openpgp: Securely erase partially decrypted memory before crashing.

author: Justus Winter <justus@sequoia-pgp.org> 2023-02-25 02:26:44 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2023-02-27 12:35:24 +0100
commit: 06a179e5a0f2391cbf891eae24e714b7be3ba5c7 (patch)
tree: 0573259467d4284c7241aa5b9c24fae7820cf45d
parent: 3b2f7d068df500377d12bc007c4006388e277cbd (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/openpgp/src/crypto/mem.rs b/openpgp/src/crypto/mem.rs
index 972e9a70..f8a963f0 100644
--- a/openpgp/src/crypto/mem.rs
+++ b/openpgp/src/crypto/mem.rs
@@ -339,9 +339,14 @@ mod has_access_to_prekey {
                                      Self::sealing_key(&self.salt),
                                      Box::new(ciphertext))
                 .expect("Mandatory algorithm unsupported");
-            io::copy(&mut decryptor, &mut plaintext)
-                .expect("Encrypted memory modified or corrupted");
+
+            // Be careful not to leak partially decrypted plain text.
+            let r = io::copy(&mut decryptor, &mut plaintext);
             let plaintext: Protected = plaintext.into();
+            if r.is_err() {
+                drop(plaintext); // Securely erase partial plaintext.
+                panic!("Encrypted memory modified or corrupted");
+            }
             fun(&plaintext)
         }
     }
author	Justus Winter <justus@sequoia-pgp.org>	2023-02-25 02:26:44 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2023-02-27 12:35:24 +0100
commit	06a179e5a0f2391cbf891eae24e714b7be3ba5c7 (patch)
tree	0573259467d4284c7241aa5b9c24fae7820cf45d
parent	3b2f7d068df500377d12bc007c4006388e277cbd (diff)