diff --git a/include/kore/kore.h b/include/kore/kore.h
index 8d7a7f4..de0fbc9 100644
--- a/include/kore/kore.h
+++ b/include/kore/kore.h
@@ -909,6 +909,7 @@ void		kore_mem_init(void);
 void		kore_mem_cleanup(void);
 void		kore_mem_untag(void *);
 void		*kore_mem_lookup(u_int32_t);
+void		kore_mem_zero(void *, size_t);
 void		kore_mem_tag(void *, u_int32_t);
 void		*kore_malloc_tagged(size_t, u_int32_t);
 
diff --git a/src/mem.c b/src/mem.c
index 6250915..a8585e9 100644
--- a/src/mem.c
+++ b/src/mem.c
@@ -264,6 +264,20 @@ kore_mem_lookup(u_int32_t id)
 	return (NULL);
 }
 
+/* Best effort to try and let the compiler not optimize this call away. */
+void
+kore_mem_zero(void *ptr, size_t len)
+{
+	volatile char	*p;
+
+	p = (volatile char *)ptr;
+
+	if (p != NULL) {
+		while (len-- > 0)
+			*(p)++ = 0x00;
+	}
+}
+
 static size_t
 memblock_index(size_t len)
 {
diff --git a/src/sha1.c b/src/sha1.c
index 58e5203..8fbd27a 100644
--- a/src/sha1.c
+++ b/src/sha1.c
@@ -17,6 +17,7 @@
 #include <sys/types.h>
 #include <string.h>
 
+#include "kore.h"
 #include "sha1.h"
 
 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
@@ -167,5 +168,5 @@ SHA1Final(u_int8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
 		   ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
 	}
 
-	//explicit_bzero(context, sizeof(*context));
+	kore_mem_zero(context, sizeof(*context));
 }
diff --git a/src/sha2.c b/src/sha2.c
index fc42b97..d9b9bdb 100644
--- a/src/sha2.c
+++ b/src/sha2.c
@@ -45,6 +45,7 @@
 #include <endian.h>
 #endif
 
+#include "kore.h"
 #include "sha2.h"
 
 /*
@@ -551,7 +552,7 @@ SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
 #else
 	memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
 #endif
-	//explicit_bzero(context, sizeof(*context));
+	kore_mem_zero(context, sizeof(*context));
 }
 
 
@@ -827,7 +828,7 @@ SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
 #else
 	memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
 #endif
-	//explicit_bzero(context, sizeof(*context));
+	kore_mem_zero(context, sizeof(*context));
 }
 
 /*** SHA-384: *********************************************************/
@@ -874,5 +875,5 @@ SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
 	memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
 #endif
 	/* Zero out state data */
-	//explicit_bzero(context, sizeof(*context));
+	kore_mem_zero(context, sizeof(*context));
 }