go.crypto/openpgp: don't corrupt encrypted private key when decryption fails.

Since the decryption was done in place, if an incorrect key was given,
the encrypted data would be corrupted.

Fixes golang/go#8439.

R=bradfitz
CC=golang-codereviews
https://golang.org/cl/115550043

openpgp/packet/private_key.go

@@ -196,8 +196,8 @@ func (pk *PrivateKey) Decrypt(passphrase []byte) error {
 	block := pk.cipher.new(key)
 	cfb := cipher.NewCFBDecrypter(block, pk.iv)
 
-	data := pk.encryptedData
-	cfb.XORKeyStream(data, data)
+	data := make([]byte, len(pk.encryptedData))
+	cfb.XORKeyStream(data, pk.encryptedData)
 
 	if pk.sha1Checksum {
 		if len(data) < sha1.Size {

openpgp/packet/private_key_test.go

@@ -38,6 +38,12 @@ func TestPrivateKeyRead(t *testing.T) {
 			continue
 		}
 
+		err = privKey.Decrypt([]byte("wrong password"))
+		if err == nil {
+			t.Errorf("#%d: decrypted with incorrect key", i)
+			continue
+		}
+
 		err = privKey.Decrypt([]byte("testing"))
 		if err != nil {
 			t.Errorf("#%d: failed to decrypt: %s", i, err)