These seem like they were definitely meant to be explicit zeroings.
Index: pfkey.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v retrieving revision 1.44 diff -u -p -r1.44 pfkey.c --- pfkey.c 10 Feb 2015 05:18:39 -0000 1.44 +++ pfkey.c 10 Sep 2015 18:35:12 -0000 @@ -464,14 +464,14 @@ pfkey_reply(int sd, u_int32_t *spip) len = hdr.sadb_msg_len * PFKEY2_CHUNK; if (read(sd, data, len) != len) { log_warn("pfkey read"); - bzero(data, len); + explicit_bzero(data, len); free(data); return (-1); } if (hdr.sadb_msg_type == SADB_GETSPI) { if (spip == NULL) { - bzero(data, len); + explicit_bzero(data, len); free(data); return (0); } @@ -489,7 +489,7 @@ pfkey_reply(int sd, u_int32_t *spip) } } } - bzero(data, len); + explicit_bzero(data, len); free(data); return (0); }