diff --git a/src/constant_time.rs b/src/constant_time.rs
index 5328f5fa3..f6f84c02f 100644
--- a/src/constant_time.rs
+++ b/src/constant_time.rs
@@ -48,6 +48,11 @@ pub(crate) fn xor_16(a: [u8; 16], b: [u8; 16]) -> [u8; 16] {
     r.to_ne_bytes()
 }
 
+#[inline(always)]
+pub(crate) fn xor_assign<'a>(a: impl IntoIterator<Item = &'a mut u8>, b: u8) {
+    a.into_iter().for_each(|a| *a ^= b);
+}
+
 /// XORs the first N bytes of `b` into `a`, where N is
 /// `core::cmp::min(a.len(), b.len())`.
 #[inline(always)]
diff --git a/src/hmac.rs b/src/hmac.rs
index c7d0d62c4..9923cd85a 100644
--- a/src/hmac.rs
+++ b/src/hmac.rs
@@ -259,9 +259,7 @@ impl Key {
 
         // Remove the `IPAD` masking, leaving the unmasked padded key, then
         // mask with `OPAD`, all in one step.
-        for b in padded_key.iter_mut() {
-            *b ^= IPAD ^ OPAD;
-        }
+        constant_time::xor_assign(&mut padded_key[..], IPAD ^ OPAD);
         let leftover = key.outer.update(padded_key, cpu_features);
         debug_assert_eq!(leftover.len(), 0);