diff --git a/ChangeLog b/ChangeLog
index d44463f47..160c0fb41 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,8 @@ Features
      errors on use of deprecated functions.
 
 Bugfix
+   * Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
+     once on the same context.
    * Fix bug in ssl_mail_client when password is longer that username (found
      by Bruno Pape).
    * Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
diff --git a/library/ccm.c b/library/ccm.c
index 87f1886bd..e397e0a42 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -78,6 +78,8 @@ int ccm_init( ccm_context *ctx, cipher_id_t cipher,
     if( cipher_info->block_size != 16 )
         return( POLARSSL_ERR_CCM_BAD_INPUT );
 
+    cipher_free( &ctx->cipher_ctx );
+
     if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 )
         return( ret );
 
diff --git a/library/gcm.c b/library/gcm.c
index f4f735b6f..b537b0205 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -168,6 +168,8 @@ int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
     if( cipher_info->block_size != 16 )
         return( POLARSSL_ERR_GCM_BAD_INPUT );
 
+    cipher_free( &ctx->cipher_ctx );
+
     if( ( ret = cipher_init_ctx( &ctx->cipher_ctx, cipher_info ) ) != 0 )
         return( ret );