diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
index f6f00357c..ff5947a9a 100644
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -257,12 +257,12 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
          * Can handle only RSA PkCS#1v1.5 padding scheme here.
          */
         if (info->pk.rsa.type == RSA_PRIVATE_ENCRYPT) {
-            ret = tsip_SignRsaPkcs(info, ctx);
+            ret = tsip_SignRsaPkcs(info, cbInfo);
         }
         #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
         /* RSA Verify */
         if (info->pk.rsa.type == RSA_PUBLIC_DECRYPT) {
-            ret = wc_tsip_RsaVerifyPkcs(info, ctx);
+            ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
         }
         #endif
     #endif /* !NO_RSA */
@@ -270,12 +270,12 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     #if defined(HAVE_ECC)
         #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
-            ret = tsip_SignEcdsa(info, ctx);
+            ret = tsip_SignEcdsa(info, cbInfo);
         }
         #endif
         #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
         if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
-            ret = tsip_VerifyEcdsa(info, ctx);
+            ret = tsip_VerifyEcdsa(info, cbInfo);
         }
         #endif
     #endif /* HAVE_ECC */
@@ -814,7 +814,7 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
     WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
     if (Renesas_cmn_usable(ssl, 0)) {
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-        ret = wc_tsip_generateSessionKey(ssl, (TsipUserCtx*)ctx, cbInfo->devId);
+        ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId);
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
         ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
 #endif
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
index ada6d88b6..fdeb69601 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@@ -4005,7 +4005,17 @@ WOLFSSL_LOCAL int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
 #endif /* WOLFSSL_RENESAS_TSIP_TLS */
 
 #if defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-/*   Perform verify with the wrapped public key, provided hash and signature r+s
+/* zero pad or truncate hash */
+static int tsip_HashPad(int curveSz, uint8_t* hash,
+    const uint8_t* hashIn, int hashSz)
+{
+    if (hashSz > curveSz)
+        hashSz = curveSz;
+    XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
+    return curveSz;
+}
+
+/* Perform verify with the wrapped public key, provided hash and signature r+s
  *
  * parameters
  *   info->pk.eccverify.in    : the buffer holding hash value of messages
@@ -4021,6 +4031,9 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
     tsip_ecdsa_byte_data_t hashData, sigData;
+    /* hard coding largest digest size, since WC_MAX_DIGEST_SZ could be 32
+     * if using SHA2-256 with ECDSA SECP384R1 */
+    uint8_t hash[48];
 
     WOLFSSL_ENTER("tsip_VerifyEcdsa");
 
@@ -4028,14 +4041,15 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
         ret = CRYPTOCB_UNAVAILABLE;
     }
 
+    XMEMSET(hash, 0, sizeof(hash));
+
     if (ret == 0) {
         /* import public key_index from wrapped key */
         ret = tsipImportPublicKey(tuc, tuc->wrappedKeyType);
     }
 
     if (ret == 0) {
-        hashData.pdata       = (uint8_t*)info->pk.eccverify.hash;
-        hashData.data_length = info->pk.eccverify.hashlen;
+        hashData.pdata      = (uint8_t*)hash;
         hashData.data_type  = tuc->keyflgs_crypt.bits.message_type;
         sigData.pdata       = (uint8_t*)info->pk.eccverify.sig;
         sigData.data_length = info->pk.eccverify.siglen;
@@ -4044,23 +4058,38 @@ WOLFSSL_LOCAL int tsip_VerifyEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
             switch (tuc->wrappedKeyType) {
             #if !defined(NO_ECC256)
                 case TSIP_KEY_TYPE_ECDSAP256:
+                    /* zero pad or truncate */
+                    hashData.data_length = tsip_HashPad(32, hash,
+                        info->pk.eccverify.hash, info->pk.eccverify.hashlen);
+
                     err = R_TSIP_EcdsaP256SignatureVerification(&sigData,
                         &hashData, &tuc->eccpub_keyIdx);
-                    if (err != TSIP_SUCCESS) {
+                    if (err == TSIP_SUCCESS) {
+                        *info->pk.eccverify.res = 1; /* success */
+                    }
+                    else {
                         ret = WC_HW_E;
                     }
                     break;
-                #endif
+                    break;
+            #endif
 
-                #if defined(HAVE_ECC384)
+            #if defined(HAVE_ECC384)
                 case TSIP_KEY_TYPE_ECDSAP384:
+                    /* zero pad or truncate */
+                    hashData.data_length = tsip_HashPad(48, hash,
+                        info->pk.eccverify.hash, info->pk.eccverify.hashlen);
+
                     err = R_TSIP_EcdsaP384SignatureVerification(&sigData,
                         &hashData, &tuc->eccpub_keyIdx);
-                    if (err != TSIP_SUCCESS) {
+                    if (err == TSIP_SUCCESS) {
+                        *info->pk.eccverify.res = 1; /* success */
+                    }
+                    else {
                         ret = WC_HW_E;
                     }
                     break;
-                #endif
+            #endif
 
                 default:
                     WOLFSSL_MSG("ECDSA public key size not available");