From dc57adcfedc3e491f93c6889c7f567751a374b5d Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 12 Jun 2025 11:33:50 -0700
Subject: [PATCH] Fix to increment IV for AES CTR with TSIP (allow encrypt to
 be called multiple times without having to manually reset the IV).

---
 wolfcrypt/src/port/Renesas/renesas_tsip_aes.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
index 27786591d..df7c41ada 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
@@ -654,7 +654,18 @@ int wc_tsip_AesCtr(struct Aes* aes, byte* out, const byte* in, word32 sz)
     #endif
     }
 
-    if (ret != TSIP_SUCCESS) {
+    if (ret == TSIP_SUCCESS) {
+        /* increment IV counter */
+        int i, blocks = (int)(sz / WC_AES_BLOCK_SIZE);
+        while (blocks--) {
+            /* in network byte order so start at end and work back */
+            for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) {
+                if (++iv[i]) /* we're done unless we overflow */
+                    break;
+            }
+        }
+    }
+    else {
         WOLFSSL_ERROR(ret);
         WOLFSSL_MSG("TSIP AES CTR failed");
         ret = -1;