diff --git a/tests/suites/test_suite_aes.ecb.data b/tests/suites/test_suite_aes.ecb.data
index d1c88ac91..93858656f 100644
--- a/tests/suites/test_suite_aes.ecb.data
+++ b/tests/suites/test_suite_aes.ecb.data
@@ -230,10 +230,10 @@ AES-256-ECB Decrypt NIST KAT #12
 aes_decrypt_ecb:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0
 
 AES-128-ECB Copy context
-aes_ecb_copy_context:"000102030405060708090a0b0c0d0e0f":"00112233445566778899aabbccddeeff"
+aes_ecb_copy_context:"000102030405060708090a0b0c0d0e0f"
 
 AES-192-ECB Copy context
-aes_ecb_copy_context:"000102030405060708090a0b0c0d0e0f1011121314151617":"00112233445566778899aabbccddeeff"
+aes_ecb_copy_context:"000102030405060708090a0b0c0d0e0f1011121314151617"
 
 AES-256-ECB Copy context
-aes_ecb_copy_context:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"00112233445566778899aabbccddeeff"
+aes_ecb_copy_context:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 332b9a794..51a4d4dba 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -1,5 +1,61 @@
 /* BEGIN_HEADER */
 #include "mbedtls/aes.h"
+
+/* Test AES with a copied context.
+ *
+ * master, enc and dec must be AES context objects. They don't need to
+ * be initialized, and are left freed.
+ */
+static int test_copy(const data_t *key,
+                     mbedtls_aes_context *master,
+                     mbedtls_aes_context *enc,
+                     mbedtls_aes_context *dec)
+{
+    unsigned char plaintext[16] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    };
+    unsigned char ciphertext[16];
+    unsigned char output[16];
+
+    // Set key and encrypt with original context
+    mbedtls_aes_init(master);
+    TEST_ASSERT(mbedtls_aes_setkey_enc(master, key->x,
+                                       key->len * 8) == 0);
+    TEST_ASSERT(mbedtls_aes_crypt_ecb(master, MBEDTLS_AES_ENCRYPT,
+                                      plaintext, ciphertext) == 0);
+    *enc = *master;
+
+    // Set key for decryption with original context
+    mbedtls_aes_init(master);
+    TEST_ASSERT(mbedtls_aes_setkey_dec(master, key->x,
+                                       key->len * 8) == 0);
+    *dec = *master;
+
+    // Wipe the original context to make sure nothing from it is used
+    memset(master, 0, sizeof(*master));
+
+    // Encrypt with copied context
+    TEST_ASSERT(mbedtls_aes_crypt_ecb(enc, MBEDTLS_AES_ENCRYPT,
+                                      plaintext, output) == 0);
+    ASSERT_COMPARE(ciphertext, 16, output, 16);
+    mbedtls_aes_free(enc);
+
+    // Decrypt with copied context
+    TEST_ASSERT(mbedtls_aes_crypt_ecb(dec, MBEDTLS_AES_DECRYPT,
+                                      ciphertext, output) == 0);
+    ASSERT_COMPARE(plaintext, 16, output, 16);
+    mbedtls_aes_free(dec);
+
+    return 1;
+
+exit:
+    /* Bug: we may be leaving something unfreed. This is harmless
+     * in our built-in implementations, but might cause a memory leak
+     * with alternative implementations. */
+    return 0;
+}
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -468,38 +524,12 @@ void aes_misc_params()
 /* END_CASE */
 
 /* BEGIN_CASE */
-void aes_ecb_copy_context(data_t *key, data_t *src)
+void aes_ecb_copy_context(data_t *key)
 {
-    unsigned char output1[16], output2[16], plain[16];
     mbedtls_aes_context ctx1, ctx2, ctx3;
-
-    TEST_EQUAL(src->len, 16);
-
-    // Set key and encrypt with original context
-    mbedtls_aes_init(&ctx1);
-    TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx1, key->x,
-                                       key->len * 8) == 0);
-    TEST_ASSERT(mbedtls_aes_crypt_ecb(&ctx1, MBEDTLS_AES_ENCRYPT,
-                                      src->x, output1) == 0);
-    ctx2 = ctx1;
-
-    // Set key for decryption with original context
-    TEST_ASSERT(mbedtls_aes_setkey_dec(&ctx1, key->x,
-                                       key->len * 8) == 0);
-    ctx3 = ctx1;
-
-    // Wipe the original context to make sure nothing from it is used
-    memset(&ctx1, 0, sizeof(ctx1));
-
-    // Encrypt with copied context
-    TEST_ASSERT(mbedtls_aes_crypt_ecb(&ctx2, MBEDTLS_AES_ENCRYPT,
-                                      src->x, output2) == 0);
-    ASSERT_COMPARE(output1, 16, output2, 16);
-
-    // Decrypt with copied context
-    TEST_ASSERT(mbedtls_aes_crypt_ecb(&ctx3, MBEDTLS_AES_DECRYPT,
-                                      output1, plain) == 0);
-    ASSERT_COMPARE(src->x, 16, plain, 16);
+    if (!test_copy(key, &ctx1, &ctx2, &ctx3)) {
+        goto exit;
+    }
 }
 /* END_CASE */