diff --git a/CHANGES b/CHANGES
index 8060d208bd..fa5c05b0b5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3521.	[bug]		Address memory leak in opensslecdsa_link.c. [RT #32249]
+
 3520.	[bug]		'mctx' was not being referenced counted in some places
 			where it should have been.  [RT #32794]
 
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index c09daa48aa..20fa07685e 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -207,8 +207,12 @@ opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 	ecdsasig = ECDSA_SIG_new();
 	if (ecdsasig == NULL)
 		DST_RET (ISC_R_NOMEMORY);
+	if (ecdsasig->r != NULL)
+		BN_free(ecdsasig->r);
 	ecdsasig->r = BN_bin2bn(cp, siglen / 2, NULL);
 	cp += siglen / 2;
+	if (ecdsasig->s != NULL)
+		BN_free(ecdsasig->s);
 	ecdsasig->s = BN_bin2bn(cp, siglen / 2, NULL);
 	/* cp += siglen / 2; */