diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index df902e116..610b4b69d 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -2980,7 +2980,7 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
     int     primeCheck = MP_NO,
             ret = 0;
 #ifdef WOLFSSL_NO_MALLOC
-    unsigned char buf[4096 / WOLFSSL_BIT_SIZE];
+    unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE];
 #else
     unsigned char *buf = NULL;
 #endif
@@ -3181,9 +3181,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
 #endif
     {
         ForceZero(buf, bufSz);
+#ifndef WOLFSSL_NO_MALLOC
         if (dh != NULL) {
             XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER);
         }
+#endif
     }
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index aedca835c..9da876df9 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4092,23 +4092,23 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap)
    }
 
    p = *point;
-#ifndef WOLFSSL_NO_MALLOC
    if (p == NULL) {
       p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC);
    }
-#endif
    if (p == NULL) {
       return MEMORY_E;
    }
    XMEMSET(p, 0, sizeof(ecc_point));
 
+   if (*point == NULL)
+       p->isAllocated = 1;
+
 #ifndef ALT_ECC_SIZE
    err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL);
    if (err != MP_OKAY) {
       WOLFSSL_MSG("mp_init_multi failed.");
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
       p = NULL;
    }
 #else
@@ -4148,9 +4148,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap)
       mp_clear(p->x);
       mp_clear(p->y);
       mp_clear(p->z);
-   #ifndef WOLFSSL_NO_MALLOC
-      XFREE(p, heap, DYNAMIC_TYPE_ECC);
-   #endif
+      if (p->isAllocated)
+          XFREE(p, heap, DYNAMIC_TYPE_ECC);
    }
    (void)heap;
 }
diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index 164dc9571..75d03895e 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -32,6 +32,7 @@
 #endif
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 /*
 Possible memory options:
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index b77e9de17..ae9429cb2 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -4040,8 +4040,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz,
     byte* digest;
     RsaKey* key;
     DecodedCert* dCert;
+#else
+#ifdef WOLFSSL_NO_MALLOC
+    byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size
+                                                   * key->dataLen
+                                                   */
 #else
     byte digest[MAX_PKCS7_DIGEST_SZ];
+#endif
     RsaKey key[1];
     DecodedCert stack_dCert;
     DecodedCert* dCert = &stack_dCert;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index ff8a4ffc3..3f8fe431d 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -2673,23 +2673,31 @@ static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
         /* Convert to PEM */
         pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType);
         if (pemSz < 0) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
         }
     #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
         pemFile = XFOPEN(filePem, "wb");
         if (!pemFile) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
         }
         ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile);
         XFCLOSE(pemFile);
         if (ret != pemSz) {
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
             return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
         }
     #endif
+        #ifndef WOLFSSL_NO_MALLOC
         XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
     }
 #endif /* WOLFSSL_DER_TO_PEM */
 
@@ -37926,8 +37934,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
                 }
             } while(0);
 
+            #ifndef WOLFSSL_NO_MALLOC
             XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
 
             if (ret != 0)
                 goto out;
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index 4a607aaa8..5975ab9b4 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -467,6 +467,7 @@ struct ecc_point {
 #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK)
     ecc_key* key;
 #endif
+    byte isAllocated:1;
 };
 
 /* ECC Flags */
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 973b76dd5..ee00f7f82 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -602,6 +602,8 @@ typedef struct w64wrapper {
         #endif /* WOLFSSL_STATIC_MEMORY */
     #endif
 
+    #include <wolfssl/wolfcrypt/memory.h>
+
     /* declare/free variable handling for async and smallstack */
     #ifndef WC_ALLOC_DO_ON_FAILURE
         #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING