diff --git a/tests/api.c b/tests/api.c
index 1af455a75..5fb4a6a45 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -26871,6 +26871,38 @@ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
 }
 #endif
 
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+static byte encodeSignedDataStreamOut[FOURK_BUF*3] = {0};
+static int  encodeSignedDataStreamIdx = 0;
+static word32 encodeSignedDataStreamOutIdx = 0;
+
+
+/* content is 8k of partially created bundle */
+static int GetContentCB(PKCS7* pkcs7, byte** content)
+{
+    int ret = 0;
+
+    if (encodeSignedDataStreamOutIdx < pkcs7->contentSz) {
+        ret = (pkcs7->contentSz > encodeSignedDataStreamOutIdx + FOURK_BUF)?
+                FOURK_BUF : pkcs7->contentSz - encodeSignedDataStreamOutIdx;
+        *content = encodeSignedDataStreamOut + encodeSignedDataStreamOutIdx;
+        encodeSignedDataStreamOutIdx += ret;
+    }
+
+    (void)pkcs7;
+    return ret;
+}
+
+static int StreamOutputCB(PKCS7* pkcs7, const byte* output, word32 outputSz)
+{
+    XMEMCPY(encodeSignedDataStreamOut + encodeSignedDataStreamIdx, output,
+        outputSz);
+    encodeSignedDataStreamIdx += outputSz;
+    (void)pkcs7;
+    return 0;
+}
+#endif
+
 
 /*
  * Testing wc_PKCS7_EncodeSignedData()
@@ -27033,6 +27065,39 @@ static int test_wc_PKCS7_EncodeSignedData(void)
 
         /* use exact signed buffer size since BER encoded */
         ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, signedSz), 0);
+        wc_PKCS7_Free(pkcs7);
+
+        /* now try with using callbacks for IO */
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+        if (pkcs7 != NULL) {
+            pkcs7->contentSz  = FOURK_BUF*2;
+            pkcs7->privateKey = key;
+            pkcs7->privateKeySz = (word32)sizeof(key);
+            pkcs7->encryptOID = RSAk;
+        #ifdef NO_SHA
+            pkcs7->hashOID = SHA256h;
+        #else
+            pkcs7->hashOID = SHAh;
+        #endif
+            pkcs7->rng = &rng;
+        }
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+            StreamOutputCB), 0);
+
+        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* use exact signed buffer size since BER encoded */
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, encodeSignedDataStreamOut,
+            signedSz), 0);
     }
 #endif
 
@@ -28270,7 +28335,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
     testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
     for (i = 0; i < testSz; i++) {
     #ifdef ASN_BER_TO_DER
-        /* test setting stream mode */
+        /* test setting stream mode, the first one using IO callbacks */
         ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
                                     (word32)(testVectors + i)->certSz), 0);
         if (pkcs7 != NULL) {
@@ -28278,7 +28343,8 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
             pkcs7->rng = &rng;
         #endif
 
-            pkcs7->content       = (byte*)(testVectors + i)->content;
+            if (i != 0)
+                pkcs7->content       = (byte*)(testVectors + i)->content;
             pkcs7->contentSz     = (testVectors + i)->contentSz;
             pkcs7->contentOID    = (testVectors + i)->contentOID;
             pkcs7->encryptOID    = (testVectors + i)->encryptOID;
@@ -28287,10 +28353,17 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
             pkcs7->privateKey    = (testVectors + i)->privateKey;
             pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
         }
-        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL), 0);
 
-        encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
-            (word32)sizeof(output));
+        if (i == 0) {
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+                StreamOutputCB), 0);
+            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);
+        }
+        else {
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL), 0);
+            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
+                (word32)sizeof(output));
+        }
 
         switch ((testVectors + i)->encryptOID) {
         #ifndef NO_DES3
@@ -28321,8 +28394,15 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
         }
 
         if (encodedSz > 0) {
-            decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-                (word32)encodedSz, decoded, (word32)sizeof(decoded));
+            if (i == 0) {
+                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7,
+                    encodeSignedDataStreamOut, (word32)encodedSz, decoded,
+                    (word32)sizeof(decoded));
+            }
+            else {
+                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+                    (word32)encodedSz, decoded, (word32)sizeof(decoded));
+            }
             ExpectIntGE(decodedSz, 0);
             /* Verify the size of each buffer. */
             ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);