diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 89d309ba0..a9858ae79 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -2991,7 +2991,7 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz)
 
 
 /* return size of padded data, padded to blockSz chunks, or negative on error */
-static int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
+int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
 {
     int padSz;
 
@@ -3005,9 +3005,9 @@ static int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz)
 
 
 /* pad input data to blockSz chunk, place in outSz. out must be big enough
- * for input + pad bytes. See wc_PKCS7_GetPadLength() helper. */
-static int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
-                            word32 blockSz)
+ * for input + pad bytes. See wc_PKCS7_GetPadSize() helper. */
+int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
+                     word32 blockSz)
 {
     int i, padSz;
 
@@ -3015,7 +3015,7 @@ static int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
         out == NULL || outSz == 0)
         return BAD_FUNC_ARG;
 
-    padSz = blockSz - (inSz % blockSz);
+    padSz = wc_PKCS7_GetPadSize(inSz, blockSz);
 
     if (outSz < (inSz + padSz))
         return BAD_FUNC_ARG;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 24469490f..a67148fe5 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -16429,6 +16429,12 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz,
     if (out == NULL)
         return -7700;
 
+    ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
+    if (ret < 0) {
+        XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        return -7710;
+    }
+
 #ifndef HAVE_FIPS
     ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
 #else
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index 96af4f0ee..45c7bd9d2 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -146,6 +146,10 @@ WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
 
+WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz);
+WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz,
+                                 word32 blockSz);
+
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 WOLFSSL_API int  wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7,
                                           byte* output, word32 outputSz);