> 2. When will RT2574 be integrated to protect our ECC keys in the inevitable > presence of software defects like this? > http://rt.openssl.org/Ticket/Display.html?id=2574&user=guest&pass=guest
Timing attacks on ECC isn't a very high priority right now, given all the other bigger easier to exploit issues with wider deployment :( I wish it weren't so, but I do want to set your expectations properly. (Now, of course, having said that, the constant-time folks will swoop in and submit this to master next week :)
