diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
index 8695633db..8152b5b62 100644
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -88,7 +88,7 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_TlsCleanup(ssl);
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
-    wc_fspsm_TlsCleanup(ssl);
+    ret = wc_fspsm_TlsCleanup(ssl);
 #endif
 
     WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret);
@@ -699,7 +699,8 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
  #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
     FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
 
-    if (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) {
+    if (cbInfo != NULL && cbInfo->internal != NULL && 
+        cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) {
         switch(cbInfo->internal->side) {
  #endif
             case 1:/* ENCRYPT_SIDE_ONLY */
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
index 1fb11207a..3de502718 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
@@ -823,7 +823,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, wc_CryptoInfo* info,
 
     WOLFSSL_ENTER("wc_fspsm_AesCipher");
 
-    if (info == NULL || ctx == NULL) {
+    if (info == NULL || cbInfo == NULL || cbInfo->internal == NULL) {
         return BAD_FUNC_ARG;
     }
 
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
index d17865a22..0b429c475 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
@@ -224,7 +224,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
                                    uint32_t sigSz, void* ctx)
 {
     int ret = WOLFSSL_FAILURE;
-    FSPSM_ST* cbInfo;
+    FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
     byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
     byte *peerkey = NULL;
 
@@ -232,11 +232,10 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
     (void) sigSz;
 
     /* sanity check */
-    if (ssl == NULL || sig == NULL || ctx == NULL)
+    if (ssl == NULL || sig == NULL || cbInfo == NULL ||
+            cbInfo->internal == NULL)
         return ret;
 
-    cbInfo = (FSPSM_ST*)ctx;
-
     /* export public peer public key */
     ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
     WOLFSSL_PKMSG("qxLen %d qyLen %d\n", qxLen, qyLen);
@@ -246,7 +245,8 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
     }
     /* make peer ecc key data for SCE */
     /* 0padding(24bit) || 04(8bit) || Qx(256bit) || Qy(256bit) */
-    peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL,
+                                                    DYNAMIC_TYPE_TMP_BUFFER);
     if (peerkey == NULL) {
         WOLFSSL_MSG("failed to malloc ecc key");
         return WOLFSSL_FAILURE;
@@ -404,7 +404,8 @@ int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
 
     /* sanity check */
     if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL ||
-        out == NULL || outlen == NULL || ctx == NULL)
+        out == NULL || outlen == NULL || cbInfo == NULL||
+        cbInfo->internal == NULL)
       return WOLFSSL_FAILURE;
 
     WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
@@ -738,7 +739,7 @@ int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
     uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0,
                                          ssl->options.cipherSuite);
 
-    if (ssl== NULL || cbInfo == NULL)
+    if (ssl== NULL || cbInfo == NULL || cbInfo->internal == NULL)
       return BAD_FUNC_ARG;
 
 
@@ -1227,19 +1228,20 @@ WOLFSSL_API void wc_fspsm_set_callbacks(WOLFSSL_CTX* ctx)
 /*
 * Clean up Renesas Ctx
 * ssl WOLFSSL object
-* return none
+* return 0 successful
 */
-void wc_fspsm_TlsCleanup(WOLFSSL* ssl)
+int wc_fspsm_TlsCleanup(WOLFSSL* ssl)
 {
+    int ret = 0;
     FSPSM_ST* tuc = NULL;
 
     if (ssl == NULL)
-        return;
+        return ret;
 
     tuc = ssl->RenesasUserCtx;
 
     if (tuc == NULL)
-        return;
+        return ret;
     /* free internal structure */
     if (tuc->internal) {
         XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1249,6 +1251,8 @@ void wc_fspsm_TlsCleanup(WOLFSSL* ssl)
     /* zero clear */
     ForceZero(tuc, sizeof(FSPSM_ST));
     ssl->RenesasUserCtx = NULL;
+    
+    return ret;
 }
 /* Set callback contexts needed for sce TLS api handling */
 #if defined(WOLFSSL_RENESAS_SCEPROTECT)
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h
index 4acf44e5a..ff7b6407c 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h
@@ -154,7 +154,7 @@ typedef enum {
 
 struct WOLFSSL;
 struct Aes;
-WOLFSSL_LOCAL void wc_fspsm_TlsCleanup(struct WOLFSSL* ssl);
+WOLFSSL_LOCAL int wc_fspsm_TlsCleanup(struct WOLFSSL* ssl);
 WOLFSSL_LOCAL int     wc_fspsm_Open();
 WOLFSSL_LOCAL void    wc_fspsm_Close();
 WOLFSSL_LOCAL int     wc_fspsm_hw_lock();