diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
index 9f5e2e8558..956a84662c 100644
--- a/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
+++ b/components/wpa_supplicant/esp_supplicant/src/crypto/crypto_mbedtls-ec.c
@@ -1047,12 +1047,14 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
 	mbedtls_ecdh_context *ctx;
 
 	ctx = os_zalloc(sizeof(*ctx));
-
 	if (!ctx) {
 		wpa_printf(MSG_ERROR, "Memory allocation failed for ecdh context");
 		goto fail;
 	}
 	mbedtls_ecdh_init(ctx);
+#ifndef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT
+	ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
+#endif
 
 	if ((mbedtls_ecp_group_load(ACCESS_ECDH(&ctx, grp), crypto_mbedtls_get_grp_id(group))) != 0) {
                 wpa_printf(MSG_ERROR, "Failed to set up ECDH context with group info");
@@ -1074,8 +1076,18 @@ struct crypto_ecdh * crypto_ecdh_init(int group)
                 wpa_printf(MSG_ERROR, "ECDH keypair on curve failed");
                 goto fail;
 	}
+
+	mbedtls_ctr_drbg_free(&ctr_drbg);
+	mbedtls_entropy_free(&entropy);
 	return (struct crypto_ecdh *)ctx;
 fail:
+	if (ctx) {
+		mbedtls_ecdh_free(ctx);
+		os_free(ctx);
+		ctx = NULL;
+	}
+	mbedtls_ctr_drbg_free(&ctr_drbg);
+	mbedtls_entropy_free(&entropy);
 	return NULL;
 }
 
@@ -1199,6 +1211,8 @@ cleanup:
 	crypto_ec_free_key(pkey);
 	crypto_bignum_deinit(bn_x, 1);
 	crypto_ec_point_deinit(ec_pt, 1);
+	mbedtls_ctr_drbg_free(&ctr_drbg);
+	mbedtls_entropy_free(&entropy);
 	return sh_secret;
 }
 
diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_owe.c b/components/wpa_supplicant/esp_supplicant/src/esp_owe.c
index 8bf729c7af..7077573f6b 100644
--- a/components/wpa_supplicant/esp_supplicant/src/esp_owe.c
+++ b/components/wpa_supplicant/esp_supplicant/src/esp_owe.c
@@ -21,6 +21,10 @@ void owe_deinit(void)
     struct wpa_sm *sm;
     sm = get_wpa_sm();
     if (sm->key_mgmt == WPA_KEY_MGMT_OWE) {
+        if (sm->owe_ie) {
+            wpabuf_free(sm->owe_ie);
+            sm->owe_ie = NULL;
+        }
         crypto_ecdh_deinit(sm->owe_ecdh);
         sm->owe_ecdh = NULL;
     }
diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c
index 7a889bd584..d0e0a1c043 100644
--- a/components/wpa_supplicant/src/rsn_supp/wpa.c
+++ b/components/wpa_supplicant/src/rsn_supp/wpa.c
@@ -2703,7 +2703,7 @@ int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len)
 #ifdef CONFIG_OWE_STA
 struct wpabuf *owe_build_assoc_req(struct wpa_sm *sm, u16 group)
 {
-    struct wpabuf *owe_ie = NULL, *pub = NULL;
+    struct wpabuf *pub = NULL;
     size_t prime_len;
 
     if (group == OWE_DH_GRP19) {
@@ -2731,24 +2731,28 @@ struct wpabuf *owe_build_assoc_req(struct wpa_sm *sm, u16 group)
     }
 
     wpa_hexdump_buf(MSG_DEBUG, "Own public key", pub);
-    owe_ie = wpabuf_alloc(5 + wpabuf_len(pub));
 
-    if (!owe_ie) {
+    if (sm->owe_ie) {
+        wpabuf_free(sm->owe_ie);
+    }
+    sm->owe_ie = wpabuf_alloc(5 + wpabuf_len(pub));
+
+    if (!sm->owe_ie) {
         wpa_printf(MSG_ERROR, "OWE IE allocation failed");
         goto fail;
     }
 
     /* Constructing the DH IE */
-    wpabuf_put_u8(owe_ie, WLAN_EID_EXTENSION);
-    wpabuf_put_u8(owe_ie, 1 + 2 + wpabuf_len(pub));
-    wpabuf_put_u8(owe_ie, WLAN_EID_EXT_OWE_DH_PARAM);
-    wpabuf_put_le16(owe_ie, group);
-    wpabuf_put_buf(owe_ie, pub);
+    wpabuf_put_u8(sm->owe_ie, WLAN_EID_EXTENSION);
+    wpabuf_put_u8(sm->owe_ie, 1 + 2 + wpabuf_len(pub));
+    wpabuf_put_u8(sm->owe_ie, WLAN_EID_EXT_OWE_DH_PARAM);
+    wpabuf_put_le16(sm->owe_ie, group);
+    wpabuf_put_buf(sm->owe_ie, pub);
     wpabuf_free(pub);
 
-    wpa_hexdump_buf(MSG_DEBUG, "OWE: Diffie-Hellman Parameter element", owe_ie);
+    wpa_hexdump_buf(MSG_DEBUG, "OWE: Diffie-Hellman Parameter element", sm->owe_ie);
 
-    return (struct wpabuf *)wpabuf_head(owe_ie);
+    return (struct wpabuf *)wpabuf_head(sm->owe_ie);
 
 fail:
     wpabuf_free(pub);
@@ -2771,6 +2775,10 @@ int owe_process_assoc_resp(const u8 *rsn_ie, size_t rsn_len, const uint8_t *dh_i
     sm = get_wpa_sm();
 
     (void)res;
+
+    wpabuf_free(sm->owe_ie); //free the dh ie constructed in owe_build_assoc_req
+    sm->owe_ie = NULL;
+
     struct wpa_ie_data *parsed_rsn_data;
     parsed_rsn_data = os_zalloc(sizeof(struct wpa_ie_data));
     if (!parsed_rsn_data) {
diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h
index 8fb4d40d9f..b19924c52c 100644
--- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h
+++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h
@@ -115,6 +115,7 @@ struct wpa_sm {
 #ifdef CONFIG_OWE_STA
     struct crypto_ecdh *owe_ecdh;
     u16 owe_group;
+    struct wpabuf *owe_ie;
 #endif /* CONFIG_OWE_STA */
 };