xmlenc: Decrypt(): return the plaintext directly, don’t modify the source document.

xmlenc/xmlenc.go

@@ -12,6 +12,7 @@ import (
 	"encoding/base64"
 	"encoding/pem"
 	"encoding/xml"
+	"errors"
 	"fmt"
 	"hash"
 	"io"
@@ -58,16 +59,15 @@ type cipherData struct {
 	CipherValue string `xml:"CipherValue"`
 }
 
+var ErrNoEncryptedDataFound = errors.New("no EncryptedData elements found")
+
 // Decrypt searches the serialized XML document `doc` looking for
-// EncryptedData elements and decrypting them. It returns the
+// an EncryptedData element. When found, it decrypts the element
-// original document with the each EncryptedData element replaced
+// and returns the plaintext of the encrypted section.
-// by the derived plaintext.
 //
 // Key is a PEM-encoded RSA private key, or a binary TDES key or a
 // binary AES key, depending on the encryption type in use.
 func Decrypt(key []byte, doc []byte) ([]byte, error) {
-	out := bytes.NewBuffer(nil)
-	encoder := xml.NewEncoder(out)
 	decoder := xml.NewDecoder(bytes.NewReader(doc))
 	for {
 		t, err := decoder.Token()
@@ -89,17 +89,11 @@ func Decrypt(key []byte, doc []byte) ([]byte, error) {
 					return nil, err
 				}
 
-				encoder.Flush()
+				return plaintext, nil
-				out.Write(plaintext)
-				continue
 			}
 		}
-
-		encoder.EncodeToken(t)
 	}
-	encoder.Flush()
+	return nil, ErrNoEncryptedDataFound
-
-	return out.Bytes(), nil
 }
 
 // decryptEncryptedData decrypts the EncryptedData element and returns the