Index: head/sys/dev/cxgbe/crypto/t4_crypto.c
===================================================================
--- head/sys/dev/cxgbe/crypto/t4_crypto.c
+++ head/sys/dev/cxgbe/crypto/t4_crypto.c
@@ -1495,11 +1495,15 @@
 			}
 		} else
 			error = EBADMSG;
+		explicit_bzero(digest2, sizeof(digest2));
 	}
 
 out:
 	zfree(kschedule, M_CCR);
 	zfree(auth_ctx, M_CCR);
+	explicit_bzero(block, sizeof(block));
+	explicit_bzero(iv, sizeof(iv));
+	explicit_bzero(digest, sizeof(digest));
 	crp->crp_etype = error;
 	crypto_done(crp);
 }
@@ -1953,11 +1957,15 @@
 			}
 		} else
 			error = EBADMSG;
+		explicit_bzero(digest2, sizeof(digest2));
 	}
 
 out:
 	zfree(kschedule, M_CCR);
 	zfree(auth_ctx, M_CCR);
+	explicit_bzero(block, sizeof(block));
+	explicit_bzero(iv, sizeof(iv));
+	explicit_bzero(digest, sizeof(digest));
 	crp->crp_etype = error;
 	crypto_done(crp);
 }
Index: head/sys/opencrypto/cryptosoft.c
===================================================================
--- head/sys/opencrypto/cryptosoft.c
+++ head/sys/opencrypto/cryptosoft.c
@@ -131,8 +131,6 @@
 	    (crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0)
 		return (EINVAL);
 
-	crypto_read_iv(crp, iv);
-
 	if (crp->crp_cipher_key != NULL) {
 		csp = crypto_get_params(crp->crp_session);
 		error = exf->setkey(sw->sw_kschedule,
@@ -141,6 +139,8 @@
 			return (error);
 	}
 
+	crypto_read_iv(crp, iv);
+
 	if (exf->reinit) {
 		/*
 		 * xforms that provide a reinit method perform all IV
@@ -277,6 +277,9 @@
 			crypto_cursor_copyback(&cc_out, resid, blk);
 	}
 
+	explicit_bzero(blk, sizeof(blk));
+	explicit_bzero(iv, sizeof(iv));
+	explicit_bzero(iv2, sizeof(iv2));
 	return (0);
 }
 
@@ -314,7 +317,6 @@
 swcr_authcompute(struct swcr_session *ses, struct cryptop *crp)
 {
 	u_char aalg[HASH_MAX_LEN];
-	u_char uaalg[HASH_MAX_LEN];
 	const struct crypto_session_params *csp;
 	struct swcr_auth *sw;
 	struct auth_hash *axf;
@@ -383,14 +385,18 @@
 	}
 
 	if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
+		u_char uaalg[HASH_MAX_LEN];
+
 		crypto_copydata(crp, crp->crp_digest_start, sw->sw_mlen, uaalg);
 		if (timingsafe_bcmp(aalg, uaalg, sw->sw_mlen) != 0)
-			return (EBADMSG);
+			err = EBADMSG;
+		explicit_bzero(uaalg, sizeof(uaalg));
 	} else {
 		/* Inject the authentication data */
 		crypto_copyback(crp, crp->crp_digest_start, sw->sw_mlen, aalg);
 	}
-	return (0);
+	explicit_bzero(aalg, sizeof(aalg));
+	return (err);
 }
 
 CTASSERT(INT_MAX <= (1ll<<39) - 256);	/* GCM: plain text < 2^39-256 */
@@ -402,14 +408,13 @@
 	uint32_t blkbuf[howmany(EALG_MAX_BLOCK_LEN, sizeof(uint32_t))];
 	u_char *blk = (u_char *)blkbuf;
 	u_char aalg[AALG_MAX_RESULT_LEN];
-	u_char uaalg[AALG_MAX_RESULT_LEN];
 	u_char iv[EALG_MAX_BLOCK_LEN];
 	struct crypto_buffer_cursor cc;
 	union authctx ctx;
 	struct swcr_auth *swa;
 	struct auth_hash *axf;
 	uint32_t *blkp;
-	int blksz, ivlen, len, resid;
+	int blksz, error, ivlen, len, resid;
 
 	swa = &ses->swcr_auth;
 	axf = swa->sw_axf;
@@ -440,16 +445,23 @@
 	/* Finalize MAC */
 	axf->Final(aalg, &ctx);
 
+	error = 0;
 	if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
+		u_char uaalg[AALG_MAX_RESULT_LEN];
+
 		crypto_copydata(crp, crp->crp_digest_start, swa->sw_mlen,
 		    uaalg);
 		if (timingsafe_bcmp(aalg, uaalg, swa->sw_mlen) != 0)
-			return (EBADMSG);
+			error = EBADMSG;
+		explicit_bzero(uaalg, sizeof(uaalg));
 	} else {
 		/* Inject the authentication data */
 		crypto_copyback(crp, crp->crp_digest_start, swa->sw_mlen, aalg);
 	}
-	return (0);
+	explicit_bzero(blkbuf, sizeof(blkbuf));
+	explicit_bzero(aalg, sizeof(aalg));
+	explicit_bzero(iv, sizeof(iv));
+	return (error);
 }
 
 static int
@@ -458,7 +470,6 @@
 	uint32_t blkbuf[howmany(EALG_MAX_BLOCK_LEN, sizeof(uint32_t))];
 	u_char *blk = (u_char *)blkbuf;
 	u_char aalg[AALG_MAX_RESULT_LEN];
-	u_char uaalg[AALG_MAX_RESULT_LEN];
 	u_char iv[EALG_MAX_BLOCK_LEN];
 	struct crypto_buffer_cursor cc_in, cc_out;
 	union authctx ctx;
@@ -467,7 +478,7 @@
 	struct auth_hash *axf;
 	struct enc_xform *exf;
 	uint32_t *blkp;
-	int blksz, ivlen, len, r, resid;
+	int blksz, error, ivlen, len, r, resid;
 
 	swa = &ses->swcr_auth;
 	axf = swa->sw_axf;
@@ -536,13 +547,19 @@
 	axf->Final(aalg, &ctx);
 
 	/* Validate tag */
+	error = 0;
 	if (!CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
+		u_char uaalg[AALG_MAX_RESULT_LEN];
+
 		crypto_copydata(crp, crp->crp_digest_start, swa->sw_mlen,
 		    uaalg);
 
 		r = timingsafe_bcmp(aalg, uaalg, swa->sw_mlen);
-		if (r != 0)
-			return (EBADMSG);
+		explicit_bzero(uaalg, sizeof(uaalg));
+		if (r != 0) {
+			error = EBADMSG;
+			goto out;
+		}
 		
 		/* tag matches, decrypt data */
 		crypto_cursor_init(&cc_in, &crp->crp_buf);
@@ -562,7 +579,12 @@
 		    aalg);
 	}
 
-	return (0);
+out:
+	explicit_bzero(blkbuf, sizeof(blkbuf));
+	explicit_bzero(aalg, sizeof(aalg));
+	explicit_bzero(iv, sizeof(iv));
+
+	return (error);
 }
 
 static int
@@ -571,13 +593,12 @@
 	uint32_t blkbuf[howmany(EALG_MAX_BLOCK_LEN, sizeof(uint32_t))];
 	u_char *blk = (u_char *)blkbuf;
 	u_char aalg[AALG_MAX_RESULT_LEN];
-	u_char uaalg[AALG_MAX_RESULT_LEN];
 	u_char iv[EALG_MAX_BLOCK_LEN];
 	struct crypto_buffer_cursor cc;
 	union authctx ctx;
 	struct swcr_auth *swa;
 	struct auth_hash *axf;
-	int blksz, ivlen, len, resid;
+	int blksz, error, ivlen, len, resid;
 
 	swa = &ses->swcr_auth;
 	axf = swa->sw_axf;
@@ -609,16 +630,23 @@
 	/* Finalize MAC */
 	axf->Final(aalg, &ctx);
 
+	error = 0;
 	if (crp->crp_op & CRYPTO_OP_VERIFY_DIGEST) {
+		u_char uaalg[AALG_MAX_RESULT_LEN];
+
 		crypto_copydata(crp, crp->crp_digest_start, swa->sw_mlen,
 		    uaalg);
 		if (timingsafe_bcmp(aalg, uaalg, swa->sw_mlen) != 0)
-			return (EBADMSG);
+			error = EBADMSG;
+		explicit_bzero(uaalg, sizeof(uaalg));
 	} else {
 		/* Inject the authentication data */
 		crypto_copyback(crp, crp->crp_digest_start, swa->sw_mlen, aalg);
 	}
-	return (0);
+	explicit_bzero(blkbuf, sizeof(blkbuf));
+	explicit_bzero(aalg, sizeof(aalg));
+	explicit_bzero(iv, sizeof(iv));
+	return (error);
 }
 
 static int
@@ -627,7 +655,6 @@
 	uint32_t blkbuf[howmany(EALG_MAX_BLOCK_LEN, sizeof(uint32_t))];
 	u_char *blk = (u_char *)blkbuf;
 	u_char aalg[AALG_MAX_RESULT_LEN];
-	u_char uaalg[AALG_MAX_RESULT_LEN];
 	u_char iv[EALG_MAX_BLOCK_LEN];
 	struct crypto_buffer_cursor cc_in, cc_out;
 	union authctx ctx;
@@ -635,7 +662,7 @@
 	struct swcr_encdec *swe;
 	struct auth_hash *axf;
 	struct enc_xform *exf;
-	int blksz, ivlen, len, r, resid;
+	int blksz, error, ivlen, len, r, resid;
 
 	swa = &ses->swcr_auth;
 	axf = swa->sw_axf;
@@ -712,13 +739,19 @@
 	axf->Final(aalg, &ctx);
 
 	/* Validate tag */
+	error = 0;
 	if (!CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) {
+		u_char uaalg[AALG_MAX_RESULT_LEN];
+
 		crypto_copydata(crp, crp->crp_digest_start, swa->sw_mlen,
 		    uaalg);
 
 		r = timingsafe_bcmp(aalg, uaalg, swa->sw_mlen);
-		if (r != 0)
-			return (EBADMSG);
+		explicit_bzero(uaalg, sizeof(uaalg));
+		if (r != 0) {
+			error = EBADMSG;
+			goto out;
+		}
 		
 		/* tag matches, decrypt data */
 		exf->reinit(swe->sw_kschedule, iv);
@@ -739,7 +772,11 @@
 		    aalg);
 	}
 
-	return (0);
+out:
+	explicit_bzero(blkbuf, sizeof(blkbuf));
+	explicit_bzero(aalg, sizeof(aalg));
+	explicit_bzero(iv, sizeof(iv));
+	return (error);
 }
 
 /*