diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
index fafab6e0e..228437dfb 100644
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -880,6 +880,7 @@ WOLFSSL_USER_MUTEX
 WOLFSSL_USER_THREADING
 WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW
 WOLFSSL_USE_FLASHMEM
+WOLFSSL_USE_FORCE_ZERO
 WOLFSSL_USE_OPTIONS_H
 WOLFSSL_VALIDATE_DH_KEYGEN
 WOLFSSL_WC_LMS_SERIALIZE_STATE
diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index 5df4d15fc..3f11ebed7 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -1660,6 +1660,40 @@ void __attribute__((no_instrument_function))
 }
 #endif
 
+#ifndef WOLFSSL_NO_FORCE_ZERO
+/* Exported version of ForceZero() that takes a size_t. */
+void wc_ForceZero(void *mem, size_t len)
+{
+    byte *zb = (byte *)mem;
+    unsigned long *zl;
+
+    XFENCE();
+
+    while ((wc_ptr_t)zb & (wc_ptr_t)(sizeof(unsigned long) - 1U)) {
+        if (len == 0)
+            return;
+        *zb++ = 0;
+        --len;
+    }
+
+    zl = (unsigned long *)zb;
+
+    while (len > sizeof(unsigned long)) {
+        *zl++ = 0;
+        len -= sizeof(unsigned long);
+    }
+
+    zb = (byte *)zl;
+
+    while (len) {
+        *zb++ = 0;
+        --len;
+    }
+
+    XFENCE();
+}
+#endif
+
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
 static const byte wc_debug_cipher_lifecycle_tag_value[] =
     { 'W', 'o', 'l', 'f' };
diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h
index fa8e5d02e..6acbc2471 100644
--- a/wolfssl/wolfcrypt/memory.h
+++ b/wolfssl/wolfcrypt/memory.h
@@ -342,6 +342,10 @@ WOLFSSL_LOCAL void wc_MemZero_Add(const char* name, const void* addr,
 WOLFSSL_LOCAL void wc_MemZero_Check(void* addr, size_t len);
 #endif
 
+#ifndef WOLFSSL_NO_FORCE_ZERO
+WOLFSSL_API void wc_ForceZero(void *mem, size_t len);
+#endif
+
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
 WOLFSSL_LOCAL int wc_debug_CipherLifecycleInit(void **CipherLifecycleTag,
                                                void *heap);
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 50aa25df4..fd335be54 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -4038,7 +4038,8 @@ extern void uITRON4_free(void *p) ;
 #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
     !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
     !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) \
-    && !defined(USE_FAST_MATH) && defined(NO_SHA256)
+    && !defined(USE_FAST_MATH) && defined(NO_SHA256) && \
+    !defined(WOLFSSL_USE_FORCE_ZERO)
     #undef  WOLFSSL_NO_FORCE_ZERO
     #define WOLFSSL_NO_FORCE_ZERO
 #endif