      ad + auth_len_,
+      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    uint64_t c;
+    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    {
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
+      uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t
+      c0 =
+        gcm128_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      c = c0;
+    }
     else
     {
-      EverCrypt_AEAD_state_s scrut1 = *s;
-      uint8_t *ek0 = scrut1.ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)304U;
-      uint8_t *ek1 = ek0;
-      uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)176U;
-      uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
-      uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+      uint32_t len128x61 = (uint32_t)0U;
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + len128x61;
+      uint8_t *out128_b = out_b_ + len128x61;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
-      uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
-      uint8_t *cipher_b_ = cipher;
-      uint8_t *out_b_ = dst;
-      uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        cipher + cipher_len_,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
-      uint64_t c;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
-      {
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
-        uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm128_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      else
-      {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + len128x61;
-        uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm128_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
-        inout_b,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t r = c;
-      if (r == (uint64_t)0U)
-      {
-        return EverCrypt_Error_Success;
-      }
-      else
-      {
-        return EverCrypt_Error_AuthenticationFailure;
-      }
+      c0 =
+        gcm128_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      c = c0;
     }
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+      inout_b,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t r = c;
+    if (r == (uint64_t)0U)
+    {
+      return EverCrypt_Error_Success;
+    }
+    return EverCrypt_Error_AuthenticationFailure;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -1981,141 +1983,138 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   uint8_t *dst
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    uint64_t scrut = aes256_key_expansion(k, keys_b0);
-    uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       return EverCrypt_Error_InvalidKey;
     }
-    else if (iv_len == (uint32_t)0U)
+    if (iv_len == (uint32_t)0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
+    uint8_t *ek0 = (*s).ek;
+    uint8_t *scratch_b = ek0 + (uint32_t)368U;
+    uint8_t *ek1 = ek0;
+    uint8_t *keys_b = ek1;
+    uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+    uint8_t tmp_iv[16U] = { 0U };
+    uint32_t len = iv_len / (uint32_t)16U;
+    uint32_t bytes_len = len * (uint32_t)16U;
+    uint8_t *iv_b = iv;
+    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
+    uint8_t *inout_b = scratch_b;
+    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
+    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *cipher_b_ = cipher;
+    uint8_t *out_b_ = dst;
+    uint8_t *auth_b_ = ad;
+    memcpy(inout_b,
+      cipher + cipher_len_,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    memcpy(abytes_b,
+      ad + auth_len_,
+      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    uint64_t c;
+    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    {
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
+      uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t
+      c0 =
+        gcm256_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      c = c0;
+    }
     else
     {
-      EverCrypt_AEAD_state_s scrut1 = *s;
-      uint8_t *ek0 = scrut1.ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)368U;
-      uint8_t *ek1 = ek0;
-      uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)240U;
-      uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
-      uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+      uint32_t len128x61 = (uint32_t)0U;
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + len128x61;
+      uint8_t *out128_b = out_b_ + len128x61;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
-      uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
-      uint8_t *cipher_b_ = cipher;
-      uint8_t *out_b_ = dst;
-      uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        cipher + cipher_len_,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
-      uint64_t c;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
-      {
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
-        uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm256_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      else
-      {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + len128x61;
-        uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm256_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
-        inout_b,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t r = c;
-      if (r == (uint64_t)0U)
-      {
-        return EverCrypt_Error_Success;
-      }
-      else
-      {
-        return EverCrypt_Error_AuthenticationFailure;
-      }
+      c0 =
+        gcm256_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      c = c0;
+    }
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+      inout_b,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t r = c;
+    if (r == (uint64_t)0U)
+    {
+      return EverCrypt_Error_Success;
     }
+    return EverCrypt_Error_AuthenticationFailure;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -2210,8 +2209,7 @@ Cleanup and free the AEAD state.
 */
 void EverCrypt_AEAD_free(EverCrypt_AEAD_state_s *s)
 {
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   KRML_HOST_FREE(ek);
   KRML_HOST_FREE(s);
 }
diff --git a/sys/hacl/c/src/EverCrypt_AutoConfig2.c b/sys/hacl/c/src/EverCrypt_AutoConfig2.c
index fe93ef8a1..b549d0201 100644
--- a/sys/hacl/c/src/EverCrypt_AutoConfig2.c
+++ b/sys/hacl/c/src/EverCrypt_AutoConfig2.c
@@ -113,75 +113,59 @@ void EverCrypt_AutoConfig2_recall(void)
 void EverCrypt_AutoConfig2_init(void)
 {
   #if HACL_CAN_COMPILE_VALE
-  uint64_t scrut = check_aesni();
-  if (scrut != (uint64_t)0U)
+  if (check_aesni() != (uint64_t)0U)
   {
     cpu_has_aesni[0U] = true;
     cpu_has_pclmulqdq[0U] = true;
   }
-  uint64_t scrut0 = check_sha();
-  if (scrut0 != (uint64_t)0U)
+  if (check_sha() != (uint64_t)0U)
   {
     cpu_has_shaext[0U] = true;
   }
-  uint64_t scrut1 = check_adx_bmi2();
-  if (scrut1 != (uint64_t)0U)
+  if (check_adx_bmi2() != (uint64_t)0U)
   {
     cpu_has_bmi2[0U] = true;
     cpu_has_adx[0U] = true;
   }
-  uint64_t scrut2 = check_avx();
-  if (scrut2 != (uint64_t)0U)
+  if (check_avx() != (uint64_t)0U)
   {
-    uint64_t scrut3 = check_osxsave();
-    if (scrut3 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut4 = check_avx_xcr0();
-      if (scrut4 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
         cpu_has_avx[0U] = true;
       }
     }
   }
-  uint64_t scrut3 = check_avx2();
-  if (scrut3 != (uint64_t)0U)
+  if (check_avx2() != (uint64_t)0U)
   {
-    uint64_t scrut4 = check_osxsave();
-    if (scrut4 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut5 = check_avx_xcr0();
-      if (scrut5 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
         cpu_has_avx2[0U] = true;
       }
     }
   }
-  uint64_t scrut4 = check_sse();
-  if (scrut4 != (uint64_t)0U)
+  if (check_sse() != (uint64_t)0U)
   {
     cpu_has_sse[0U] = true;
   }
-  uint64_t scrut5 = check_movbe();
-  if (scrut5 != (uint64_t)0U)
+  if (check_movbe() != (uint64_t)0U)
   {
     cpu_has_movbe[0U] = true;
   }
-  uint64_t scrut6 = check_rdrand();
-  if (scrut6 != (uint64_t)0U)
+  if (check_rdrand() != (uint64_t)0U)
   {
     cpu_has_rdrand[0U] = true;
   }
-  uint64_t scrut7 = check_avx512();
-  if (scrut7 != (uint64_t)0U)
+  if (check_avx512() != (uint64_t)0U)
   {
-    uint64_t scrut8 = check_osxsave();
-    if (scrut8 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut9 = check_avx_xcr0();
-      if (scrut9 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
-        uint64_t scrut10 = check_avx512_xcr0();
-        if (scrut10 != (uint64_t)0U)
+        if (check_avx512_xcr0() != (uint64_t)0U)
         {
           cpu_has_avx512[0U] = true;
           return;
diff --git a/sys/hacl/c/src/EverCrypt_Chacha20Poly1305.c b/sys/hacl/c/src/EverCrypt_Chacha20Poly1305.c
index b1ad5a74d..9a110bbf0 100644
--- a/sys/hacl/c/src/EverCrypt_Chacha20Poly1305.c
+++ b/sys/hacl/c/src/EverCrypt_Chacha20Poly1305.c
@@ -39,13 +39,12 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   uint8_t *tag
 )
 {
-  bool avx2 = EverCrypt_AutoConfig2_has_avx2();
-  bool avx = EverCrypt_AutoConfig2_has_avx();
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     Hacl_Chacha20Poly1305_256_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
     return;
   }
@@ -53,10 +52,13 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     Hacl_Chacha20Poly1305_128_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
     return;
   }
   #endif
+  KRML_HOST_IGNORE(vec128);
+  KRML_HOST_IGNORE(vec256);
   Hacl_Chacha20Poly1305_32_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
 }
 
@@ -72,22 +74,24 @@ EverCrypt_Chacha20Poly1305_aead_decrypt(
   uint8_t *tag
 )
 {
-  bool avx2 = EverCrypt_AutoConfig2_has_avx2();
-  bool avx = EverCrypt_AutoConfig2_has_avx();
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     return Hacl_Chacha20Poly1305_256_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     return Hacl_Chacha20Poly1305_128_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
   }
   #endif
+  KRML_HOST_IGNORE(vec128);
+  KRML_HOST_IGNORE(vec256);
   return Hacl_Chacha20Poly1305_32_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
 }
 
diff --git a/sys/hacl/c/src/EverCrypt_Curve25519.c b/sys/hacl/c/src/EverCrypt_Curve25519.c
index b97637b86..202f58c13 100644
--- a/sys/hacl/c/src/EverCrypt_Curve25519.c
+++ b/sys/hacl/c/src/EverCrypt_Curve25519.c
@@ -27,13 +27,6 @@
 
 #include "config.h"
 
-static inline bool has_adx_bmi2(void)
-{
-  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
-  bool has_adx = EverCrypt_AutoConfig2_has_adx();
-  return has_bmi2 && has_adx;
-}
-
 /**
 Calculate a public point from a secret/private key.
 
@@ -45,13 +38,17 @@ This computes a scalar multiplication of the secret/private key with the curve's
 void EverCrypt_Curve25519_secret_to_public(uint8_t *pub, uint8_t *priv)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     Hacl_Curve25519_64_secret_to_public(pub, priv);
     return;
   }
-  #endif
   Hacl_Curve25519_51_secret_to_public(pub, priv);
+  #else
+  Hacl_Curve25519_51_secret_to_public(pub, priv);
+  #endif
 }
 
 /**
@@ -64,13 +61,17 @@ Compute the scalar multiple of a point.
 void EverCrypt_Curve25519_scalarmult(uint8_t *shared, uint8_t *my_priv, uint8_t *their_pub)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     Hacl_Curve25519_64_scalarmult(shared, my_priv, their_pub);
     return;
   }
-  #endif
   Hacl_Curve25519_51_scalarmult(shared, my_priv, their_pub);
+  #else
+  Hacl_Curve25519_51_scalarmult(shared, my_priv, their_pub);
+  #endif
 }
 
 /**
@@ -83,11 +84,15 @@ Execute the diffie-hellmann key exchange.
 bool EverCrypt_Curve25519_ecdh(uint8_t *shared, uint8_t *my_priv, uint8_t *their_pub)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     return Hacl_Curve25519_64_ecdh(shared, my_priv, their_pub);
   }
-  #endif
   return Hacl_Curve25519_51_ecdh(shared, my_priv, their_pub);
+  #else
+  return Hacl_Curve25519_51_ecdh(shared, my_priv, their_pub);
+  #endif
 }
 
diff --git a/sys/hacl/c/src/EverCrypt_DRBG.c b/sys/hacl/c/src/EverCrypt_DRBG.c
index ac5214609..13e517e51 100644
--- a/sys/hacl/c/src/EverCrypt_DRBG.c
+++ b/sys/hacl/c/src/EverCrypt_DRBG.c
@@ -26,6 +26,7 @@
 #include "EverCrypt_DRBG.h"
 
 #include "internal/EverCrypt_HMAC.h"
+#include "lib_memzero0.h"
 
 uint32_t EverCrypt_DRBG_reseed_interval = (uint32_t)1024U;
 
@@ -91,6 +92,7 @@ EverCrypt_DRBG_uu___is_SHA1_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA1_s)
   {
     return true;
@@ -104,6 +106,7 @@ EverCrypt_DRBG_uu___is_SHA2_256_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_256_s)
   {
     return true;
@@ -117,6 +120,7 @@ EverCrypt_DRBG_uu___is_SHA2_384_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_384_s)
   {
     return true;
@@ -130,6 +134,7 @@ EverCrypt_DRBG_uu___is_SHA2_512_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_512_s)
   {
     return true;
@@ -618,20 +623,18 @@ reseed_sha1(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA1_s)
   {
-    uu____0 = st_s.case_SHA1_s;
+    scrut = st_s.case_SHA1_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
@@ -699,20 +702,18 @@ reseed_sha2_256(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_256_s)
   {
-    uu____0 = st_s.case_SHA2_256_s;
+    scrut = st_s.case_SHA2_256_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
@@ -780,20 +781,18 @@ reseed_sha2_384(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_384_s)
   {
-    uu____0 = st_s.case_SHA2_384_s;
+    scrut = st_s.case_SHA2_384_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
@@ -861,20 +860,18 @@ reseed_sha2_512(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_512_s)
   {
-    uu____0 = st_s.case_SHA2_512_s;
+    scrut = st_s.case_SHA2_512_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t input0[input_len];
@@ -932,7 +929,6 @@ generate_sha1(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -940,11 +936,11 @@ generate_sha1(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t entropy_input[entropy_input_len1];
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t entropy_input[entropy_input_len];
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -953,56 +949,56 @@ generate_sha1(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
-      uint8_t seed_material[entropy_input_len1 + additional_input_len];
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
+      uint8_t seed_material[entropy_input_len + additional_input_len];
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA1_s)
       {
-        uu____0 = st_s.case_SHA1_s;
+        scrut = st_s.case_SHA1_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)21U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)21U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[20U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
       EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
       memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)21U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)21U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[20U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
@@ -1028,75 +1024,24 @@ generate_sha1(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA1_s)
+  {
+    scrut = st_s.case_SHA1_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA1_s)
-    {
-      scrut = st_s.case_SHA1_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)21U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t input0[input_len];
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[20U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-      EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)21U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t input[input_len0];
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[20U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-        EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)20U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)20U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)20U;
-      EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)21U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
@@ -1128,10 +1073,54 @@ generate_sha1(
       EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
       memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)20U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)20U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)20U;
+    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)21U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t input0[input_len];
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[20U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
+  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t input[input_len0];
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[20U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1153,7 +1142,6 @@ generate_sha2_256(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1161,11 +1149,11 @@ generate_sha2_256(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t entropy_input[entropy_input_len1];
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t entropy_input[entropy_input_len];
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1174,56 +1162,56 @@ generate_sha2_256(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
-      uint8_t seed_material[entropy_input_len1 + additional_input_len];
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
+      uint8_t seed_material[entropy_input_len + additional_input_len];
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_256_s)
       {
-        uu____0 = st_s.case_SHA2_256_s;
+        scrut = st_s.case_SHA2_256_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)33U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)33U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[32U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
       memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)33U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)33U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[32U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
@@ -1249,75 +1237,24 @@ generate_sha2_256(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_256_s)
+  {
+    scrut = st_s.case_SHA2_256_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_256_s)
-    {
-      scrut = st_s.case_SHA2_256_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)33U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t input0[input_len];
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[32U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)33U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t input[input_len0];
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[32U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)32U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)32U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)32U;
-      EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)33U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
@@ -1349,10 +1286,54 @@ generate_sha2_256(
       EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
       memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)32U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)32U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)32U;
+    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)33U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t input0[input_len];
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[32U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
+  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t input[input_len0];
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[32U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1374,7 +1355,6 @@ generate_sha2_384(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1382,11 +1362,11 @@ generate_sha2_384(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t entropy_input[entropy_input_len1];
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t entropy_input[entropy_input_len];
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1395,56 +1375,56 @@ generate_sha2_384(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
-      uint8_t seed_material[entropy_input_len1 + additional_input_len];
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
+      uint8_t seed_material[entropy_input_len + additional_input_len];
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_384_s)
       {
-        uu____0 = st_s.case_SHA2_384_s;
+        scrut = st_s.case_SHA2_384_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)49U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)49U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[48U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
       memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)49U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)49U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[48U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
@@ -1470,75 +1450,24 @@ generate_sha2_384(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_384_s)
+  {
+    scrut = st_s.case_SHA2_384_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_384_s)
-    {
-      scrut = st_s.case_SHA2_384_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)49U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t input0[input_len];
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[48U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)49U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t input[input_len0];
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[48U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)48U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)48U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)48U;
-      EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)49U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
@@ -1570,10 +1499,54 @@ generate_sha2_384(
       EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
       memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)48U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)48U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)48U;
+    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)49U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t input0[input_len];
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[48U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
+  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t input[input_len0];
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[48U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1595,7 +1568,6 @@ generate_sha2_512(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1603,11 +1575,11 @@ generate_sha2_512(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t entropy_input[entropy_input_len1];
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t entropy_input[entropy_input_len];
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1616,56 +1588,56 @@ generate_sha2_512(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
-      uint8_t seed_material[entropy_input_len1 + additional_input_len];
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
+      uint8_t seed_material[entropy_input_len + additional_input_len];
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_512_s)
       {
-        uu____0 = st_s.case_SHA2_512_s;
+        scrut = st_s.case_SHA2_512_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)65U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t input0[input_len];
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)65U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[64U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
       memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)65U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t input[input_len0];
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)65U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[64U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
@@ -1691,75 +1663,24 @@ generate_sha2_512(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_512_s)
+  {
+    scrut = st_s.case_SHA2_512_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_512_s)
-    {
-      scrut = st_s.case_SHA2_512_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)65U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t input0[input_len];
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[64U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)65U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t input[input_len0];
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[64U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)64U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)64U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)64U;
-      EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)65U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t input0[input_len];
@@ -1791,10 +1712,54 @@ generate_sha2_512(
       EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
       memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)64U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)64U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)64U;
+    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)65U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t input0[input_len];
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[64U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
+  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t input[input_len0];
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[64U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1813,8 +1778,8 @@ static void uninstantiate_sha1(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)20U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)20U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)20U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)20U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1837,8 +1802,8 @@ static void uninstantiate_sha2_256(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)32U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)32U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)32U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1861,8 +1826,8 @@ static void uninstantiate_sha2_384(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)48U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)48U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)48U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1885,8 +1850,8 @@ static void uninstantiate_sha2_512(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)64U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)64U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)64U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
diff --git a/sys/hacl/c/src/EverCrypt_HMAC.c b/sys/hacl/c/src/EverCrypt_HMAC.c
index 384077932..91440e614 100644
--- a/sys/hacl/c/src/EverCrypt_HMAC.c
+++ b/sys/hacl/c/src/EverCrypt_HMAC.c
@@ -83,16 +83,18 @@ EverCrypt_HMAC_compute_sha1(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)20U;
+    ite = (uint32_t)20U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -201,16 +203,18 @@ EverCrypt_HMAC_compute_sha2_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -329,16 +333,18 @@ EverCrypt_HMAC_compute_sha2_384(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)48U;
+    ite = (uint32_t)48U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -458,16 +464,18 @@ EverCrypt_HMAC_compute_sha2_512(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -587,16 +595,18 @@ EverCrypt_HMAC_compute_blake2s(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -723,16 +733,18 @@ EverCrypt_HMAC_compute_blake2b(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/sys/hacl/c/src/EverCrypt_Hash.c b/sys/hacl/c/src/EverCrypt_Hash.c
index b10044494..b88df9e23 100644
--- a/sys/hacl/c/src/EverCrypt_Hash.c
+++ b/sys/hacl/c/src/EverCrypt_Hash.c
@@ -206,8 +206,8 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         #if HACL_CAN_COMPILE_VEC128
+        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
           s =
@@ -231,8 +231,8 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         #if HACL_CAN_COMPILE_VEC256
+        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
           s =
@@ -342,6 +342,7 @@ static void init(EverCrypt_Hash_state_s *s)
     Hacl_Blake2s_128_blake2s_init(p1, (uint32_t)0U, (uint32_t)32U);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -358,6 +359,7 @@ static void init(EverCrypt_Hash_state_s *s)
     Hacl_Blake2b_256_blake2b_init(p1, (uint32_t)0U, (uint32_t)64U);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -391,17 +393,20 @@ k224_256[64U] =
 
 void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_shaext = EverCrypt_AutoConfig2_has_shaext();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
-  #if HACL_CAN_COMPILE_VALE
   if (has_shaext && has_sse)
   {
     uint64_t n1 = (uint64_t)n;
-    uint64_t scrut = sha256_update(s, blocks, n1, k224_256);
+    KRML_HOST_IGNORE(sha256_update(s, blocks, n1, k224_256));
     return;
   }
-  #endif
   Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  #else
+  KRML_HOST_IGNORE(k224_256);
+  Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  #endif
 }
 
 static void
@@ -495,6 +500,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
     Hacl_Blake2s_128_blake2s_update_multi(n * (uint32_t)64U, wv, p1, prevlen, blocks, n);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -525,6 +531,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
       n);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -622,6 +629,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
     Hacl_Blake2s_128_blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -650,6 +658,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
       last);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -736,6 +745,7 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
     Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, p1);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -752,6 +762,7 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
     Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, p1);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -1026,6 +1037,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2s_128_load_state128s_from_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1052,6 +1064,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2b_256_load_state256b_from_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1078,6 +1091,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2s_128_store_state128s_to_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1104,6 +1118,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2b_256_store_state256b_to_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1281,6 +1296,7 @@ void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s)
   uint8_t *buf = scrut.buf;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   Spec_Hash_Definitions_hash_alg i = alg_of_state(block_state);
+  KRML_HOST_IGNORE(i);
   init(block_state);
   EverCrypt_Hash_Incremental_hash_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -2038,9 +2054,9 @@ static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
     r = (uint32_t)(total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2S));
   }
   uint8_t *buf_1 = buf_;
-  bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   EverCrypt_Hash_state_s s;
   #if HACL_CAN_COMPILE_VEC128
+  bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 buf0[4U] KRML_POST_ALIGN(16) = { 0U };
   uint32_t buf[16U] = { 0U };
   if (vec128)
@@ -2097,9 +2113,9 @@ static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
     r = (uint32_t)(total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2B));
   }
   uint8_t *buf_1 = buf_;
-  bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   EverCrypt_Hash_state_s s;
   #if HACL_CAN_COMPILE_VEC256
+  bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 buf0[4U] KRML_POST_ALIGN(32) = { 0U };
   uint64_t buf[16U] = { 0U };
   if (vec256)
@@ -2140,8 +2156,7 @@ Perform a run-time test to determine which algorithm was chosen for the given pi
 Spec_Hash_Definitions_hash_alg
 EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *s;
-  EverCrypt_Hash_state_s *block_state = scrut.block_state;
+  EverCrypt_Hash_state_s *block_state = (*s).block_state;
   return alg_of_state(block_state);
 }
 
@@ -2384,28 +2399,32 @@ EverCrypt_Hash_Incremental_hash(
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         #if HACL_CAN_COMPILE_VEC128
+        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
           Hacl_Blake2s_128_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
           return;
         }
-        #endif
         Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        #else
+        Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        #endif
         break;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         #if HACL_CAN_COMPILE_VEC256
+        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
           Hacl_Blake2b_256_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
           return;
         }
-        #endif
         Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        #else
+        Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        #endif
         break;
       }
     default:
diff --git a/sys/hacl/c/src/EverCrypt_Poly1305.c b/sys/hacl/c/src/EverCrypt_Poly1305.c
index f05f8e85a..82ca9b992 100644
--- a/sys/hacl/c/src/EverCrypt_Poly1305.c
+++ b/sys/hacl/c/src/EverCrypt_Poly1305.c
@@ -38,16 +38,16 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key
   uint8_t tmp[16U] = { 0U };
   if (n_extra == (uint32_t)0U)
   {
-    uint64_t scrut = x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U));
   }
   else
   {
     uint32_t len16 = n_blocks * (uint32_t)16U;
     uint8_t *src16 = src;
     memcpy(tmp, src + len16, n_extra * sizeof (uint8_t));
-    uint64_t scrut = x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U));
     memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
-    uint64_t scrut0 = x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U));
   }
   memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t));
   #endif
@@ -60,6 +60,7 @@ void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     Hacl_Poly1305_256_poly1305_mac(dst, len, src, key);
     return;
   }
@@ -67,13 +68,17 @@ void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     Hacl_Poly1305_128_poly1305_mac(dst, len, src, key);
     return;
   }
   #endif
+  KRML_HOST_IGNORE(vec256);
+  KRML_HOST_IGNORE(vec128);
   #if HACL_CAN_COMPILE_VALE
   poly1305_vale(dst, src, len, key);
   #else
+  KRML_HOST_IGNORE(poly1305_vale);
   Hacl_Poly1305_32_poly1305_mac(dst, len, src, key);
   #endif
 }
diff --git a/sys/hacl/c/src/Hacl_Bignum.c b/sys/hacl/c/src/Hacl_Bignum.c
index 6ad30a2ef..fe73faa6b 100644
--- a/sys/hacl/c/src/Hacl_Bignum.c
+++ b/sys/hacl/c/src/Hacl_Bignum.c
@@ -58,6 +58,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
     uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c10);
   uint32_t c00 = c0;
   uint32_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b0, b1, tmp_);
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b1, b0, t1);
@@ -67,6 +68,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
     uint32_t x = (((uint32_t)0U - c010) & t1[i]) | (~((uint32_t)0U - c010) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint32_t c11 = c010;
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
@@ -150,6 +152,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -182,6 +185,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
     uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c10);
   uint64_t c00 = c0;
   uint64_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b0, b1, tmp_);
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b1, b0, t1);
@@ -191,6 +195,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
     uint64_t x = (((uint64_t)0U - c010) & t1[i]) | (~((uint64_t)0U - c010) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint64_t c11 = c010;
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
@@ -274,6 +279,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -302,7 +308,9 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
     uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint32_t c00 = c0;
+  KRML_HOST_IGNORE(c00);
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, t0, tmp1, t23);
@@ -373,6 +381,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -401,7 +410,9 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
     uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint64_t c00 = c0;
+  KRML_HOST_IGNORE(c00);
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, t0, tmp1, t23);
@@ -472,6 +483,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -696,6 +708,7 @@ Hacl_Bignum_bn_sub_mod_n_u32(
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i);
   }
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len1; i++)
   {
@@ -773,6 +786,7 @@ Hacl_Bignum_bn_sub_mod_n_u64(
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len1; i++)
   {
@@ -1266,6 +1280,7 @@ bn_almost_mont_reduction_u32(
   uint32_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -1362,6 +1377,7 @@ bn_almost_mont_reduction_u64(
   uint64_t tmp[len];
   memset(tmp, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
diff --git a/sys/hacl/c/src/Hacl_Bignum256.c b/sys/hacl/c/src/Hacl_Bignum256.c
index 7318984e1..41aaadeb5 100644
--- a/sys/hacl/c/src/Hacl_Bignum256.c
+++ b/sys/hacl/c/src/Hacl_Bignum256.c
@@ -229,6 +229,7 @@ void Hacl_Bignum256_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -314,6 +315,7 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -325,6 +327,7 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
@@ -441,6 +444,7 @@ static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -518,6 +522,7 @@ static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint6
     uint64_t r = c1;
     c[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, c, c);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -529,6 +534,7 @@ static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint6
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, tmp, c);
+  KRML_HOST_IGNORE(c1);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -569,6 +575,7 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -1154,6 +1161,7 @@ bool Hacl_Bignum256_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *re
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
   }
   else
@@ -1335,6 +1343,7 @@ Hacl_Bignum256_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
 }
 
@@ -1453,6 +1462,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -1469,6 +1479,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
diff --git a/sys/hacl/c/src/Hacl_Bignum256_32.c b/sys/hacl/c/src/Hacl_Bignum256_32.c
index a4f806712..ada153090 100644
--- a/sys/hacl/c/src/Hacl_Bignum256_32.c
+++ b/sys/hacl/c/src/Hacl_Bignum256_32.c
@@ -241,6 +241,7 @@ void Hacl_Bignum256_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *
     uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i););
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -328,6 +329,7 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     uint32_t r = c;
     res[i0 + i0] = r;);
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -339,6 +341,7 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
@@ -461,6 +464,7 @@ static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -540,6 +544,7 @@ static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint3
     uint32_t r = c1;
     c[i0 + i0] = r;);
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, c, c);
+  KRML_HOST_IGNORE(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -551,6 +556,7 @@ static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint3
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, tmp, c);
+  KRML_HOST_IGNORE(c1);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -593,6 +599,7 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -1188,6 +1195,7 @@ bool Hacl_Bignum256_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
       c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
   }
   else
@@ -1382,6 +1390,7 @@ Hacl_Bignum256_32_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
 }
 
@@ -1500,6 +1509,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
     (uint32_t)8U,
@@ -1516,6 +1526,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
     (uint32_t)8U,
diff --git a/sys/hacl/c/src/Hacl_Bignum32.c b/sys/hacl/c/src/Hacl_Bignum32.c
index 2bb4d1262..a9bb49865 100644
--- a/sys/hacl/c/src/Hacl_Bignum32.c
+++ b/sys/hacl/c/src/Hacl_Bignum32.c
@@ -181,6 +181,7 @@ bn_slow_precomp(
   uint32_t tmp0[len];
   memset(tmp0, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, a_mod, n, tmp0);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -431,6 +432,7 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
     {
       c1 = c0;
     }
+    KRML_HOST_IGNORE(c1);
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len,
       nBits,
       n,
@@ -670,6 +672,7 @@ Hacl_Bignum32_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(len1,
     k1.n,
     k1.mu,
diff --git a/sys/hacl/c/src/Hacl_Bignum4096.c b/sys/hacl/c/src/Hacl_Bignum4096.c
index 80c620462..bf8fd6d28 100644
--- a/sys/hacl/c/src/Hacl_Bignum4096.c
+++ b/sys/hacl/c/src/Hacl_Bignum4096.c
@@ -243,6 +243,7 @@ void Hacl_Bignum4096_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *re
     uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i););
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -393,6 +394,7 @@ static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -457,6 +459,7 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -1047,6 +1050,7 @@ bool Hacl_Bignum4096_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *r
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
   }
   else
@@ -1244,6 +1248,7 @@ Hacl_Bignum4096_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
 }
 
@@ -1362,6 +1367,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
     store64_be(res + i * (uint32_t)8U, b[(uint32_t)64U - i - (uint32_t)1U]);
@@ -1377,6 +1383,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
     store64_le(res + i * (uint32_t)8U, b[i]);
diff --git a/sys/hacl/c/src/Hacl_Bignum4096_32.c b/sys/hacl/c/src/Hacl_Bignum4096_32.c
index 16ba485f9..2f8d70f10 100644
--- a/sys/hacl/c/src/Hacl_Bignum4096_32.c
+++ b/sys/hacl/c/src/Hacl_Bignum4096_32.c
@@ -238,6 +238,7 @@ void Hacl_Bignum4096_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -385,6 +386,7 @@ static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -448,6 +450,7 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -1033,6 +1036,7 @@ bool Hacl_Bignum4096_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
       c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
   }
   else
@@ -1228,6 +1232,7 @@ Hacl_Bignum4096_32_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
 }
 
@@ -1346,6 +1351,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
     store32_be(res + i * (uint32_t)4U, b[(uint32_t)128U - i - (uint32_t)1U]);
@@ -1361,6 +1367,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
     store32_le(res + i * (uint32_t)4U, b[i]);
diff --git a/sys/hacl/c/src/Hacl_Bignum64.c b/sys/hacl/c/src/Hacl_Bignum64.c
index 9fd8c4c61..7300a9938 100644
--- a/sys/hacl/c/src/Hacl_Bignum64.c
+++ b/sys/hacl/c/src/Hacl_Bignum64.c
@@ -180,6 +180,7 @@ bn_slow_precomp(
   uint64_t tmp0[len];
   memset(tmp0, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, a_mod, n, tmp0);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -430,6 +431,7 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
     {
       c1 = c0;
     }
+    KRML_HOST_IGNORE(c1);
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len,
       nBits,
       n,
@@ -669,6 +671,7 @@ Hacl_Bignum64_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(len1,
     k1.n,
     k1.mu,
diff --git a/sys/hacl/c/src/Hacl_Chacha20_Vec128.c b/sys/hacl/c/src/Hacl_Chacha20_Vec128.c
index ed112654b..1e0c4ec1e 100644
--- a/sys/hacl/c/src/Hacl_Chacha20_Vec128.c
+++ b/sys/hacl/c/src/Hacl_Chacha20_Vec128.c
@@ -370,9 +370,8 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)256U;
-    uint8_t *uu____3 = text + nb * (uint32_t)256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -676,9 +675,8 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)256U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
diff --git a/sys/hacl/c/src/Hacl_Chacha20_Vec256.c b/sys/hacl/c/src/Hacl_Chacha20_Vec256.c
index 2df300b62..620f50405 100644
--- a/sys/hacl/c/src/Hacl_Chacha20_Vec256.c
+++ b/sys/hacl/c/src/Hacl_Chacha20_Vec256.c
@@ -470,9 +470,8 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)512U;
-    uint8_t *uu____3 = text + nb * (uint32_t)512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -968,9 +967,8 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)512U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
diff --git a/sys/hacl/c/src/Hacl_Chacha20_Vec32.c b/sys/hacl/c/src/Hacl_Chacha20_Vec32.c
index 6f137f39d..2bf4764ca 100644
--- a/sys/hacl/c/src/Hacl_Chacha20_Vec32.c
+++ b/sys/hacl/c/src/Hacl_Chacha20_Vec32.c
@@ -229,9 +229,8 @@ Hacl_Chacha20_Vec32_chacha20_encrypt_32(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = text + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
@@ -279,9 +278,8 @@ Hacl_Chacha20_Vec32_chacha20_decrypt_32(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
diff --git a/sys/hacl/c/src/Hacl_Curve25519_64.c b/sys/hacl/c/src/Hacl_Curve25519_64.c
index 526fbd22f..fb0974fed 100644
--- a/sys/hacl/c/src/Hacl_Curve25519_64.c
+++ b/sys/hacl/c/src/Hacl_Curve25519_64.c
@@ -35,7 +35,7 @@ static inline void add_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   add_scalar(out, f1, f2);
   #else
-  uint64_t uu____0 = add_scalar_e(out, f1, f2);
+  KRML_HOST_IGNORE(add_scalar_e(out, f1, f2));
   #endif
 }
 
@@ -44,7 +44,7 @@ static inline void fadd0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fadd(out, f1, f2);
   #else
-  uint64_t uu____0 = fadd_e(out, f1, f2);
+  KRML_HOST_IGNORE(fadd_e(out, f1, f2));
   #endif
 }
 
@@ -53,7 +53,7 @@ static inline void fsub0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsub(out, f1, f2);
   #else
-  uint64_t uu____0 = fsub_e(out, f1, f2);
+  KRML_HOST_IGNORE(fsub_e(out, f1, f2));
   #endif
 }
 
@@ -62,7 +62,7 @@ static inline void fmul0(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *tm
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul(out, f1, f2, tmp);
   #else
-  uint64_t uu____0 = fmul_e(tmp, f1, out, f2);
+  KRML_HOST_IGNORE(fmul_e(tmp, f1, out, f2));
   #endif
 }
 
@@ -71,7 +71,7 @@ static inline void fmul20(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *t
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul2(out, f1, f2, tmp);
   #else
-  uint64_t uu____0 = fmul2_e(tmp, f1, out, f2);
+  KRML_HOST_IGNORE(fmul2_e(tmp, f1, out, f2));
   #endif
 }
 
@@ -80,7 +80,7 @@ static inline void fmul_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul_scalar(out, f1, f2);
   #else
-  uint64_t uu____0 = fmul_scalar_e(out, f1, f2);
+  KRML_HOST_IGNORE(fmul_scalar_e(out, f1, f2));
   #endif
 }
 
@@ -89,7 +89,7 @@ static inline void fsqr0(uint64_t *out, uint64_t *f1, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr(out, f1, tmp);
   #else
-  uint64_t uu____0 = fsqr_e(tmp, f1, out);
+  KRML_HOST_IGNORE(fsqr_e(tmp, f1, out));
   #endif
 }
 
@@ -98,7 +98,7 @@ static inline void fsqr20(uint64_t *out, uint64_t *f, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr2(out, f, tmp);
   #else
-  uint64_t uu____0 = fsqr2_e(tmp, f, out);
+  KRML_HOST_IGNORE(fsqr2_e(tmp, f, out));
   #endif
 }
 
@@ -107,7 +107,7 @@ static inline void cswap20(uint64_t bit, uint64_t *p1, uint64_t *p2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   cswap2(bit, p1, p2);
   #else
-  uint64_t uu____0 = cswap2_e(bit, p1, p2);
+  KRML_HOST_IGNORE(cswap2_e(bit, p1, p2));
   #endif
 }
 
diff --git a/sys/hacl/c/src/Hacl_Ed25519.c b/sys/hacl/c/src/Hacl_Ed25519.c
index 39d259980..36113197a 100644
--- a/sys/hacl/c/src/Hacl_Ed25519.c
+++ b/sys/hacl/c/src/Hacl_Ed25519.c
@@ -711,65 +711,59 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 c00 = carry0;
   FStar_UInt128_uint128
   carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U);
-  uint64_t
-  t100 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00))
-    & (uint64_t)0xffffffffffffffU;
+  KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00))
+    & (uint64_t)0xffffffffffffffU);
   FStar_UInt128_uint128 c10 = carry1;
   FStar_UInt128_uint128
   carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U);
-  uint64_t
-  t101 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10))
-    & (uint64_t)0xffffffffffffffU;
+  KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10))
+    & (uint64_t)0xffffffffffffffU);
   FStar_UInt128_uint128 c20 = carry2;
   FStar_UInt128_uint128
   carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U);
-  uint64_t
-  t102 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20))
-    & (uint64_t)0xffffffffffffffU;
+  KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20))
+    & (uint64_t)0xffffffffffffffU);
   FStar_UInt128_uint128 c30 = carry3;
   FStar_UInt128_uint128
   carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U);
   uint64_t
-  t103 =
+  t100 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c40 = carry4;
-  uint64_t t410 = t103;
+  uint64_t t410 = t100;
   FStar_UInt128_uint128
   carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), (uint32_t)56U);
   uint64_t
-  t104 =
+  t101 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c5 = carry5;
-  uint64_t t51 = t104;
+  uint64_t t51 = t101;
   FStar_UInt128_uint128
   carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), (uint32_t)56U);
   uint64_t
-  t105 =
+  t102 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c6 = carry6;
-  uint64_t t61 = t105;
+  uint64_t t61 = t102;
   FStar_UInt128_uint128
   carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), (uint32_t)56U);
   uint64_t
-  t106 =
+  t103 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c7 = carry7;
-  uint64_t t71 = t106;
+  uint64_t t71 = t103;
   FStar_UInt128_uint128
   carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), (uint32_t)56U);
   uint64_t
-  t107 =
+  t104 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c8 = carry8;
-  uint64_t t81 = t107;
+  uint64_t t81 = t104;
   uint64_t t91 = FStar_UInt128_uint128_to_uint64(c8);
   uint64_t qmu4_ = t410;
   uint64_t qmu5_ = t51;
@@ -818,19 +812,19 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 xy31 = FStar_UInt128_mul_wide(qdiv3, m1);
   FStar_UInt128_uint128 xy40 = FStar_UInt128_mul_wide(qdiv4, m0);
   FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, (uint32_t)56U);
-  uint64_t t108 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
+  uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c0 = carry9;
-  uint64_t t010 = t108;
+  uint64_t t010 = t105;
   FStar_UInt128_uint128
   carry10 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0),
       (uint32_t)56U);
   uint64_t
-  t109 =
+  t106 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c11 = carry10;
-  uint64_t t110 = t109;
+  uint64_t t110 = t106;
   FStar_UInt128_uint128
   carry11 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
@@ -839,14 +833,14 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c11),
       (uint32_t)56U);
   uint64_t
-  t1010 =
+  t107 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
             xy11),
           xy20),
         c11))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c21 = carry11;
-  uint64_t t210 = t1010;
+  uint64_t t210 = t107;
   FStar_UInt128_uint128
   carry =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
@@ -856,7 +850,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c21),
       (uint32_t)56U);
   uint64_t
-  t1011 =
+  t108 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
               xy12),
             xy21),
@@ -864,7 +858,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c21))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c31 = carry;
-  uint64_t t310 = t1011;
+  uint64_t t310 = t108;
   uint64_t
   t411 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy04,
@@ -880,24 +874,24 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t qmul3 = t310;
   uint64_t qmul4 = t411;
   uint64_t b5 = (r0 - qmul0) >> (uint32_t)63U;
-  uint64_t t1012 = (b5 << (uint32_t)56U) + r0 - qmul0;
+  uint64_t t109 = (b5 << (uint32_t)56U) + r0 - qmul0;
   uint64_t c1 = b5;
-  uint64_t t011 = t1012;
+  uint64_t t011 = t109;
   uint64_t b6 = (r1 - (qmul1 + c1)) >> (uint32_t)63U;
-  uint64_t t1013 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
+  uint64_t t1010 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
   uint64_t c2 = b6;
-  uint64_t t111 = t1013;
+  uint64_t t111 = t1010;
   uint64_t b7 = (r2 - (qmul2 + c2)) >> (uint32_t)63U;
-  uint64_t t1014 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
+  uint64_t t1011 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
   uint64_t c3 = b7;
-  uint64_t t211 = t1014;
+  uint64_t t211 = t1011;
   uint64_t b8 = (r3 - (qmul3 + c3)) >> (uint32_t)63U;
-  uint64_t t1015 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
+  uint64_t t1012 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
   uint64_t c4 = b8;
-  uint64_t t311 = t1015;
+  uint64_t t311 = t1012;
   uint64_t b9 = (r4 - (qmul4 + c4)) >> (uint32_t)63U;
-  uint64_t t1016 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
-  uint64_t t412 = t1016;
+  uint64_t t1013 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
+  uint64_t t412 = t1013;
   uint64_t s0 = t011;
   uint64_t s1 = t111;
   uint64_t s2 = t211;
@@ -914,21 +908,21 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t y3 = m31;
   uint64_t y4 = m41;
   uint64_t b10 = (s0 - y0) >> (uint32_t)63U;
-  uint64_t t1017 = (b10 << (uint32_t)56U) + s0 - y0;
+  uint64_t t1014 = (b10 << (uint32_t)56U) + s0 - y0;
   uint64_t b0 = b10;
-  uint64_t t01 = t1017;
+  uint64_t t01 = t1014;
   uint64_t b11 = (s1 - (y1 + b0)) >> (uint32_t)63U;
-  uint64_t t1018 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
+  uint64_t t1015 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
   uint64_t b1 = b11;
-  uint64_t t11 = t1018;
+  uint64_t t11 = t1015;
   uint64_t b12 = (s2 - (y2 + b1)) >> (uint32_t)63U;
-  uint64_t t1019 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
+  uint64_t t1016 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
   uint64_t b2 = b12;
-  uint64_t t21 = t1019;
+  uint64_t t21 = t1016;
   uint64_t b13 = (s3 - (y3 + b2)) >> (uint32_t)63U;
-  uint64_t t1020 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
+  uint64_t t1017 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
   uint64_t b3 = b13;
-  uint64_t t31 = t1020;
+  uint64_t t31 = t1017;
   uint64_t b = (s4 - (y4 + b3)) >> (uint32_t)63U;
   uint64_t t10 = (b << (uint32_t)56U) + s4 - (y4 + b3);
   uint64_t b4 = b;
@@ -1483,6 +1477,9 @@ static inline void point_mul_g(uint64_t *out, uint8_t *scalar)
     uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp););
+  KRML_HOST_IGNORE(q2);
+  KRML_HOST_IGNORE(q3);
+  KRML_HOST_IGNORE(q4);
 }
 
 static inline void
@@ -1717,8 +1714,10 @@ static inline void sha512_pre_msg(uint8_t *hash, uint8_t *prefix, uint32_t len,
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
   Hacl_Streaming_Types_error_code
-  uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code uu____1 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
+  Hacl_Streaming_Types_error_code err1 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  KRML_HOST_IGNORE(err0);
+  KRML_HOST_IGNORE(err1);
   Hacl_Streaming_SHA2_finish_512(st, hash);
 }
 
@@ -1739,10 +1738,13 @@ sha512_pre_pre2_msg(
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
   Hacl_Streaming_Types_error_code
-  uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
+  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
   Hacl_Streaming_Types_error_code
-  uu____1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code uu____2 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  err1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
+  Hacl_Streaming_Types_error_code err2 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  KRML_HOST_IGNORE(err0);
+  KRML_HOST_IGNORE(err1);
+  KRML_HOST_IGNORE(err2);
   Hacl_Streaming_SHA2_finish_512(st, hash);
 }
 
diff --git a/sys/hacl/c/src/Hacl_FFDHE.c b/sys/hacl/c/src/Hacl_FFDHE.c
index 78aaaab6d..9cf2ddfb8 100644
--- a/sys/hacl/c/src/Hacl_FFDHE.c
+++ b/sys/hacl/c/src/Hacl_FFDHE.c
@@ -127,7 +127,6 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui
   memset(p_n1, 0U, nLen * sizeof (uint64_t));
   uint64_t
   c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, p_n[0U], (uint64_t)1U, p_n1);
-  uint64_t c1;
   if ((uint32_t)1U < nLen)
   {
     uint64_t *a1 = p_n + (uint32_t)1U;
@@ -159,12 +158,12 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui
       uint64_t *res_i = res1 + i;
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
     }
-    uint64_t c10 = c;
-    c1 = c10;
+    uint64_t c1 = c;
+    KRML_HOST_IGNORE(c1);
   }
   else
   {
-    c1 = c0;
+    KRML_HOST_IGNORE(c0);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t b2[nLen];
diff --git a/sys/hacl/c/src/Hacl_Frodo1344.c b/sys/hacl/c/src/Hacl_Frodo1344.c
index 81bddfd95..0696f34cd 100644
--- a/sys/hacl/c/src/Hacl_Frodo1344.c
+++ b/sys/hacl/c/src/Hacl_Frodo1344.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo1344_crypto_bytes = (uint32_t)32U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43008U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)1344U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U, uint16_t);
   uint32_t slen1 = (uint32_t)43056U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)32U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)32U, pk, (uint32_t)21520U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)21520U, pk, (uint32_t)32U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)80U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)80U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
     (uint32_t)1344U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)21664U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)21632U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)21632U, k, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)32U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)32U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)32U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[64U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
     (uint32_t)1344U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)1344U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -291,10 +292,10 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)21632U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)21632U, kp_s, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)32U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)32U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/sys/hacl/c/src/Hacl_Frodo64.c b/sys/hacl/c/src/Hacl_Frodo64.c
index 6c652c9b2..575390e32 100644
--- a/sys/hacl/c/src/Hacl_Frodo64.c
+++ b/sys/hacl/c/src/Hacl_Frodo64.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 /*
  this variant is used only for testing purposes!
@@ -59,7 +60,7 @@ uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2048U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   Hacl_Impl_Matrix_matrix_add((uint32_t)64U, (uint32_t)8U, b_matrix, e_matrix);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b_matrix, b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)64U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U, uint16_t);
   uint32_t slen1 = (uint32_t)2016U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)976U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)976U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
     (uint32_t)64U,
@@ -155,12 +156,12 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)1096U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
@@ -168,9 +169,9 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)1080U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)1080U, k, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)16U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -199,8 +200,8 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -223,7 +224,7 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
     (uint32_t)64U,
@@ -264,12 +265,12 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)64U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -290,10 +291,10 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)1080U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)1080U, kp_s, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/sys/hacl/c/src/Hacl_Frodo640.c b/sys/hacl/c/src/Hacl_Frodo640.c
index 904865c21..54af36d8c 100644
--- a/sys/hacl/c/src/Hacl_Frodo640.c
+++ b/sys/hacl/c/src/Hacl_Frodo640.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo640_crypto_bytes = (uint32_t)16U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20480U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)640U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U, uint16_t);
   uint32_t slen1 = (uint32_t)19872U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)9616U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)9616U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
     (uint32_t)640U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)9736U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)9720U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)9720U, k, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)16U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
     (uint32_t)640U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)640U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -292,10 +293,10 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)9720U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)9720U, kp_s, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/sys/hacl/c/src/Hacl_Frodo976.c b/sys/hacl/c/src/Hacl_Frodo976.c
index 2f796b32e..2e6aa6f09 100644
--- a/sys/hacl/c/src/Hacl_Frodo976.c
+++ b/sys/hacl/c/src/Hacl_Frodo976.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo976_crypto_bytes = (uint32_t)24U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31232U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)976U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U, uint16_t);
   uint32_t slen1 = (uint32_t)31272U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)24U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)24U, pk, (uint32_t)15632U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)15632U, pk, (uint32_t)24U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)64U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)64U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
     (uint32_t)976U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)15768U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t shake_input_ss[ss_init_len];
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)15744U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)15744U, k, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)24U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)24U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)24U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[48U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)48U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
     (uint32_t)976U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)976U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -291,10 +292,10 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)15744U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)15744U, kp_s, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)24U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)24U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)24U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/sys/hacl/c/src/Hacl_Frodo_KEM.c b/sys/hacl/c/src/Hacl_Frodo_KEM.c
index 13db363af..4265ac0e7 100644
--- a/sys/hacl/c/src/Hacl_Frodo_KEM.c
+++ b/sys/hacl/c/src/Hacl_Frodo_KEM.c
@@ -30,6 +30,6 @@
 
 void randombytes_(uint32_t len, uint8_t *res)
 {
-  bool b = Lib_RandomBuffer_System_randombytes(res, len);
+  KRML_HOST_IGNORE(Lib_RandomBuffer_System_randombytes(res, len));
 }
 
diff --git a/sys/hacl/c/src/Hacl_GenericField32.c b/sys/hacl/c/src/Hacl_GenericField32.c
index e3802bc23..8bd08a00e 100644
--- a/sys/hacl/c/src/Hacl_GenericField32.c
+++ b/sys/hacl/c/src/Hacl_GenericField32.c
@@ -614,6 +614,7 @@ Hacl_GenericField32_inverse(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_GenericField32_exp_vartime(k, aM, k1.len * (uint32_t)32U, n2, aInvM);
 }
 
diff --git a/sys/hacl/c/src/Hacl_GenericField64.c b/sys/hacl/c/src/Hacl_GenericField64.c
index 8ff2148e5..7c11d3b76 100644
--- a/sys/hacl/c/src/Hacl_GenericField64.c
+++ b/sys/hacl/c/src/Hacl_GenericField64.c
@@ -613,6 +613,7 @@ Hacl_GenericField64_inverse(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_GenericField64_exp_vartime(k, aM, k1.len * (uint32_t)64U, n2, aInvM);
 }
 
diff --git a/sys/hacl/c/src/Hacl_HMAC.c b/sys/hacl/c/src/Hacl_HMAC.c
index 16c528c83..7b4b36f03 100644
--- a/sys/hacl/c/src/Hacl_HMAC.c
+++ b/sys/hacl/c/src/Hacl_HMAC.c
@@ -49,16 +49,18 @@ Hacl_HMAC_legacy_compute_sha1(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)20U;
+    ite = (uint32_t)20U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -173,16 +175,18 @@ Hacl_HMAC_compute_sha2_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -307,16 +311,18 @@ Hacl_HMAC_compute_sha2_384(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)48U;
+    ite = (uint32_t)48U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -442,16 +448,18 @@ Hacl_HMAC_compute_sha2_512(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -577,16 +585,18 @@ Hacl_HMAC_compute_blake2s_32(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -719,16 +729,18 @@ Hacl_HMAC_compute_blake2b_32(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/sys/hacl/c/src/Hacl_HMAC_Blake2b_256.c b/sys/hacl/c/src/Hacl_HMAC_Blake2b_256.c
index 7a34ac2c2..71f754153 100644
--- a/sys/hacl/c/src/Hacl_HMAC_Blake2b_256.c
+++ b/sys/hacl/c/src/Hacl_HMAC_Blake2b_256.c
@@ -47,16 +47,18 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/sys/hacl/c/src/Hacl_HMAC_Blake2s_128.c b/sys/hacl/c/src/Hacl_HMAC_Blake2s_128.c
index 86a8c2eb9..bce00309e 100644
--- a/sys/hacl/c/src/Hacl_HMAC_Blake2s_128.c
+++ b/sys/hacl/c/src/Hacl_HMAC_Blake2s_128.c
@@ -46,16 +46,18 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t key_block[l];
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/sys/hacl/c/src/Hacl_HMAC_DRBG.c b/sys/hacl/c/src/Hacl_HMAC_DRBG.c
index f0e01bd83..0a09aaedc 100644
--- a/sys/hacl/c/src/Hacl_HMAC_DRBG.c
+++ b/sys/hacl/c/src/Hacl_HMAC_DRBG.c
@@ -71,6 +71,8 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
 bool
 Hacl_HMAC_DRBG_uu___is_State(Spec_Hash_Definitions_hash_alg a, Hacl_HMAC_DRBG_state projectee)
 {
+  KRML_HOST_IGNORE(a);
+  KRML_HOST_IGNORE(projectee);
   return true;
 }
 
@@ -455,10 +457,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____0 = st;
-        uint8_t *k = uu____0.k;
-        uint8_t *v = uu____0.v;
-        uint32_t *ctr = uu____0.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
@@ -508,10 +509,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____1 = st;
-        uint8_t *k = uu____1.k;
-        uint8_t *v = uu____1.v;
-        uint32_t *ctr = uu____1.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
@@ -561,10 +561,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____2 = st;
-        uint8_t *k = uu____2.k;
-        uint8_t *v = uu____2.v;
-        uint32_t *ctr = uu____2.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
@@ -614,10 +613,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____3 = st;
-        uint8_t *k = uu____3.k;
-        uint8_t *v = uu____3.v;
-        uint32_t *ctr = uu____3.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t input0[input_len];
@@ -1088,6 +1086,7 @@ Hacl_HMAC_DRBG_generate(
 
 void Hacl_HMAC_DRBG_free(Spec_Hash_Definitions_hash_alg uu___, Hacl_HMAC_DRBG_state s)
 {
+  KRML_HOST_IGNORE(uu___);
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
diff --git a/sys/hacl/c/src/Hacl_Hash_Blake2.c b/sys/hacl/c/src/Hacl_Hash_Blake2.c
index 6080585c6..aecc6165c 100644
--- a/sys/hacl/c/src/Hacl_Hash_Blake2.c
+++ b/sys/hacl/c/src/Hacl_Hash_Blake2.c
@@ -26,6 +26,7 @@
 #include "internal/Hacl_Hash_Blake2.h"
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
 
 static void
 blake2b_update_block(
@@ -531,7 +532,7 @@ Hacl_Blake2b_32_blake2b_update_key(
   {
     blake2b_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 void
@@ -544,6 +545,7 @@ Hacl_Blake2b_32_blake2b_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     FStar_UInt128_uint128
@@ -571,7 +573,7 @@ Hacl_Blake2b_32_blake2b_update_last(
   FStar_UInt128_uint128
   totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
   blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 static void
@@ -642,7 +644,7 @@ void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash
     store64_le(second + i * (uint32_t)8U, row1[i]););
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 /**
@@ -670,8 +672,8 @@ Hacl_Blake2b_32_blake2b(
   Hacl_Blake2b_32_blake2b_init(b, kk, nn);
   blake2b_update(b1, b, kk, k, ll, d);
   Hacl_Blake2b_32_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)16U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint64_t);
+  Lib_Memzero0_memzero(b, (uint32_t)16U, uint64_t);
 }
 
 uint64_t *Hacl_Blake2b_32_blake2b_malloc(void)
@@ -1178,7 +1180,7 @@ Hacl_Blake2s_32_blake2s_update_key(
   {
     blake2s_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 void
@@ -1191,6 +1193,7 @@ Hacl_Blake2s_32_blake2s_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
@@ -1214,7 +1217,7 @@ Hacl_Blake2s_32_blake2s_update_last(
   memcpy(b, last, rem * sizeof (uint8_t));
   uint64_t totlen = prev + (uint64_t)len;
   blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 static void
@@ -1281,7 +1284,7 @@ void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash
     store32_le(second + i * (uint32_t)4U, row1[i]););
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
 }
 
 /**
@@ -1309,8 +1312,8 @@ Hacl_Blake2s_32_blake2s(
   Hacl_Blake2s_32_blake2s_init(b, kk, nn);
   blake2s_update(b1, b, kk, k, ll, d);
   Hacl_Blake2s_32_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)16U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint32_t);
+  Lib_Memzero0_memzero(b, (uint32_t)16U, uint32_t);
 }
 
 uint32_t *Hacl_Blake2s_32_blake2s_malloc(void)
diff --git a/sys/hacl/c/src/Hacl_Hash_Blake2b_256.c b/sys/hacl/c/src/Hacl_Hash_Blake2b_256.c
index 2761aeb1e..b37ffc5ff 100644
--- a/sys/hacl/c/src/Hacl_Hash_Blake2b_256.c
+++ b/sys/hacl/c/src/Hacl_Hash_Blake2b_256.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
 #include "internal/Hacl_Hash_Blake2.h"
+#include "lib_memzero0.h"
 
 static inline void
 blake2b_update_block(
@@ -254,7 +255,7 @@ Hacl_Blake2b_256_blake2b_update_key(
   {
     blake2b_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 void
@@ -267,6 +268,7 @@ Hacl_Blake2b_256_blake2b_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     FStar_UInt128_uint128
@@ -294,7 +296,7 @@ Hacl_Blake2b_256_blake2b_update_last(
   FStar_UInt128_uint128
   totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
   blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 static inline void
@@ -369,7 +371,7 @@ Hacl_Blake2b_256_blake2b_finish(
   Lib_IntVector_Intrinsics_vec256_store64_le(second, row1[0U]);
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 /**
@@ -397,8 +399,8 @@ Hacl_Blake2b_256_blake2b(
   Hacl_Blake2b_256_blake2b_init(b, kk, nn);
   blake2b_update(b1, b, kk, k, ll, d);
   Hacl_Blake2b_256_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)4U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
+  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
 }
 
 void
diff --git a/sys/hacl/c/src/Hacl_Hash_Blake2s_128.c b/sys/hacl/c/src/Hacl_Hash_Blake2s_128.c
index ce5252ccf..86c4f0309 100644
--- a/sys/hacl/c/src/Hacl_Hash_Blake2s_128.c
+++ b/sys/hacl/c/src/Hacl_Hash_Blake2s_128.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
 #include "internal/Hacl_Hash_Blake2.h"
+#include "lib_memzero0.h"
 
 static inline void
 blake2s_update_block(
@@ -254,7 +255,7 @@ Hacl_Blake2s_128_blake2s_update_key(
   {
     blake2s_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 void
@@ -267,6 +268,7 @@ Hacl_Blake2s_128_blake2s_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
@@ -290,7 +292,7 @@ Hacl_Blake2s_128_blake2s_update_last(
   memcpy(b, last, rem * sizeof (uint8_t));
   uint64_t totlen = prev + (uint64_t)len;
   blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 static inline void
@@ -361,7 +363,7 @@ Hacl_Blake2s_128_blake2s_finish(
   Lib_IntVector_Intrinsics_vec128_store32_le(second, row1[0U]);
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
 }
 
 /**
@@ -389,8 +391,8 @@ Hacl_Blake2s_128_blake2s(
   Hacl_Blake2s_128_blake2s_init(b, kk, nn);
   blake2s_update(b1, b, kk, k, ll, d);
   Hacl_Blake2s_128_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)4U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
+  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
 }
 
 void
diff --git a/sys/hacl/c/src/Hacl_Hash_SHA3.c b/sys/hacl/c/src/Hacl_Hash_SHA3.c
index 42c24434f..19d13b1b8 100644
--- a/sys/hacl/c/src/Hacl_Hash_SHA3.c
+++ b/sys/hacl/c/src/Hacl_Hash_SHA3.c
@@ -125,10 +125,9 @@ Hacl_Hash_SHA3_update_last_sha3(
   if (input_len == len)
   {
     Hacl_Impl_SHA3_absorb_inner(len, input, s);
-    uint8_t *uu____0 = input + input_len;
     uint8_t lastBlock_[200U] = { 0U };
     uint8_t *lastBlock = lastBlock_;
-    memcpy(lastBlock, uu____0, (uint32_t)0U * sizeof (uint8_t));
+    memcpy(lastBlock, input + input_len, (uint32_t)0U * sizeof (uint8_t));
     lastBlock[0U] = suffix;
     Hacl_Impl_SHA3_loadState(len, lastBlock, s);
     if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U)
@@ -167,8 +166,7 @@ hash_buf2;
 
 Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s)
 {
-  Hacl_Streaming_Keccak_state scrut = *s;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Hacl_Streaming_Keccak_hash_buf block_state = (*s).block_state;
   return block_state.fst;
 }
 
@@ -228,6 +226,8 @@ void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s)
   Hacl_Streaming_Keccak_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Spec_Hash_Definitions_hash_alg i = block_state.fst;
+  KRML_HOST_IGNORE(i);
   uint64_t *s1 = block_state.snd;
   memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
   Hacl_Streaming_Keccak_state
@@ -807,6 +807,7 @@ Hacl_Impl_SHA3_keccak(
   uint8_t *output
 )
 {
+  KRML_HOST_IGNORE(capacity);
   uint32_t rateInBytes = rate / (uint32_t)8U;
   uint64_t s[25U] = { 0U };
   absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix);
diff --git a/sys/hacl/c/src/Hacl_K256_ECDSA.c b/sys/hacl/c/src/Hacl_K256_ECDSA.c
index d75eac5ac..2ffc10604 100644
--- a/sys/hacl/c/src/Hacl_K256_ECDSA.c
+++ b/sys/hacl/c/src/Hacl_K256_ECDSA.c
@@ -215,6 +215,7 @@ static void sub_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -288,6 +289,7 @@ static void sqr4(uint64_t *a, uint64_t *res)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -299,6 +301,7 @@ static void sqr4(uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline uint64_t is_qelem_zero(uint64_t *f)
@@ -432,6 +435,7 @@ static inline void load_qelem_modq(uint64_t *f, uint8_t *b)
 static inline void store_qelem(uint8_t *b, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -494,7 +498,7 @@ mul_pow2_256_minus_q_add(
     uint64_t r = c;
     tmp[len + i0] = r;);
   memcpy(res + (uint32_t)2U, a, len * sizeof (uint64_t));
-  uint64_t uu____0 = bn_add(resLen, res, len + (uint32_t)2U, tmp, res);
+  KRML_HOST_IGNORE(bn_add(resLen, res, len + (uint32_t)2U, tmp, res));
   uint64_t c = bn_add(resLen, res, (uint32_t)4U, e, res);
   return c;
 }
@@ -510,15 +514,23 @@ static inline void modq(uint64_t *out, uint64_t *a)
   uint64_t *t01 = tmp;
   uint64_t m[7U] = { 0U };
   uint64_t p[5U] = { 0U };
-  uint64_t
-  c0 = mul_pow2_256_minus_q_add((uint32_t)4U, (uint32_t)7U, t01, a + (uint32_t)4U, a, m);
-  uint64_t
-  c10 = mul_pow2_256_minus_q_add((uint32_t)3U, (uint32_t)5U, t01, m + (uint32_t)4U, m, p);
+  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)4U,
+      (uint32_t)7U,
+      t01,
+      a + (uint32_t)4U,
+      a,
+      m));
+  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)3U,
+      (uint32_t)5U,
+      t01,
+      m + (uint32_t)4U,
+      m,
+      p));
   uint64_t
   c2 = mul_pow2_256_minus_q_add((uint32_t)1U, (uint32_t)4U, t01, p + (uint32_t)4U, p, r);
-  uint64_t c00 = c2;
+  uint64_t c0 = c2;
   uint64_t c1 = add4(r, tmp, out);
-  uint64_t mask = (uint64_t)0U - (c00 + c1);
+  uint64_t mask = (uint64_t)0U - (c0 + c1);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -608,7 +620,7 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
     uint64_t *res_i = res1 + i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
-  uint64_t uu____0 = c1;
+  KRML_HOST_IGNORE(c1);
   uint64_t flag = l[5U] >> (uint32_t)63U;
   uint64_t mask = (uint64_t)0U - flag;
   KRML_MAYBE_FOR4(i,
@@ -1219,6 +1231,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)118285133003718U, (uint64_t)434519962075150U, (uint64_t)1114612377498854U,
       (uint64_t)3488596944003813U, (uint64_t)450716531072892U, (uint64_t)66044973203836U
     };
+  KRML_HOST_IGNORE(q2);
   uint64_t
   q3[15U] =
     {
@@ -1228,6 +1241,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)265969268774814U, (uint64_t)1913228635640715U, (uint64_t)2831959046949342U,
       (uint64_t)888030405442963U, (uint64_t)1817092932985033U, (uint64_t)101515844997121U
     };
+  KRML_HOST_IGNORE(q3);
   uint64_t
   q4[15U] =
     {
@@ -1237,6 +1251,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)12245672982162U, (uint64_t)2119364213800870U, (uint64_t)2034960311715107U,
       (uint64_t)3172697815804487U, (uint64_t)4185144850224160U, (uint64_t)2792055915674U
     };
+  KRML_HOST_IGNORE(q4);
   uint64_t *r1 = scalar;
   uint64_t *r2 = scalar + (uint32_t)1U;
   uint64_t *r3 = scalar + (uint32_t)2U;
@@ -1601,6 +1616,7 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(
 )
 {
   uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  KRML_HOST_IGNORE(oneq);
   uint64_t rsdk_q[16U] = { 0U };
   uint64_t *r_q = rsdk_q;
   uint64_t *s_q = rsdk_q + (uint32_t)4U;
diff --git a/sys/hacl/c/src/Hacl_P256.c b/sys/hacl/c/src/Hacl_P256.c
index 2b6cb11be..7e586e546 100644
--- a/sys/hacl/c/src/Hacl_P256.c
+++ b/sys/hacl/c/src/Hacl_P256.c
@@ -204,6 +204,7 @@ static inline void bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -277,6 +278,7 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -288,11 +290,13 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void bn_to_bytes_be4(uint8_t *res, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -1057,6 +1061,10 @@ static inline void point_mul_g(uint64_t *res, uint64_t *scalar)
     uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     point_add(res, res, tmp););
+  KRML_HOST_IGNORE(q1);
+  KRML_HOST_IGNORE(q2);
+  KRML_HOST_IGNORE(q3);
+  KRML_HOST_IGNORE(q4);
 }
 
 static inline void
@@ -1564,6 +1572,7 @@ Hacl_P256_ecdsa_sign_p256_sha2(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1596,6 +1605,7 @@ Hacl_P256_ecdsa_sign_p256_sha384(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
   Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1628,6 +1638,7 @@ Hacl_P256_ecdsa_sign_p256_sha512(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
   Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1670,6 +1681,7 @@ Hacl_P256_ecdsa_sign_p256_without_hash(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1705,6 +1717,7 @@ Hacl_P256_ecdsa_verif_p256_sha2(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1735,6 +1748,7 @@ Hacl_P256_ecdsa_verif_p256_sha384(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
   Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1765,6 +1779,7 @@ Hacl_P256_ecdsa_verif_p256_sha512(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
   Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1800,6 +1815,7 @@ Hacl_P256_ecdsa_verif_without_hash(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
diff --git a/sys/hacl/c/src/Hacl_RSAPSS.c b/sys/hacl/c/src/Hacl_RSAPSS.c
index 19d4e5b4c..ceb9a6f0a 100644
--- a/sys/hacl/c/src/Hacl_RSAPSS.c
+++ b/sys/hacl/c/src/Hacl_RSAPSS.c
@@ -404,9 +404,9 @@ load_skey(
 Sign a message `msg` and write the signature to `sgnt`.
 
 @param a Hash algorithm to use. Allowed values for `a` are ...
-  * Spec_Hash_Definitions_SHA2_256,
-  * Spec_Hash_Definitions_SHA2_384, and
-  * Spec_Hash_Definitions_SHA2_512.
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
@@ -518,7 +518,10 @@ Hacl_RSAPSS_rsapss_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.
@@ -637,10 +640,10 @@ Load a public key from key parts.
 
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 
-@return Returns an allocated public key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb)
@@ -707,11 +710,11 @@ Load a secret key from key parts.
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 
-@return Returns an allocated secret key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_skey(
@@ -804,13 +807,16 @@ uint64_t
 /**
 Sign a message `msg` and write the signature to `sgnt`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param salt Pointer to `saltLen` bytes where the salt is read from.
 @param msgLen Length of message.
@@ -873,11 +879,14 @@ Hacl_RSAPSS_rsapss_skey_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param sgntLen Length of signature.
 @param sgnt Pointer to `sgntLen` bytes where the signature is read from.
diff --git a/sys/hacl/c/src/Hacl_Salsa20.c b/sys/hacl/c/src/Hacl_Salsa20.c
index e157d5ef2..2758f8a4d 100644
--- a/sys/hacl/c/src/Hacl_Salsa20.c
+++ b/sys/hacl/c/src/Hacl_Salsa20.c
@@ -181,6 +181,7 @@ salsa20_encrypt(
   memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
   ctx[15U] = (uint32_t)0x6b206574U;
   uint32_t k[16U] = { 0U };
+  KRML_HOST_IGNORE(k);
   uint32_t rem = len % (uint32_t)64U;
   uint32_t nb = len / (uint32_t)64U;
   uint32_t rem1 = len % (uint32_t)64U;
@@ -217,9 +218,8 @@ salsa20_encrypt(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = text + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
@@ -294,6 +294,7 @@ salsa20_decrypt(
   memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
   ctx[15U] = (uint32_t)0x6b206574U;
   uint32_t k[16U] = { 0U };
+  KRML_HOST_IGNORE(k);
   uint32_t rem = len % (uint32_t)64U;
   uint32_t nb = len / (uint32_t)64U;
   uint32_t rem1 = len % (uint32_t)64U;
@@ -330,9 +331,8 @@ salsa20_decrypt(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
diff --git a/sys/hacl/c/src/Hacl_Streaming_Poly1305_128.c b/sys/hacl/c/src/Hacl_Streaming_Poly1305_128.c
index ff60cde24..c3f7c19ae 100644
--- a/sys/hacl/c/src/Hacl_Streaming_Poly1305_128.c
+++ b/sys/hacl/c/src/Hacl_Streaming_Poly1305_128.c
@@ -311,7 +311,7 @@ Hacl_Streaming_Poly1305_128_finish(
   {
     ite1 = r % (uint32_t)16U;
   }
-  uint64_t prev_len_last = total_len - (uint64_t)ite1;
+  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
   uint32_t ite2;
   if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
   {
diff --git a/sys/hacl/c/src/Hacl_Streaming_Poly1305_256.c b/sys/hacl/c/src/Hacl_Streaming_Poly1305_256.c
index 63685f991..e56275a4f 100644
--- a/sys/hacl/c/src/Hacl_Streaming_Poly1305_256.c
+++ b/sys/hacl/c/src/Hacl_Streaming_Poly1305_256.c
@@ -311,7 +311,7 @@ Hacl_Streaming_Poly1305_256_finish(
   {
     ite1 = r % (uint32_t)16U;
   }
-  uint64_t prev_len_last = total_len - (uint64_t)ite1;
+  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
   uint32_t ite2;
   if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
   {
diff --git a/sys/hacl/c/src/Lib_Memzero0.c b/sys/hacl/c/src/Lib_Memzero0.c
index 8e2253186..3d8a1e5f2 100644
--- a/sys/hacl/c/src/Lib_Memzero0.c
+++ b/sys/hacl/c/src/Lib_Memzero0.c
@@ -22,13 +22,14 @@
 #include <limits.h>
 #include <inttypes.h>
 
-#include "Lib_Memzero0.h"
+/* This is now a hand-written header */
+#include "lib_memzero0.h"
 #include "krml/internal/target.h"
 
 /* The F* formalization talks about the number of elements in the array. The C
    implementation wants a number of bytes in the array. KaRaMeL is aware of this
    and inserts a sizeof multiplication. */
-void Lib_Memzero0_memzero(void *dst, uint64_t len) {
+void Lib_Memzero0_memzero0(void *dst, uint64_t len) {
   /* This is safe: karamel checks at run-time (if needed) that all object sizes
      fit within a size_t, so the size we receive has been checked at
      allocation-time, possibly via KRML_CHECK_SIZE, to fit in a size_t. */
diff --git a/sys/hacl/c/src/msvc/EverCrypt_AEAD.c b/sys/hacl/c/src/msvc/EverCrypt_AEAD.c
index a4b306b77..21039bd4c 100644
--- a/sys/hacl/c/src/msvc/EverCrypt_AEAD.c
+++ b/sys/hacl/c/src/msvc/EverCrypt_AEAD.c
@@ -40,8 +40,14 @@ typedef struct EverCrypt_AEAD_state_s_s
 }
 EverCrypt_AEAD_state_s;
 
+/**
+Both encryption and decryption require a state that holds the key.
+The state may be reused as many times as desired.
+*/
 bool EverCrypt_AEAD_uu___is_Ek(Spec_Agile_AEAD_alg a, EverCrypt_AEAD_state_s projectee)
 {
+  KRML_HOST_IGNORE(a);
+  KRML_HOST_IGNORE(projectee);
   return true;
 }
 
@@ -54,8 +60,7 @@ Return the algorithm used in the AEAD state.
 */
 Spec_Agile_AEAD_alg EverCrypt_AEAD_alg_of_state(EverCrypt_AEAD_state_s *s)
 {
-  EverCrypt_AEAD_state_s scrut = *s;
-  Spec_Cipher_Expansion_impl impl = scrut.impl;
+  Spec_Cipher_Expansion_impl impl = (*s).impl;
   switch (impl)
   {
     case Spec_Cipher_Expansion_Hacl_CHACHA20:
@@ -93,53 +98,57 @@ create_in_chacha20_poly1305(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 static EverCrypt_Error_error_code
 create_in_aes128_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)480U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
     uint8_t *hkeys_b = ek + (uint32_t)176U;
-    uint64_t scrut = aes128_key_expansion(k, keys_b);
-    uint64_t scrut0 = aes128_keyhash_init(keys_b, hkeys_b);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b, hkeys_b));
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek });
     *dst = p;
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 static EverCrypt_Error_error_code
 create_in_aes256_gcm(EverCrypt_AEAD_state_s **dst, uint8_t *k)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t *ek = (uint8_t *)KRML_HOST_CALLOC((uint32_t)544U, sizeof (uint8_t));
     uint8_t *keys_b = ek;
     uint8_t *hkeys_b = ek + (uint32_t)240U;
-    uint64_t scrut = aes256_key_expansion(k, keys_b);
-    uint64_t scrut0 = aes256_keyhash_init(keys_b, hkeys_b);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b, hkeys_b));
     EverCrypt_AEAD_state_s
     *p = (EverCrypt_AEAD_state_s *)KRML_HOST_MALLOC(sizeof (EverCrypt_AEAD_state_s));
     p[0U] = ((EverCrypt_AEAD_state_s){ .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek });
     *dst = p;
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 /**
@@ -204,8 +213,7 @@ encrypt_aes128_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -215,8 +223,12 @@ encrypt_aes128_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -242,9 +254,7 @@ encrypt_aes128_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t
-    scrut0 =
-      gcm128_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -260,7 +270,7 @@ encrypt_aes128_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   else
   {
@@ -273,9 +283,7 @@ encrypt_aes128_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
-    uint64_t
-    scrut0 =
-      gcm128_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -291,7 +299,7 @@ encrypt_aes128_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
     inout_b,
@@ -328,8 +336,7 @@ encrypt_aes256_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -339,8 +346,12 @@ encrypt_aes256_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -366,9 +377,7 @@ encrypt_aes256_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
-    uint64_t
-    scrut0 =
-      gcm256_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -384,7 +393,7 @@ encrypt_aes256_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   else
   {
@@ -397,9 +406,7 @@ encrypt_aes256_gcm(
     uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
-    uint64_t
-    scrut0 =
-      gcm256_encrypt_opt(auth_b_,
+    KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
         keys_b,
@@ -415,7 +422,7 @@ encrypt_aes256_gcm(
         inout_b,
         (uint64_t)plain_len,
         scratch_b1,
-        tag);
+        tag));
   }
   memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
     inout_b,
@@ -521,23 +528,21 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  uint64_t scrut0 = aes128_key_expansion(k, keys_b0);
-  uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_Error_error_code r;
   if (s == NULL)
   {
-    r = EverCrypt_Error_InvalidKey;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
   else if (iv_len == (uint32_t)0U)
   {
-    r = EverCrypt_Error_InvalidIVLength;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
-    EverCrypt_AEAD_state_s scrut = *s;
-    uint8_t *ek0 = scrut.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)304U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -547,8 +552,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -574,9 +583,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t
-      scrut2 =
-        gcm128_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -592,7 +599,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     else
     {
@@ -605,9 +612,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
-      uint64_t
-      scrut2 =
-        gcm128_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -623,12 +628,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
       inout_b,
       (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    r = EverCrypt_Error_Success;
+    KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
   #else
@@ -665,23 +670,21 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  uint64_t scrut0 = aes256_key_expansion(k, keys_b0);
-  uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_Error_error_code r;
   if (s == NULL)
   {
-    r = EverCrypt_Error_InvalidKey;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
   }
   else if (iv_len == (uint32_t)0U)
   {
-    r = EverCrypt_Error_InvalidIVLength;
+    KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
   }
   else
   {
-    EverCrypt_AEAD_state_s scrut = *s;
-    uint8_t *ek0 = scrut.ek;
+    uint8_t *ek0 = (*s).ek;
     uint8_t *scratch_b = ek0 + (uint32_t)368U;
     uint8_t *ek1 = ek0;
     uint8_t *keys_b = ek1;
@@ -691,8 +694,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
     uint32_t bytes_len = len * (uint32_t)16U;
     uint8_t *iv_b = iv;
     memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-    uint64_t
-    uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
     uint8_t *inout_b = scratch_b;
     uint8_t *abytes_b = scratch_b + (uint32_t)16U;
     uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -718,9 +725,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128x6_ = len128x6 / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
-      uint64_t
-      scrut2 =
-        gcm256_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -736,7 +741,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     else
     {
@@ -749,9 +754,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
       uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
       uint64_t len128_num_ = len128_num / (uint64_t)16U;
       uint64_t len128x6_ = (uint64_t)0U;
-      uint64_t
-      scrut2 =
-        gcm256_encrypt_opt(auth_b_,
+      KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
           (uint64_t)ad_len,
           auth_num,
           keys_b,
@@ -767,12 +770,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm_no_check(
           inout_b,
           (uint64_t)plain_len,
           scratch_b1,
-          tag);
+          tag));
     }
     memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
       inout_b,
       (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-    r = EverCrypt_Error_Success;
+    KRML_HOST_IGNORE(EverCrypt_Error_Success);
   }
   return EverCrypt_Error_Success;
   #else
@@ -797,34 +800,32 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
   uint8_t *tag
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    uint64_t scrut0 = aes128_key_expansion(k, keys_b0);
-    uint64_t scrut1 = aes128_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
-    EverCrypt_Error_error_code r;
     if (s == NULL)
     {
-      r = EverCrypt_Error_InvalidKey;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
     else if (iv_len == (uint32_t)0U)
     {
-      r = EverCrypt_Error_InvalidIVLength;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
-      EverCrypt_AEAD_state_s scrut = *s;
-      uint8_t *ek0 = scrut.ek;
+      uint8_t *ek0 = (*s).ek;
       uint8_t *scratch_b = ek0 + (uint32_t)304U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
@@ -834,8 +835,12 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
       uint32_t bytes_len = len * (uint32_t)16U;
       uint8_t *iv_b = iv;
       memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+          (uint64_t)iv_len,
+          (uint64_t)len,
+          tmp_iv,
+          tmp_iv,
+          hkeys_b));
       uint8_t *inout_b = scratch_b;
       uint8_t *abytes_b = scratch_b + (uint32_t)16U;
       uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -861,9 +866,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128x6_ = len128x6 / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm128_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -879,7 +882,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       else
       {
@@ -892,9 +895,7 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
         uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm128_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm128_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -910,17 +911,19 @@ EverCrypt_AEAD_encrypt_expand_aes128_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
         inout_b,
         (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      r = EverCrypt_Error_Success;
+      KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -936,34 +939,32 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
   uint8_t *tag
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    uint64_t scrut0 = aes256_key_expansion(k, keys_b0);
-    uint64_t scrut1 = aes256_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
-    EverCrypt_Error_error_code r;
     if (s == NULL)
     {
-      r = EverCrypt_Error_InvalidKey;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidKey);
     }
     else if (iv_len == (uint32_t)0U)
     {
-      r = EverCrypt_Error_InvalidIVLength;
+      KRML_HOST_IGNORE(EverCrypt_Error_InvalidIVLength);
     }
     else
     {
-      EverCrypt_AEAD_state_s scrut = *s;
-      uint8_t *ek0 = scrut.ek;
+      uint8_t *ek0 = (*s).ek;
       uint8_t *scratch_b = ek0 + (uint32_t)368U;
       uint8_t *ek1 = ek0;
       uint8_t *keys_b = ek1;
@@ -973,8 +974,12 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
       uint32_t bytes_len = len * (uint32_t)16U;
       uint8_t *iv_b = iv;
       memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+      KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+          (uint64_t)iv_len,
+          (uint64_t)len,
+          tmp_iv,
+          tmp_iv,
+          hkeys_b));
       uint8_t *inout_b = scratch_b;
       uint8_t *abytes_b = scratch_b + (uint32_t)16U;
       uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1000,9 +1005,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128x6_ = len128x6 / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm256_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -1018,7 +1021,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       else
       {
@@ -1031,9 +1034,7 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
         uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
         uint64_t len128_num_ = len128_num / (uint64_t)16U;
         uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm256_encrypt_opt(auth_b_,
+        KRML_HOST_IGNORE(gcm256_encrypt_opt(auth_b_,
             (uint64_t)ad_len,
             auth_num,
             keys_b,
@@ -1049,17 +1050,19 @@ EverCrypt_AEAD_encrypt_expand_aes256_gcm(
             inout_b,
             (uint64_t)plain_len,
             scratch_b1,
-            tag);
+            tag));
       }
       memcpy(cipher + (uint32_t)(uint64_t)plain_len / (uint32_t)16U * (uint32_t)16U,
         inout_b,
         (uint32_t)(uint64_t)plain_len % (uint32_t)16U * sizeof (uint8_t));
-      r = EverCrypt_Error_Success;
+      KRML_HOST_IGNORE(EverCrypt_Error_Success);
     }
     return EverCrypt_Error_Success;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -1075,12 +1078,12 @@ EverCrypt_AEAD_encrypt_expand_chacha20_poly1305(
   uint8_t *tag
 )
 {
+  KRML_HOST_IGNORE(iv_len);
   uint8_t ek[32U] = { 0U };
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Hacl_CHACHA20, .ek = ek };
   memcpy(ek, k, (uint32_t)32U * sizeof (uint8_t));
   EverCrypt_AEAD_state_s *s = &p;
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek0 = scrut.ek;
+  uint8_t *ek0 = (*s).ek;
   EverCrypt_Chacha20Poly1305_aead_encrypt(ek0, iv, ad_len, ad, plain_len, plain, cipher, tag);
   return EverCrypt_Error_Success;
 }
@@ -1170,8 +1173,7 @@ decrypt_aes128_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)304U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -1181,8 +1183,12 @@ decrypt_aes128_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1210,7 +1216,7 @@ decrypt_aes128_gcm(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1228,7 +1234,6 @@ decrypt_aes128_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   else
@@ -1243,7 +1248,7 @@ decrypt_aes128_gcm(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1261,7 +1266,6 @@ decrypt_aes128_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1304,8 +1308,7 @@ decrypt_aes256_gcm(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint8_t *scratch_b = ek + (uint32_t)368U;
   uint8_t *ek1 = ek;
   uint8_t *keys_b = ek1;
@@ -1315,8 +1318,12 @@ decrypt_aes256_gcm(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1344,7 +1351,7 @@ decrypt_aes256_gcm(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1362,7 +1369,6 @@ decrypt_aes256_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   else
@@ -1377,7 +1383,7 @@ decrypt_aes256_gcm(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut0 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1395,7 +1401,6 @@ decrypt_aes256_gcm(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut0;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1437,8 +1442,7 @@ decrypt_chacha20_poly1305(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   uint32_t
   r = EverCrypt_Chacha20Poly1305_aead_decrypt(ek, iv, ad_len, ad, cipher_len, dst, cipher, tag);
   if (r == (uint32_t)0U)
@@ -1496,8 +1500,7 @@ EverCrypt_AEAD_decrypt(
   {
     return EverCrypt_Error_InvalidKey;
   }
-  EverCrypt_AEAD_state_s scrut = *s;
-  Spec_Cipher_Expansion_impl i = scrut.impl;
+  Spec_Cipher_Expansion_impl i = (*s).impl;
   switch (i)
   {
     case Spec_Cipher_Expansion_Vale_AES128:
@@ -1545,8 +1548,8 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint8_t ek[480U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-  uint64_t scrut = aes128_key_expansion(k, keys_b0);
-  uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
@@ -1557,8 +1560,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut1 = *s;
-  uint8_t *ek0 = scrut1.ek;
+  uint8_t *ek0 = (*s).ek;
   uint8_t *scratch_b = ek0 + (uint32_t)304U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
@@ -1568,8 +1570,12 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1597,7 +1603,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1615,7 +1621,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   else
@@ -1630,7 +1635,7 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm128_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1648,7 +1653,6 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1694,8 +1698,8 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint8_t ek[544U] = { 0U };
   uint8_t *keys_b0 = ek;
   uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-  uint64_t scrut = aes256_key_expansion(k, keys_b0);
-  uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0);
+  KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+  KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
   EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
   EverCrypt_AEAD_state_s *s = &p;
   if (s == NULL)
@@ -1706,8 +1710,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   {
     return EverCrypt_Error_InvalidIVLength;
   }
-  EverCrypt_AEAD_state_s scrut1 = *s;
-  uint8_t *ek0 = scrut1.ek;
+  uint8_t *ek0 = (*s).ek;
   uint8_t *scratch_b = ek0 + (uint32_t)368U;
   uint8_t *ek1 = ek0;
   uint8_t *keys_b = ek1;
@@ -1717,8 +1720,12 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
   uint32_t bytes_len = len * (uint32_t)16U;
   uint8_t *iv_b = iv;
   memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
-  uint64_t
-  uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
+  KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+      (uint64_t)iv_len,
+      (uint64_t)len,
+      tmp_iv,
+      tmp_iv,
+      hkeys_b));
   uint8_t *inout_b = scratch_b;
   uint8_t *abytes_b = scratch_b + (uint32_t)16U;
   uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
@@ -1746,7 +1753,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
     uint64_t len128x6_ = len128x6 / (uint64_t)16U;
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1764,7 +1771,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   else
@@ -1779,7 +1785,7 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
     uint64_t len128_num_ = len128_num / (uint64_t)16U;
     uint64_t len128x6_ = (uint64_t)0U;
     uint64_t
-    scrut2 =
+    c0 =
       gcm256_decrypt_opt(auth_b_,
         (uint64_t)ad_len,
         auth_num,
@@ -1797,7 +1803,6 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm_no_check(
         (uint64_t)cipher_len,
         scratch_b1,
         tag);
-    uint64_t c0 = scrut2;
     c = c0;
   }
   memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
@@ -1831,141 +1836,138 @@ EverCrypt_AEAD_decrypt_expand_aes128_gcm(
   uint8_t *dst
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[480U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)176U;
-    uint64_t scrut = aes128_key_expansion(k, keys_b0);
-    uint64_t scrut0 = aes128_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes128_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes128_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES128, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       return EverCrypt_Error_InvalidKey;
     }
-    else if (iv_len == (uint32_t)0U)
+    if (iv_len == (uint32_t)0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
+    uint8_t *ek0 = (*s).ek;
+    uint8_t *scratch_b = ek0 + (uint32_t)304U;
+    uint8_t *ek1 = ek0;
+    uint8_t *keys_b = ek1;
+    uint8_t *hkeys_b = ek1 + (uint32_t)176U;
+    uint8_t tmp_iv[16U] = { 0U };
+    uint32_t len = iv_len / (uint32_t)16U;
+    uint32_t bytes_len = len * (uint32_t)16U;
+    uint8_t *iv_b = iv;
+    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
+    uint8_t *inout_b = scratch_b;
+    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
+    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *cipher_b_ = cipher;
+    uint8_t *out_b_ = dst;
+    uint8_t *auth_b_ = ad;
+    memcpy(inout_b,
+      cipher + cipher_len_,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    memcpy(abytes_b,
+      ad + auth_len_,
+      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    uint64_t c;
+    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    {
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
+      uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t
+      c0 =
+        gcm128_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      c = c0;
+    }
     else
     {
-      EverCrypt_AEAD_state_s scrut1 = *s;
-      uint8_t *ek0 = scrut1.ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)304U;
-      uint8_t *ek1 = ek0;
-      uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)176U;
-      uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
-      uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+      uint32_t len128x61 = (uint32_t)0U;
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + len128x61;
+      uint8_t *out128_b = out_b_ + len128x61;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
-      uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
-      uint8_t *cipher_b_ = cipher;
-      uint8_t *out_b_ = dst;
-      uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        cipher + cipher_len_,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
-      uint64_t c;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
-      {
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
-        uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm128_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      else
-      {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + len128x61;
-        uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm128_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
-        inout_b,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t r = c;
-      if (r == (uint64_t)0U)
-      {
-        return EverCrypt_Error_Success;
-      }
-      else
-      {
-        return EverCrypt_Error_AuthenticationFailure;
-      }
+      c0 =
+        gcm128_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      c = c0;
     }
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+      inout_b,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t r = c;
+    if (r == (uint64_t)0U)
+    {
+      return EverCrypt_Error_Success;
+    }
+    return EverCrypt_Error_AuthenticationFailure;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -1981,141 +1983,138 @@ EverCrypt_AEAD_decrypt_expand_aes256_gcm(
   uint8_t *dst
 )
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_pclmulqdq = EverCrypt_AutoConfig2_has_pclmulqdq();
   bool has_avx = EverCrypt_AutoConfig2_has_avx();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
   bool has_movbe = EverCrypt_AutoConfig2_has_movbe();
   bool has_aesni = EverCrypt_AutoConfig2_has_aesni();
-  #if HACL_CAN_COMPILE_VALE
   if (has_aesni && has_pclmulqdq && has_avx && has_sse && has_movbe)
   {
     uint8_t ek[544U] = { 0U };
     uint8_t *keys_b0 = ek;
     uint8_t *hkeys_b0 = ek + (uint32_t)240U;
-    uint64_t scrut = aes256_key_expansion(k, keys_b0);
-    uint64_t scrut0 = aes256_keyhash_init(keys_b0, hkeys_b0);
+    KRML_HOST_IGNORE(aes256_key_expansion(k, keys_b0));
+    KRML_HOST_IGNORE(aes256_keyhash_init(keys_b0, hkeys_b0));
     EverCrypt_AEAD_state_s p = { .impl = Spec_Cipher_Expansion_Vale_AES256, .ek = ek };
     EverCrypt_AEAD_state_s *s = &p;
     if (s == NULL)
     {
       return EverCrypt_Error_InvalidKey;
     }
-    else if (iv_len == (uint32_t)0U)
+    if (iv_len == (uint32_t)0U)
     {
       return EverCrypt_Error_InvalidIVLength;
     }
+    uint8_t *ek0 = (*s).ek;
+    uint8_t *scratch_b = ek0 + (uint32_t)368U;
+    uint8_t *ek1 = ek0;
+    uint8_t *keys_b = ek1;
+    uint8_t *hkeys_b = ek1 + (uint32_t)240U;
+    uint8_t tmp_iv[16U] = { 0U };
+    uint32_t len = iv_len / (uint32_t)16U;
+    uint32_t bytes_len = len * (uint32_t)16U;
+    uint8_t *iv_b = iv;
+    memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+    KRML_HOST_IGNORE(compute_iv_stdcall(iv_b,
+        (uint64_t)iv_len,
+        (uint64_t)len,
+        tmp_iv,
+        tmp_iv,
+        hkeys_b));
+    uint8_t *inout_b = scratch_b;
+    uint8_t *abytes_b = scratch_b + (uint32_t)16U;
+    uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
+    uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
+    uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
+    uint8_t *cipher_b_ = cipher;
+    uint8_t *out_b_ = dst;
+    uint8_t *auth_b_ = ad;
+    memcpy(inout_b,
+      cipher + cipher_len_,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    memcpy(abytes_b,
+      ad + auth_len_,
+      (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
+    uint64_t c;
+    if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
+    {
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
+      uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128x6_ = len128x6 / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t
+      c0 =
+        gcm256_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      c = c0;
+    }
     else
     {
-      EverCrypt_AEAD_state_s scrut1 = *s;
-      uint8_t *ek0 = scrut1.ek;
-      uint8_t *scratch_b = ek0 + (uint32_t)368U;
-      uint8_t *ek1 = ek0;
-      uint8_t *keys_b = ek1;
-      uint8_t *hkeys_b = ek1 + (uint32_t)240U;
-      uint8_t tmp_iv[16U] = { 0U };
-      uint32_t len = iv_len / (uint32_t)16U;
-      uint32_t bytes_len = len * (uint32_t)16U;
-      uint8_t *iv_b = iv;
-      memcpy(tmp_iv, iv + bytes_len, iv_len % (uint32_t)16U * sizeof (uint8_t));
+      uint32_t len128x61 = (uint32_t)0U;
+      uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
+      uint8_t *in128x6_b = cipher_b_;
+      uint8_t *out128x6_b = out_b_;
+      uint8_t *in128_b = cipher_b_ + len128x61;
+      uint8_t *out128_b = out_b_ + len128x61;
+      uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
+      uint64_t len128_num_ = len128_num / (uint64_t)16U;
+      uint64_t len128x6_ = (uint64_t)0U;
       uint64_t
-      uu____0 = compute_iv_stdcall(iv_b, (uint64_t)iv_len, (uint64_t)len, tmp_iv, tmp_iv, hkeys_b);
-      uint8_t *inout_b = scratch_b;
-      uint8_t *abytes_b = scratch_b + (uint32_t)16U;
-      uint8_t *scratch_b1 = scratch_b + (uint32_t)32U;
-      uint32_t cipher_len_ = (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U;
-      uint32_t auth_len_ = (uint32_t)(uint64_t)ad_len / (uint32_t)16U * (uint32_t)16U;
-      uint8_t *cipher_b_ = cipher;
-      uint8_t *out_b_ = dst;
-      uint8_t *auth_b_ = ad;
-      memcpy(inout_b,
-        cipher + cipher_len_,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      memcpy(abytes_b,
-        ad + auth_len_,
-        (uint32_t)(uint64_t)ad_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t len128x6 = (uint64_t)cipher_len / (uint64_t)96U * (uint64_t)96U;
-      uint64_t c;
-      if (len128x6 / (uint64_t)16U >= (uint64_t)6U)
-      {
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U - len128x6;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + (uint32_t)len128x6;
-        uint8_t *out128_b = out_b_ + (uint32_t)len128x6;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128x6_ = len128x6 / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t
-        scrut2 =
-          gcm256_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      else
-      {
-        uint32_t len128x61 = (uint32_t)0U;
-        uint64_t len128_num = (uint64_t)cipher_len / (uint64_t)16U * (uint64_t)16U;
-        uint8_t *in128x6_b = cipher_b_;
-        uint8_t *out128x6_b = out_b_;
-        uint8_t *in128_b = cipher_b_ + len128x61;
-        uint8_t *out128_b = out_b_ + len128x61;
-        uint64_t auth_num = (uint64_t)ad_len / (uint64_t)16U;
-        uint64_t len128_num_ = len128_num / (uint64_t)16U;
-        uint64_t len128x6_ = (uint64_t)0U;
-        uint64_t
-        scrut2 =
-          gcm256_decrypt_opt(auth_b_,
-            (uint64_t)ad_len,
-            auth_num,
-            keys_b,
-            tmp_iv,
-            hkeys_b,
-            abytes_b,
-            in128x6_b,
-            out128x6_b,
-            len128x6_,
-            in128_b,
-            out128_b,
-            len128_num_,
-            inout_b,
-            (uint64_t)cipher_len,
-            scratch_b1,
-            tag);
-        uint64_t c0 = scrut2;
-        c = c0;
-      }
-      memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
-        inout_b,
-        (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
-      uint64_t r = c;
-      if (r == (uint64_t)0U)
-      {
-        return EverCrypt_Error_Success;
-      }
-      else
-      {
-        return EverCrypt_Error_AuthenticationFailure;
-      }
+      c0 =
+        gcm256_decrypt_opt(auth_b_,
+          (uint64_t)ad_len,
+          auth_num,
+          keys_b,
+          tmp_iv,
+          hkeys_b,
+          abytes_b,
+          in128x6_b,
+          out128x6_b,
+          len128x6_,
+          in128_b,
+          out128_b,
+          len128_num_,
+          inout_b,
+          (uint64_t)cipher_len,
+          scratch_b1,
+          tag);
+      c = c0;
+    }
+    memcpy(dst + (uint32_t)(uint64_t)cipher_len / (uint32_t)16U * (uint32_t)16U,
+      inout_b,
+      (uint32_t)(uint64_t)cipher_len % (uint32_t)16U * sizeof (uint8_t));
+    uint64_t r = c;
+    if (r == (uint64_t)0U)
+    {
+      return EverCrypt_Error_Success;
     }
+    return EverCrypt_Error_AuthenticationFailure;
   }
-  #endif
   return EverCrypt_Error_UnsupportedAlgorithm;
+  #else
+  return EverCrypt_Error_UnsupportedAlgorithm;
+  #endif
 }
 
 EverCrypt_Error_error_code
@@ -2210,8 +2209,7 @@ Cleanup and free the AEAD state.
 */
 void EverCrypt_AEAD_free(EverCrypt_AEAD_state_s *s)
 {
-  EverCrypt_AEAD_state_s scrut = *s;
-  uint8_t *ek = scrut.ek;
+  uint8_t *ek = (*s).ek;
   KRML_HOST_FREE(ek);
   KRML_HOST_FREE(s);
 }
diff --git a/sys/hacl/c/src/msvc/EverCrypt_AutoConfig2.c b/sys/hacl/c/src/msvc/EverCrypt_AutoConfig2.c
index fe93ef8a1..b549d0201 100644
--- a/sys/hacl/c/src/msvc/EverCrypt_AutoConfig2.c
+++ b/sys/hacl/c/src/msvc/EverCrypt_AutoConfig2.c
@@ -113,75 +113,59 @@ void EverCrypt_AutoConfig2_recall(void)
 void EverCrypt_AutoConfig2_init(void)
 {
   #if HACL_CAN_COMPILE_VALE
-  uint64_t scrut = check_aesni();
-  if (scrut != (uint64_t)0U)
+  if (check_aesni() != (uint64_t)0U)
   {
     cpu_has_aesni[0U] = true;
     cpu_has_pclmulqdq[0U] = true;
   }
-  uint64_t scrut0 = check_sha();
-  if (scrut0 != (uint64_t)0U)
+  if (check_sha() != (uint64_t)0U)
   {
     cpu_has_shaext[0U] = true;
   }
-  uint64_t scrut1 = check_adx_bmi2();
-  if (scrut1 != (uint64_t)0U)
+  if (check_adx_bmi2() != (uint64_t)0U)
   {
     cpu_has_bmi2[0U] = true;
     cpu_has_adx[0U] = true;
   }
-  uint64_t scrut2 = check_avx();
-  if (scrut2 != (uint64_t)0U)
+  if (check_avx() != (uint64_t)0U)
   {
-    uint64_t scrut3 = check_osxsave();
-    if (scrut3 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut4 = check_avx_xcr0();
-      if (scrut4 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
         cpu_has_avx[0U] = true;
       }
     }
   }
-  uint64_t scrut3 = check_avx2();
-  if (scrut3 != (uint64_t)0U)
+  if (check_avx2() != (uint64_t)0U)
   {
-    uint64_t scrut4 = check_osxsave();
-    if (scrut4 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut5 = check_avx_xcr0();
-      if (scrut5 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
         cpu_has_avx2[0U] = true;
       }
     }
   }
-  uint64_t scrut4 = check_sse();
-  if (scrut4 != (uint64_t)0U)
+  if (check_sse() != (uint64_t)0U)
   {
     cpu_has_sse[0U] = true;
   }
-  uint64_t scrut5 = check_movbe();
-  if (scrut5 != (uint64_t)0U)
+  if (check_movbe() != (uint64_t)0U)
   {
     cpu_has_movbe[0U] = true;
   }
-  uint64_t scrut6 = check_rdrand();
-  if (scrut6 != (uint64_t)0U)
+  if (check_rdrand() != (uint64_t)0U)
   {
     cpu_has_rdrand[0U] = true;
   }
-  uint64_t scrut7 = check_avx512();
-  if (scrut7 != (uint64_t)0U)
+  if (check_avx512() != (uint64_t)0U)
   {
-    uint64_t scrut8 = check_osxsave();
-    if (scrut8 != (uint64_t)0U)
+    if (check_osxsave() != (uint64_t)0U)
     {
-      uint64_t scrut9 = check_avx_xcr0();
-      if (scrut9 != (uint64_t)0U)
+      if (check_avx_xcr0() != (uint64_t)0U)
       {
-        uint64_t scrut10 = check_avx512_xcr0();
-        if (scrut10 != (uint64_t)0U)
+        if (check_avx512_xcr0() != (uint64_t)0U)
         {
           cpu_has_avx512[0U] = true;
           return;
diff --git a/sys/hacl/c/src/msvc/EverCrypt_Chacha20Poly1305.c b/sys/hacl/c/src/msvc/EverCrypt_Chacha20Poly1305.c
index b1ad5a74d..9a110bbf0 100644
--- a/sys/hacl/c/src/msvc/EverCrypt_Chacha20Poly1305.c
+++ b/sys/hacl/c/src/msvc/EverCrypt_Chacha20Poly1305.c
@@ -39,13 +39,12 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   uint8_t *tag
 )
 {
-  bool avx2 = EverCrypt_AutoConfig2_has_avx2();
-  bool avx = EverCrypt_AutoConfig2_has_avx();
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     Hacl_Chacha20Poly1305_256_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
     return;
   }
@@ -53,10 +52,13 @@ EverCrypt_Chacha20Poly1305_aead_encrypt(
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     Hacl_Chacha20Poly1305_128_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
     return;
   }
   #endif
+  KRML_HOST_IGNORE(vec128);
+  KRML_HOST_IGNORE(vec256);
   Hacl_Chacha20Poly1305_32_aead_encrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
 }
 
@@ -72,22 +74,24 @@ EverCrypt_Chacha20Poly1305_aead_decrypt(
   uint8_t *tag
 )
 {
-  bool avx2 = EverCrypt_AutoConfig2_has_avx2();
-  bool avx = EverCrypt_AutoConfig2_has_avx();
   bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     return Hacl_Chacha20Poly1305_256_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
   }
   #endif
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     return Hacl_Chacha20Poly1305_128_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
   }
   #endif
+  KRML_HOST_IGNORE(vec128);
+  KRML_HOST_IGNORE(vec256);
   return Hacl_Chacha20Poly1305_32_aead_decrypt(k, n, aadlen, aad, mlen, m, cipher, tag);
 }
 
diff --git a/sys/hacl/c/src/msvc/EverCrypt_Curve25519.c b/sys/hacl/c/src/msvc/EverCrypt_Curve25519.c
index b97637b86..202f58c13 100644
--- a/sys/hacl/c/src/msvc/EverCrypt_Curve25519.c
+++ b/sys/hacl/c/src/msvc/EverCrypt_Curve25519.c
@@ -27,13 +27,6 @@
 
 #include "config.h"
 
-static inline bool has_adx_bmi2(void)
-{
-  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
-  bool has_adx = EverCrypt_AutoConfig2_has_adx();
-  return has_bmi2 && has_adx;
-}
-
 /**
 Calculate a public point from a secret/private key.
 
@@ -45,13 +38,17 @@ This computes a scalar multiplication of the secret/private key with the curve's
 void EverCrypt_Curve25519_secret_to_public(uint8_t *pub, uint8_t *priv)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     Hacl_Curve25519_64_secret_to_public(pub, priv);
     return;
   }
-  #endif
   Hacl_Curve25519_51_secret_to_public(pub, priv);
+  #else
+  Hacl_Curve25519_51_secret_to_public(pub, priv);
+  #endif
 }
 
 /**
@@ -64,13 +61,17 @@ Compute the scalar multiple of a point.
 void EverCrypt_Curve25519_scalarmult(uint8_t *shared, uint8_t *my_priv, uint8_t *their_pub)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     Hacl_Curve25519_64_scalarmult(shared, my_priv, their_pub);
     return;
   }
-  #endif
   Hacl_Curve25519_51_scalarmult(shared, my_priv, their_pub);
+  #else
+  Hacl_Curve25519_51_scalarmult(shared, my_priv, their_pub);
+  #endif
 }
 
 /**
@@ -83,11 +84,15 @@ Execute the diffie-hellmann key exchange.
 bool EverCrypt_Curve25519_ecdh(uint8_t *shared, uint8_t *my_priv, uint8_t *their_pub)
 {
   #if HACL_CAN_COMPILE_VALE
-  if (has_adx_bmi2())
+  bool has_bmi2 = EverCrypt_AutoConfig2_has_bmi2();
+  bool has_adx = EverCrypt_AutoConfig2_has_adx();
+  if (has_bmi2 && has_adx)
   {
     return Hacl_Curve25519_64_ecdh(shared, my_priv, their_pub);
   }
-  #endif
   return Hacl_Curve25519_51_ecdh(shared, my_priv, their_pub);
+  #else
+  return Hacl_Curve25519_51_ecdh(shared, my_priv, their_pub);
+  #endif
 }
 
diff --git a/sys/hacl/c/src/msvc/EverCrypt_DRBG.c b/sys/hacl/c/src/msvc/EverCrypt_DRBG.c
index dfd7cc640..9591823cf 100644
--- a/sys/hacl/c/src/msvc/EverCrypt_DRBG.c
+++ b/sys/hacl/c/src/msvc/EverCrypt_DRBG.c
@@ -26,6 +26,7 @@
 #include "EverCrypt_DRBG.h"
 
 #include "internal/EverCrypt_HMAC.h"
+#include "lib_memzero0.h"
 
 uint32_t EverCrypt_DRBG_reseed_interval = (uint32_t)1024U;
 
@@ -91,6 +92,7 @@ EverCrypt_DRBG_uu___is_SHA1_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA1_s)
   {
     return true;
@@ -104,6 +106,7 @@ EverCrypt_DRBG_uu___is_SHA2_256_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_256_s)
   {
     return true;
@@ -117,6 +120,7 @@ EverCrypt_DRBG_uu___is_SHA2_384_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_384_s)
   {
     return true;
@@ -130,6 +134,7 @@ EverCrypt_DRBG_uu___is_SHA2_512_s(
   EverCrypt_DRBG_state_s projectee
 )
 {
+  KRML_HOST_IGNORE(uu___);
   if (projectee.tag == SHA2_512_s)
   {
     return true;
@@ -632,20 +637,18 @@ reseed_sha1(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA1_s)
   {
-    uu____0 = st_s.case_SHA1_s;
+    scrut = st_s.case_SHA1_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -715,20 +718,18 @@ reseed_sha2_256(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_256_s)
   {
-    uu____0 = st_s.case_SHA2_256_s;
+    scrut = st_s.case_SHA2_256_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -798,20 +799,18 @@ reseed_sha2_384(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_384_s)
   {
-    uu____0 = st_s.case_SHA2_384_s;
+    scrut = st_s.case_SHA2_384_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -881,20 +880,18 @@ reseed_sha2_512(
   memcpy(seed_material + entropy_input_len,
     additional_input,
     additional_input_len * sizeof (uint8_t));
-  Hacl_HMAC_DRBG_state uu____0;
+  Hacl_HMAC_DRBG_state scrut;
   if (st_s.tag == SHA2_512_s)
   {
-    uu____0 = st_s.case_SHA2_512_s;
+    scrut = st_s.case_SHA2_512_s;
   }
   else
   {
-    uu____0 =
-      KRML_EABORT(Hacl_HMAC_DRBG_state,
-        "unreachable (pattern matches are exhaustive in F*)");
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  uint8_t *k = uu____0.k;
-  uint8_t *v = uu____0.v;
-  uint32_t *ctr = uu____0.reseed_counter;
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
   uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
   KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
   uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -952,7 +949,6 @@ generate_sha1(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -960,11 +956,11 @@ generate_sha1(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len1 * sizeof (uint8_t));
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA1);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len * sizeof (uint8_t));
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -973,58 +969,58 @@ generate_sha1(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
       uint8_t
       *seed_material =
-        (uint8_t *)alloca((entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+        (uint8_t *)alloca((entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA1_s)
       {
-        uu____0 = st_s.case_SHA1_s;
+        scrut = st_s.case_SHA1_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)21U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)21U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[20U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
       EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
       memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)21U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)21U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)21U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[20U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
@@ -1050,75 +1046,24 @@ generate_sha1(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA1_s)
+  {
+    scrut = st_s.case_SHA1_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA1_s)
-    {
-      scrut = st_s.case_SHA1_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)21U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[20U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
-      EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)21U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[20U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
-        EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
-        memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)20U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)20U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)20U;
-      EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
-      memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)21U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1150,10 +1095,54 @@ generate_sha1(
       EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
       memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)20U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(out + i * (uint32_t)20U, v, (uint32_t)20U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)20U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)20U;
+    EverCrypt_HMAC_compute_sha1(v, k, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(block, v, (n - max * (uint32_t)20U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)21U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)20U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[20U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha1(k_, k, (uint32_t)20U, input0, input_len);
+  EverCrypt_HMAC_compute_sha1(v, k_, (uint32_t)20U, v, (uint32_t)20U);
+  memcpy(k, k_, (uint32_t)20U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)21U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)20U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)21U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[20U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha1(k_0, k, (uint32_t)20U, input, input_len0);
+    EverCrypt_HMAC_compute_sha1(v, k_0, (uint32_t)20U, v, (uint32_t)20U);
+    memcpy(k, k_0, (uint32_t)20U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1175,7 +1164,6 @@ generate_sha2_256(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1183,11 +1171,11 @@ generate_sha2_256(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len1 * sizeof (uint8_t));
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_256);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len * sizeof (uint8_t));
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1196,58 +1184,58 @@ generate_sha2_256(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
       uint8_t
       *seed_material =
-        (uint8_t *)alloca((entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+        (uint8_t *)alloca((entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_256_s)
       {
-        uu____0 = st_s.case_SHA2_256_s;
+        scrut = st_s.case_SHA2_256_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)33U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)33U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[32U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
       memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)33U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)33U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)33U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[32U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
@@ -1273,75 +1261,24 @@ generate_sha2_256(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_256_s)
+  {
+    scrut = st_s.case_SHA2_256_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_256_s)
-    {
-      scrut = st_s.case_SHA2_256_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)33U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[32U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)33U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[32U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
-        memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)32U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)32U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)32U;
-      EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
-      memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)33U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1373,10 +1310,54 @@ generate_sha2_256(
       EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
       memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)32U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(out + i * (uint32_t)32U, v, (uint32_t)32U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)32U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)32U;
+    EverCrypt_HMAC_compute_sha2_256(v, k, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(block, v, (n - max * (uint32_t)32U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)33U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)32U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[32U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_256(k_, k, (uint32_t)32U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_256(v, k_, (uint32_t)32U, v, (uint32_t)32U);
+  memcpy(k, k_, (uint32_t)32U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)33U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)32U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)33U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[32U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_256(k_0, k, (uint32_t)32U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_256(v, k_0, (uint32_t)32U, v, (uint32_t)32U);
+    memcpy(k, k_0, (uint32_t)32U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1398,7 +1379,6 @@ generate_sha2_384(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1406,11 +1386,11 @@ generate_sha2_384(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len1 * sizeof (uint8_t));
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_384);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len * sizeof (uint8_t));
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1419,58 +1399,58 @@ generate_sha2_384(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
       uint8_t
       *seed_material =
-        (uint8_t *)alloca((entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+        (uint8_t *)alloca((entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_384_s)
       {
-        uu____0 = st_s.case_SHA2_384_s;
+        scrut = st_s.case_SHA2_384_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)49U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)49U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[48U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
       memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)49U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)49U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)49U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[48U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
@@ -1496,75 +1476,24 @@ generate_sha2_384(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_384_s)
+  {
+    scrut = st_s.case_SHA2_384_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_384_s)
-    {
-      scrut = st_s.case_SHA2_384_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)49U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[48U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)49U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[48U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
-        memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)48U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)48U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)48U;
-      EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
-      memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)49U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1596,10 +1525,54 @@ generate_sha2_384(
       EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
       memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)48U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(out + i * (uint32_t)48U, v, (uint32_t)48U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)48U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)48U;
+    EverCrypt_HMAC_compute_sha2_384(v, k, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(block, v, (n - max * (uint32_t)48U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)49U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)48U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[48U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_384(k_, k, (uint32_t)48U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_384(v, k_, (uint32_t)48U, v, (uint32_t)48U);
+  memcpy(k, k_, (uint32_t)48U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)49U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)48U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)49U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[48U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_384(k_0, k, (uint32_t)48U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_384(v, k_0, (uint32_t)48U, v, (uint32_t)48U);
+    memcpy(k, k_0, (uint32_t)48U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1621,7 +1594,6 @@ generate_sha2_512(
   {
     return false;
   }
-  uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
   bool ok0;
   if (additional_input_len > Hacl_HMAC_DRBG_max_additional_input_length)
   {
@@ -1629,11 +1601,11 @@ generate_sha2_512(
   }
   else
   {
-    uint32_t entropy_input_len1 = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
-    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1);
-    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len1 * sizeof (uint8_t));
-    memset(entropy_input, 0U, entropy_input_len1 * sizeof (uint8_t));
-    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len1);
+    uint32_t entropy_input_len = Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_SHA2_512);
+    KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len);
+    uint8_t *entropy_input = (uint8_t *)alloca(entropy_input_len * sizeof (uint8_t));
+    memset(entropy_input, 0U, entropy_input_len * sizeof (uint8_t));
+    bool ok = Lib_RandomBuffer_System_randombytes(entropy_input, entropy_input_len);
     bool result;
     if (!ok)
     {
@@ -1642,58 +1614,58 @@ generate_sha2_512(
     else
     {
       EverCrypt_DRBG_state_s st_s = *st;
-      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len1 + additional_input_len);
+      KRML_CHECK_SIZE(sizeof (uint8_t), entropy_input_len + additional_input_len);
       uint8_t
       *seed_material =
-        (uint8_t *)alloca((entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memset(seed_material, 0U, (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
-      memcpy(seed_material, entropy_input, entropy_input_len1 * sizeof (uint8_t));
-      memcpy(seed_material + entropy_input_len1,
+        (uint8_t *)alloca((entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memset(seed_material, 0U, (entropy_input_len + additional_input_len) * sizeof (uint8_t));
+      memcpy(seed_material, entropy_input, entropy_input_len * sizeof (uint8_t));
+      memcpy(seed_material + entropy_input_len,
         additional_input,
         additional_input_len * sizeof (uint8_t));
-      Hacl_HMAC_DRBG_state uu____0;
+      Hacl_HMAC_DRBG_state scrut;
       if (st_s.tag == SHA2_512_s)
       {
-        uu____0 = st_s.case_SHA2_512_s;
+        scrut = st_s.case_SHA2_512_s;
       }
       else
       {
-        uu____0 =
+        scrut =
           KRML_EABORT(Hacl_HMAC_DRBG_state,
             "unreachable (pattern matches are exhaustive in F*)");
       }
-      uint8_t *k = uu____0.k;
-      uint8_t *v = uu____0.v;
-      uint32_t *ctr = uu____0.reseed_counter;
-      uint32_t input_len = (uint32_t)65U + entropy_input_len1 + additional_input_len;
+      uint8_t *k = scrut.k;
+      uint8_t *v = scrut.v;
+      uint32_t *ctr = scrut.reseed_counter;
+      uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_len;
       KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
       uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
       memset(input0, 0U, input_len * sizeof (uint8_t));
       uint8_t *k_ = input0;
       memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
         memcpy(input0 + (uint32_t)65U,
           seed_material,
-          (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+          (entropy_input_len + additional_input_len) * sizeof (uint8_t));
       }
       input0[64U] = (uint8_t)0U;
       EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
       EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
       memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+      if (entropy_input_len + additional_input_len != (uint32_t)0U)
       {
-        uint32_t input_len0 = (uint32_t)65U + entropy_input_len1 + additional_input_len;
+        uint32_t input_len0 = (uint32_t)65U + entropy_input_len + additional_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
         uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
         memset(input, 0U, input_len0 * sizeof (uint8_t));
         uint8_t *k_0 = input;
         memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (entropy_input_len1 + additional_input_len != (uint32_t)0U)
+        if (entropy_input_len + additional_input_len != (uint32_t)0U)
         {
           memcpy(input + (uint32_t)65U,
             seed_material,
-            (entropy_input_len1 + additional_input_len) * sizeof (uint8_t));
+            (entropy_input_len + additional_input_len) * sizeof (uint8_t));
         }
         input[64U] = (uint8_t)1U;
         EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
@@ -1719,75 +1691,24 @@ generate_sha2_512(
   {
     x1 = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
   }
-  bool b;
   if (x1.reseed_counter[0U] > Hacl_HMAC_DRBG_reseed_interval)
   {
-    b = false;
+    return false;
+  }
+  Hacl_HMAC_DRBG_state scrut;
+  if (st_s.tag == SHA2_512_s)
+  {
+    scrut = st_s.case_SHA2_512_s;
   }
   else
   {
-    Hacl_HMAC_DRBG_state scrut;
-    if (st_s.tag == SHA2_512_s)
-    {
-      scrut = st_s.case_SHA2_512_s;
-    }
-    else
-    {
-      scrut =
-        KRML_EABORT(Hacl_HMAC_DRBG_state,
-          "unreachable (pattern matches are exhaustive in F*)");
-    }
-    uint8_t *k = scrut.k;
-    uint8_t *v = scrut.v;
-    uint32_t *ctr = scrut.reseed_counter;
-    if (additional_input_len > (uint32_t)0U)
-    {
-      uint32_t input_len = (uint32_t)65U + additional_input_len;
-      KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
-      uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
-      memset(input0, 0U, input_len * sizeof (uint8_t));
-      uint8_t *k_ = input0;
-      memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
-      }
-      input0[64U] = (uint8_t)0U;
-      EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
-      EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
-      if (additional_input_len != (uint32_t)0U)
-      {
-        uint32_t input_len0 = (uint32_t)65U + additional_input_len;
-        KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
-        uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
-        memset(input, 0U, input_len0 * sizeof (uint8_t));
-        uint8_t *k_0 = input;
-        memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
-        if (additional_input_len != (uint32_t)0U)
-        {
-          memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
-        }
-        input[64U] = (uint8_t)1U;
-        EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
-        EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
-        memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
-      }
-    }
-    uint8_t *output1 = output;
-    uint32_t max = n / (uint32_t)64U;
-    uint8_t *out = output1;
-    for (uint32_t i = (uint32_t)0U; i < max; i++)
-    {
-      EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
-    }
-    if (max * (uint32_t)64U < n)
-    {
-      uint8_t *block = output1 + max * (uint32_t)64U;
-      EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
-      memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
-    }
+    scrut = KRML_EABORT(Hacl_HMAC_DRBG_state, "unreachable (pattern matches are exhaustive in F*)");
+  }
+  uint8_t *k = scrut.k;
+  uint8_t *v = scrut.v;
+  uint32_t *ctr = scrut.reseed_counter;
+  if (additional_input_len > (uint32_t)0U)
+  {
     uint32_t input_len = (uint32_t)65U + additional_input_len;
     KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
     uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1819,10 +1740,54 @@ generate_sha2_512(
       EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
       memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
     }
-    uint32_t old_ctr = ctr[0U];
-    ctr[0U] = old_ctr + (uint32_t)1U;
-    b = true;
   }
+  uint8_t *output1 = output;
+  uint32_t max = n / (uint32_t)64U;
+  uint8_t *out = output1;
+  for (uint32_t i = (uint32_t)0U; i < max; i++)
+  {
+    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(out + i * (uint32_t)64U, v, (uint32_t)64U * sizeof (uint8_t));
+  }
+  if (max * (uint32_t)64U < n)
+  {
+    uint8_t *block = output1 + max * (uint32_t)64U;
+    EverCrypt_HMAC_compute_sha2_512(v, k, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(block, v, (n - max * (uint32_t)64U) * sizeof (uint8_t));
+  }
+  uint32_t input_len = (uint32_t)65U + additional_input_len;
+  KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
+  uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
+  memset(input0, 0U, input_len * sizeof (uint8_t));
+  uint8_t *k_ = input0;
+  memcpy(k_, v, (uint32_t)64U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    memcpy(input0 + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+  }
+  input0[64U] = (uint8_t)0U;
+  EverCrypt_HMAC_compute_sha2_512(k_, k, (uint32_t)64U, input0, input_len);
+  EverCrypt_HMAC_compute_sha2_512(v, k_, (uint32_t)64U, v, (uint32_t)64U);
+  memcpy(k, k_, (uint32_t)64U * sizeof (uint8_t));
+  if (additional_input_len != (uint32_t)0U)
+  {
+    uint32_t input_len0 = (uint32_t)65U + additional_input_len;
+    KRML_CHECK_SIZE(sizeof (uint8_t), input_len0);
+    uint8_t *input = (uint8_t *)alloca(input_len0 * sizeof (uint8_t));
+    memset(input, 0U, input_len0 * sizeof (uint8_t));
+    uint8_t *k_0 = input;
+    memcpy(k_0, v, (uint32_t)64U * sizeof (uint8_t));
+    if (additional_input_len != (uint32_t)0U)
+    {
+      memcpy(input + (uint32_t)65U, additional_input, additional_input_len * sizeof (uint8_t));
+    }
+    input[64U] = (uint8_t)1U;
+    EverCrypt_HMAC_compute_sha2_512(k_0, k, (uint32_t)64U, input, input_len0);
+    EverCrypt_HMAC_compute_sha2_512(v, k_0, (uint32_t)64U, v, (uint32_t)64U);
+    memcpy(k, k_0, (uint32_t)64U * sizeof (uint8_t));
+  }
+  uint32_t old_ctr = ctr[0U];
+  ctr[0U] = old_ctr + (uint32_t)1U;
   return true;
 }
 
@@ -1841,8 +1806,8 @@ static void uninstantiate_sha1(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)20U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)20U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)20U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)20U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1865,8 +1830,8 @@ static void uninstantiate_sha2_256(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)32U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)32U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)32U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1889,8 +1854,8 @@ static void uninstantiate_sha2_384(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)48U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)48U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)48U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
@@ -1913,8 +1878,8 @@ static void uninstantiate_sha2_512(EverCrypt_DRBG_state_s *st)
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
-  Lib_Memzero0_memzero(k, (uint32_t)64U * sizeof (k[0U]));
-  Lib_Memzero0_memzero(v, (uint32_t)64U * sizeof (v[0U]));
+  Lib_Memzero0_memzero(k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(v, (uint32_t)64U, uint8_t);
   ctr[0U] = (uint32_t)0U;
   KRML_HOST_FREE(k);
   KRML_HOST_FREE(v);
diff --git a/sys/hacl/c/src/msvc/EverCrypt_HMAC.c b/sys/hacl/c/src/msvc/EverCrypt_HMAC.c
index 5691b3437..f279dfb8d 100644
--- a/sys/hacl/c/src/msvc/EverCrypt_HMAC.c
+++ b/sys/hacl/c/src/msvc/EverCrypt_HMAC.c
@@ -83,16 +83,18 @@ EverCrypt_HMAC_compute_sha1(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)20U;
+    ite = (uint32_t)20U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -201,16 +203,18 @@ EverCrypt_HMAC_compute_sha2_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -329,16 +333,18 @@ EverCrypt_HMAC_compute_sha2_384(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)48U;
+    ite = (uint32_t)48U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -458,16 +464,18 @@ EverCrypt_HMAC_compute_sha2_512(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -587,16 +595,18 @@ EverCrypt_HMAC_compute_blake2s(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -723,16 +733,18 @@ EverCrypt_HMAC_compute_blake2b(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/sys/hacl/c/src/msvc/EverCrypt_Hash.c b/sys/hacl/c/src/msvc/EverCrypt_Hash.c
index b10044494..b88df9e23 100644
--- a/sys/hacl/c/src/msvc/EverCrypt_Hash.c
+++ b/sys/hacl/c/src/msvc/EverCrypt_Hash.c
@@ -206,8 +206,8 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         #if HACL_CAN_COMPILE_VEC128
+        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
           s =
@@ -231,8 +231,8 @@ static EverCrypt_Hash_state_s *create_in(Spec_Hash_Definitions_hash_alg a)
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         #if HACL_CAN_COMPILE_VEC256
+        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
           s =
@@ -342,6 +342,7 @@ static void init(EverCrypt_Hash_state_s *s)
     Hacl_Blake2s_128_blake2s_init(p1, (uint32_t)0U, (uint32_t)32U);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -358,6 +359,7 @@ static void init(EverCrypt_Hash_state_s *s)
     Hacl_Blake2b_256_blake2b_init(p1, (uint32_t)0U, (uint32_t)64U);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -391,17 +393,20 @@ k224_256[64U] =
 
 void EverCrypt_Hash_update_multi_256(uint32_t *s, uint8_t *blocks, uint32_t n)
 {
+  #if HACL_CAN_COMPILE_VALE
   bool has_shaext = EverCrypt_AutoConfig2_has_shaext();
   bool has_sse = EverCrypt_AutoConfig2_has_sse();
-  #if HACL_CAN_COMPILE_VALE
   if (has_shaext && has_sse)
   {
     uint64_t n1 = (uint64_t)n;
-    uint64_t scrut = sha256_update(s, blocks, n1, k224_256);
+    KRML_HOST_IGNORE(sha256_update(s, blocks, n1, k224_256));
     return;
   }
-  #endif
   Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  #else
+  KRML_HOST_IGNORE(k224_256);
+  Hacl_SHA2_Scalar32_sha256_update_nblocks(n * (uint32_t)64U, blocks, s);
+  #endif
 }
 
 static void
@@ -495,6 +500,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
     Hacl_Blake2s_128_blake2s_update_multi(n * (uint32_t)64U, wv, p1, prevlen, blocks, n);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -525,6 +531,7 @@ update_multi(EverCrypt_Hash_state_s *s, uint64_t prevlen, uint8_t *blocks, uint3
       n);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -622,6 +629,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
     Hacl_Blake2s_128_blake2s_update_last(last_len, wv, p1, prev_len, last_len, last);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -650,6 +658,7 @@ update_last(EverCrypt_Hash_state_s *s, uint64_t prev_len, uint8_t *last, uint32_
       last);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -736,6 +745,7 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
     Hacl_Blake2s_128_blake2s_finish((uint32_t)32U, dst, p1);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -752,6 +762,7 @@ static void finish(EverCrypt_Hash_state_s *s, uint8_t *dst)
     Hacl_Blake2b_256_blake2b_finish((uint32_t)64U, dst, p1);
     return;
     #else
+    KRML_HOST_IGNORE(p1);
     return;
     #endif
   }
@@ -1026,6 +1037,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2s_128_load_state128s_from_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1052,6 +1064,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2b_256_load_state256b_from_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1078,6 +1091,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2s_128_store_state128s_to_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1104,6 +1118,7 @@ static void copy(EverCrypt_Hash_state_s *s_src, EverCrypt_Hash_state_s *s_dst)
       Hacl_Blake2b_256_store_state256b_to_state32(p_dst, p_src);
       return;
       #else
+      KRML_HOST_IGNORE(p_dst);
       return;
       #endif
     }
@@ -1281,6 +1296,7 @@ void EverCrypt_Hash_Incremental_init(EverCrypt_Hash_Incremental_hash_state *s)
   uint8_t *buf = scrut.buf;
   EverCrypt_Hash_state_s *block_state = scrut.block_state;
   Spec_Hash_Definitions_hash_alg i = alg_of_state(block_state);
+  KRML_HOST_IGNORE(i);
   init(block_state);
   EverCrypt_Hash_Incremental_hash_state
   tmp = { .block_state = block_state, .buf = buf, .total_len = (uint64_t)(uint32_t)0U };
@@ -2038,9 +2054,9 @@ static void finish_blake2s(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
     r = (uint32_t)(total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2S));
   }
   uint8_t *buf_1 = buf_;
-  bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   EverCrypt_Hash_state_s s;
   #if HACL_CAN_COMPILE_VEC128
+  bool vec128 = EverCrypt_AutoConfig2_has_vec128();
   KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 buf0[4U] KRML_POST_ALIGN(16) = { 0U };
   uint32_t buf[16U] = { 0U };
   if (vec128)
@@ -2097,9 +2113,9 @@ static void finish_blake2b(EverCrypt_Hash_Incremental_hash_state *p, uint8_t *ds
     r = (uint32_t)(total_len % (uint64_t)block_len(Spec_Hash_Definitions_Blake2B));
   }
   uint8_t *buf_1 = buf_;
-  bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   EverCrypt_Hash_state_s s;
   #if HACL_CAN_COMPILE_VEC256
+  bool vec256 = EverCrypt_AutoConfig2_has_vec256();
   KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 buf0[4U] KRML_POST_ALIGN(32) = { 0U };
   uint64_t buf[16U] = { 0U };
   if (vec256)
@@ -2140,8 +2156,7 @@ Perform a run-time test to determine which algorithm was chosen for the given pi
 Spec_Hash_Definitions_hash_alg
 EverCrypt_Hash_Incremental_alg_of_state(EverCrypt_Hash_Incremental_hash_state *s)
 {
-  EverCrypt_Hash_Incremental_hash_state scrut = *s;
-  EverCrypt_Hash_state_s *block_state = scrut.block_state;
+  EverCrypt_Hash_state_s *block_state = (*s).block_state;
   return alg_of_state(block_state);
 }
 
@@ -2384,28 +2399,32 @@ EverCrypt_Hash_Incremental_hash(
       }
     case Spec_Hash_Definitions_Blake2S:
       {
-        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         #if HACL_CAN_COMPILE_VEC128
+        bool vec128 = EverCrypt_AutoConfig2_has_vec128();
         if (vec128)
         {
           Hacl_Blake2s_128_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
           return;
         }
-        #endif
         Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        #else
+        Hacl_Blake2s_32_blake2s((uint32_t)32U, dst, len, input, (uint32_t)0U, NULL);
+        #endif
         break;
       }
     case Spec_Hash_Definitions_Blake2B:
       {
-        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         #if HACL_CAN_COMPILE_VEC256
+        bool vec256 = EverCrypt_AutoConfig2_has_vec256();
         if (vec256)
         {
           Hacl_Blake2b_256_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
           return;
         }
-        #endif
         Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        #else
+        Hacl_Blake2b_32_blake2b((uint32_t)64U, dst, len, input, (uint32_t)0U, NULL);
+        #endif
         break;
       }
     default:
diff --git a/sys/hacl/c/src/msvc/EverCrypt_Poly1305.c b/sys/hacl/c/src/msvc/EverCrypt_Poly1305.c
index f05f8e85a..82ca9b992 100644
--- a/sys/hacl/c/src/msvc/EverCrypt_Poly1305.c
+++ b/sys/hacl/c/src/msvc/EverCrypt_Poly1305.c
@@ -38,16 +38,16 @@ static void poly1305_vale(uint8_t *dst, uint8_t *src, uint32_t len, uint8_t *key
   uint8_t tmp[16U] = { 0U };
   if (n_extra == (uint32_t)0U)
   {
-    uint64_t scrut = x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, src, (uint64_t)len, (uint64_t)1U));
   }
   else
   {
     uint32_t len16 = n_blocks * (uint32_t)16U;
     uint8_t *src16 = src;
     memcpy(tmp, src + len16, n_extra * sizeof (uint8_t));
-    uint64_t scrut = x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, src16, (uint64_t)len16, (uint64_t)0U));
     memcpy(ctx + (uint32_t)24U, key, (uint32_t)32U * sizeof (uint8_t));
-    uint64_t scrut0 = x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U);
+    KRML_HOST_IGNORE(x64_poly1305(ctx, tmp, (uint64_t)n_extra, (uint64_t)1U));
   }
   memcpy(dst, ctx, (uint32_t)16U * sizeof (uint8_t));
   #endif
@@ -60,6 +60,7 @@ void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8
   #if HACL_CAN_COMPILE_VEC256
   if (vec256)
   {
+    KRML_HOST_IGNORE(vec128);
     Hacl_Poly1305_256_poly1305_mac(dst, len, src, key);
     return;
   }
@@ -67,13 +68,17 @@ void EverCrypt_Poly1305_poly1305(uint8_t *dst, uint8_t *src, uint32_t len, uint8
   #if HACL_CAN_COMPILE_VEC128
   if (vec128)
   {
+    KRML_HOST_IGNORE(vec256);
     Hacl_Poly1305_128_poly1305_mac(dst, len, src, key);
     return;
   }
   #endif
+  KRML_HOST_IGNORE(vec256);
+  KRML_HOST_IGNORE(vec128);
   #if HACL_CAN_COMPILE_VALE
   poly1305_vale(dst, src, len, key);
   #else
+  KRML_HOST_IGNORE(poly1305_vale);
   Hacl_Poly1305_32_poly1305_mac(dst, len, src, key);
   #endif
 }
diff --git a/sys/hacl/c/src/msvc/Hacl_Bignum.c b/sys/hacl/c/src/msvc/Hacl_Bignum.c
index 886d77312..ca093c6d5 100644
--- a/sys/hacl/c/src/msvc/Hacl_Bignum.c
+++ b/sys/hacl/c/src/msvc/Hacl_Bignum.c
@@ -58,6 +58,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
     uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c10);
   uint32_t c00 = c0;
   uint32_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b0, b1, tmp_);
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len2, b1, b0, t1);
@@ -67,6 +68,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
     uint32_t x = (((uint32_t)0U - c010) & t1[i]) | (~((uint32_t)0U - c010) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint32_t c11 = c010;
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
@@ -150,6 +152,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -182,6 +185,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
     uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c10);
   uint64_t c00 = c0;
   uint64_t c010 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b0, b1, tmp_);
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len2, b1, b0, t1);
@@ -191,6 +195,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
     uint64_t x = (((uint64_t)0U - c010) & t1[i]) | (~((uint64_t)0U - c010) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint64_t c11 = c010;
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
@@ -274,6 +279,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_mul_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -302,7 +308,9 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
     uint32_t x = (((uint32_t)0U - c0) & t0[i]) | (~((uint32_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint32_t c00 = c0;
+  KRML_HOST_IGNORE(c00);
   uint32_t *t23 = tmp + aLen;
   uint32_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(len2, t0, tmp1, t23);
@@ -373,6 +381,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint32(
   uint32_t c8 = r1;
   uint32_t c = c8;
   uint32_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -401,7 +410,9 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
     uint64_t x = (((uint64_t)0U - c0) & t0[i]) | (~((uint64_t)0U - c0) & tmp_[i]);
     os[i] = x;
   }
+  KRML_HOST_IGNORE(c1);
   uint64_t c00 = c0;
+  KRML_HOST_IGNORE(c00);
   uint64_t *t23 = tmp + aLen;
   uint64_t *tmp1 = tmp + aLen + aLen;
   Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(len2, t0, tmp1, t23);
@@ -472,6 +483,7 @@ Hacl_Bignum_Karatsuba_bn_karatsuba_sqr_uint64(
   uint64_t c8 = r1;
   uint64_t c = c8;
   uint64_t c9 = c;
+  KRML_HOST_IGNORE(c9);
 }
 
 void
@@ -696,6 +708,7 @@ Hacl_Bignum_bn_sub_mod_n_u32(
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t1, t2, res_i);
   }
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len1; i++)
   {
@@ -773,6 +786,7 @@ Hacl_Bignum_bn_sub_mod_n_u64(
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len1; i++)
   {
@@ -1266,6 +1280,7 @@ bn_almost_mont_reduction_u32(
   uint32_t *tmp = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(tmp, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -1362,6 +1377,7 @@ bn_almost_mont_reduction_u64(
   uint64_t *tmp = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(tmp, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
diff --git a/sys/hacl/c/src/msvc/Hacl_Bignum256.c b/sys/hacl/c/src/msvc/Hacl_Bignum256.c
index 619c34b88..b516e70d6 100644
--- a/sys/hacl/c/src/msvc/Hacl_Bignum256.c
+++ b/sys/hacl/c/src/msvc/Hacl_Bignum256.c
@@ -229,6 +229,7 @@ void Hacl_Bignum256_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -314,6 +315,7 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -325,6 +327,7 @@ void Hacl_Bignum256_sqr(uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint64_t *n, uint64_t *res)
@@ -441,6 +444,7 @@ static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -518,6 +522,7 @@ static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint6
     uint64_t r = c1;
     c[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, c, c);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -529,6 +534,7 @@ static inline void amont_sqr(uint64_t *n, uint64_t nInv_u64, uint64_t *aM, uint6
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, c, tmp, c);
+  KRML_HOST_IGNORE(c1);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -569,6 +575,7 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
   uint64_t c00 = c0;
   uint64_t tmp[4U] = { 0U };
   uint64_t c1 = Hacl_Bignum256_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -1154,6 +1161,7 @@ bool Hacl_Bignum256_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *re
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
   }
   else
@@ -1335,6 +1343,7 @@ Hacl_Bignum256_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
 }
 
@@ -1453,6 +1462,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -1469,6 +1479,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
diff --git a/sys/hacl/c/src/msvc/Hacl_Bignum256_32.c b/sys/hacl/c/src/msvc/Hacl_Bignum256_32.c
index 4db592518..1c8ce59b6 100644
--- a/sys/hacl/c/src/msvc/Hacl_Bignum256_32.c
+++ b/sys/hacl/c/src/msvc/Hacl_Bignum256_32.c
@@ -241,6 +241,7 @@ void Hacl_Bignum256_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t *
     uint32_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i););
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -328,6 +329,7 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     uint32_t r = c;
     res[i0 + i0] = r;);
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -339,6 +341,7 @@ void Hacl_Bignum256_32_sqr(uint32_t *a, uint32_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void precompr2(uint32_t nBits, uint32_t *n, uint32_t *res)
@@ -461,6 +464,7 @@ static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -540,6 +544,7 @@ static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint3
     uint32_t r = c1;
     c[i0 + i0] = r;);
   uint32_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, c, c);
+  KRML_HOST_IGNORE(c0);
   uint32_t tmp[16U] = { 0U };
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -551,6 +556,7 @@ static inline void amont_sqr(uint32_t *n, uint32_t nInv_u64, uint32_t *aM, uint3
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint32_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u32((uint32_t)16U, c, tmp, c);
+  KRML_HOST_IGNORE(c1);
   areduction(n, nInv_u64, c, resM);
 }
 
@@ -593,6 +599,7 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
   uint32_t c00 = c0;
   uint32_t tmp[8U] = { 0U };
   uint32_t c1 = Hacl_Bignum256_32_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
@@ -1188,6 +1195,7 @@ bool Hacl_Bignum256_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
       c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)256U, n2, res);
   }
   else
@@ -1382,6 +1390,7 @@ Hacl_Bignum256_32_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)256U, n2, res);
 }
 
@@ -1500,6 +1509,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
     (uint32_t)8U,
@@ -1516,6 +1526,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum256_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR8(i,
     (uint32_t)0U,
     (uint32_t)8U,
diff --git a/sys/hacl/c/src/msvc/Hacl_Bignum32.c b/sys/hacl/c/src/msvc/Hacl_Bignum32.c
index 4784502ae..f719a08ec 100644
--- a/sys/hacl/c/src/msvc/Hacl_Bignum32.c
+++ b/sys/hacl/c/src/msvc/Hacl_Bignum32.c
@@ -181,6 +181,7 @@ bn_slow_precomp(
   uint32_t *tmp0 = (uint32_t *)alloca(len * sizeof (uint32_t));
   memset(tmp0, 0U, len * sizeof (uint32_t));
   uint32_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u32(len, a_mod, n, tmp0);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -431,6 +432,7 @@ bool Hacl_Bignum32_mod_inv_prime_vartime(uint32_t len, uint32_t *n, uint32_t *a,
     {
       c1 = c0;
     }
+    KRML_HOST_IGNORE(c1);
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u32(len,
       nBits,
       n,
@@ -670,6 +672,7 @@ Hacl_Bignum32_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u32(len1,
     k1.n,
     k1.mu,
diff --git a/sys/hacl/c/src/msvc/Hacl_Bignum4096.c b/sys/hacl/c/src/msvc/Hacl_Bignum4096.c
index 5aa2af33a..ee51cc5ed 100644
--- a/sys/hacl/c/src/msvc/Hacl_Bignum4096.c
+++ b/sys/hacl/c/src/msvc/Hacl_Bignum4096.c
@@ -243,6 +243,7 @@ void Hacl_Bignum4096_sub_mod(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *re
     uint64_t *res_i = tmp + (uint32_t)4U * i + (uint32_t)3U;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i););
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -393,6 +394,7 @@ static inline void areduction(uint64_t *n, uint64_t nInv, uint64_t *c, uint64_t
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -457,6 +459,7 @@ bn_slow_precomp(uint64_t *n, uint64_t mu, uint64_t *r2, uint64_t *a, uint64_t *r
   uint64_t c00 = c0;
   uint64_t tmp[64U] = { 0U };
   uint64_t c1 = Hacl_Bignum4096_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
@@ -1047,6 +1050,7 @@ bool Hacl_Bignum4096_mod_inv_prime_vartime(uint64_t *n, uint64_t *a, uint64_t *r
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
     uint64_t c1 = c;
     uint64_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
   }
   else
@@ -1244,6 +1248,7 @@ Hacl_Bignum4096_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
   uint64_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
 }
 
@@ -1362,6 +1367,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_be(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
     store64_be(res + i * (uint32_t)8U, b[(uint32_t)64U - i - (uint32_t)1U]);
@@ -1377,6 +1383,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_bn_to_bytes_le(uint64_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)64U; i++)
   {
     store64_le(res + i * (uint32_t)8U, b[i]);
diff --git a/sys/hacl/c/src/msvc/Hacl_Bignum4096_32.c b/sys/hacl/c/src/msvc/Hacl_Bignum4096_32.c
index 1924e7d87..790d04284 100644
--- a/sys/hacl/c/src/msvc/Hacl_Bignum4096_32.c
+++ b/sys/hacl/c/src/msvc/Hacl_Bignum4096_32.c
@@ -238,6 +238,7 @@ void Hacl_Bignum4096_32_sub_mod(uint32_t *n, uint32_t *a, uint32_t *b, uint32_t
     c = Lib_IntTypes_Intrinsics_add_carry_u32(c, t12, t2, res_i);
   }
   uint32_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint32_t c2 = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -385,6 +386,7 @@ static inline void areduction(uint32_t *n, uint32_t nInv, uint32_t *c, uint32_t
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(res, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -448,6 +450,7 @@ bn_slow_precomp(uint32_t *n, uint32_t mu, uint32_t *r2, uint32_t *a, uint32_t *r
   uint32_t c00 = c0;
   uint32_t tmp[128U] = { 0U };
   uint32_t c1 = Hacl_Bignum4096_32_sub(a_mod, n, tmp);
+  KRML_HOST_IGNORE(c1);
   uint32_t m = (uint32_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
@@ -1033,6 +1036,7 @@ bool Hacl_Bignum4096_32_mod_inv_prime_vartime(uint32_t *n, uint32_t *a, uint32_t
       c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
     uint32_t c1 = c;
     uint32_t c2 = c1;
+    KRML_HOST_IGNORE(c2);
     exp_vartime(nBits, n, a, (uint32_t)4096U, n2, res);
   }
   else
@@ -1228,6 +1232,7 @@ Hacl_Bignum4096_32_mod_inv_prime_vartime_precomp(
     c = Lib_IntTypes_Intrinsics_sub_borrow_u32(c, t1, (uint32_t)0U, res_i););
   uint32_t c1 = c;
   uint32_t c2 = c1;
+  KRML_HOST_IGNORE(c2);
   exp_vartime_precomp(k1.n, k1.mu, k1.r2, a, (uint32_t)4096U, n2, res);
 }
 
@@ -1346,6 +1351,7 @@ Serialize a bignum into big-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_be(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
     store32_be(res + i * (uint32_t)4U, b[(uint32_t)128U - i - (uint32_t)1U]);
@@ -1361,6 +1367,7 @@ Serialize a bignum into little-endian memory.
 void Hacl_Bignum4096_32_bn_to_bytes_le(uint32_t *b, uint8_t *res)
 {
   uint8_t tmp[512U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   for (uint32_t i = (uint32_t)0U; i < (uint32_t)128U; i++)
   {
     store32_le(res + i * (uint32_t)4U, b[i]);
diff --git a/sys/hacl/c/src/msvc/Hacl_Bignum64.c b/sys/hacl/c/src/msvc/Hacl_Bignum64.c
index ee99893a8..9e701c7b0 100644
--- a/sys/hacl/c/src/msvc/Hacl_Bignum64.c
+++ b/sys/hacl/c/src/msvc/Hacl_Bignum64.c
@@ -180,6 +180,7 @@ bn_slow_precomp(
   uint64_t *tmp0 = (uint64_t *)alloca(len * sizeof (uint64_t));
   memset(tmp0, 0U, len * sizeof (uint64_t));
   uint64_t c1 = Hacl_Bignum_Addition_bn_sub_eq_len_u64(len, a_mod, n, tmp0);
+  KRML_HOST_IGNORE(c1);
   uint64_t m = (uint64_t)0U - c00;
   for (uint32_t i = (uint32_t)0U; i < len; i++)
   {
@@ -430,6 +431,7 @@ bool Hacl_Bignum64_mod_inv_prime_vartime(uint32_t len, uint64_t *n, uint64_t *a,
     {
       c1 = c0;
     }
+    KRML_HOST_IGNORE(c1);
     Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_u64(len,
       nBits,
       n,
@@ -669,6 +671,7 @@ Hacl_Bignum64_mod_inv_prime_vartime_precomp(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_Bignum_Exponentiation_bn_mod_exp_vartime_precomp_u64(len1,
     k1.n,
     k1.mu,
diff --git a/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec128.c b/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec128.c
index ed112654b..1e0c4ec1e 100644
--- a/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec128.c
+++ b/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec128.c
@@ -370,9 +370,8 @@ Hacl_Chacha20_Vec128_chacha20_encrypt_128(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)256U;
-    uint8_t *uu____3 = text + nb * (uint32_t)256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
@@ -676,9 +675,8 @@ Hacl_Chacha20_Vec128_chacha20_decrypt_128(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)256U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)256U;
     uint8_t plain[256U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)256U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(16) Lib_IntVector_Intrinsics_vec128 k[16U] KRML_POST_ALIGN(16) = { 0U };
     chacha20_core_128(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec128 st0 = k[0U];
diff --git a/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec256.c b/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec256.c
index 2df300b62..620f50405 100644
--- a/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec256.c
+++ b/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec256.c
@@ -470,9 +470,8 @@ Hacl_Chacha20_Vec256_chacha20_encrypt_256(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)512U;
-    uint8_t *uu____3 = text + nb * (uint32_t)512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
@@ -968,9 +967,8 @@ Hacl_Chacha20_Vec256_chacha20_decrypt_256(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)512U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)512U;
     uint8_t plain[512U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)512U, rem * sizeof (uint8_t));
     KRML_PRE_ALIGN(32) Lib_IntVector_Intrinsics_vec256 k[16U] KRML_POST_ALIGN(32) = { 0U };
     chacha20_core_256(k, ctx, nb);
     Lib_IntVector_Intrinsics_vec256 st0 = k[0U];
diff --git a/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec32.c b/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec32.c
index 6f137f39d..2bf4764ca 100644
--- a/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec32.c
+++ b/sys/hacl/c/src/msvc/Hacl_Chacha20_Vec32.c
@@ -229,9 +229,8 @@ Hacl_Chacha20_Vec32_chacha20_encrypt_32(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = text + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
@@ -279,9 +278,8 @@ Hacl_Chacha20_Vec32_chacha20_decrypt_32(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k[16U] = { 0U };
     chacha20_core_32(k, ctx, nb);
     KRML_MAYBE_FOR16(i,
diff --git a/sys/hacl/c/src/msvc/Hacl_Curve25519_64.c b/sys/hacl/c/src/msvc/Hacl_Curve25519_64.c
index 526fbd22f..fb0974fed 100644
--- a/sys/hacl/c/src/msvc/Hacl_Curve25519_64.c
+++ b/sys/hacl/c/src/msvc/Hacl_Curve25519_64.c
@@ -35,7 +35,7 @@ static inline void add_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   add_scalar(out, f1, f2);
   #else
-  uint64_t uu____0 = add_scalar_e(out, f1, f2);
+  KRML_HOST_IGNORE(add_scalar_e(out, f1, f2));
   #endif
 }
 
@@ -44,7 +44,7 @@ static inline void fadd0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fadd(out, f1, f2);
   #else
-  uint64_t uu____0 = fadd_e(out, f1, f2);
+  KRML_HOST_IGNORE(fadd_e(out, f1, f2));
   #endif
 }
 
@@ -53,7 +53,7 @@ static inline void fsub0(uint64_t *out, uint64_t *f1, uint64_t *f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsub(out, f1, f2);
   #else
-  uint64_t uu____0 = fsub_e(out, f1, f2);
+  KRML_HOST_IGNORE(fsub_e(out, f1, f2));
   #endif
 }
 
@@ -62,7 +62,7 @@ static inline void fmul0(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *tm
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul(out, f1, f2, tmp);
   #else
-  uint64_t uu____0 = fmul_e(tmp, f1, out, f2);
+  KRML_HOST_IGNORE(fmul_e(tmp, f1, out, f2));
   #endif
 }
 
@@ -71,7 +71,7 @@ static inline void fmul20(uint64_t *out, uint64_t *f1, uint64_t *f2, uint64_t *t
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul2(out, f1, f2, tmp);
   #else
-  uint64_t uu____0 = fmul2_e(tmp, f1, out, f2);
+  KRML_HOST_IGNORE(fmul2_e(tmp, f1, out, f2));
   #endif
 }
 
@@ -80,7 +80,7 @@ static inline void fmul_scalar0(uint64_t *out, uint64_t *f1, uint64_t f2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fmul_scalar(out, f1, f2);
   #else
-  uint64_t uu____0 = fmul_scalar_e(out, f1, f2);
+  KRML_HOST_IGNORE(fmul_scalar_e(out, f1, f2));
   #endif
 }
 
@@ -89,7 +89,7 @@ static inline void fsqr0(uint64_t *out, uint64_t *f1, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr(out, f1, tmp);
   #else
-  uint64_t uu____0 = fsqr_e(tmp, f1, out);
+  KRML_HOST_IGNORE(fsqr_e(tmp, f1, out));
   #endif
 }
 
@@ -98,7 +98,7 @@ static inline void fsqr20(uint64_t *out, uint64_t *f, uint64_t *tmp)
   #if HACL_CAN_COMPILE_INLINE_ASM
   fsqr2(out, f, tmp);
   #else
-  uint64_t uu____0 = fsqr2_e(tmp, f, out);
+  KRML_HOST_IGNORE(fsqr2_e(tmp, f, out));
   #endif
 }
 
@@ -107,7 +107,7 @@ static inline void cswap20(uint64_t bit, uint64_t *p1, uint64_t *p2)
   #if HACL_CAN_COMPILE_INLINE_ASM
   cswap2(bit, p1, p2);
   #else
-  uint64_t uu____0 = cswap2_e(bit, p1, p2);
+  KRML_HOST_IGNORE(cswap2_e(bit, p1, p2));
   #endif
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_Ed25519.c b/sys/hacl/c/src/msvc/Hacl_Ed25519.c
index 39d259980..36113197a 100644
--- a/sys/hacl/c/src/msvc/Hacl_Ed25519.c
+++ b/sys/hacl/c/src/msvc/Hacl_Ed25519.c
@@ -711,65 +711,59 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 c00 = carry0;
   FStar_UInt128_uint128
   carry1 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z11, c00), (uint32_t)56U);
-  uint64_t
-  t100 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00))
-    & (uint64_t)0xffffffffffffffU;
+  KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z11, c00))
+    & (uint64_t)0xffffffffffffffU);
   FStar_UInt128_uint128 c10 = carry1;
   FStar_UInt128_uint128
   carry2 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z21, c10), (uint32_t)56U);
-  uint64_t
-  t101 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10))
-    & (uint64_t)0xffffffffffffffU;
+  KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z21, c10))
+    & (uint64_t)0xffffffffffffffU);
   FStar_UInt128_uint128 c20 = carry2;
   FStar_UInt128_uint128
   carry3 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z31, c20), (uint32_t)56U);
-  uint64_t
-  t102 =
-    FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20))
-    & (uint64_t)0xffffffffffffffU;
+  KRML_HOST_IGNORE(FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z31, c20))
+    & (uint64_t)0xffffffffffffffU);
   FStar_UInt128_uint128 c30 = carry3;
   FStar_UInt128_uint128
   carry4 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z41, c30), (uint32_t)56U);
   uint64_t
-  t103 =
+  t100 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z41, c30))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c40 = carry4;
-  uint64_t t410 = t103;
+  uint64_t t410 = t100;
   FStar_UInt128_uint128
   carry5 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z5, c40), (uint32_t)56U);
   uint64_t
-  t104 =
+  t101 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z5, c40))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c5 = carry5;
-  uint64_t t51 = t104;
+  uint64_t t51 = t101;
   FStar_UInt128_uint128
   carry6 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z6, c5), (uint32_t)56U);
   uint64_t
-  t105 =
+  t102 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z6, c5))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c6 = carry6;
-  uint64_t t61 = t105;
+  uint64_t t61 = t102;
   FStar_UInt128_uint128
   carry7 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z7, c6), (uint32_t)56U);
   uint64_t
-  t106 =
+  t103 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z7, c6))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c7 = carry7;
-  uint64_t t71 = t106;
+  uint64_t t71 = t103;
   FStar_UInt128_uint128
   carry8 = FStar_UInt128_shift_right(FStar_UInt128_add_mod(z8, c7), (uint32_t)56U);
   uint64_t
-  t107 =
+  t104 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(z8, c7))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c8 = carry8;
-  uint64_t t81 = t107;
+  uint64_t t81 = t104;
   uint64_t t91 = FStar_UInt128_uint128_to_uint64(c8);
   uint64_t qmu4_ = t410;
   uint64_t qmu5_ = t51;
@@ -818,19 +812,19 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   FStar_UInt128_uint128 xy31 = FStar_UInt128_mul_wide(qdiv3, m1);
   FStar_UInt128_uint128 xy40 = FStar_UInt128_mul_wide(qdiv4, m0);
   FStar_UInt128_uint128 carry9 = FStar_UInt128_shift_right(xy00, (uint32_t)56U);
-  uint64_t t108 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
+  uint64_t t105 = FStar_UInt128_uint128_to_uint64(xy00) & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c0 = carry9;
-  uint64_t t010 = t108;
+  uint64_t t010 = t105;
   FStar_UInt128_uint128
   carry10 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0),
       (uint32_t)56U);
   uint64_t
-  t109 =
+  t106 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy01, xy10), c0))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c11 = carry10;
-  uint64_t t110 = t109;
+  uint64_t t110 = t106;
   FStar_UInt128_uint128
   carry11 =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
@@ -839,14 +833,14 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c11),
       (uint32_t)56U);
   uint64_t
-  t1010 =
+  t107 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy02,
             xy11),
           xy20),
         c11))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c21 = carry11;
-  uint64_t t210 = t1010;
+  uint64_t t210 = t107;
   FStar_UInt128_uint128
   carry =
     FStar_UInt128_shift_right(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
@@ -856,7 +850,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c21),
       (uint32_t)56U);
   uint64_t
-  t1011 =
+  t108 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy03,
               xy12),
             xy21),
@@ -864,7 +858,7 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
         c21))
     & (uint64_t)0xffffffffffffffU;
   FStar_UInt128_uint128 c31 = carry;
-  uint64_t t310 = t1011;
+  uint64_t t310 = t108;
   uint64_t
   t411 =
     FStar_UInt128_uint128_to_uint64(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(FStar_UInt128_add_mod(xy04,
@@ -880,24 +874,24 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t qmul3 = t310;
   uint64_t qmul4 = t411;
   uint64_t b5 = (r0 - qmul0) >> (uint32_t)63U;
-  uint64_t t1012 = (b5 << (uint32_t)56U) + r0 - qmul0;
+  uint64_t t109 = (b5 << (uint32_t)56U) + r0 - qmul0;
   uint64_t c1 = b5;
-  uint64_t t011 = t1012;
+  uint64_t t011 = t109;
   uint64_t b6 = (r1 - (qmul1 + c1)) >> (uint32_t)63U;
-  uint64_t t1013 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
+  uint64_t t1010 = (b6 << (uint32_t)56U) + r1 - (qmul1 + c1);
   uint64_t c2 = b6;
-  uint64_t t111 = t1013;
+  uint64_t t111 = t1010;
   uint64_t b7 = (r2 - (qmul2 + c2)) >> (uint32_t)63U;
-  uint64_t t1014 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
+  uint64_t t1011 = (b7 << (uint32_t)56U) + r2 - (qmul2 + c2);
   uint64_t c3 = b7;
-  uint64_t t211 = t1014;
+  uint64_t t211 = t1011;
   uint64_t b8 = (r3 - (qmul3 + c3)) >> (uint32_t)63U;
-  uint64_t t1015 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
+  uint64_t t1012 = (b8 << (uint32_t)56U) + r3 - (qmul3 + c3);
   uint64_t c4 = b8;
-  uint64_t t311 = t1015;
+  uint64_t t311 = t1012;
   uint64_t b9 = (r4 - (qmul4 + c4)) >> (uint32_t)63U;
-  uint64_t t1016 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
-  uint64_t t412 = t1016;
+  uint64_t t1013 = (b9 << (uint32_t)40U) + r4 - (qmul4 + c4);
+  uint64_t t412 = t1013;
   uint64_t s0 = t011;
   uint64_t s1 = t111;
   uint64_t s2 = t211;
@@ -914,21 +908,21 @@ static inline void barrett_reduction(uint64_t *z, uint64_t *t)
   uint64_t y3 = m31;
   uint64_t y4 = m41;
   uint64_t b10 = (s0 - y0) >> (uint32_t)63U;
-  uint64_t t1017 = (b10 << (uint32_t)56U) + s0 - y0;
+  uint64_t t1014 = (b10 << (uint32_t)56U) + s0 - y0;
   uint64_t b0 = b10;
-  uint64_t t01 = t1017;
+  uint64_t t01 = t1014;
   uint64_t b11 = (s1 - (y1 + b0)) >> (uint32_t)63U;
-  uint64_t t1018 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
+  uint64_t t1015 = (b11 << (uint32_t)56U) + s1 - (y1 + b0);
   uint64_t b1 = b11;
-  uint64_t t11 = t1018;
+  uint64_t t11 = t1015;
   uint64_t b12 = (s2 - (y2 + b1)) >> (uint32_t)63U;
-  uint64_t t1019 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
+  uint64_t t1016 = (b12 << (uint32_t)56U) + s2 - (y2 + b1);
   uint64_t b2 = b12;
-  uint64_t t21 = t1019;
+  uint64_t t21 = t1016;
   uint64_t b13 = (s3 - (y3 + b2)) >> (uint32_t)63U;
-  uint64_t t1020 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
+  uint64_t t1017 = (b13 << (uint32_t)56U) + s3 - (y3 + b2);
   uint64_t b3 = b13;
-  uint64_t t31 = t1020;
+  uint64_t t31 = t1017;
   uint64_t b = (s4 - (y4 + b3)) >> (uint32_t)63U;
   uint64_t t10 = (b << (uint32_t)56U) + s4 - (y4 + b3);
   uint64_t b4 = b;
@@ -1483,6 +1477,9 @@ static inline void point_mul_g(uint64_t *out, uint8_t *scalar)
     uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
     precomp_get_consttime(Hacl_Ed25519_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     Hacl_Impl_Ed25519_PointAdd_point_add(out, out, tmp););
+  KRML_HOST_IGNORE(q2);
+  KRML_HOST_IGNORE(q3);
+  KRML_HOST_IGNORE(q4);
 }
 
 static inline void
@@ -1717,8 +1714,10 @@ static inline void sha512_pre_msg(uint8_t *hash, uint8_t *prefix, uint32_t len,
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
   Hacl_Streaming_Types_error_code
-  uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code uu____1 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
+  Hacl_Streaming_Types_error_code err1 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  KRML_HOST_IGNORE(err0);
+  KRML_HOST_IGNORE(err1);
   Hacl_Streaming_SHA2_finish_512(st, hash);
 }
 
@@ -1739,10 +1738,13 @@ sha512_pre_pre2_msg(
   Hacl_SHA2_Scalar32_sha512_init(block_state);
   Hacl_Streaming_MD_state_64 *st = &p;
   Hacl_Streaming_Types_error_code
-  uu____0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
+  err0 = Hacl_Streaming_SHA2_update_512(st, prefix, (uint32_t)32U);
   Hacl_Streaming_Types_error_code
-  uu____1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
-  Hacl_Streaming_Types_error_code uu____2 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  err1 = Hacl_Streaming_SHA2_update_512(st, prefix2, (uint32_t)32U);
+  Hacl_Streaming_Types_error_code err2 = Hacl_Streaming_SHA2_update_512(st, input, len);
+  KRML_HOST_IGNORE(err0);
+  KRML_HOST_IGNORE(err1);
+  KRML_HOST_IGNORE(err2);
   Hacl_Streaming_SHA2_finish_512(st, hash);
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_FFDHE.c b/sys/hacl/c/src/msvc/Hacl_FFDHE.c
index 53b87f733..bc77dbdcd 100644
--- a/sys/hacl/c/src/msvc/Hacl_FFDHE.c
+++ b/sys/hacl/c/src/msvc/Hacl_FFDHE.c
@@ -127,7 +127,6 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui
   memset(p_n1, 0U, nLen * sizeof (uint64_t));
   uint64_t
   c0 = Lib_IntTypes_Intrinsics_sub_borrow_u64((uint64_t)0U, p_n[0U], (uint64_t)1U, p_n1);
-  uint64_t c1;
   if ((uint32_t)1U < nLen)
   {
     uint64_t *a1 = p_n + (uint32_t)1U;
@@ -159,12 +158,12 @@ static inline uint64_t ffdhe_check_pk(Spec_FFDHE_ffdhe_alg a, uint64_t *pk_n, ui
       uint64_t *res_i = res1 + i;
       c = Lib_IntTypes_Intrinsics_sub_borrow_u64(c, t1, (uint64_t)0U, res_i);
     }
-    uint64_t c10 = c;
-    c1 = c10;
+    uint64_t c1 = c;
+    KRML_HOST_IGNORE(c1);
   }
   else
   {
-    c1 = c0;
+    KRML_HOST_IGNORE(c0);
   }
   KRML_CHECK_SIZE(sizeof (uint64_t), nLen);
   uint64_t *b2 = (uint64_t *)alloca(nLen * sizeof (uint64_t));
diff --git a/sys/hacl/c/src/msvc/Hacl_Frodo1344.c b/sys/hacl/c/src/msvc/Hacl_Frodo1344.c
index a038e69c1..2951f8489 100644
--- a/sys/hacl/c/src/msvc/Hacl_Frodo1344.c
+++ b/sys/hacl/c/src/msvc/Hacl_Frodo1344.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo1344_crypto_bytes = (uint32_t)32U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43008U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)1344U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo1344_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)1344U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)10752U, uint16_t);
   uint32_t slen1 = (uint32_t)43056U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)32U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)32U, pk, (uint32_t)21520U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)21520U, pk, (uint32_t)32U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)80U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)80U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
     (uint32_t)1344U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)21664U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo1344_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)21632U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)21632U, k, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)32U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)32U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)32U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[64U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)64U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)33U, shake_input_seed_se, (uint32_t)43136U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)33U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U, (uint32_t)1344U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix1344((uint32_t)8U,
     (uint32_t)1344U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)1344U, (uint32_t)16U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)10752U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)1344U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -291,10 +292,10 @@ uint32_t Hacl_Frodo1344_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)21632U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)21632U, kp_s, (uint32_t)32U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)32U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)32U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)64U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)32U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_Frodo64.c b/sys/hacl/c/src/msvc/Hacl_Frodo64.c
index d1036c708..45ee9dd6f 100644
--- a/sys/hacl/c/src/msvc/Hacl_Frodo64.c
+++ b/sys/hacl/c/src/msvc/Hacl_Frodo64.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 /*
  this variant is used only for testing purposes!
@@ -59,7 +60,7 @@ uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2048U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)64U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo64_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   Hacl_Impl_Matrix_matrix_add((uint32_t)64U, (uint32_t)8U, b_matrix, e_matrix);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)64U, (uint32_t)8U, (uint32_t)15U, b_matrix, b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)64U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)512U, uint16_t);
   uint32_t slen1 = (uint32_t)2016U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)976U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)976U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
     (uint32_t)64U,
@@ -155,12 +156,12 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)1096U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
@@ -168,9 +169,9 @@ uint32_t Hacl_Frodo64_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)1080U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)1080U, k, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)16U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -199,8 +200,8 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -223,7 +224,7 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)2176U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U, (uint32_t)64U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix64((uint32_t)8U,
     (uint32_t)64U,
@@ -264,12 +265,12 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)64U, (uint32_t)15U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)512U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)64U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -290,10 +291,10 @@ uint32_t Hacl_Frodo64_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)1080U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)1080U, kp_s, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_Frodo640.c b/sys/hacl/c/src/msvc/Hacl_Frodo640.c
index 6a31856c3..badd2baee 100644
--- a/sys/hacl/c/src/msvc/Hacl_Frodo640.c
+++ b/sys/hacl/c/src/msvc/Hacl_Frodo640.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo640_crypto_bytes = (uint32_t)16U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20480U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)640U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo640_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)640U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)5120U, uint16_t);
   uint32_t slen1 = (uint32_t)19872U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)16U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)16U, pk, (uint32_t)9616U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)9616U, pk, (uint32_t)16U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)48U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)48U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
     (uint32_t)640U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)9736U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo640_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)9720U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)9720U, k, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, shake_input_ss, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)16U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[32U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)32U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl((uint32_t)17U, shake_input_seed_se, (uint32_t)20608U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)17U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U, (uint32_t)640U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix640((uint32_t)8U,
     (uint32_t)640U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)640U, (uint32_t)15U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)15U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)5120U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)640U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -292,10 +293,10 @@ uint32_t Hacl_Frodo640_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)9720U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)9720U, kp_s, (uint32_t)16U * sizeof (uint8_t));
   Hacl_SHA3_shake128_hacl(ss_init_len, ss_init, (uint32_t)16U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)16U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)16U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)32U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)16U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_Frodo976.c b/sys/hacl/c/src/msvc/Hacl_Frodo976.c
index 34a7226c7..dbd9bc32a 100644
--- a/sys/hacl/c/src/msvc/Hacl_Frodo976.c
+++ b/sys/hacl/c/src/msvc/Hacl_Frodo976.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Spec.h"
 #include "internal/Hacl_Frodo_KEM.h"
+#include "lib_memzero0.h"
 
 uint32_t Hacl_Frodo976_crypto_bytes = (uint32_t)24U;
 
@@ -54,7 +55,7 @@ uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x5fU;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31232U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U, (uint32_t)8U, r, s_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)976U,
     (uint32_t)8U,
@@ -80,14 +81,14 @@ uint32_t Hacl_Frodo976_crypto_kem_keypair(uint8_t *pk, uint8_t *sk)
     b_matrix,
     b_bytes);
   Hacl_Impl_Matrix_matrix_to_lbytes((uint32_t)976U, (uint32_t)8U, s_matrix, s_bytes);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U * sizeof (e_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(e_matrix, (uint32_t)7808U, uint16_t);
   uint32_t slen1 = (uint32_t)31272U;
   uint8_t *sk_p = sk;
   memcpy(sk_p, s, (uint32_t)24U * sizeof (uint8_t));
   memcpy(sk_p + (uint32_t)24U, pk, (uint32_t)15632U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)15632U, pk, (uint32_t)24U, sk + slen1);
-  Lib_Memzero0_memzero(coins, (uint32_t)64U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(coins, (uint32_t)64U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -112,7 +113,7 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
     (uint32_t)976U,
@@ -156,12 +157,12 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
     coins,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, v_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Frodo_Pack_frodo_pack((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, v_matrix, c2);
-  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U * sizeof (v_matrix[0U]));
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(v_matrix, (uint32_t)64U, uint16_t);
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint32_t ss_init_len = (uint32_t)15768U;
   KRML_CHECK_SIZE(sizeof (uint8_t), ss_init_len);
   uint8_t *shake_input_ss = (uint8_t *)alloca(ss_init_len * sizeof (uint8_t));
@@ -169,9 +170,9 @@ uint32_t Hacl_Frodo976_crypto_kem_enc(uint8_t *ct, uint8_t *ss, uint8_t *pk)
   memcpy(shake_input_ss, ct, (uint32_t)15744U * sizeof (uint8_t));
   memcpy(shake_input_ss + (uint32_t)15744U, k, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, shake_input_ss, (uint32_t)24U, ss);
-  Lib_Memzero0_memzero(shake_input_ss, ss_init_len * sizeof (shake_input_ss[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(coins, (uint32_t)24U * sizeof (coins[0U]));
+  Lib_Memzero0_memzero(shake_input_ss, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(coins, (uint32_t)24U, uint8_t);
   return (uint32_t)0U;
 }
 
@@ -200,8 +201,8 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     (uint32_t)8U,
     m_matrix,
     mu_decode);
-  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U * sizeof (s_matrix[0U]));
-  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U * sizeof (m_matrix[0U]));
+  Lib_Memzero0_memzero(s_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(m_matrix, (uint32_t)64U, uint16_t);
   uint8_t seed_se_k[48U] = { 0U };
   uint32_t pkh_mu_decode_len = (uint32_t)48U;
   KRML_CHECK_SIZE(sizeof (uint8_t), pkh_mu_decode_len);
@@ -224,7 +225,7 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   shake_input_seed_se[0U] = (uint8_t)0x96U;
   memcpy(shake_input_seed_se + (uint32_t)1U, seed_se, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl((uint32_t)25U, shake_input_seed_se, (uint32_t)31360U, r);
-  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U * sizeof (shake_input_seed_se[0U]));
+  Lib_Memzero0_memzero(shake_input_seed_se, (uint32_t)25U, uint8_t);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U, (uint32_t)976U, r, sp_matrix);
   Hacl_Impl_Frodo_Sample_frodo_sample_matrix976((uint32_t)8U,
     (uint32_t)976U,
@@ -266,12 +267,12 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
     mu_decode,
     mu_encode);
   Hacl_Impl_Matrix_matrix_add((uint32_t)8U, (uint32_t)8U, cp_matrix, mu_encode);
-  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U * sizeof (mu_encode[0U]));
+  Lib_Memzero0_memzero(mu_encode, (uint32_t)64U, uint16_t);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)976U, (uint32_t)16U, bpp_matrix);
   Hacl_Impl_Matrix_mod_pow2((uint32_t)8U, (uint32_t)8U, (uint32_t)16U, cp_matrix);
-  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U * sizeof (sp_matrix[0U]));
-  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U * sizeof (ep_matrix[0U]));
-  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U * sizeof (epp_matrix[0U]));
+  Lib_Memzero0_memzero(sp_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(ep_matrix, (uint32_t)7808U, uint16_t);
+  Lib_Memzero0_memzero(epp_matrix, (uint32_t)64U, uint16_t);
   uint16_t b1 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)976U, bp_matrix, bpp_matrix);
   uint16_t b2 = Hacl_Impl_Matrix_matrix_eq((uint32_t)8U, (uint32_t)8U, c_matrix, cp_matrix);
   uint16_t mask = b1 & b2;
@@ -291,10 +292,10 @@ uint32_t Hacl_Frodo976_crypto_kem_dec(uint8_t *ss, uint8_t *ct, uint8_t *sk)
   memcpy(ss_init, ct, (uint32_t)15744U * sizeof (uint8_t));
   memcpy(ss_init + (uint32_t)15744U, kp_s, (uint32_t)24U * sizeof (uint8_t));
   Hacl_SHA3_shake256_hacl(ss_init_len, ss_init, (uint32_t)24U, ss);
-  Lib_Memzero0_memzero(ss_init, ss_init_len * sizeof (ss_init[0U]));
-  Lib_Memzero0_memzero(kp_s, (uint32_t)24U * sizeof (kp_s[0U]));
-  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U * sizeof (seed_se_k[0U]));
-  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U * sizeof (mu_decode[0U]));
+  Lib_Memzero0_memzero(ss_init, ss_init_len, uint8_t);
+  Lib_Memzero0_memzero(kp_s, (uint32_t)24U, uint8_t);
+  Lib_Memzero0_memzero(seed_se_k, (uint32_t)48U, uint8_t);
+  Lib_Memzero0_memzero(mu_decode, (uint32_t)24U, uint8_t);
   return (uint32_t)0U;
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_Frodo_KEM.c b/sys/hacl/c/src/msvc/Hacl_Frodo_KEM.c
index 13db363af..4265ac0e7 100644
--- a/sys/hacl/c/src/msvc/Hacl_Frodo_KEM.c
+++ b/sys/hacl/c/src/msvc/Hacl_Frodo_KEM.c
@@ -30,6 +30,6 @@
 
 void randombytes_(uint32_t len, uint8_t *res)
 {
-  bool b = Lib_RandomBuffer_System_randombytes(res, len);
+  KRML_HOST_IGNORE(Lib_RandomBuffer_System_randombytes(res, len));
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_GenericField32.c b/sys/hacl/c/src/msvc/Hacl_GenericField32.c
index 1801e114d..47ca15e84 100644
--- a/sys/hacl/c/src/msvc/Hacl_GenericField32.c
+++ b/sys/hacl/c/src/msvc/Hacl_GenericField32.c
@@ -614,6 +614,7 @@ Hacl_GenericField32_inverse(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_GenericField32_exp_vartime(k, aM, k1.len * (uint32_t)32U, n2, aInvM);
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_GenericField64.c b/sys/hacl/c/src/msvc/Hacl_GenericField64.c
index 97b3517e0..e80842850 100644
--- a/sys/hacl/c/src/msvc/Hacl_GenericField64.c
+++ b/sys/hacl/c/src/msvc/Hacl_GenericField64.c
@@ -613,6 +613,7 @@ Hacl_GenericField64_inverse(
   {
     c1 = c0;
   }
+  KRML_HOST_IGNORE(c1);
   Hacl_GenericField64_exp_vartime(k, aM, k1.len * (uint32_t)64U, n2, aInvM);
 }
 
diff --git a/sys/hacl/c/src/msvc/Hacl_HMAC.c b/sys/hacl/c/src/msvc/Hacl_HMAC.c
index 51032fb22..d46c48120 100644
--- a/sys/hacl/c/src/msvc/Hacl_HMAC.c
+++ b/sys/hacl/c/src/msvc/Hacl_HMAC.c
@@ -49,16 +49,18 @@ Hacl_HMAC_legacy_compute_sha1(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)20U;
+    ite = (uint32_t)20U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -173,16 +175,18 @@ Hacl_HMAC_compute_sha2_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -307,16 +311,18 @@ Hacl_HMAC_compute_sha2_384(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)48U;
+    ite = (uint32_t)48U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -442,16 +448,18 @@ Hacl_HMAC_compute_sha2_512(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -577,16 +585,18 @@ Hacl_HMAC_compute_blake2s_32(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
@@ -719,16 +729,18 @@ Hacl_HMAC_compute_blake2b_32(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/sys/hacl/c/src/msvc/Hacl_HMAC_Blake2b_256.c b/sys/hacl/c/src/msvc/Hacl_HMAC_Blake2b_256.c
index 4b5fc1a0d..20b050dea 100644
--- a/sys/hacl/c/src/msvc/Hacl_HMAC_Blake2b_256.c
+++ b/sys/hacl/c/src/msvc/Hacl_HMAC_Blake2b_256.c
@@ -47,16 +47,18 @@ Hacl_HMAC_Blake2b_256_compute_blake2b_256(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)128U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)64U;
+    ite = (uint32_t)64U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)128U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/sys/hacl/c/src/msvc/Hacl_HMAC_Blake2s_128.c b/sys/hacl/c/src/msvc/Hacl_HMAC_Blake2s_128.c
index 8980e9be5..144722e42 100644
--- a/sys/hacl/c/src/msvc/Hacl_HMAC_Blake2s_128.c
+++ b/sys/hacl/c/src/msvc/Hacl_HMAC_Blake2s_128.c
@@ -46,16 +46,18 @@ Hacl_HMAC_Blake2s_128_compute_blake2s_128(
   KRML_CHECK_SIZE(sizeof (uint8_t), l);
   uint8_t *key_block = (uint8_t *)alloca(l * sizeof (uint8_t));
   memset(key_block, 0U, l * sizeof (uint8_t));
-  uint32_t i0;
+  uint8_t *nkey = key_block;
+  uint32_t ite;
   if (key_len <= (uint32_t)64U)
   {
-    i0 = key_len;
+    ite = key_len;
   }
   else
   {
-    i0 = (uint32_t)32U;
+    ite = (uint32_t)32U;
   }
-  uint8_t *nkey = key_block;
+  uint8_t *zeroes = key_block + ite;
+  KRML_HOST_IGNORE(zeroes);
   if (key_len <= (uint32_t)64U)
   {
     memcpy(nkey, key, key_len * sizeof (uint8_t));
diff --git a/sys/hacl/c/src/msvc/Hacl_HMAC_DRBG.c b/sys/hacl/c/src/msvc/Hacl_HMAC_DRBG.c
index b307ee21e..b3acf3547 100644
--- a/sys/hacl/c/src/msvc/Hacl_HMAC_DRBG.c
+++ b/sys/hacl/c/src/msvc/Hacl_HMAC_DRBG.c
@@ -71,6 +71,8 @@ uint32_t Hacl_HMAC_DRBG_min_length(Spec_Hash_Definitions_hash_alg a)
 bool
 Hacl_HMAC_DRBG_uu___is_State(Spec_Hash_Definitions_hash_alg a, Hacl_HMAC_DRBG_state projectee)
 {
+  KRML_HOST_IGNORE(a);
+  KRML_HOST_IGNORE(projectee);
   return true;
 }
 
@@ -469,10 +471,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____0 = st;
-        uint8_t *k = uu____0.k;
-        uint8_t *v = uu____0.v;
-        uint32_t *ctr = uu____0.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)21U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -524,10 +525,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____1 = st;
-        uint8_t *k = uu____1.k;
-        uint8_t *v = uu____1.v;
-        uint32_t *ctr = uu____1.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)33U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -579,10 +579,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____2 = st;
-        uint8_t *k = uu____2.k;
-        uint8_t *v = uu____2.v;
-        uint32_t *ctr = uu____2.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)49U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -634,10 +633,9 @@ Hacl_HMAC_DRBG_reseed(
         memcpy(seed_material + entropy_input_len,
           additional_input_input,
           additional_input_input_len * sizeof (uint8_t));
-        Hacl_HMAC_DRBG_state uu____3 = st;
-        uint8_t *k = uu____3.k;
-        uint8_t *v = uu____3.v;
-        uint32_t *ctr = uu____3.reseed_counter;
+        uint8_t *k = st.k;
+        uint8_t *v = st.v;
+        uint32_t *ctr = st.reseed_counter;
         uint32_t input_len = (uint32_t)65U + entropy_input_len + additional_input_input_len;
         KRML_CHECK_SIZE(sizeof (uint8_t), input_len);
         uint8_t *input0 = (uint8_t *)alloca(input_len * sizeof (uint8_t));
@@ -1108,6 +1106,7 @@ Hacl_HMAC_DRBG_generate(
 
 void Hacl_HMAC_DRBG_free(Spec_Hash_Definitions_hash_alg uu___, Hacl_HMAC_DRBG_state s)
 {
+  KRML_HOST_IGNORE(uu___);
   uint8_t *k = s.k;
   uint8_t *v = s.v;
   uint32_t *ctr = s.reseed_counter;
diff --git a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2.c b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2.c
index 6080585c6..aecc6165c 100644
--- a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2.c
+++ b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2.c
@@ -26,6 +26,7 @@
 #include "internal/Hacl_Hash_Blake2.h"
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
+#include "lib_memzero0.h"
 
 static void
 blake2b_update_block(
@@ -531,7 +532,7 @@ Hacl_Blake2b_32_blake2b_update_key(
   {
     blake2b_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 void
@@ -544,6 +545,7 @@ Hacl_Blake2b_32_blake2b_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     FStar_UInt128_uint128
@@ -571,7 +573,7 @@ Hacl_Blake2b_32_blake2b_update_last(
   FStar_UInt128_uint128
   totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
   blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 static void
@@ -642,7 +644,7 @@ void Hacl_Blake2b_32_blake2b_finish(uint32_t nn, uint8_t *output, uint64_t *hash
     store64_le(second + i * (uint32_t)8U, row1[i]););
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 /**
@@ -670,8 +672,8 @@ Hacl_Blake2b_32_blake2b(
   Hacl_Blake2b_32_blake2b_init(b, kk, nn);
   blake2b_update(b1, b, kk, k, ll, d);
   Hacl_Blake2b_32_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)16U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint64_t);
+  Lib_Memzero0_memzero(b, (uint32_t)16U, uint64_t);
 }
 
 uint64_t *Hacl_Blake2b_32_blake2b_malloc(void)
@@ -1178,7 +1180,7 @@ Hacl_Blake2s_32_blake2s_update_key(
   {
     blake2s_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 void
@@ -1191,6 +1193,7 @@ Hacl_Blake2s_32_blake2s_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
@@ -1214,7 +1217,7 @@ Hacl_Blake2s_32_blake2s_update_last(
   memcpy(b, last, rem * sizeof (uint8_t));
   uint64_t totlen = prev + (uint64_t)len;
   blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 static void
@@ -1281,7 +1284,7 @@ void Hacl_Blake2s_32_blake2s_finish(uint32_t nn, uint8_t *output, uint32_t *hash
     store32_le(second + i * (uint32_t)4U, row1[i]););
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
 }
 
 /**
@@ -1309,8 +1312,8 @@ Hacl_Blake2s_32_blake2s(
   Hacl_Blake2s_32_blake2s_init(b, kk, nn);
   blake2s_update(b1, b, kk, k, ll, d);
   Hacl_Blake2s_32_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)16U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)16U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)16U, uint32_t);
+  Lib_Memzero0_memzero(b, (uint32_t)16U, uint32_t);
 }
 
 uint32_t *Hacl_Blake2s_32_blake2s_malloc(void)
diff --git a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_256.c b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_256.c
index 2761aeb1e..b37ffc5ff 100644
--- a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_256.c
+++ b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2b_256.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
 #include "internal/Hacl_Hash_Blake2.h"
+#include "lib_memzero0.h"
 
 static inline void
 blake2b_update_block(
@@ -254,7 +255,7 @@ Hacl_Blake2b_256_blake2b_update_key(
   {
     blake2b_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 void
@@ -267,6 +268,7 @@ Hacl_Blake2b_256_blake2b_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     FStar_UInt128_uint128
@@ -294,7 +296,7 @@ Hacl_Blake2b_256_blake2b_update_last(
   FStar_UInt128_uint128
   totlen = FStar_UInt128_add_mod(prev, FStar_UInt128_uint64_to_uint128((uint64_t)len));
   blake2b_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)128U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)128U, uint8_t);
 }
 
 static inline void
@@ -369,7 +371,7 @@ Hacl_Blake2b_256_blake2b_finish(
   Lib_IntVector_Intrinsics_vec256_store64_le(second, row1[0U]);
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 /**
@@ -397,8 +399,8 @@ Hacl_Blake2b_256_blake2b(
   Hacl_Blake2b_256_blake2b_init(b, kk, nn);
   blake2b_update(b1, b, kk, k, ll, d);
   Hacl_Blake2b_256_blake2b_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)4U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
+  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec256);
 }
 
 void
diff --git a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_128.c b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_128.c
index ce5252ccf..86c4f0309 100644
--- a/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_128.c
+++ b/sys/hacl/c/src/msvc/Hacl_Hash_Blake2s_128.c
@@ -27,6 +27,7 @@
 
 #include "internal/Hacl_Impl_Blake2_Constants.h"
 #include "internal/Hacl_Hash_Blake2.h"
+#include "lib_memzero0.h"
 
 static inline void
 blake2s_update_block(
@@ -254,7 +255,7 @@ Hacl_Blake2s_128_blake2s_update_key(
   {
     blake2s_update_block(wv, hash, false, lb, b);
   }
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 void
@@ -267,6 +268,7 @@ Hacl_Blake2s_128_blake2s_update_multi(
   uint32_t nb
 )
 {
+  KRML_HOST_IGNORE(len);
   for (uint32_t i = (uint32_t)0U; i < nb; i++)
   {
     uint64_t totlen = prev + (uint64_t)((i + (uint32_t)1U) * (uint32_t)64U);
@@ -290,7 +292,7 @@ Hacl_Blake2s_128_blake2s_update_last(
   memcpy(b, last, rem * sizeof (uint8_t));
   uint64_t totlen = prev + (uint64_t)len;
   blake2s_update_block(wv, hash, true, totlen, b);
-  Lib_Memzero0_memzero(b, (uint32_t)64U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)64U, uint8_t);
 }
 
 static inline void
@@ -361,7 +363,7 @@ Hacl_Blake2s_128_blake2s_finish(
   Lib_IntVector_Intrinsics_vec128_store32_le(second, row1[0U]);
   uint8_t *final = b;
   memcpy(output, final, nn * sizeof (uint8_t));
-  Lib_Memzero0_memzero(b, (uint32_t)32U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b, (uint32_t)32U, uint8_t);
 }
 
 /**
@@ -389,8 +391,8 @@ Hacl_Blake2s_128_blake2s(
   Hacl_Blake2s_128_blake2s_init(b, kk, nn);
   blake2s_update(b1, b, kk, k, ll, d);
   Hacl_Blake2s_128_blake2s_finish(nn, output, b);
-  Lib_Memzero0_memzero(b1, (uint32_t)4U * sizeof (b1[0U]));
-  Lib_Memzero0_memzero(b, (uint32_t)4U * sizeof (b[0U]));
+  Lib_Memzero0_memzero(b1, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
+  Lib_Memzero0_memzero(b, (uint32_t)4U, Lib_IntVector_Intrinsics_vec128);
 }
 
 void
diff --git a/sys/hacl/c/src/msvc/Hacl_Hash_SHA3.c b/sys/hacl/c/src/msvc/Hacl_Hash_SHA3.c
index 42c24434f..19d13b1b8 100644
--- a/sys/hacl/c/src/msvc/Hacl_Hash_SHA3.c
+++ b/sys/hacl/c/src/msvc/Hacl_Hash_SHA3.c
@@ -125,10 +125,9 @@ Hacl_Hash_SHA3_update_last_sha3(
   if (input_len == len)
   {
     Hacl_Impl_SHA3_absorb_inner(len, input, s);
-    uint8_t *uu____0 = input + input_len;
     uint8_t lastBlock_[200U] = { 0U };
     uint8_t *lastBlock = lastBlock_;
-    memcpy(lastBlock, uu____0, (uint32_t)0U * sizeof (uint8_t));
+    memcpy(lastBlock, input + input_len, (uint32_t)0U * sizeof (uint8_t));
     lastBlock[0U] = suffix;
     Hacl_Impl_SHA3_loadState(len, lastBlock, s);
     if (!((suffix & (uint8_t)0x80U) == (uint8_t)0U) && (uint32_t)0U == len - (uint32_t)1U)
@@ -167,8 +166,7 @@ hash_buf2;
 
 Spec_Hash_Definitions_hash_alg Hacl_Streaming_Keccak_get_alg(Hacl_Streaming_Keccak_state *s)
 {
-  Hacl_Streaming_Keccak_state scrut = *s;
-  Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Hacl_Streaming_Keccak_hash_buf block_state = (*s).block_state;
   return block_state.fst;
 }
 
@@ -228,6 +226,8 @@ void Hacl_Streaming_Keccak_reset(Hacl_Streaming_Keccak_state *s)
   Hacl_Streaming_Keccak_state scrut = *s;
   uint8_t *buf = scrut.buf;
   Hacl_Streaming_Keccak_hash_buf block_state = scrut.block_state;
+  Spec_Hash_Definitions_hash_alg i = block_state.fst;
+  KRML_HOST_IGNORE(i);
   uint64_t *s1 = block_state.snd;
   memset(s1, 0U, (uint32_t)25U * sizeof (uint64_t));
   Hacl_Streaming_Keccak_state
@@ -807,6 +807,7 @@ Hacl_Impl_SHA3_keccak(
   uint8_t *output
 )
 {
+  KRML_HOST_IGNORE(capacity);
   uint32_t rateInBytes = rate / (uint32_t)8U;
   uint64_t s[25U] = { 0U };
   absorb(s, rateInBytes, inputByteLen, input, delimitedSuffix);
diff --git a/sys/hacl/c/src/msvc/Hacl_K256_ECDSA.c b/sys/hacl/c/src/msvc/Hacl_K256_ECDSA.c
index d2266d008..c5dda43f7 100644
--- a/sys/hacl/c/src/msvc/Hacl_K256_ECDSA.c
+++ b/sys/hacl/c/src/msvc/Hacl_K256_ECDSA.c
@@ -215,6 +215,7 @@ static void sub_mod4(uint64_t *n, uint64_t *a, uint64_t *b, uint64_t *res)
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -288,6 +289,7 @@ static void sqr4(uint64_t *a, uint64_t *res)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -299,6 +301,7 @@ static void sqr4(uint64_t *a, uint64_t *res)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline uint64_t is_qelem_zero(uint64_t *f)
@@ -432,6 +435,7 @@ static inline void load_qelem_modq(uint64_t *f, uint8_t *b)
 static inline void store_qelem(uint8_t *b, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -494,7 +498,7 @@ mul_pow2_256_minus_q_add(
     uint64_t r = c;
     tmp[len + i0] = r;);
   memcpy(res + (uint32_t)2U, a, len * sizeof (uint64_t));
-  uint64_t uu____0 = bn_add(resLen, res, len + (uint32_t)2U, tmp, res);
+  KRML_HOST_IGNORE(bn_add(resLen, res, len + (uint32_t)2U, tmp, res));
   uint64_t c = bn_add(resLen, res, (uint32_t)4U, e, res);
   return c;
 }
@@ -510,15 +514,23 @@ static inline void modq(uint64_t *out, uint64_t *a)
   uint64_t *t01 = tmp;
   uint64_t m[7U] = { 0U };
   uint64_t p[5U] = { 0U };
-  uint64_t
-  c0 = mul_pow2_256_minus_q_add((uint32_t)4U, (uint32_t)7U, t01, a + (uint32_t)4U, a, m);
-  uint64_t
-  c10 = mul_pow2_256_minus_q_add((uint32_t)3U, (uint32_t)5U, t01, m + (uint32_t)4U, m, p);
+  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)4U,
+      (uint32_t)7U,
+      t01,
+      a + (uint32_t)4U,
+      a,
+      m));
+  KRML_HOST_IGNORE(mul_pow2_256_minus_q_add((uint32_t)3U,
+      (uint32_t)5U,
+      t01,
+      m + (uint32_t)4U,
+      m,
+      p));
   uint64_t
   c2 = mul_pow2_256_minus_q_add((uint32_t)1U, (uint32_t)4U, t01, p + (uint32_t)4U, p, r);
-  uint64_t c00 = c2;
+  uint64_t c0 = c2;
   uint64_t c1 = add4(r, tmp, out);
-  uint64_t mask = (uint64_t)0U - (c00 + c1);
+  uint64_t mask = (uint64_t)0U - (c0 + c1);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -608,7 +620,7 @@ static inline void qmul_shift_384(uint64_t *res, uint64_t *a, uint64_t *b)
     uint64_t *res_i = res1 + i;
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t1, (uint64_t)0U, res_i););
   uint64_t c1 = c;
-  uint64_t uu____0 = c1;
+  KRML_HOST_IGNORE(c1);
   uint64_t flag = l[5U] >> (uint32_t)63U;
   uint64_t mask = (uint64_t)0U - flag;
   KRML_MAYBE_FOR4(i,
@@ -1219,6 +1231,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)118285133003718U, (uint64_t)434519962075150U, (uint64_t)1114612377498854U,
       (uint64_t)3488596944003813U, (uint64_t)450716531072892U, (uint64_t)66044973203836U
     };
+  KRML_HOST_IGNORE(q2);
   uint64_t
   q3[15U] =
     {
@@ -1228,6 +1241,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)265969268774814U, (uint64_t)1913228635640715U, (uint64_t)2831959046949342U,
       (uint64_t)888030405442963U, (uint64_t)1817092932985033U, (uint64_t)101515844997121U
     };
+  KRML_HOST_IGNORE(q3);
   uint64_t
   q4[15U] =
     {
@@ -1237,6 +1251,7 @@ static inline void point_mul_g(uint64_t *out, uint64_t *scalar)
       (uint64_t)12245672982162U, (uint64_t)2119364213800870U, (uint64_t)2034960311715107U,
       (uint64_t)3172697815804487U, (uint64_t)4185144850224160U, (uint64_t)2792055915674U
     };
+  KRML_HOST_IGNORE(q4);
   uint64_t *r1 = scalar;
   uint64_t *r2 = scalar + (uint32_t)1U;
   uint64_t *r3 = scalar + (uint32_t)2U;
@@ -1601,6 +1616,7 @@ Hacl_K256_ECDSA_ecdsa_sign_hashed_msg(
 )
 {
   uint64_t oneq[4U] = { (uint64_t)0x1U, (uint64_t)0x0U, (uint64_t)0x0U, (uint64_t)0x0U };
+  KRML_HOST_IGNORE(oneq);
   uint64_t rsdk_q[16U] = { 0U };
   uint64_t *r_q = rsdk_q;
   uint64_t *s_q = rsdk_q + (uint32_t)4U;
diff --git a/sys/hacl/c/src/msvc/Hacl_P256.c b/sys/hacl/c/src/msvc/Hacl_P256.c
index 2b6cb11be..7e586e546 100644
--- a/sys/hacl/c/src/msvc/Hacl_P256.c
+++ b/sys/hacl/c/src/msvc/Hacl_P256.c
@@ -204,6 +204,7 @@ static inline void bn_sub_mod4(uint64_t *res, uint64_t *n, uint64_t *x, uint64_t
     c = Lib_IntTypes_Intrinsics_add_carry_u64(c, t12, t2, res_i);
   }
   uint64_t c1 = c;
+  KRML_HOST_IGNORE(c1);
   uint64_t c2 = (uint64_t)0U - c00;
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -277,6 +278,7 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     uint64_t r = c;
     res[i0 + i0] = r;);
   uint64_t c0 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, res, res);
+  KRML_HOST_IGNORE(c0);
   uint64_t tmp[8U] = { 0U };
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
@@ -288,11 +290,13 @@ static inline void bn_sqr4(uint64_t *res, uint64_t *x)
     tmp[(uint32_t)2U * i] = lo;
     tmp[(uint32_t)2U * i + (uint32_t)1U] = hi;);
   uint64_t c1 = Hacl_Bignum_Addition_bn_add_eq_len_u64((uint32_t)8U, res, tmp, res);
+  KRML_HOST_IGNORE(c1);
 }
 
 static inline void bn_to_bytes_be4(uint8_t *res, uint64_t *f)
 {
   uint8_t tmp[32U] = { 0U };
+  KRML_HOST_IGNORE(tmp);
   KRML_MAYBE_FOR4(i,
     (uint32_t)0U,
     (uint32_t)4U,
@@ -1057,6 +1061,10 @@ static inline void point_mul_g(uint64_t *res, uint64_t *scalar)
     uint64_t bits_l2 = Hacl_Bignum_Lib_bn_get_bits_u64((uint32_t)1U, r1, k2, (uint32_t)4U);
     precomp_get_consttime(Hacl_P256_PrecompTable_precomp_basepoint_table_w4, bits_l2, tmp);
     point_add(res, res, tmp););
+  KRML_HOST_IGNORE(q1);
+  KRML_HOST_IGNORE(q2);
+  KRML_HOST_IGNORE(q3);
+  KRML_HOST_IGNORE(q4);
 }
 
 static inline void
@@ -1564,6 +1572,7 @@ Hacl_P256_ecdsa_sign_p256_sha2(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1596,6 +1605,7 @@ Hacl_P256_ecdsa_sign_p256_sha384(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
   Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1628,6 +1638,7 @@ Hacl_P256_ecdsa_sign_p256_sha512(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
   Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1670,6 +1681,7 @@ Hacl_P256_ecdsa_sign_p256_without_hash(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1705,6 +1717,7 @@ Hacl_P256_ecdsa_verif_p256_sha2(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   Hacl_Streaming_SHA2_hash_256(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1735,6 +1748,7 @@ Hacl_P256_ecdsa_verif_p256_sha384(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[48U] = { 0U };
   Hacl_Streaming_SHA2_hash_384(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1765,6 +1779,7 @@ Hacl_P256_ecdsa_verif_p256_sha512(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[64U] = { 0U };
   Hacl_Streaming_SHA2_hash_512(msg, msg_len, mHash);
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
@@ -1800,6 +1815,7 @@ Hacl_P256_ecdsa_verif_without_hash(
   uint64_t m_q[4U] = { 0U };
   uint8_t mHash[32U] = { 0U };
   memcpy(mHash, msg, (uint32_t)32U * sizeof (uint8_t));
+  KRML_HOST_IGNORE(msg_len);
   uint8_t *mHash32 = mHash;
   bn_from_bytes_be4(m_q, mHash32);
   qmod_short(m_q, m_q);
diff --git a/sys/hacl/c/src/msvc/Hacl_RSAPSS.c b/sys/hacl/c/src/msvc/Hacl_RSAPSS.c
index ce2fb517b..084f10b38 100644
--- a/sys/hacl/c/src/msvc/Hacl_RSAPSS.c
+++ b/sys/hacl/c/src/msvc/Hacl_RSAPSS.c
@@ -404,9 +404,9 @@ load_skey(
 Sign a message `msg` and write the signature to `sgnt`.
 
 @param a Hash algorithm to use. Allowed values for `a` are ...
-  * Spec_Hash_Definitions_SHA2_256,
-  * Spec_Hash_Definitions_SHA2_384, and
-  * Spec_Hash_Definitions_SHA2_512.
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
@@ -518,7 +518,10 @@ Hacl_RSAPSS_rsapss_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param pkey Pointer to public key created by `Hacl_RSAPSS_new_rsapss_load_pkey`.
@@ -637,10 +640,10 @@ Load a public key from key parts.
 
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 
-@return Returns an allocated public key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated public key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb)
@@ -707,11 +710,11 @@ Load a secret key from key parts.
 @param modBits Count of bits in modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 
-@return Returns an allocated secret key. Note: caller must take care to `free()` the created key.
+@return Returns an allocated secret key upon success, otherwise, `NULL` if key part arguments are invalid or memory allocation fails. Note: caller must take care to `free()` the created key.
 */
 uint64_t
 *Hacl_RSAPSS_new_rsapss_load_skey(
@@ -804,13 +807,16 @@ uint64_t
 /**
 Sign a message `msg` and write the signature to `sgnt`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
 @param dBits Count of bits in `d` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
-@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
+@param db Pointer to `ceil(modBits / 8)` bytes where the `d` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param salt Pointer to `saltLen` bytes where the salt is read from.
 @param msgLen Length of message.
@@ -875,11 +881,14 @@ Hacl_RSAPSS_rsapss_skey_sign(
 /**
 Verify the signature `sgnt` of a message `msg`.
 
-@param a Hash algorithm to use.
+@param a Hash algorithm to use. Allowed values for `a` are ...
+  - Spec_Hash_Definitions_SHA2_256,
+  - Spec_Hash_Definitions_SHA2_384, and
+  - Spec_Hash_Definitions_SHA2_512.
 @param modBits Count of bits in the modulus (`n`).
 @param eBits Count of bits in `e` value.
-@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`) is read from.
-@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value is read from.
+@param nb Pointer to `ceil(modBits / 8)` bytes where the modulus (`n`), in big-endian byte order, is read from.
+@param eb Pointer to `ceil(modBits / 8)` bytes where the `e` value, in big-endian byte order, is read from.
 @param saltLen Length of salt.
 @param sgntLen Length of signature.
 @param sgnt Pointer to `sgntLen` bytes where the signature is read from.
diff --git a/sys/hacl/c/src/msvc/Hacl_Salsa20.c b/sys/hacl/c/src/msvc/Hacl_Salsa20.c
index e157d5ef2..2758f8a4d 100644
--- a/sys/hacl/c/src/msvc/Hacl_Salsa20.c
+++ b/sys/hacl/c/src/msvc/Hacl_Salsa20.c
@@ -181,6 +181,7 @@ salsa20_encrypt(
   memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
   ctx[15U] = (uint32_t)0x6b206574U;
   uint32_t k[16U] = { 0U };
+  KRML_HOST_IGNORE(k);
   uint32_t rem = len % (uint32_t)64U;
   uint32_t nb = len / (uint32_t)64U;
   uint32_t rem1 = len % (uint32_t)64U;
@@ -217,9 +218,8 @@ salsa20_encrypt(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = text + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, text + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
@@ -294,6 +294,7 @@ salsa20_decrypt(
   memcpy(ctx + (uint32_t)11U, k10, (uint32_t)4U * sizeof (uint32_t));
   ctx[15U] = (uint32_t)0x6b206574U;
   uint32_t k[16U] = { 0U };
+  KRML_HOST_IGNORE(k);
   uint32_t rem = len % (uint32_t)64U;
   uint32_t nb = len / (uint32_t)64U;
   uint32_t rem1 = len % (uint32_t)64U;
@@ -330,9 +331,8 @@ salsa20_decrypt(
   if (rem1 > (uint32_t)0U)
   {
     uint8_t *uu____2 = out + nb * (uint32_t)64U;
-    uint8_t *uu____3 = cipher + nb * (uint32_t)64U;
     uint8_t plain[64U] = { 0U };
-    memcpy(plain, uu____3, rem * sizeof (uint8_t));
+    memcpy(plain, cipher + nb * (uint32_t)64U, rem * sizeof (uint8_t));
     uint32_t k1[16U] = { 0U };
     salsa20_core(k1, ctx, nb);
     uint32_t bl[16U] = { 0U };
diff --git a/sys/hacl/c/src/msvc/Hacl_Streaming_Poly1305_128.c b/sys/hacl/c/src/msvc/Hacl_Streaming_Poly1305_128.c
index ff60cde24..c3f7c19ae 100644
--- a/sys/hacl/c/src/msvc/Hacl_Streaming_Poly1305_128.c
+++ b/sys/hacl/c/src/msvc/Hacl_Streaming_Poly1305_128.c
@@ -311,7 +311,7 @@ Hacl_Streaming_Poly1305_128_finish(
   {
     ite1 = r % (uint32_t)16U;
   }
-  uint64_t prev_len_last = total_len - (uint64_t)ite1;
+  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
   uint32_t ite2;
   if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
   {
diff --git a/sys/hacl/c/src/msvc/Hacl_Streaming_Poly1305_256.c b/sys/hacl/c/src/msvc/Hacl_Streaming_Poly1305_256.c
index 63685f991..e56275a4f 100644
--- a/sys/hacl/c/src/msvc/Hacl_Streaming_Poly1305_256.c
+++ b/sys/hacl/c/src/msvc/Hacl_Streaming_Poly1305_256.c
@@ -311,7 +311,7 @@ Hacl_Streaming_Poly1305_256_finish(
   {
     ite1 = r % (uint32_t)16U;
   }
-  uint64_t prev_len_last = total_len - (uint64_t)ite1;
+  KRML_HOST_IGNORE(total_len - (uint64_t)ite1);
   uint32_t ite2;
   if (r % (uint32_t)16U == (uint32_t)0U && r > (uint32_t)0U)
   {
diff --git a/sys/hacl/c/src/msvc/Lib_Memzero0.c b/sys/hacl/c/src/msvc/Lib_Memzero0.c
index 8e2253186..3d8a1e5f2 100644
--- a/sys/hacl/c/src/msvc/Lib_Memzero0.c
+++ b/sys/hacl/c/src/msvc/Lib_Memzero0.c
@@ -22,13 +22,14 @@
 #include <limits.h>
 #include <inttypes.h>
 
-#include "Lib_Memzero0.h"
+/* This is now a hand-written header */
+#include "lib_memzero0.h"
 #include "krml/internal/target.h"
 
 /* The F* formalization talks about the number of elements in the array. The C
    implementation wants a number of bytes in the array. KaRaMeL is aware of this
    and inserts a sizeof multiplication. */
-void Lib_Memzero0_memzero(void *dst, uint64_t len) {
+void Lib_Memzero0_memzero0(void *dst, uint64_t len) {
   /* This is safe: karamel checks at run-time (if needed) that all object sizes
      fit within a size_t, so the size we receive has been checked at
      allocation-time, possibly via KRML_CHECK_SIZE, to fit in a size_t. */
diff --git a/sys/hacl/c/vale/src/cpuid-x86_64-linux.S b/sys/hacl/c/vale/src/cpuid-x86_64-linux.S
index 47633417c..4508bdcd6 100644
--- a/sys/hacl/c/vale/src/cpuid-x86_64-linux.S
+++ b/sys/hacl/c/vale/src/cpuid-x86_64-linux.S
@@ -163,4 +163,4 @@ check_avx512_xcr0:
   and %rcx, %rax
   ret
 
-
+.section .note.GNU-stack,"",%progbits
diff --git a/sys/hacl/c/vale/src/curve25519-x86_64-linux.S b/sys/hacl/c/vale/src/curve25519-x86_64-linux.S
index fcad33c86..3c51f24b5 100644
--- a/sys/hacl/c/vale/src/curve25519-x86_64-linux.S
+++ b/sys/hacl/c/vale/src/curve25519-x86_64-linux.S
@@ -983,4 +983,4 @@ cswap2_e:
   movq %r9, 56(%rdx)
   ret
 
-
+.section .note.GNU-stack,"",%progbits