diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index bc161630c..10c6ed646 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -4385,6 +4385,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
             return 0;
         }
 
+        int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+                                        const byte* iv, int dir)
+        {
+            if (aes == NULL) {
+                return BAD_FUNC_ARG;
+            }
+            if (len > sizeof(aes->key)) {
+                return BAD_FUNC_ARG;
+            }
+
+            return wc_AesSetKeyLocal(aes, key, len, iv, dir, 0);
+        }
+
     #endif /* NEED_AES_CTR_SOFT */
 
 #endif /* WOLFSSL_AES_COUNTER */
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index 38425aaa8..c1860e24c 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -1336,7 +1336,7 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
         *pubSz = binSz;
 
     mp_clear(y);
-    mp_clear(x);
+    mp_forcezero(x);
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(y, key->heap, DYNAMIC_TYPE_DH);
     XFREE(x, key->heap, DYNAMIC_TYPE_DH);
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index 47ed04285..edaa178c0 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -1196,6 +1196,7 @@ int wolfSSL_GetHmacMaxSize(void)
                 ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
             if (ret == 0)
                 ret = wc_HmacFinal(&myHmac,  out);
+            ForceZero(&myHmac, sizeof(myHmac));
             wc_HmacFree(&myHmac);
         }
 
@@ -1261,6 +1262,7 @@ int wolfSSL_GetHmacMaxSize(void)
             n++;
         }
 
+        ForceZero(&myHmac, sizeof(myHmac));
         wc_HmacFree(&myHmac);
 
         return ret;
diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c
index 6556bfdf9..cece18239 100644
--- a/wolfcrypt/src/kdf.c
+++ b/wolfcrypt/src/kdf.c
@@ -734,6 +734,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz,
         }
     }
 
+    ForceZero(&hash, sizeof(hash));
     _HashFree(enmhashId, &hash);
 
     return ret;
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 3ba981062..9207cc595 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -367,6 +367,9 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
 #ifdef WOLFSSL_AES_COUNTER
  WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out,
                                    const byte* in, word32 sz);
+ WOLFSSL_API int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len,
+                                        const byte* iv, int dir);
+
 #endif
 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)