diff --git a/src/ec/suite_b/ecdh.rs b/src/ec/suite_b/ecdh.rs
index aae31d2369..2198172d8c 100644
--- a/src/ec/suite_b/ecdh.rs
+++ b/src/ec/suite_b/ecdh.rs
@@ -181,7 +181,7 @@ mod tests {
             // Test that a private key value exactly equal to the group order
             // is rejected and that `generate` gives up after a while of only
             // getting that value from the PRNG.
-            let mut n_bytes = [0u8; ec::SCALAR_MAX_BYTES];
+            let mut n_bytes = [test::UNINITIALIZED_U8; ec::SCALAR_MAX_BYTES];
             let num_bytes = curve.elem_scalar_seed_len;
             limb::big_endian_from_limbs(&ops.n.limbs[..ops.num_limbs], &mut n_bytes[..num_bytes]);
             {
diff --git a/src/rsa/padding.rs b/src/rsa/padding.rs
index c7e3a1efa6..6d655e2193 100644
--- a/src/rsa/padding.rs
+++ b/src/rsa/padding.rs
@@ -584,7 +584,7 @@ mod test {
 
                 let rng = test::rand::FixedSliceRandom { bytes: &salt };
 
-                let mut m_out = vec![0u8; bit_len.as_usize_bytes_rounded_up()];
+                let mut m_out = vec![test::UNINITIALIZED_U8; bit_len.as_usize_bytes_rounded_up()];
                 let digest = digest::digest(alg.digest_alg(), &msg);
                 alg.encode(&digest, &mut m_out, bit_len, &rng).unwrap();
                 assert_eq!(m_out, encoded);
diff --git a/src/rsa/signing.rs b/src/rsa/signing.rs
index 52d857d302..78b2817cab 100644
--- a/src/rsa/signing.rs
+++ b/src/rsa/signing.rs
@@ -608,7 +608,7 @@ impl RsaKeyPair {
 mod tests {
     // We intentionally avoid `use super::*` so that we are sure to use only
     // the public API; this ensures that enough of the API is public.
-    use crate::{rand, signature};
+    use crate::{rand, signature, test};
     use alloc::vec;
 
     // `KeyPair::sign` requires that the output buffer is the same length as
@@ -624,7 +624,7 @@ mod tests {
         let key_pair = signature::RsaKeyPair::from_der(PRIVATE_KEY_DER).unwrap();
 
         // The output buffer is one byte too short.
-        let mut signature = vec![0; key_pair.public_modulus_len() - 1];
+        let mut signature = vec![test::UNINITIALIZED_U8; key_pair.public_modulus_len() - 1];
 
         assert!(key_pair
             .sign(&signature::RSA_PKCS1_SHA256, &rng, MESSAGE, &mut signature)
diff --git a/src/test.rs b/src/test.rs
index a55f7b760f..8216303575 100644
--- a/src/test.rs
+++ b/src/test.rs
@@ -126,6 +126,10 @@ use crate::{bits, digest, error};
 #[cfg(any(feature = "std", feature = "test_logging"))]
 extern crate std;
 
+/// `UNINITIALIZED_U8` is a non-zero value used to initialize test buffers
+/// as a way to differentiate from zeroed-but-otherwise-unwritten memory.
+pub const UNINITIALIZED_U8: u8 = 0xDE;
+
 /// `compile_time_assert_clone::<T>();` fails to compile if `T` doesn't
 /// implement `Clone`.
 pub fn compile_time_assert_clone<T: Clone>() {}
diff --git a/tests/aead_tests.rs b/tests/aead_tests.rs
index 674573a88c..3d2df33b48 100644
--- a/tests/aead_tests.rs
+++ b/tests/aead_tests.rs
@@ -365,7 +365,7 @@ fn less_safe_key_open_within(
 #[allow(clippy::range_plus_one)]
 fn key_sizes(aead_alg: &'static aead::Algorithm) {
     let key_len = aead_alg.key_len();
-    let key_data = vec![0u8; key_len * 2];
+    let key_data = vec![test::UNINITIALIZED_U8; key_len * 2];
 
     // Key is the right size.
     assert!(aead::UnboundKey::new(aead_alg, &key_data[..key_len]).is_ok());
@@ -394,7 +394,7 @@ fn key_sizes(aead_alg: &'static aead::Algorithm) {
 #[test]
 fn test_aead_nonce_sizes() {
     let nonce_len = aead::NONCE_LEN;
-    let nonce = vec![0u8; nonce_len * 2];
+    let nonce = vec![test::UNINITIALIZED_U8; nonce_len * 2];
 
     assert!(aead::Nonce::try_assume_unique_for_key(&nonce[..nonce_len]).is_ok());
     assert!(aead::Nonce::try_assume_unique_for_key(&nonce[..(nonce_len - 1)]).is_err());
@@ -420,7 +420,8 @@ fn aead_chacha20_poly1305_openssh() {
             // XXX: `polyfill::convert` isn't available here.
             let key_bytes = {
                 let as_vec = test_case.consume_bytes("KEY");
-                let mut as_array = [0u8; aead::chacha20_poly1305_openssh::KEY_LEN];
+                let mut as_array =
+                    [test::UNINITIALIZED_U8; aead::chacha20_poly1305_openssh::KEY_LEN];
                 as_array.copy_from_slice(&as_vec);
                 as_array
             };
@@ -435,7 +436,7 @@ fn aead_chacha20_poly1305_openssh() {
             // TODO: Add some tests for when things fail.
             //let error = test_case.consume_optional_string("FAILS");
 
-            let mut tag = [0u8; aead::chacha20_poly1305_openssh::TAG_LEN];
+            let mut tag = [test::UNINITIALIZED_U8; aead::chacha20_poly1305_openssh::TAG_LEN];
             let mut s_in_out = plaintext.clone();
             let s_key = aead::chacha20_poly1305_openssh::SealingKey::new(&key_bytes);
             s_key.seal_in_place(sequence_num, &mut s_in_out[..], &mut tag);
@@ -479,8 +480,8 @@ fn test_tag_traits() {
 #[test]
 #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)]
 fn test_aead_key_debug() {
-    let key_bytes = [0; 32];
-    let nonce = [0; aead::NONCE_LEN];
+    let key_bytes = [test::UNINITIALIZED_U8; 32];
+    let nonce = [test::UNINITIALIZED_U8; aead::NONCE_LEN];
 
     let key = aead::UnboundKey::new(&aead::AES_256_GCM, &key_bytes).unwrap();
     assert_eq!(
diff --git a/tests/digest_tests.rs b/tests/digest_tests.rs
index c275de7054..3601edc2e2 100644
--- a/tests/digest_tests.rs
+++ b/tests/digest_tests.rs
@@ -187,7 +187,7 @@ macro_rules! test_i_u_f {
         // TODO: #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)]
         #[test]
         fn $test_name() {
-            let mut input = [0; (digest::MAX_BLOCK_LEN + 1) * 3];
+            let mut input = [test::UNINITIALIZED_U8; (digest::MAX_BLOCK_LEN + 1) * 3];
             let max = $alg.block_len + 1;
             for i in 0..(max * 3) {
                 input[i] = (i & 0xff) as u8;
diff --git a/tests/hkdf_tests.rs b/tests/hkdf_tests.rs
index 88435a845e..46e6587ef9 100644
--- a/tests/hkdf_tests.rs
+++ b/tests/hkdf_tests.rs
@@ -122,7 +122,7 @@ impl hkdf::KeyType for My<usize> {
 
 impl From<hkdf::Okm<'_, My<usize>>> for My<Vec<u8>> {
     fn from(okm: hkdf::Okm<My<usize>>) -> Self {
-        let mut r = vec![0u8; okm.len().0];
+        let mut r = vec![test::UNINITIALIZED_U8; okm.len().0];
         okm.fill(&mut r).unwrap();
         My(r)
     }
diff --git a/tests/hmac_tests.rs b/tests/hmac_tests.rs
index 5d12cb3103..c3d2b35053 100644
--- a/tests/hmac_tests.rs
+++ b/tests/hmac_tests.rs
@@ -105,7 +105,7 @@ fn hmac_test_case_inner(
 #[test]
 #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)]
 fn hmac_debug() {
-    let key = hmac::Key::new(hmac::HMAC_SHA256, &[0; 32]);
+    let key = hmac::Key::new(hmac::HMAC_SHA256, &[test::UNINITIALIZED_U8; 32]);
     assert_eq!("Key { algorithm: SHA256 }", format!("{:?}", &key));
 
     let ctx = hmac::Context::with_key(&key);
diff --git a/tests/pbkdf2_tests.rs b/tests/pbkdf2_tests.rs
index 13300fa46e..47eba29cc8 100644
--- a/tests/pbkdf2_tests.rs
+++ b/tests/pbkdf2_tests.rs
@@ -54,7 +54,7 @@ pub fn pbkdf2_tests() {
         };
 
         {
-            let mut out = vec![0u8; dk.len()];
+            let mut out = vec![test::UNINITIALIZED_U8; dk.len()];
             pbkdf2::derive(algorithm, iterations, &salt, &secret, &mut out);
             assert_eq!(dk == out, verify_expected_result.is_ok() || dk.is_empty());
         }
diff --git a/tests/quic_tests.rs b/tests/quic_tests.rs
index 545d7a76fb..8caf2003a3 100644
--- a/tests/quic_tests.rs
+++ b/tests/quic_tests.rs
@@ -49,12 +49,12 @@ fn test_quic(alg: &'static quic::Algorithm, test_file: test::File) {
 #[allow(clippy::range_plus_one)]
 fn test_sample_len(alg: &'static quic::Algorithm) {
     let key_len = alg.key_len();
-    let key_data = vec![0u8; key_len];
+    let key_data = vec![test::UNINITIALIZED_U8; key_len];
 
     let key = quic::HeaderProtectionKey::new(alg, &key_data).unwrap();
 
     let sample_len = 16;
-    let sample_data = vec![0u8; sample_len + 2];
+    let sample_data = vec![test::UNINITIALIZED_U8; sample_len + 2];
 
     // Sample is the right size.
     assert!(key.new_mask(&sample_data[..sample_len]).is_ok());
diff --git a/tests/rand_tests.rs b/tests/rand_tests.rs
index f029dd912a..bdb8e60bbe 100644
--- a/tests/rand_tests.rs
+++ b/tests/rand_tests.rs
@@ -53,7 +53,7 @@ fn test_system_random_lengths() {
     ];
 
     for len in lengths.iter() {
-        let mut buf = vec![0; *len];
+        let mut buf = vec![test::UNINITIALIZED_U8; *len];
 
         let rng = rand::SystemRandom::new();
         assert!(rng.fill(&mut buf).is_ok());
diff --git a/tests/rsa_tests.rs b/tests/rsa_tests.rs
index 2b29b26150..b49aff9060 100644
--- a/tests/rsa_tests.rs
+++ b/tests/rsa_tests.rs
@@ -84,7 +84,7 @@ fn test_signature_rsa_pkcs1_sign() {
 
             // XXX: This test is too slow on Android ARM Travis CI builds.
             // TODO: re-enable these tests on Android ARM.
-            let mut actual = vec![0u8; key_pair.public_modulus_len()];
+            let mut actual = vec![test::UNINITIALIZED_U8; key_pair.public_modulus_len()];
             key_pair
                 .sign(alg, &rng, &msg, actual.as_mut_slice())
                 .unwrap();
@@ -124,7 +124,7 @@ fn test_signature_rsa_pss_sign() {
 
             let rng = test::rand::FixedSliceRandom { bytes: &salt };
 
-            let mut actual = vec![0u8; key_pair.public_modulus_len()];
+            let mut actual = vec![test::UNINITIALIZED_U8; key_pair.public_modulus_len()];
             key_pair.sign(alg, &rng, &msg, actual.as_mut_slice())?;
             assert_eq!(actual.as_slice() == &expected[..], result == "Pass");
             Ok(())