diff --git a/tests/api.c b/tests/api.c
index 1612a99c7..c45cee2b6 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -17467,8 +17467,8 @@ static void test_PKCS7_signed_enveloped(void)
     pkcs7->rng = &rng;
     AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
     AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
-    wc_FreeRng(&rng);
     wc_PKCS7_Free(pkcs7);
+    wc_FreeRng(&rng);
 
     /* check verify */
     AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index cbaf5de60..b05ef42d9 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -2131,7 +2131,6 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, ESD* esd,
     }
     esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet);
 
-
     if (pkcs7->version == 3) {
         /* RFC 4108 version MUST be 3 for firmware package signer */
         esd->versionSz = SetMyVersion(3, esd->version, 0);
@@ -3704,6 +3703,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, int inSz,
                 WOLFSSL_MSG("Failed to set public key OID from signature");
             }
             else {
+                /* if previous return was positive then was success */
                 ret = 0;
             }
         }