diff --git a/tests/api.c b/tests/api.c
index ef029386b..a92e3bf97 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -25991,6 +25991,7 @@ static void test_wc_PKCS7_DecodeCompressedData(void)
 
     /* test decompression */
     AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));
+    AssertIntEQ(pkcs7->contentOID, 0);
 
     /* fail case with out buffer too small */
     AssertIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
@@ -25999,6 +26000,7 @@ static void test_wc_PKCS7_DecodeCompressedData(void)
     /* success case */
     AssertIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
                 decompressed, decompressedSz), cert_sz);
+    AssertIntEQ(pkcs7->contentOID, DATA);
     AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
     XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
     decompressed = NULL;
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 4c857c5b2..1ef2ffca8 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -12322,6 +12322,10 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz,
                         pkiMsgSz) < 0)
                 ret = ASN_PARSE_E;
 
+            if (ret == 0) {
+                pkcs7->contentOID = contentType;
+            }
+
             if (ret == 0 && (ret = GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType,
                         pkiMsgSz)) < 0)
                 ret = ASN_PARSE_E;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 5deaf426d..256087e15 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -30558,9 +30558,11 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
         }
 
         /* decode envelopedData */
+        pkcs7->contentOID = 0;
         decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
                                                  decoded, PKCS7_BUF_SIZE);
-        if (decodedSz <= 0) {
+        if (pkcs7->contentOID != testVectors[i].contentOID ||
+            decodedSz <= 0) {
             wc_PKCS7_Free(pkcs7);
             ERROR_OUT(-12187, out);
         }
@@ -31510,6 +31512,11 @@ static int getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
                 envPkcs7->contentOID = FIRMWARE_PKG_DATA;
                 ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
                     key, keySz);
+                if (envPkcs7->contentOID != FIRMWARE_PKG_DATA) {
+                    /* the contentOID should have been set to the inner
+                     * FIRMWARE_PKG_DATA content */
+                    ret = BAD_STATE_E;
+                }
             }
             wc_PKCS7_Free(envPkcs7);
         }
@@ -33245,7 +33252,7 @@ static int pkcs7signed_run_SingleShotVectors(
                                                pkcs7->contentSz, encryptedTmp,
                                                encryptedTmpSz);
 
-            if (encryptedTmpSz < 0) {
+            if (encryptedTmpSz < 0 || pkcs7->contentOID != COMPRESSED_DATA) {
                 XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
                 XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
                 wc_PKCS7_Free(pkcs7);