diff --git a/ChangeLog.d/issue4176.txt b/ChangeLog.d/issue4176.txt
new file mode 100644
index 0000000000..ddca37f9be
--- /dev/null
+++ b/ChangeLog.d/issue4176.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix a resource leak in a test suite with an alternative AES
+     implementation. Fixes #4176.
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 23bf83d093..1b7e5dbb27 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -208,6 +208,8 @@ void aes_crypt_xts_size( int size, int retval )
     /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
      * otherwise we wouldn't get to the size check we're interested in. */
     TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
+exit:
+    mbedtls_aes_xts_free( &ctx );
 }
 /* END_CASE */