From 5fdf32dec649536a9d490c8bab6490dc9cf1bdcd Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 19 Mar 2026 16:53:43 -0700
Subject: [PATCH] Fix to make sure a double free cannot occur (ZD 21093)

---
 wolfcrypt/src/asn.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 9b2faf19c5..5c831d2f6d 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -18413,6 +18413,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
                 if (sigCtx->key.ecc->nb_ctx != NULL) {
                     XFREE(sigCtx->key.ecc->nb_ctx, sigCtx->heap,
                           DYNAMIC_TYPE_TMP_BUFFER);
+                    sigCtx->key.ecc->nb_ctx = NULL;
                 }
             #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW &&
                       WC_ASYNC_ENABLE_ECC */
@@ -18488,6 +18489,7 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
     #ifndef WOLFSSL_NO_MALLOC
         sigCtx->key.ptr = NULL;
     #endif
+        sigCtx->keyOID = 0; /* mark key as freed (guards re-entry without malloc) */
     }
 #endif /* !NO_ASN_CRYPT */