libsecp256k1 v0.3.2 Released
"We strongly recommend any users of the library to upgrade if their code may end up being compiled with an affected version of GCC."
- "This release fixes a "constant-timeness" issue in the ECDH implementation with GCC >=13 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack."
- "We strongly recommend updating to 0.3.2 if you use or plan to use GCC >=13 to compile libsecp256k1. When in doubt, check the GCC version using
gcc -v."
What's changed
Security
- Module
ecdh: Fix "constant-timeness" issue with GCC 13.1 (and potentially future versions of GCC) that could leave applications using libsecp256k1's ECDH module vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow during ECDH computations when libsecp256k1 is compiled with GCC 13.1.
Fixed
- Fixed an old bug that permitted compilers to potentially output bad assembly code on x86_64. In theory, it could lead to a crash or a read of unrelated memory, but this has never been observed on any compilers so far.
Changed
- Various improvements and changes to CMake builds. CMake builds remain experimental.
- Made API versioning consistent with GNU Autotools builds.
- Switched to
BUILD_SHARED_LIBSvariable for controlling whether to build a static or a shared library. - Added
SECP256K1_INSTALLvariable for the controlling whether to install the build artefacts. - Renamed asm build option
armtoarm32. Use--with-asm=arm32instead of--with-asm=arm(GNU Autotools), and-DSECP256K1_ASM=arm32instead of-DSECP256K1_ASM=arm(CMake).
ABI Compatibility
- The ABI is compatible with versions 0.3.0 and 0.3.1.
