diff -ruN ssh-/Makefile.inc ssh/Makefile.inc
--- ssh-/Makefile.inc	Mon Apr  2 05:56:14 2018
+++ ssh/Makefile.inc	Mon Apr  2 06:02:20 2018
 SRCS_KEXS+=	kexc25519s.c
 
 SRCS_KEY+=	sshkey.c
+SRCS_KEY+=	freezero.c
 SRCS_KEY+=	sshbuf-misc.c
 SRCS_KEY+=	cipher.c
 SRCS_KEY+=	cipher-chachapoly.c
diff -ruN ssh-/freezero.c ssh/freezero.c
--- ssh-/freezero.c	Thu Jan  1 00:00:00 1970
+++ ssh/freezero.c	Mon Apr  2 06:04:48 2018
@@ -0,0 +1,14 @@
+/* Public domain */
+
+#include <sys/types.h>
+#include <string.h>
+#include <stdlib.h>
+
+void freezero(void *p, size_t s);
+
+void
+freezero(void *p, size_t s)
+{
+	explicit_bzero(p, s);
+	free(p);
+}
diff -ruN ssh-/ssh-rsa.c ssh/ssh-rsa.c
--- ssh-/ssh-rsa.c	Mon Apr  2 05:56:14 2018
+++ ssh/ssh-rsa.c	Mon Apr  2 06:03:06 2018
@@ -30,6 +30,8 @@
 #include "digest.h"
 #include "log.h"
 
+void freezero(void *, size_t);
+
 static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *);
 
 static const char *
diff -ruN ssh-/sshd.c ssh/sshd.c
--- ssh-/sshd.c	Mon Apr  2 05:56:14 2018
+++ ssh/sshd.c	Mon Apr  2 06:03:12 2018
@@ -105,6 +105,8 @@
 #include "version.h"
 #include "ssherr.h"
 
+void freezero(void *, size_t);
+
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD	(STDERR_FILENO + 1)
 #define REEXEC_STARTUP_PIPE_FD		(STDERR_FILENO + 2)
diff -ruN ssh-/sshkey.c ssh/sshkey.c
--- ssh-/sshkey.c	Mon Apr  2 05:56:14 2018
+++ ssh/sshkey.c	Mon Apr  2 06:02:45 2018
@@ -56,6 +56,8 @@
 
 #include "xmss_fast.h"
 
+void freezero(void *, size_t);
+
 /* openssh private key file format */
 #define MARK_BEGIN		"-----BEGIN OPENSSH PRIVATE KEY-----\n"
 #define MARK_END		"-----END OPENSSH PRIVATE KEY-----\n"