diff --git a/import.c b/import.c
index 218670ee..e95883a0 100644
--- a/import.c
+++ b/import.c
@@ -1010,8 +1010,7 @@ int openssh_pem_write(const Filename *filename, struct ssh2_userkey *key,
         origlen = outblob->len;
         outlen = (origlen + 8) &~ 7;
         pad = outlen - origlen;
-        for (i = 0; i < pad; i++)
-            put_byte(outblob, pad);
+        put_padding(outblob, pad, pad);
 
 	/*
 	 * Invent an iv. Then derive encryption key from passphrase
diff --git a/marshal.c b/marshal.c
index 76c7c05f..a8371b66 100644
--- a/marshal.c
+++ b/marshal.c
@@ -11,6 +11,17 @@ void BinarySink_put_data(BinarySink *bs, const void *data, size_t len)
     bs->write(bs, data, len);
 }
 
+void BinarySink_put_padding(BinarySink *bs, unsigned char padbyte, size_t len)
+{
+    char buf[16];
+    memset(buf, padbyte, sizeof(buf));
+    while (len > 0) {
+        size_t thislen = len < sizeof(buf) ? len : sizeof(buf);
+        bs->write(bs, buf, thislen);
+        len -= thislen;
+    }
+}
+
 void BinarySink_put_byte(BinarySink *bs, unsigned char val)
 {
     bs->write(bs, &val, 1);
diff --git a/marshal.h b/marshal.h
index 90bb94ff..0debe82f 100644
--- a/marshal.h
+++ b/marshal.h
@@ -110,6 +110,10 @@ struct BinarySink {
 #define put_mp_ssh2(bs, val) \
     BinarySink_put_mp_ssh2(BinarySink_UPCAST(bs), val)
 
+/* Padding with a specified byte. */
+#define put_padding(bs, padbyte, len) \
+    BinarySink_put_padding(BinarySink_UPCAST(bs), padbyte, len)
+
 /* Fallback: just emit raw data bytes, using a syntax that matches the
  * rest of these macros. */
 #define put_data(bs, val, len) \
@@ -126,6 +130,7 @@ struct BinarySink {
  * declaration(s) of their other parameter type(s) are in scope.
  */
 void BinarySink_put_data(BinarySink *, const void *data, size_t len);
+void BinarySink_put_padding(BinarySink *, unsigned char padbyte, size_t len);
 void BinarySink_put_byte(BinarySink *, unsigned char);
 void BinarySink_put_bool(BinarySink *, int);
 void BinarySink_put_uint16(BinarySink *, unsigned long);
diff --git a/ssh.c b/ssh.c
index bc5ba682..3980aa89 100644
--- a/ssh.c
+++ b/ssh.c
@@ -2803,8 +2803,7 @@ static void ssh2_add_sigblob(Ssh ssh, PktOut *pkt,
             strbuf *substr = strbuf_new();
 	    put_data(substr, sigblob, sig_prefix_len);
 	    put_uint32(substr, mod_mp.len);
-	    while (mod_mp.len-- > sig_mp.len)
-		put_byte(substr, 0);
+	    put_padding(substr, mod_mp.len - sig_mp.len, 0);
 	    put_data(substr, sig_mp.ptr, sig_mp.len);
             put_stringsb(pkt, substr);
 	    return;
diff --git a/sshpubk.c b/sshpubk.c
index 3732a6f2..2144bc2c 100644
--- a/sshpubk.c
+++ b/sshpubk.c
@@ -356,8 +356,7 @@ int rsa_ssh1_savekey(const Filename *filename, struct RSAKey *key,
      * Now write zeros until the encrypted portion is a multiple of
      * 8 bytes.
      */
-    while ((buf->len - estart) % 8)
-	put_byte(buf, 0);
+    put_padding(buf, (estart - buf->len) & 7, 0);
 
     /*
      * Now encrypt the encrypted portion.