diff --git a/arc4random.c b/arc4random.c
index 02c892f96c..a2338e692a 100644
--- a/arc4random.c
+++ b/arc4random.c
@@ -162,7 +162,7 @@ arc4_seed_win32(void)
 	if (!CryptGenRandom(provider, sizeof(buf), buf))
 		return -1;
 	arc4_addrandom(buf, sizeof(buf));
-	memset(buf, 0, sizeof(buf));
+	evutil_memclear_(buf, sizeof(buf));
 	arc4_seeded_ok = 1;
 	return 0;
 }
@@ -200,7 +200,7 @@ arc4_seed_sysctl_linux(void)
 		return -1;
 
 	arc4_addrandom(buf, sizeof(buf));
-	memset(buf, 0, sizeof(buf));
+	evutil_memclear_(buf, sizeof(buf));
 	arc4_seeded_ok = 1;
 	return 0;
 }
@@ -240,7 +240,7 @@ arc4_seed_sysctl_bsd(void)
 		return -1;
 
 	arc4_addrandom(buf, sizeof(buf));
-	memset(buf, 0, sizeof(buf));
+	evutil_memclear_(buf, sizeof(buf));
 	arc4_seeded_ok = 1;
 	return 0;
 }
@@ -285,8 +285,8 @@ arc4_seed_proc_sys_kernel_random_uuid(void)
 		arc4_addrandom(entropy, nybbles/2);
 		bytes += nybbles/2;
 	}
-	memset(entropy, 0, sizeof(entropy));
-	memset(buf, 0, sizeof(buf));
+	evutil_memclear_(entropy, sizeof(entropy));
+	evutil_memclear_(buf, sizeof(buf));
 	arc4_seeded_ok = 1;
 	return 0;
 }
@@ -310,7 +310,7 @@ static int arc4_seed_urandom_helper_(const char *fname)
 	if (n != sizeof(buf))
 		return -1;
 	arc4_addrandom(buf, sizeof(buf));
-	memset(buf, 0, sizeof(buf));
+	evutil_memclear_(buf, sizeof(buf));
 	arc4_seeded_ok = 1;
 	return 0;
 }
diff --git a/evutil.c b/evutil.c
index c2a29a6c9f..e49d744fed 100644
--- a/evutil.c
+++ b/evutil.c
@@ -2400,6 +2400,18 @@ evutil_weakrand_range_(struct evutil_weakrand_state *state, ev_int32_t top)
 	return result;
 }
 
+/**
+ * Volatile pointer to memset: we use this to keep the compiler from
+ * eliminating our call to memset.
+ */
+void * (*volatile evutil_memset_volatile_)(void *, int, size_t) = memset;
+
+void
+evutil_memclear_(void *mem, size_t len)
+{
+	evutil_memset_volatile_(mem, 0, len);
+}
+
 int
 evutil_sockaddr_is_loopback_(const struct sockaddr *addr)
 {
diff --git a/util-internal.h b/util-internal.h
index 9251758e2b..0ab8a2577a 100644
--- a/util-internal.h
+++ b/util-internal.h
@@ -467,6 +467,7 @@ evutil_socket_t evutil_eventfd_(unsigned initval, int flags);
 #define EVUTIL_EFD_CLOEXEC 0x8000
 #endif
 
+void evutil_memclear_(void *mem, size_t len);
 
 #ifdef __cplusplus
 }