libsecp256k1 v0.3.2 Released

"We strongly recommend any users of the library to upgrade if their code may end up being compiled with an affected version of GCC."

libsecp256k1 v0.3.2 Released
  • "This release fixes a "constant-timeness" issue in the ECDH implementation with GCC >=13 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack."
  • "We strongly recommend updating to 0.3.2 if you use or plan to use GCC >=13 to compile libsecp256k1. When in doubt, check the GCC version using gcc -v."

What's changed

Security

  • Module ecdh: Fix "constant-timeness" issue with GCC 13.1 (and potentially future versions of GCC) that could leave applications using libsecp256k1's ECDH module vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow during ECDH computations when libsecp256k1 is compiled with GCC 13.1.

Fixed

  • Fixed an old bug that permitted compilers to potentially output bad assembly code on x86_64. In theory, it could lead to a crash or a read of unrelated memory, but this has never been observed on any compilers so far.

Changed

  • Various improvements and changes to CMake builds. CMake builds remain experimental.
  • Made API versioning consistent with GNU Autotools builds.
  • Switched to BUILD_SHARED_LIBS variable for controlling whether to build a static or a shared library.
  • Added SECP256K1_INSTALL variable for the controlling whether to install the build artefacts.
  • Renamed asm build option arm to arm32. Use --with-asm=arm32 instead of --with-asm=arm (GNU Autotools), and -DSECP256K1_ASM=arm32 instead of -DSECP256K1_ASM=arm (CMake).

ABI Compatibility

  • The ABI is compatible with versions 0.3.0 and 0.3.1.

GitHub Repo