sshkey_shield_private => explicit_bzero() openbsd-compat/freezero.c
https://github.com/openssh/openssh-portable/commit/4f7a56d5e...
It's only using the insecure freezero, which is using the insecure explicit_bzero. A simple compiler barrier only, no memory barrier. so it's unsafe against the advertised spectre/meltdown sidechannel attacks, the secrets are still in the caches.
sshkey_shield_private => explicit_bzero() openbsd-compat/freezero.c
https://github.com/openssh/openssh-portable/commit/4f7a56d5e...
It's only using the insecure freezero, which is using the insecure explicit_bzero. A simple compiler barrier only, no memory barrier. so it's unsafe against the advertised spectre/meltdown sidechannel attacks, the secrets are still in the caches.