Thanks for your response, Rich. Yes, I'm aware of timing attack against RSA cryptography (e.g. the one majorly responded for the latest upgrade), but this patch is simply a small optimization for RSA testing code, which is only used in the testsuit of OpenSSL, and has no any effect on the real usage of RSA in any case, so it is not related to any attack.
Thanks & Regards, Huang Le (Eric, Alibaba DevOps) Email: 4tarhl AT gmail.com, le.hl AT alibaba-inc.com On Wed, Feb 27, 2013 at 3:17 AM, Salz, Rich via RT <[email protected]> wrote: > You might want to read about timing attacks. > > -- > Principal Security Engineer > Akamai Technology > Cambridge, MA > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
