diff --git a/sys/dev/cxgbe/crypto/t4_crypto.c b/sys/dev/cxgbe/crypto/t4_crypto.c
--- a/sys/dev/cxgbe/crypto/t4_crypto.c
+++ b/sys/dev/cxgbe/crypto/t4_crypto.c
@@ -1391,7 +1391,6 @@
 	void *auth_ctx, *kschedule;
 	char block[GMAC_BLOCK_LEN];
 	char digest[GMAC_DIGEST_LEN];
-	char iv[AES_BLOCK_LEN];
 	int error, i, len;
 
 	auth_ctx = NULL;
@@ -1436,10 +1435,8 @@
 		error = EINVAL;
 		goto out;
 	}
-	crypto_read_iv(crp, iv);
-	*(uint32_t *)&iv[12] = htobe32(1);
 
-	axf->Reinit(auth_ctx, iv, sizeof(iv));
+	axf->Reinit(auth_ctx, crp->crp_iv, AES_GCM_IV_LEN);
 
 	/* MAC the AAD. */
 	if (crp->crp_aad != NULL) {
@@ -1462,7 +1459,7 @@
 		}
 	}
 
-	exf->reinit(kschedule, iv, sizeof(iv));
+	exf->reinit(kschedule, crp->crp_iv, AES_GCM_IV_LEN);
 
 	/* Do encryption with MAC */
 	for (i = 0; i < crp->crp_payload_length; i += sizeof(block)) {
@@ -1522,7 +1519,6 @@
 	zfree(kschedule, M_CCR);
 	zfree(auth_ctx, M_CCR);
 	explicit_bzero(block, sizeof(block));
-	explicit_bzero(iv, sizeof(iv));
 	explicit_bzero(digest, sizeof(digest));
 	crp->crp_etype = error;
 	crypto_done(crp);
@@ -1878,7 +1874,6 @@
 	void *kschedule;
 	char block[CCM_CBC_BLOCK_LEN];
 	char digest[AES_CBC_MAC_HASH_LEN];
-	char iv[AES_CCM_IV_LEN];
 	int error, i, len;
 
 	auth_ctx = NULL;
@@ -1923,11 +1918,10 @@
 		error = EINVAL;
 		goto out;
 	}
-	crypto_read_iv(crp, iv);
 
 	auth_ctx->aes_cbc_mac_ctx.authDataLength = crp->crp_aad_length;
 	auth_ctx->aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length;
-	axf->Reinit(auth_ctx, iv, sizeof(iv));
+	axf->Reinit(auth_ctx, crp->crp_iv, AES_CCM_IV_LEN);
 
 	/* MAC the AAD. */
 	if (crp->crp_aad != NULL)
@@ -1939,7 +1933,7 @@
 	if (error)
 		goto out;
 
-	exf->reinit(kschedule, iv, sizeof(iv));
+	exf->reinit(kschedule, crp->crp_iv, AES_CCM_IV_LEN);
 
 	/* Do encryption/decryption with MAC */
 	for (i = 0; i < crp->crp_payload_length; i += sizeof(block)) {
@@ -1974,7 +1968,7 @@
 			error = 0;
 
 			/* Tag matches, decrypt data. */
-			exf->reinit(kschedule, iv, sizeof(iv));
+			exf->reinit(kschedule, crp->crp_iv, AES_CCM_IV_LEN);
 			for (i = 0; i < crp->crp_payload_length;
 			     i += sizeof(block)) {
 				len = imin(crp->crp_payload_length - i,
@@ -1995,7 +1989,6 @@
 	zfree(kschedule, M_CCR);
 	zfree(auth_ctx, M_CCR);
 	explicit_bzero(block, sizeof(block));
-	explicit_bzero(iv, sizeof(iv));
 	explicit_bzero(digest, sizeof(digest));
 	crp->crp_etype = error;
 	crypto_done(crp);
diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@@ -463,7 +463,6 @@
 	uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))];
 	u_char *blk = (u_char *)blkbuf;
 	u_char tag[GMAC_DIGEST_LEN];
-	u_char iv[AES_BLOCK_LEN];
 	struct crypto_buffer_cursor cc_in, cc_out;
 	const u_char *inblk;
 	u_char *outblk;
@@ -492,12 +491,10 @@
 	if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0)
 		return (EINVAL);
 
-	/* Initialize the IV */
 	ivlen = AES_GCM_IV_LEN;
-	bcopy(crp->crp_iv, iv, ivlen);
 
 	/* Supply MAC with IV */
-	axf->Reinit(&ctx, iv, ivlen);
+	axf->Reinit(&ctx, crp->crp_iv, ivlen);
 
 	/* Supply MAC with AAD */
 	if (crp->crp_aad != NULL) {
@@ -536,7 +533,7 @@
 	if (crp->crp_cipher_key != NULL)
 		exf->setkey(swe->sw_kschedule, crp->crp_cipher_key,
 		    crypto_get_params(crp->crp_session)->csp_cipher_klen);
-	exf->reinit(swe->sw_kschedule, iv, ivlen);
+	exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen);
 
 	/* Do encryption with MAC */
 	crypto_cursor_init(&cc_in, &crp->crp_buf);
@@ -635,7 +632,6 @@
 out:
 	explicit_bzero(blkbuf, sizeof(blkbuf));
 	explicit_bzero(tag, sizeof(tag));
-	explicit_bzero(iv, sizeof(iv));
 
 	return (error);
 }
@@ -701,7 +697,6 @@
 	uint32_t blkbuf[howmany(AES_BLOCK_LEN, sizeof(uint32_t))];
 	u_char *blk = (u_char *)blkbuf;
 	u_char tag[AES_CBC_MAC_HASH_LEN];
-	u_char iv[AES_BLOCK_LEN];
 	struct crypto_buffer_cursor cc_in, cc_out;
 	const u_char *inblk;
 	u_char *outblk;
@@ -729,9 +724,7 @@
 	if ((crp->crp_flags & CRYPTO_F_IV_SEPARATE) == 0)
 		return (EINVAL);
 
-	/* Initialize the IV */
 	ivlen = AES_CCM_IV_LEN;
-	bcopy(crp->crp_iv, iv, ivlen);
 
 	/*
 	 * AES CCM-CBC-MAC needs to know the length of both the auth
@@ -741,7 +734,7 @@
 	ctx.aes_cbc_mac_ctx.cryptDataLength = crp->crp_payload_length;
 
 	/* Supply MAC with IV */
-	axf->Reinit(&ctx, iv, ivlen);
+	axf->Reinit(&ctx, crp->crp_iv, ivlen);
 
 	/* Supply MAC with AAD */
 	if (crp->crp_aad != NULL)
@@ -755,7 +748,7 @@
 	if (crp->crp_cipher_key != NULL)
 		exf->setkey(swe->sw_kschedule, crp->crp_cipher_key,
 		    crypto_get_params(crp->crp_session)->csp_cipher_klen);
-	exf->reinit(swe->sw_kschedule, iv, ivlen);
+	exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen);
 
 	/* Do encryption/decryption with MAC */
 	crypto_cursor_init(&cc_in, &crp->crp_buf);
@@ -826,7 +819,7 @@
 		}
 
 		/* tag matches, decrypt data */
-		exf->reinit(swe->sw_kschedule, iv, ivlen);
+		exf->reinit(swe->sw_kschedule, crp->crp_iv, ivlen);
 		crypto_cursor_init(&cc_in, &crp->crp_buf);
 		crypto_cursor_advance(&cc_in, crp->crp_payload_start);
 		for (resid = crp->crp_payload_length; resid > blksz;
@@ -859,7 +852,6 @@
 out:
 	explicit_bzero(blkbuf, sizeof(blkbuf));
 	explicit_bzero(tag, sizeof(tag));
-	explicit_bzero(iv, sizeof(iv));
 	return (error);
 }