fixes

Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>

Author: sameehj

doc/dox_comments/header_files/cryptocb.h

@@ -195,20 +195,22 @@ void wc_CryptoCb_InfoString(wc_CryptoInfo* info);
     through the CryptoCB interface.
 
     **TLS Builds (Default):**
-    - Key bytes ARE stored in wolfCrypt memory for fallback
+    - Key bytes ARE stored in wolfCrypt memory (devKey) for fallback
     - GCM tables ARE generated for software fallback
     - Provides hardware acceleration with automatic fallback
+    - Even when WC_CRYPTOCB_AES_GCM is set, tables are generated for safety
 
     **Crypto-Only Builds (--disable-tls):**
-    - Key bytes NOT stored (true key isolation)
+    - Key bytes NOT stored in wolfCrypt memory (true key isolation)
     - GCM tables skipped when WC_CRYPTOCB_AES_GCM is set
-    - True hardware offload
+    - True hardware offload - callback must handle all GCM operations
 
     The callback declares its capabilities by setting flags in the
     capabilities parameter. If WC_CRYPTOCB_AES_GCM is set, the callback
-    supports AES-GCM acceleration. In TLS builds, tables are still generated
-    for fallback. In crypto-only builds, tables are skipped for true offload.
-    If not set, wolfCrypt generates tables for software fallback.
+    supports AES-GCM acceleration. In TLS builds, tables are ALWAYS generated
+    for fallback regardless of this flag. In crypto-only builds, tables are
+    skipped only when WC_CRYPTOCB_AES_GCM is set. If not set, wolfCrypt
+    generates tables for software fallback.
 
     \param aes          AES context
     \param key          Pointer to raw AES key material

wolfcrypt/src/aes.c

@@ -4379,6 +4379,10 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
 
             if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
                 if (ret != 0) {
+                    /* Clear devCtx on error to prevent resource leak */
+                    if (aes->devCtx != NULL) {
+                        aes->devCtx = NULL;
+                    }
                     return ret;
                 }
 
@@ -4388,7 +4392,12 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt(
 
                 #ifdef WOLFSSL_AES_GCM_TLS_SAFE
                     WOLFSSL_MSG("CryptoCB AES-GCM declared but TLS-safe fallback retained");
-                    /* TLS-safe: continue to software path for fallback */
+                    /* TLS-safe: copy key to devKey for fallback, then continue to software path */
+                    if (keylen > sizeof(aes->devKey)) {
+                        aes->devCtx = NULL;  /* Clear devCtx on error */
+                        return BAD_FUNC_ARG;
+                    }
+                    XMEMCPY(aes->devKey, userKey, keylen);
                     goto cryptocb_aes_setkey_fallback;
                 #else
                     /* Set IV if provided */
@@ -4842,6 +4851,10 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
             if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
                 if (ret != 0) {
+                    /* Clear devCtx on error to prevent resource leak */
+                    if (aes->devCtx != NULL) {
+                        aes->devCtx = NULL;
+                    }
                     return ret;
                 }
 
@@ -4851,8 +4864,13 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
 
                 #ifdef WOLFSSL_AES_GCM_TLS_SAFE
                     WOLFSSL_MSG("CryptoCB AES-GCM declared but TLS-safe fallback retained");
-                    /* TLS-safe: continue to software path for fallback */
-                    goto cryptocb_aes_setkey_fallback2;
+                    /* TLS-safe: copy key to devKey for fallback, then continue to software path */
+                    if (keylen > sizeof(aes->devKey)) {
+                        aes->devCtx = NULL;  /* Clear devCtx on error */
+                        return BAD_FUNC_ARG;
+                    }
+                    XMEMCPY(aes->devKey, userKey, keylen);
+                    goto cryptocb_aes_setkey_fallback;
                 #else
                     WOLFSSL_MSG("CryptoCB AES-GCM full offload active (crypto-only build)");
                     /* Set IV if provided */
@@ -4868,7 +4886,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
                 /* Key-import-only or partial support: fallback to software */
             }
             /* CRYPTOCB_UNAVAILABLE or TLS-safe fallback: continue to software */
-        cryptocb_aes_setkey_fallback2: (void)0;
+        cryptocb_aes_setkey_fallback: (void)0;
         #else
             /* Copy key to devKey for standard CryptoCB path */
             XMEMCPY(aes->devKey, userKey, keylen);