From 4479ba2ef96f383c5fff278fb182fc55c6751b5a Mon Sep 17 00:00:00 2001
From: Mark Atwood <mark@wolfssl.com>
Date: Tue, 2 Jun 2026 16:22:01 -0700
Subject: [PATCH] aes.c: extend GCM H-skip guard to cover WOLF_CRYPTO_CB_SETKEY

The existing guard in wc_AesGcmSetKey at aes.c:7855 says "if the SE
owns the key, skip software-side H subkey and M-table generation,"
gated on WOLF_CRYPTO_CB_AES_SETKEY.  Add WOLF_CRYPTO_CB_SETKEY to
the same guard so generic SetKey cryptocb users get the same
treatment.

Without this change, a port that registers a generic SetKey callback
(WOLF_CRYPTO_CB_SETKEY) and successfully imports an AES key into a
secure element returns success from wc_AesSetKey without populating
the software key schedule.  wc_AesGcmSetKey then calls
wc_AesEncrypt(aes, iv, aes->gcm.H) which checks 'r > 7 || r == 0'
on aes->rounds and bails with KEYUSAGE_E (-226).  Result: AES-GCM
cannot be offloaded via the generic SetKey cryptocb at all.

The WOLF_CRYPTO_CB_AES_SETKEY (AES-specific) path already handles
this case correctly.  WOLF_CRYPTO_CB_SETKEY is the newer generic
dispatch (single hook for AES, HMAC, ECC, and future algorithms);
any port adopting it hits the same condition for GCM and needs the
same skip behavior.

No behavior change for builds that don't define either macro, or for
builds that only define WOLF_CRYPTO_CB_AES_SETKEY.

Verified:
- ./configure && make && make check
  5 PASS, 4 SKIP, 0 FAIL
- ./configure --enable-cryptocb CFLAGS=-DWOLF_CRYPTO_CB_SETKEY &&
  make && make check
  5 PASS, 4 SKIP, 0 FAIL
- ./configure --enable-all && make && make check
  22 TOTAL, 17 PASS, 5 SKIP, 0 FAIL
---
 wolfcrypt/src/aes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index b9ef36f4725..1639a010d23 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -7852,7 +7852,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 #if !defined(FREESCALE_LTC_AES_GCM) && !defined(WOLFSSL_PSOC6_CRYPTO)
 
 
-#ifdef WOLF_CRYPTO_CB_AES_SETKEY
+#if defined(WOLF_CRYPTO_CB_AES_SETKEY) || defined(WOLF_CRYPTO_CB_SETKEY)
     if ((ret == 0) && (aes->devId != INVALID_DEVID && aes->devCtx != NULL)) {
         /* SE owns key - skip H and M table generation */
     }