diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h
index f354db629..fb24604d0 100644
--- a/include/mbedtls/pkcs7.h
+++ b/include/mbedtls/pkcs7.h
@@ -139,7 +139,6 @@ mbedtls_pkcs7_signer_info;
  * Structure holding attached data as part of PKCS7 signed data format
  */
 typedef struct mbedtls_pkcs7_data {
-    mbedtls_pkcs7_buf MBEDTLS_PRIVATE(oid);
     mbedtls_pkcs7_buf MBEDTLS_PRIVATE(data);
 }
 mbedtls_pkcs7_data;
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 39d9f8f20..9ef76089a 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -490,12 +490,14 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
         return MBEDTLS_ERR_PKCS7_INVALID_ALG;
     }
 
-    /* Do not expect any content */
-    ret = pkcs7_get_content_info_type(&p, end_set, &end_content_info,
-                                      &signed_data->content.oid);
+    mbedtls_pkcs7_buf content_type;
+    ret = pkcs7_get_content_info_type(&p, end, &end_content_info, &content_type);
     if (ret != 0) {
         return ret;
     }
+    if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &content_type)) {
+        return MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO;
+    }
 
     if (p != end_content_info) {
         /* Determine if valid content is present */
@@ -514,10 +516,6 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen,
         return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
     }
 
-    if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &signed_data->content.oid)) {
-        return MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO;
-    }
-
     /* Look for certificates, there may or may not be any */
     mbedtls_x509_crt_init(&signed_data->certs);
     ret = pkcs7_get_certificates(&p, end, &signed_data->certs);