diff --git a/tests/api.c b/tests/api.c
index de041f8f6..67cff5695 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -51094,6 +51094,36 @@ static int test_wc_PKCS7_signed_enveloped(void)
     pkcs7 = NULL;
 #endif /* !NO_PKCS7_STREAM */
 #endif
+
+    {
+        /* arbitrary custom SKID */
+        byte customSKID[] = {
+            0x40, 0x25, 0x77, 0x56
+        };
+
+        wc_InitRng(&rng);
+        sigSz = FOURK_BUF * 2;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (pkcs7 != NULL) {
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+            pkcs7->content    = cert;
+            pkcs7->contentSz  = (word32)certSz;
+            pkcs7->contentOID = DATA;
+            pkcs7->privateKey   = key;
+            pkcs7->privateKeySz = (word32)keySz;
+            pkcs7->encryptOID   = RSAk;
+            pkcs7->hashOID      = SHA256h;
+            pkcs7->rng          = &rng;
+            ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
+            ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID,
+                        sizeof(customSKID)), 0);
+            ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig,
+                (word32)sigSz)), 0);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        wc_FreeRng(&rng);
+    }
 #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
     return EXPECT_RESULT();
 }
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 08bd9c8e3..69b9ef8a4 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -1376,16 +1376,16 @@ void wc_PKCS7_Free(PKCS7* pkcs7)
         pkcs7->cachedEncryptedContentSz = 0;
     }
 
-    if (pkcs7->isDynamic) {
-        pkcs7->isDynamic = 0;
-        XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-    }
-
     if (pkcs7->customSKID) {
         XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
         pkcs7->customSKID = NULL;
         pkcs7->customSKIDSz = 0;
     }
+
+    if (pkcs7->isDynamic) {
+        pkcs7->isDynamic = 0;
+        XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+    }
 }
 
 
@@ -3457,6 +3457,7 @@ int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, byte* in, word16 inSz)
     }
     else {
         XMEMCPY(pkcs7->customSKID, in, inSz);
+        pkcs7->customSKIDSz = inSz;
     }
     return ret;
 }
@@ -9633,8 +9634,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
     }
 
 #ifndef ASN_BER_TO_DER
-    if (output == NULL || outputSz == 0)
+    if (output == NULL || outputSz == 0) {
         return BAD_FUNC_ARG;
+    }
 #else
     /* if both output and callback are not set then error out */
     if ((output == NULL || outputSz == 0) && (pkcs7->streamOutCb == NULL)) {