diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
index b91b1f81e..c8577e572 100644
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -266,9 +266,11 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                     info->pk.rsa.type == RSA_PRIVATE_DECRYPT) {
                     ret = tsip_SignRsaPkcs(info, cbInfo);
                 }
+            #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
                 else {
                     ret = wc_tsip_RsaVerifyPkcs(info, cbInfo);
                 }
+            #endif
             }
         #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
             else if (pad && pad->pad_value == RSA_BLOCK_TYPE_2) {
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 59003d3c4..58c8438d1 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -3578,7 +3578,12 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
 
     case RSA_STATE_DECRYPT_EXPTMOD:
 #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
-    if ((key->devId != INVALID_DEVID) && (rsa_type != RSA_PUBLIC_DECRYPT)) {
+    if ((key->devId != INVALID_DEVID)
+    #if !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
+        !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
+    && (rsa_type != RSA_PUBLIC_DECRYPT)
+    #endif
+    ) {
         /* Everything except verify goes to crypto cb if
          * WOLF_CRYPTO_CB_RSA_PAD defined */
         XMEMSET(&padding, 0, sizeof(RsaPadding));