Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id A9082C002A for ; Sun, 14 May 2023 17:42:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 7CCFA40606 for ; Sun, 14 May 2023 17:42:00 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 7CCFA40606 Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=timruffing.de header.i=@timruffing.de header.a=rsa-sha256 header.s=MBO0001 header.b=nKWE+3W9 X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.8 X-Spam-Level: X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UUerPnOhv2jB for ; Sun, 14 May 2023 17:41:58 +0000 (UTC) X-Greylist: delayed 00:05:59 by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 5427B40181 Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [IPv6:2001:67c:2050:0:465::101]) by smtp2.osuosl.org (Postfix) with ESMTPS id 5427B40181 for ; Sun, 14 May 2023 17:41:58 +0000 (UTC) Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4QK8mS1wnJz9snc for ; Sun, 14 May 2023 19:35:52 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timruffing.de; s=MBO0001; t=1684085752; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=o6OutmqO14h8UEMYaPkuaXPkvY3LQ+rhonK84a7iylE=; b=nKWE+3W9ICwSS+HKoo/VCLKLqb+hQ4x9Lj7Bt2rH1tfHt2VlFjdlLPtSeLITRWlz+gniex t0WtL1HXycF7QzpwyqZzYf+rn4ymWUWzOU4rtb40Whq8Nqtxxs8BDIlTmaa6mejV6sNcJ8 4ICBZ7F7XX0M9s6yHnhjQijGMsKQL8M6MFrQSW4QlmHKQfGcRxc7GHYKjrsw6zADCWCfTF i55mZQE4jjZsMs7ZSXNfQwXTYzFxcQ51iGlBr88y8QlGdbaaEWIhv1zDwHV3/eNW+PT7G8 J1Mqwr46E+pcpD2zMQu5YE9FYtKH9EF28YXKxgEh1A6ao6APAEWVBOn6wegXGw== Message-ID: From: Tim Ruffing To: bitcoin-dev@lists.linuxfoundation.org Date: Sun, 14 May 2023 19:35:38 +0200 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Rspamd-Queue-Id: 4QK8mS1wnJz9snc X-Mailman-Approved-At: Sun, 14 May 2023 19:14:48 +0000 Subject: [bitcoin-dev] libsecp256k1 0.3.2 released X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 May 2023 17:42:00 -0000 Hello, We'd like to announce the release of version 0.3.2 of libsecp256k1: https://github.com/bitcoin-core/secp256k1/releases/tag/v0.3.2 This is a bugfix release after 0.3.1. The impetus for this release is the discovery that GCC 13 became smart enough to optimize out a specific timing side-channel protection mechanism in the ECDH code that could leave applications vulnerable to a side-channel attack. This has been fixed in 0.3.2 [1]. For the full changelog, see https://github.com/bitcoin-core/secp256k1/blob/master/CHANGELOG.md We strongly recommend any users of the library to upgrade if their code may end up being compiled with GCC >=3D13. Bitcoin Core is not affected because it does not use libsecp256k1's ECDH module. Note: The underlying side-channel issue is very similar to the issue that lead to the previous 0.3.1 release. Unfortunately, there is no generic way to prevent compilers from "optimizing" code by adding secret-dependent branches (which are undesired in cryptographic applications), and it is hard to predict what optimizations future compiler versions will add. There's ongoing work [2] to test on unreleased development snapshots of GCC and Clang, which would make it possible to catch similar cases earlier in the future. [1]: https://github.com/bitcoin-core/secp256k1/pull/1303 [2]: https://github.com/bitcoin-core/secp256k1/pull/1313