[openssh-commits] [openssh] branch master updated (4cd6b12c -> 1dfadb9b)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Jun 21 14:24:53 AEST 2019


This is an automated email from the git hooks/post-receive script.

djm pushed a change to branch master
in repository openssh.

      from  4cd6b12c  upstream: print the correct AuthorizedPrincipalsCommand rather than
       new  4f7a56d5  upstream: Add protection for private keys at rest in RAM against
       new  1dfadb9b  upstream: adapt for key shielding API changes (const removal)

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Detailed log of new commits:

commit 1dfadb9b57c2985c95838a0292d1c2f6a501896e
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Jun 21 04:21:45 2019 +0000

    upstream: adapt for key shielding API changes (const removal)
    
    OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6

commit 4f7a56d5e02e3d04ab69eac1213817a7536d0562
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Jun 21 04:21:04 2019 +0000

    upstream: Add protection for private keys at rest in RAM against
    
    speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
    and Rambleed. This change encrypts private keys when they are not in use with
    a symmetic key that is derived from a relatively large "prekey" consisting of
    random data (currently 16KB).
    
    Attackers must recover the entire prekey with high accuracy before
    they can attempt to decrypt the shielded private key, but the current
    generation of attacks have bit error rates that, when applied
    cumulatively to the entire prekey, make this unlikely.
    
    Implementation-wise, keys are encrypted "shielded" when loaded and then
    automatically and transparently unshielded when used for signatures or
    when being saved/serialised.
    
    Hopefully we can remove this in a few years time when computer
    architecture has become less unsafe.
    
    been in snaps for a bit already; thanks deraadt@
    
    ok dtucker@ deraadt@
    
    OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4

Summary of changes:
 authfd.c                               |   4 +-
 authfd.h                               |   4 +-
 krl.c                                  |   4 +-
 krl.h                                  |   4 +-
 regress/unittests/sshkey/test_sshkey.c |   6 +-
 ssh-agent.c                            |   7 +-
 ssh-keygen.c                           |   4 +-
 sshconnect.c                           |   4 +-
 sshconnect.h                           |   4 +-
 sshd.c                                 |  10 +-
 sshkey.c                               | 299 +++++++++++++++++++++++++++++++--
 sshkey.h                               |  21 ++-
 12 files changed, 327 insertions(+), 44 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list