diff --git a/sys/opencrypto/gmac.c b/sys/opencrypto/gmac.c
--- a/sys/opencrypto/gmac.c
+++ b/sys/opencrypto/gmac.c
@@ -70,7 +70,11 @@
 
 	agc = ctx;
 	KASSERT(ivlen <= sizeof agc->counter, ("passed ivlen too large!"));
+	memset(agc->counter, 0, sizeof(agc->counter));
 	bcopy(iv, agc->counter, ivlen);
+	agc->counter[GMAC_BLOCK_LEN - 1] = 1;
+
+	memset(&agc->hash, 0, sizeof(agc->hash));
 }
 
 int
@@ -118,9 +122,7 @@
 	uint8_t enccntr[GMAC_BLOCK_LEN];
 	struct gf128 a;
 
-	/* XXX - zero additional bytes? */
 	agc = ctx;
-	agc->counter[GMAC_BLOCK_LEN - 1] = 1;
 
 	rijndaelEncrypt(agc->keysched, agc->rounds, agc->counter, enccntr);
 	a = gf128_add(agc->hash, gf128_read(enccntr));