diff --git a/drbg-ctr-aes256.c b/drbg-ctr-aes256.c
index b3e8e194779eccaac685c59ba350783ab07917d0..9a7badd6a1485d17a71dcbd9806cc8263cd84786 100644
--- a/drbg-ctr-aes256.c
+++ b/drbg-ctr-aes256.c
@@ -38,41 +38,41 @@
 #include <string.h>
 #include "macros.h"
 #include "memxor.h"
+#include "block-internal.h"
 
+/* provided_data is either NULL or a pointer to
+   DRBG_CTR_AES256_SEED_SIZE (= 48) bytes. */
 static void
-drbg_ctr_aes256_update (struct aes256_ctx *Key,
-			uint8_t *V, uint8_t *provided_data)
+drbg_ctr_aes256_update (struct aes256_ctx *key,
+			union nettle_block16 *V, const uint8_t *provided_data)
 {
-  uint8_t tmp[DRBG_CTR_AES256_SEED_SIZE];
+  union nettle_block16 tmp[3];
 
-  INCREMENT (AES_BLOCK_SIZE, V);
-  aes256_encrypt (Key, AES_BLOCK_SIZE, tmp, V);
+  INCREMENT (AES_BLOCK_SIZE, V->b);
+  aes256_encrypt (key, AES_BLOCK_SIZE, tmp[0].b, V->b);
 
-  INCREMENT (AES_BLOCK_SIZE, V);
-  aes256_encrypt (Key, AES_BLOCK_SIZE, tmp + AES_BLOCK_SIZE, V);
+  INCREMENT (AES_BLOCK_SIZE, V->b);
+  aes256_encrypt (key, AES_BLOCK_SIZE, tmp[1].b, V->b);
 
-  INCREMENT (AES_BLOCK_SIZE, V);
-  aes256_encrypt (Key, AES_BLOCK_SIZE, tmp + 2 * AES_BLOCK_SIZE, V);
+  INCREMENT (AES_BLOCK_SIZE, V->b);
+  aes256_encrypt (key, AES_BLOCK_SIZE, tmp[2].b, V->b);
 
   if (provided_data)
-    memxor (tmp, provided_data, 48);
+    memxor (tmp[0].b, provided_data, DRBG_CTR_AES256_SEED_SIZE);
 
-  aes256_set_encrypt_key (Key, tmp);
-
-  memcpy (V, tmp + AES256_KEY_SIZE, AES_BLOCK_SIZE);
+  aes256_set_encrypt_key (key, tmp[0].b);
+  block16_set (V, &tmp[2]);
 }
 
 void
 drbg_ctr_aes256_init (struct drbg_ctr_aes256_ctx *ctx, uint8_t *seed_material)
 {
-  uint8_t Key[AES256_KEY_SIZE];
-
-  memset (Key, 0, AES256_KEY_SIZE);
-  aes256_set_encrypt_key (&ctx->Key, Key);
+  static const uint8_t zero_key[AES256_KEY_SIZE] = {0};
 
-  memset (ctx->V, 0, AES_BLOCK_SIZE);
+  aes256_set_encrypt_key (&ctx->key, zero_key);
 
-  drbg_ctr_aes256_update (&ctx->Key, ctx->V, seed_material);
+  block16_zero (&ctx->V);
+  drbg_ctr_aes256_update (&ctx->key, &ctx->V, seed_material);
 }
 
 void
@@ -81,20 +81,20 @@ drbg_ctr_aes256_random (struct drbg_ctr_aes256_ctx *ctx,
 {
   while (n >= AES_BLOCK_SIZE)
     {
-      INCREMENT (AES_BLOCK_SIZE, ctx->V);
-      aes256_encrypt (&ctx->Key, AES_BLOCK_SIZE, dst, ctx->V);
+      INCREMENT (AES_BLOCK_SIZE, ctx->V.b);
+      aes256_encrypt (&ctx->key, AES_BLOCK_SIZE, dst, ctx->V.b);
       dst += AES_BLOCK_SIZE;
       n -= AES_BLOCK_SIZE;
     }
 
   if (n > 0)
     {
-      uint8_t block[AES_BLOCK_SIZE];
+      union nettle_block16 block;
 
-      INCREMENT (AES_BLOCK_SIZE, ctx->V);
-      aes256_encrypt (&ctx->Key, AES_BLOCK_SIZE, block, ctx->V);
-      memcpy (dst, block, n);
+      INCREMENT (AES_BLOCK_SIZE, ctx->V.b);
+      aes256_encrypt (&ctx->key, AES_BLOCK_SIZE, block.b, ctx->V.b);
+      memcpy (dst, block.b, n);
     }
 
-  drbg_ctr_aes256_update (&ctx->Key, ctx->V, NULL);
+  drbg_ctr_aes256_update (&ctx->key, &ctx->V, NULL);
 }
diff --git a/drbg-ctr.h b/drbg-ctr.h
index 63ac36806638945544691a6f6698d54ca4f9adec..803610f91f1667663dbcb0f11a0d24212d11036f 100644
--- a/drbg-ctr.h
+++ b/drbg-ctr.h
@@ -47,8 +47,8 @@ extern "C"
 
 struct drbg_ctr_aes256_ctx
 {
-  struct aes256_ctx Key;
-  uint8_t V[AES_BLOCK_SIZE];
+  struct aes256_ctx key;
+  union nettle_block16 V;
 };
 
 /* Initialize using DRBG_CTR_AES256_SEED_SIZE bytes of