From c161cbd9f3fa1247382bb5b6269c7379222cabf5 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 7 Oct 2025 20:48:29 +1000 Subject: [PATCH] Xtensa: mitigate potential non-CT assembly output Compilers for Xtensa have been seen to produce non-constant time code. Force small code size builds for X25519, Ed25519, X448 and Ed448. --- .wolfssl_known_macro_extras | 2 ++ wolfssl/wolfcrypt/settings.h | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index fd5bd6ca4..6ffa044d8 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -428,6 +428,7 @@ NO_WOLFSSL_AUTOSAR_CRYPTO NO_WOLFSSL_AUTOSAR_CSM NO_WOLFSSL_BASE64_DECODE NO_WOLFSSL_BN_CTX +NO_WOLFSSL_CURVE25519_BLINDING NO_WOLFSSL_MSG_EX NO_WOLFSSL_RENESAS_FSPSM_AES NO_WOLFSSL_RENESAS_FSPSM_HASH @@ -1078,6 +1079,7 @@ __svr4__ __thumb__ __ti__ __x86_64__ +__xtensa__ byte configTICK_RATE_HZ fallthrough diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 8bd0b213b..6621d4654 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2708,6 +2708,22 @@ extern void uITRON4_free(void *p) ; #endif #endif +#if defined(__xtensa__) + /* Compilers for Xtensa have been seen to compile C code into + * non-constant time assembly code. The small implementation is not known + * to have these issues. */ + #undef CURVE25519_SMALL + #define CURVE25519_SMALL + #undef ED25519_SMALL + #define ED25519_SMALL + #undef CURVE448_SMALL + #define CURVE448_SMALL + #undef ED448_SMALL + #define ED448_SMALL + #warning "Contact wolfSSL support for a fast implementation that is " \ + "constant time" +#endif + #if defined(NO_WC_SSIZE_TYPE) || defined(ssize_t) /* ssize_t comes from system headers or user_settings.h */ #elif defined(WC_SSIZE_TYPE)