“This release fixes a “constant-timeness” issue in the ECDH implementation with GCC >=13 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack.””We strongly recommend updating to 0.3.2 if you use or plan to use GCC >=13 to compile libsecp256k1. When in doubt, check the GCC version using gcc -v.”
What’s changed
Security
Module ecdh: Fix “constant-timeness” issue with GCC 13.1 (and potentially future versions of GCC) that could leave applications using libsecp256k1’s ECDH module vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow during ECDH computations when libsecp256k1 is compiled with GCC 13.1.
Fixed
Fixed an old bug that permitted compilers to potentially output bad assembly code on x86_64. In theory, it could lead to a crash or a read of unrelated memory, but this has never been observed on any compilers so far.
Changed
Various improvements and changes to CMake builds. CMake builds remain experimental.Made API versioning consistent with GNU Autotools builds.Switched to BUILD_SHARED_LIBS variable for controlling whether to build a static or a shared library.Added SECP256K1_INSTALL variable for the controlling whether to install the build artefacts.Renamed asm build option arm to arm32. Use –with-asm=arm32 instead of –with-asm=arm (GNU Autotools), and -DSECP256K1_ASM=arm32 instead of -DSECP256K1_ASM=arm (CMake).
ABI Compatibility
The ABI is compatible with versions 0.3.0 and 0.3.1.