Index: head/sys/crypto/aesni/aesni.c
===================================================================
--- head/sys/crypto/aesni/aesni.c
+++ head/sys/crypto/aesni/aesni.c
@@ -254,7 +254,8 @@
 	struct aesni_softc *sc;
 
 	sc = device_get_softc(dev);
-	if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT)) != 0)
+	if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) !=
+	    0)
 		return (EINVAL);
 	switch (csp->csp_mode) {
 	case CSP_MODE_DIGEST:
@@ -697,8 +698,11 @@
 	authbuf = NULL;
 	if (csp->csp_cipher_alg == CRYPTO_AES_NIST_GCM_16 ||
 	    csp->csp_cipher_alg == CRYPTO_AES_CCM_16) {
-		authbuf = aesni_cipher_alloc(crp, crp->crp_aad_start,
-		    crp->crp_aad_length, &authallocated);
+		if (crp->crp_aad != NULL)
+			authbuf = crp->crp_aad;
+		else
+			authbuf = aesni_cipher_alloc(crp, crp->crp_aad_start,
+			    crp->crp_aad_length, &authallocated);
 		if (authbuf == NULL) {
 			error = ENOMEM;
 			goto out;
@@ -850,8 +854,12 @@
 			hmac_key[i] = 0 ^ HMAC_IPAD_VAL;
 		ses->hash_update(&sctx, hmac_key, sizeof(hmac_key));
 
-		crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
-		    ses->hash_update, &sctx);
+		if (crp->crp_aad != NULL)
+			ses->hash_update(&sctx, crp->crp_aad,
+			    crp->crp_aad_length);
+		else
+			crypto_apply(crp, crp->crp_aad_start,
+			    crp->crp_aad_length, ses->hash_update, &sctx);
 		if (CRYPTO_HAS_OUTPUT_BUFFER(crp) &&
 		    CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
 			crypto_apply_buf(&crp->crp_obuf,
@@ -876,8 +884,12 @@
 	} else {
 		ses->hash_init(&sctx);
 
-		crypto_apply(crp, crp->crp_aad_start, crp->crp_aad_length,
-		    ses->hash_update, &sctx);
+		if (crp->crp_aad != NULL)
+			ses->hash_update(&sctx, crp->crp_aad,
+			    crp->crp_aad_length);
+		else
+			crypto_apply(crp, crp->crp_aad_start,
+			    crp->crp_aad_length, ses->hash_update, &sctx);
 		if (CRYPTO_HAS_OUTPUT_BUFFER(crp) &&
 		    CRYPTO_OP_IS_ENCRYPT(crp->crp_op))
 			crypto_apply_buf(&crp->crp_obuf,