diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml
index 5696b2a30..8ded76950 100644
--- a/.github/workflows/async.yml
+++ b/.github/workflows/async.yml
@@ -10,6 +10,7 @@ jobs:
         config: [
           # Add new configs here
           '--enable-asynccrypt --enable-all --enable-dtls13',
+          '--enable-asynccrypt-sw',
         ]
     name: make check
     runs-on: ubuntu-latest
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 53eaff4d7..bfa69d564 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -4455,7 +4455,7 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out,
     !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_KCAPI_ECC) && \
     !defined(WOLF_CRYPTO_CB_ONLY_ECC)
 
-static int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
+int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point,
                                byte* out, word32* outlen)
 {
     int err = MP_OKAY;
@@ -4749,11 +4749,6 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
                 &curve->Af->raw, &curve->Bf->raw, &curve->prime->raw,
                 private_key->dp->cofactor);
     #endif
-
-        if (err == WC_PENDING_E) {
-            /* advance state, next call will handle return code processing */
-            private_key->state++;
-        }
     }
     else
 #elif defined(WOLFSSL_ASYNC_CRYPT_SW)
@@ -4772,6 +4767,10 @@ static int wc_ecc_shared_secret_gen_async(ecc_key* private_key,
         err = wc_ecc_shared_secret_gen_sync(private_key, point, out, outlen);
     }
 
+    if (err == WC_PENDING_E) {
+        private_key->state++;
+    }
+
 #if defined(HAVE_CAVIUM_V) || defined(HAVE_INTEL_QA)
     wc_ecc_curve_free(curve);
     FREE_CURVE_SPECS();
@@ -4826,8 +4825,7 @@ int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
                 err = wc_ecc_shared_secret_gen_async(private_key, point,
                     out, outlen);
                 if (err == 0) {
-                    /* advance state and exit early */
-                    private_key->state++;
+                    /* exit early */
                     RESTORE_VECTOR_REGISTERS();
                     return err;
                 }
@@ -8352,6 +8350,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash,
       if (NitroxEccIsCurveSupported(key))
    #endif
       {
+          word32 keySz = (word32)key->dp->size;
           err = wc_mp_to_bigint_sz(e, &e->raw, keySz);
           if (err == MP_OKAY)
               err = wc_mp_to_bigint_sz(key->pubkey.x, &key->pubkey.x->raw, keySz);
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index a077df9e4..80141bdd8 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -604,6 +604,11 @@ WOLFSSL_API
 int wc_ecc_shared_secret_ex(ecc_key* private_key, ecc_point* point,
                              byte* out, word32 *outlen);
 
+/* Internal API for blocking ECDHE call */
+WOLFSSL_LOCAL
+int wc_ecc_shared_secret_gen_sync(ecc_key* private_key,
+    ecc_point* point, byte* out, word32* outlen);
+
 #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
     defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL)
 #define wc_ecc_shared_secret_ssh wc_ecc_shared_secret