diff --git a/include/polarssl/gcm.h b/include/polarssl/gcm.h
index 1997c4bb16..4662f97da1 100644
--- a/include/polarssl/gcm.h
+++ b/include/polarssl/gcm.h
@@ -197,6 +197,13 @@ int gcm_finish( gcm_context *ctx,
                 unsigned char *tag,
                 size_t tag_len );
 
+/**
+ * \brief           Free a GCM context and underlying cipher sub-context
+ *
+ * \param ctx
+ */
+void gcm_free( gcm_context *ctx );
+
 /**
  * \brief          Checkup routine
  *
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 862328f699..c6f52ff9bb 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -295,6 +295,7 @@ static void *gcm_ctx_alloc( void )
 
 static void gcm_ctx_free( void *ctx )
 {
+    gcm_free( ctx );
     polarssl_free( ctx );
 }
 
diff --git a/library/gcm.c b/library/gcm.c
index 1dfc1999d2..04e9d5b561 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -406,6 +406,12 @@ int gcm_auth_decrypt( gcm_context *ctx,
     return( 0 );
 }
 
+void gcm_free( gcm_context *ctx )
+{
+    (void) cipher_free_ctx( &ctx->cipher_ctx );
+    memset( ctx, 0, sizeof( gcm_context ) );
+}
+
 #if defined(POLARSSL_SELF_TEST)
 
 #include <stdio.h>
@@ -672,6 +678,8 @@ int gcm_self_test( int verbose )
                 return( 1 );
             }
 
+            gcm_free( &ctx );
+
             if( verbose != 0 )
                 printf( "passed\n" );
 
@@ -696,6 +704,8 @@ int gcm_self_test( int verbose )
                 return( 1 );
             }
 
+            gcm_free( &ctx );
+
             if( verbose != 0 )
                 printf( "passed\n" );
 
@@ -759,6 +769,8 @@ int gcm_self_test( int verbose )
                 return( 1 );
             }
 
+            gcm_free( &ctx );
+
             if( verbose != 0 )
                 printf( "passed\n" );
 
@@ -822,6 +834,8 @@ int gcm_self_test( int verbose )
                 return( 1 );
             }
 
+            gcm_free( &ctx );
+
             if( verbose != 0 )
                 printf( "passed\n" );
 
@@ -834,6 +848,8 @@ int gcm_self_test( int verbose )
     return( 0 );
 }
 
+
+
 #endif
 
 #endif
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index c9cc1774e8..58de5770fa 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -49,6 +49,8 @@ void gcm_encrypt_and_tag( char *hex_key_string, char *hex_src_string,
         TEST_ASSERT( strcmp( (char *) dst_str, hex_dst_string ) == 0 );
         TEST_ASSERT( strcmp( (char *) tag_str, hex_tag_string ) == 0 );
     }
+
+    gcm_free( &ctx );
 }
 /* END_CASE */
 
@@ -101,6 +103,8 @@ void gcm_decrypt_and_verify( char *hex_key_string, char *hex_src_string,
             TEST_ASSERT( strcmp( (char *) dst_str, pt_result ) == 0 );
         }
     }
+
+    gcm_free( &ctx );
 }
 /* END_CASE */