From c33035e6a6190af419e2c2044c78c70fc9a1bc6b Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Mon, 2 Jun 2025 15:42:52 -0600
Subject: [PATCH] add conditions to constant time mask functions

---
 wolfcrypt/src/misc.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index e256073ba..c41d08483 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -633,7 +633,13 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b,
 }
 #endif
 
-#ifndef WOLFSSL_NO_CT_OPS
+
+#if defined(WOLFSSL_NO_CT_OPS) && (!defined(NO_RSA) || !defined(WOLFCRYPT_ONLY))
+/* constant time operations with mask are required for RSA and TLS operations */
+#warning constant time operations required unless using NO_RSA & WOLFCRYPT_ONLY
+#endif
+
+#if !defined(WOLFSSL_NO_CT_OPS) || !defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)
 /* Constant time - mask set when a > b. */
 WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b)
 {