diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 42a0d586a40..022aa2c4c68 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -12380,7 +12380,9 @@ int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
         ret = BAD_FUNC_ARG;
     }
 
-    ALLOC_ASNGETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap);
+    if (ret == 0) {
+        ALLOC_ASNGETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap);
+    }
 
     if (ret == 0) {
         int i;
@@ -13010,7 +13012,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
         ret = (int)sz;
     }
 
-    FREE_ASNSETDATA(dataASN, key->heap);
+    FREE_ASNSETDATA(dataASN, key != NULL ? key->heap : NULL);
     return ret;
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
@@ -37127,7 +37129,9 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
     }
 #endif
 
-    CALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap);
+    if (ret == 0) {
+        CALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap);
+    }
 
     if (ret == 0) {
         /* Get the version and set the expected OID type. */
@@ -37538,7 +37542,9 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx,
         ret = BAD_FUNC_ARG;
     }
 
-    ALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap);
+    if (ret == 0) {
+        ALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap);
+    }
 
     if (ret == 0) {
         /* Clear dynamic data for ECC public key. */
@@ -37901,7 +37907,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen,
         ret = (int)sz;
     }
 
-    FREE_ASNSETDATA(dataASN, key->heap);
+    FREE_ASNSETDATA(dataASN, key != NULL ? key->heap : NULL);
     return ret;
 #endif
 }