diff --git a/src/internal.c b/src/internal.c
index 1c6a4c6e4..31a7d943f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1567,8 +1567,8 @@ void FreeX509(WOLFSSL_X509* x509)
     XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN);
     XFREE(x509->sig.buffer, NULL, DYNAMIC_TYPE_SIGNATURE);
     #ifdef OPENSSL_EXTRA
-        XFREE(x509->authKeyId, NULL, 0);
-        XFREE(x509->subjKeyId, NULL, 0);
+        XFREE(x509->authKeyId, NULL, DYNAMIC_TYPE_X509_EXT);
+        XFREE(x509->subjKeyId, NULL, DYNAMIC_TYPE_X509_EXT);
     #endif /* OPENSSL_EXTRA */
     if (x509->altNames)
         FreeAltNames(x509->altNames, NULL);
@@ -4195,7 +4195,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
     x509->authKeyIdSet = dCert->extAuthKeyIdSet;
     x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
     if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
-        x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL, 0);
+        x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, NULL,
+                                         DYNAMIC_TYPE_X509_EXT);
         if (x509->authKeyId != NULL) {
             XMEMCPY(x509->authKeyId,
                                  dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
@@ -4207,7 +4208,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
     x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
     x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
     if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
-        x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL, 0);
+        x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, NULL,
+                                         DYNAMIC_TYPE_X509_EXT);
         if (x509->subjKeyId != NULL) {
             XMEMCPY(x509->subjKeyId,
                                  dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
diff --git a/src/ssl.c b/src/ssl.c
index 1473748b0..02ff5e162 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3514,10 +3514,10 @@ int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
     if (cm == NULL)
         return BAD_FUNC_ARG;
 
-    XFREE(cm->ocspOverrideURL, cm->heap, 0);
+    XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
     if (url != NULL) {
         int urlSz = (int)XSTRLEN(url) + 1;
-        cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, 0);
+        cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, DYNAMIC_TYPE_URL);
         if (cm->ocspOverrideURL != NULL) {
             XMEMCPY(cm->ocspOverrideURL, url, urlSz);
         }
@@ -10687,11 +10687,12 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
 {
     WOLFSSL_X509_STORE* store = NULL;
 
-    store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, 0);
+    store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL,
+                                         DYNAMIC_TYPE_X509_STORE);
     if (store != NULL) {
         store->cm = wolfSSL_CertManagerNew();
         if (store->cm == NULL) {
-            XFREE(store, NULL, 0);
+            XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
             store = NULL;
         }
     }
@@ -10705,7 +10706,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
     if (store != NULL) {
         if (store->cm != NULL)
         wolfSSL_CertManagerFree(store->cm);
-        XFREE(store, NULL, 0);
+        XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
     }
 }
 
@@ -10731,8 +10732,8 @@ int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx,
 WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
 {
     WOLFSSL_X509_STORE_CTX* ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
-                                    sizeof(WOLFSSL_X509_STORE_CTX), NULL, 0);
-
+                                    sizeof(WOLFSSL_X509_STORE_CTX), NULL,
+                                    DYNAMIC_TYPE_X509_CTX);
     if (ctx != NULL)
         wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
 
@@ -10767,7 +10768,7 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
             wolfSSL_X509_STORE_free(ctx->store);
         if (ctx->current_cert != NULL)
             wolfSSL_FreeX509(ctx->current_cert);
-        XFREE(ctx, NULL, 0);
+        XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
     }
 }
 
@@ -10858,8 +10859,8 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 {
     if (key != NULL) {
         if (key->pkey.ptr != NULL)
-            XFREE(key->pkey.ptr, NULL, 0);
-        XFREE(key, NULL, 0);
+            XFREE(key->pkey.ptr, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
+        XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
     }
 }
 
@@ -13768,7 +13769,7 @@ void wolfSSL_OPENSSL_free(void* p)
 {
     WOLFSSL_MSG("wolfSSL_OPENSSL_free");
 
-    XFREE(p, NULL, 0);
+    XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
 }
 
 #if defined(WOLFSSL_KEY_GEN)
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 88073abd2..9a221dc99 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1760,9 +1760,9 @@ void FreeDecodedCert(DecodedCert* cert)
         FreeNameSubtrees(cert->excludedNames, cert->heap);
 #endif /* IGNORE_NAME_CONSTRAINTS */
 #ifdef WOLFSSL_SEP
-    XFREE(cert->deviceType, cert->heap, 0);
-    XFREE(cert->hwType, cert->heap, 0);
-    XFREE(cert->hwSerialNum, cert->heap, 0);
+    XFREE(cert->deviceType, cert->heap, DYNAMIC_TYPE_X509_EXT);
+    XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT);
+    XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT);
 #endif /* WOLFSSL_SEP */
 #ifdef OPENSSL_EXTRA
     if (cert->issuerName.fullName != NULL)
@@ -3756,7 +3756,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
                 return ASN_PARSE_E;
             }
 
-            cert->hwType = (byte*)XMALLOC(strLen, cert->heap, 0);
+            cert->hwType = (byte*)XMALLOC(strLen, cert->heap,
+                                          DYNAMIC_TYPE_X509_EXT);
             if (cert->hwType == NULL) {
                 WOLFSSL_MSG("\tOut of Memory");
                 return MEMORY_E;
@@ -3776,7 +3777,8 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert)
                 return ASN_PARSE_E;
             }
 
-            cert->hwSerialNum = (byte*)XMALLOC(strLen + 1, cert->heap, 0);
+            cert->hwSerialNum = (byte*)XMALLOC(strLen + 1, cert->heap,
+                                               DYNAMIC_TYPE_X509_EXT);
             if (cert->hwSerialNum == NULL) {
                 WOLFSSL_MSG("\tOut of Memory");
                 return MEMORY_E;
@@ -4359,7 +4361,8 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
 
         if (length > 0) {
 #if defined(WOLFSSL_SEP)
-            cert->deviceType = (byte*)XMALLOC(length, cert->heap, 0);
+            cert->deviceType = (byte*)XMALLOC(length, cert->heap,
+                                              DYNAMIC_TYPE_X509_EXT);
             if (cert->deviceType == NULL) {
                 WOLFSSL_MSG("\tCouldn't alloc memory for deviceType");
                 return MEMORY_E;
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 3b9963bb9..b766a3726 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -288,7 +288,11 @@
         DYNAMIC_TYPE_SRP          = 47,
         DYNAMIC_TYPE_COOKIE_PWD   = 48,
         DYNAMIC_TYPE_USER_CRYPTO  = 49,
-        DYNAMIC_TYPE_OCSP_REQUEST = 50
+        DYNAMIC_TYPE_OCSP_REQUEST = 50,
+        DYNAMIC_TYPE_X509_EXT     = 51,
+        DYNAMIC_TYPE_X509_STORE   = 52,
+        DYNAMIC_TYPE_X509_CTX     = 53,
+        DYNAMIC_TYPE_URL          = 54
 	};
 
 	/* max error buffer string size */