summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/util/nssb64d.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/lib/util/nssb64d.c
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/lib/util/nssb64d.c')
-rw-r--r--security/nss/lib/util/nssb64d.c852
1 files changed, 852 insertions, 0 deletions
diff --git a/security/nss/lib/util/nssb64d.c b/security/nss/lib/util/nssb64d.c
new file mode 100644
index 0000000000..ebfb154f90
--- /dev/null
+++ b/security/nss/lib/util/nssb64d.c
@@ -0,0 +1,852 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Base64 decoding (ascii to binary).
+ */
+
+#include "nssb64.h"
+#include "nspr.h"
+#include "secitem.h"
+#include "secerr.h"
+
+/*
+ * XXX We want this basic support to go into NSPR (the PL part).
+ * Until that can happen, the PL interface is going to be kept entirely
+ * internal here -- all static functions and opaque data structures.
+ * When someone can get it moved over into NSPR, that should be done:
+ * - giving everything names that are accepted by the NSPR module owners
+ * (though I tried to choose ones that would work without modification)
+ * - exporting the functions (remove static declarations and add
+ * to nssutil.def as necessary)
+ * - put prototypes into appropriate header file (probably replacing
+ * the entire current lib/libc/include/plbase64.h in NSPR)
+ * along with a typedef for the context structure (which should be
+ * kept opaque -- definition in the source file only, but typedef
+ * ala "typedef struct PLBase64FooStr PLBase64Foo;" in header file)
+ * - modify anything else as necessary to conform to NSPR required style
+ * (I looked but found no formatting guide to follow)
+ *
+ * You will want to move over everything from here down to the comment
+ * which says "XXX End of base64 decoding code to be moved into NSPR",
+ * into a new file in NSPR.
+ */
+
+/*
+ **************************************************************
+ * XXX Beginning of base64 decoding code to be moved into NSPR.
+ */
+
+/*
+ * This typedef would belong in the NSPR header file (i.e. plbase64.h).
+ */
+typedef struct PLBase64DecoderStr PLBase64Decoder;
+
+/*
+ * The following implementation of base64 decoding was based on code
+ * found in libmime (specifically, in mimeenc.c). It has been adapted to
+ * use PR types and naming as well as to provide other necessary semantics
+ * (like buffer-in/buffer-out in addition to "streaming" without undue
+ * performance hit of extra copying if you made the buffer versions
+ * use the output_fn). It also incorporates some aspects of the current
+ * NSPR base64 decoding code. As such, you may find similarities to
+ * both of those implementations. I tried to use names that reflected
+ * the original code when possible. For this reason you may find some
+ * inconsistencies -- libmime used lots of "in" and "out" whereas the
+ * NSPR version uses "src" and "dest"; sometimes I changed one to the other
+ * and sometimes I left them when I thought the subroutines were at least
+ * self-consistent.
+ */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * Opaque object used by the decoder to store state.
+ */
+struct PLBase64DecoderStr {
+ /* Current token (or portion, if token_size < 4) being decoded. */
+ unsigned char token[4];
+ int token_size;
+
+ /*
+ * Where to write the decoded data (used when streaming, not when
+ * doing all in-memory (buffer) operations).
+ *
+ * Note that this definition is chosen to be compatible with PR_Write.
+ */
+ PRInt32 (*output_fn)(void *output_arg, const unsigned char *buf,
+ PRInt32 size);
+ void *output_arg;
+
+ /*
+ * Where the decoded output goes -- either temporarily (in the streaming
+ * case, staged here before it goes to the output function) or what will
+ * be the entire buffered result for users of the buffer version.
+ */
+ unsigned char *output_buffer;
+ PRUint32 output_buflen; /* the total length of allocated buffer */
+ PRUint32 output_length; /* the length that is currently populated */
+};
+
+PR_END_EXTERN_C
+
+/* A constant time range check for unsigned chars.
+ * Returns 255 if a <= x <= b and 0 otherwise.
+ */
+static inline unsigned char
+ct_u8_in_range(unsigned char x, unsigned char a, unsigned char b)
+{
+ /* Let x, a, b be ints in {0, 1, ... 255}.
+ * The value (a - x - 1) is in {-256, ..., 254}, so the low
+ * 8 bits of
+ * (a - x - 1) >> 8
+ * are all 1 if a <= x and all 0 if a > x.
+ *
+ * Likewise the low 8 bits of
+ * ((a - x - 1) >> 8) & ((x - c - 1) >> 8)
+ * are all 1 if a <= x <= c and all 0 otherwise.
+ *
+ * The same is true if we perform the shift after the AND
+ * ((a - x - 1) & (x - b - 1)) >> 8.
+ */
+ return (unsigned char)(((a - x - 1) & (x - b - 1)) >> 8);
+}
+
+/* Convert a base64 code [A-Za-z0-9+/] to its value in {1, 2, ..., 64}.
+ * The use of 1-64 instead of 0-63 is so that the special value of zero can
+ * denote an invalid mapping; that was much easier than trying to fill in the
+ * other values with some value other than zero, and to check for it.
+ * Just remember to SUBTRACT ONE when using the value retrieved.
+ */
+static unsigned char
+pl_base64_codetovaluep1(unsigned char code)
+{
+ unsigned char mask;
+ unsigned char res = 0;
+
+ /* The range 'A' to 'Z' is mapped to 1 to 26 */
+ mask = ct_u8_in_range(code, 'A', 'Z');
+ res |= mask & (code - 'A' + 1);
+
+ /* The range 'a' to 'z' is mapped to 27 to 52 */
+ mask = ct_u8_in_range(code, 'a', 'z');
+ res |= mask & (code - 'a' + 27);
+
+ /* The range '0' to '9' is mapped to 53 to 62 */
+ mask = ct_u8_in_range(code, '0', '9');
+ res |= mask & (code - '0' + 53);
+
+ /* The code '+' is mapped to 63 */
+ mask = ct_u8_in_range(code, '+', '+');
+ res |= mask & 63;
+
+ /* The code '/' is mapped to 64 */
+ mask = ct_u8_in_range(code, '/', '/');
+ res |= mask & 64;
+
+ /* All other characters, including '=' are mapped to 0. */
+ return res;
+}
+
+#define B64_PAD '='
+
+/*
+ * Reads 4; writes 3 (known, or expected, to have no trailing padding).
+ * Returns bytes written; -1 on error (unexpected character).
+ */
+static int
+pl_base64_decode_4to3(const unsigned char *in, unsigned char *out)
+{
+ int j;
+ PRUint32 num = 0;
+ unsigned char bits;
+
+ for (j = 0; j < 4; j++) {
+ bits = pl_base64_codetovaluep1(in[j]);
+ if (bits == 0)
+ return -1;
+ num = (num << 6) | (bits - 1);
+ }
+
+ out[0] = (unsigned char)(num >> 16);
+ out[1] = (unsigned char)((num >> 8) & 0xFF);
+ out[2] = (unsigned char)(num & 0xFF);
+
+ return 3;
+}
+
+/*
+ * Reads 3; writes 2 (caller already confirmed EOF or trailing padding).
+ * Returns bytes written; -1 on error (unexpected character).
+ */
+static int
+pl_base64_decode_3to2(const unsigned char *in, unsigned char *out)
+{
+ PRUint32 num = 0;
+ unsigned char bits1, bits2, bits3;
+
+ bits1 = pl_base64_codetovaluep1(in[0]);
+ bits2 = pl_base64_codetovaluep1(in[1]);
+ bits3 = pl_base64_codetovaluep1(in[2]);
+
+ if ((bits1 == 0) || (bits2 == 0) || (bits3 == 0))
+ return -1;
+
+ num = ((PRUint32)(bits1 - 1)) << 10;
+ num |= ((PRUint32)(bits2 - 1)) << 4;
+ num |= ((PRUint32)(bits3 - 1)) >> 2;
+
+ out[0] = (unsigned char)(num >> 8);
+ out[1] = (unsigned char)(num & 0xFF);
+
+ return 2;
+}
+
+/*
+ * Reads 2; writes 1 (caller already confirmed EOF or trailing padding).
+ * Returns bytes written; -1 on error (unexpected character).
+ */
+static int
+pl_base64_decode_2to1(const unsigned char *in, unsigned char *out)
+{
+ PRUint32 num = 0;
+ unsigned char bits1, bits2;
+
+ bits1 = pl_base64_codetovaluep1(in[0]);
+ bits2 = pl_base64_codetovaluep1(in[1]);
+
+ if ((bits1 == 0) || (bits2 == 0))
+ return -1;
+
+ num = ((PRUint32)(bits1 - 1)) << 2;
+ num |= ((PRUint32)(bits2 - 1)) >> 4;
+
+ out[0] = (unsigned char)num;
+
+ return 1;
+}
+
+/*
+ * Reads 4; writes 0-3. Returns bytes written or -1 on error.
+ * (Writes less than 3 only at (presumed) EOF.)
+ */
+static int
+pl_base64_decode_token(const unsigned char *in, unsigned char *out)
+{
+ if (in[3] != B64_PAD)
+ return pl_base64_decode_4to3(in, out);
+
+ if (in[2] == B64_PAD)
+ return pl_base64_decode_2to1(in, out);
+
+ return pl_base64_decode_3to2(in, out);
+}
+
+static PRStatus
+pl_base64_decode_buffer(PLBase64Decoder *data, const unsigned char *in,
+ PRUint32 length)
+{
+ unsigned char *out = data->output_buffer;
+ unsigned char *token = data->token;
+ int i, n = 0;
+
+ i = data->token_size;
+ data->token_size = 0;
+
+ while (length > 0) {
+ while (i < 4 && length > 0) {
+ /*
+ * XXX Note that the following simply ignores any unexpected
+ * characters. This is exactly what the original code in
+ * libmime did, and I am leaving it. We certainly want to skip
+ * over whitespace (we must); this does much more than that.
+ * I am not confident changing it, and I don't want to slow
+ * the processing down doing more complicated checking, but
+ * someone else might have different ideas in the future.
+ */
+ if (pl_base64_codetovaluep1(*in) > 0 || *in == B64_PAD)
+ token[i++] = *in;
+ in++;
+ length--;
+ }
+
+ if (i < 4) {
+ /* Didn't get enough for a complete token. */
+ data->token_size = i;
+ break;
+ }
+ i = 0;
+
+ PR_ASSERT((PRUint32)(out - data->output_buffer + 3) <= data->output_buflen);
+
+ /*
+ * Assume we are not at the end; the following function only works
+ * for an internal token (no trailing padding characters) but is
+ * faster that way. If it hits an invalid character (padding) it
+ * will return an error; we break out of the loop and try again
+ * calling the routine that will handle a final token.
+ * Note that we intentionally do it this way rather than explicitly
+ * add a check for padding here (because that would just slow down
+ * the normal case) nor do we rely on checking whether we have more
+ * input to process (because that would also slow it down but also
+ * because we want to allow trailing garbage, especially white space
+ * and cannot tell that without read-ahead, also a slow proposition).
+ * Whew. Understand?
+ */
+ n = pl_base64_decode_4to3(token, out);
+ if (n < 0)
+ break;
+
+ /* Advance "out" by the number of bytes just written to it. */
+ out += n;
+ n = 0;
+ }
+
+ /*
+ * See big comment above, before call to pl_base64_decode_4to3.
+ * Here we check if we error'd out of loop, and allow for the case
+ * that we are processing the last interesting token. If the routine
+ * which should handle padding characters also fails, then we just
+ * have bad input and give up.
+ */
+ if (n < 0) {
+ n = pl_base64_decode_token(token, out);
+ if (n < 0)
+ return PR_FAILURE;
+
+ out += n;
+ }
+
+ /*
+ * As explained above, we can get here with more input remaining, but
+ * it should be all characters we do not care about (i.e. would be
+ * ignored when transferring from "in" to "token" in loop above,
+ * except here we choose to ignore extraneous pad characters, too).
+ * Swallow it, performing that check. If we find more characters that
+ * we would expect to decode, something is wrong.
+ */
+ while (length > 0) {
+ if (pl_base64_codetovaluep1(*in) > 0)
+ return PR_FAILURE;
+ in++;
+ length--;
+ }
+
+ /* Record the length of decoded data we have left in output_buffer. */
+ data->output_length = (PRUint32)(out - data->output_buffer);
+ return PR_SUCCESS;
+}
+
+/*
+ * Flush any remaining buffered characters. Given well-formed input,
+ * this will have nothing to do. If the input was missing the padding
+ * characters at the end, though, there could be 1-3 characters left
+ * behind -- we will tolerate that by adding the padding for them.
+ */
+static PRStatus
+pl_base64_decode_flush(PLBase64Decoder *data)
+{
+ int count;
+
+ /*
+ * If no remaining characters, or all are padding (also not well-formed
+ * input, but again, be tolerant), then nothing more to do. (And, that
+ * is considered successful.)
+ */
+ if (data->token_size == 0 || data->token[0] == B64_PAD)
+ return PR_SUCCESS;
+
+ /*
+ * Assume we have all the interesting input except for some expected
+ * padding characters. Add them and decode the resulting token.
+ */
+ while (data->token_size < 4)
+ data->token[data->token_size++] = B64_PAD;
+
+ data->token_size = 0; /* so a subsequent flush call is a no-op */
+
+ count = pl_base64_decode_token(data->token,
+ data->output_buffer + data->output_length);
+ if (count < 0)
+ return PR_FAILURE;
+
+ /*
+ * If there is an output function, call it with this last bit of data.
+ * Otherwise we are doing all buffered output, and the decoded bytes
+ * are now there, we just need to reflect that in the length.
+ */
+ if (data->output_fn != NULL) {
+ PRInt32 output_result;
+
+ PR_ASSERT(data->output_length == 0);
+ output_result = data->output_fn(data->output_arg,
+ data->output_buffer,
+ (PRInt32)count);
+ if (output_result < 0)
+ return PR_FAILURE;
+ } else {
+ data->output_length += count;
+ }
+
+ return PR_SUCCESS;
+}
+
+/*
+ * The maximum space needed to hold the output of the decoder given
+ * input data of length "size".
+ */
+static PRUint32
+PL_Base64MaxDecodedLength(PRUint32 size)
+{
+ return size * 0.75;
+}
+
+/*
+ * A distinct internal creation function for the buffer version to use.
+ * (It does not want to specify an output_fn, and we want the normal
+ * Create function to require that.) If more common initialization
+ * of the decoding context needs to be done, it should be done *here*.
+ */
+static PLBase64Decoder *
+pl_base64_create_decoder(void)
+{
+ return PR_NEWZAP(PLBase64Decoder);
+}
+
+/*
+ * Function to start a base64 decoding context.
+ * An "output_fn" is required; the "output_arg" parameter to that is optional.
+ */
+static PLBase64Decoder *
+PL_CreateBase64Decoder(PRInt32 (*output_fn)(void *, const unsigned char *,
+ PRInt32),
+ void *output_arg)
+{
+ PLBase64Decoder *data;
+
+ if (output_fn == NULL) {
+ PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+ return NULL;
+ }
+
+ data = pl_base64_create_decoder();
+ if (data != NULL) {
+ data->output_fn = output_fn;
+ data->output_arg = output_arg;
+ }
+ return data;
+}
+
+/*
+ * Push data through the decoder, causing the output_fn (provided to Create)
+ * to be called with the decoded data.
+ */
+static PRStatus
+PL_UpdateBase64Decoder(PLBase64Decoder *data, const char *buffer,
+ PRUint32 size)
+{
+ PRUint32 need_length;
+ PRStatus status;
+
+ /* XXX Should we do argument checking only in debug build? */
+ if (data == NULL || buffer == NULL || size == 0) {
+ PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+ return PR_FAILURE;
+ }
+
+ /*
+ * How much space could this update need for decoding?
+ */
+ need_length = PL_Base64MaxDecodedLength(size + data->token_size);
+
+ /*
+ * Make sure we have at least that much. If not, (re-)allocate.
+ */
+ if (need_length > data->output_buflen) {
+ unsigned char *output_buffer = data->output_buffer;
+
+ if (output_buffer != NULL)
+ output_buffer = (unsigned char *)PR_Realloc(output_buffer,
+ need_length);
+ else
+ output_buffer = (unsigned char *)PR_Malloc(need_length);
+
+ if (output_buffer == NULL)
+ return PR_FAILURE;
+
+ data->output_buffer = output_buffer;
+ data->output_buflen = need_length;
+ }
+
+ /* There should not have been any leftover output data in the buffer. */
+ PR_ASSERT(data->output_length == 0);
+ data->output_length = 0;
+
+ status = pl_base64_decode_buffer(data, (const unsigned char *)buffer,
+ size);
+
+ /* Now that we have some decoded data, write it. */
+ if (status == PR_SUCCESS && data->output_length > 0) {
+ PRInt32 output_result;
+
+ PR_ASSERT(data->output_fn != NULL);
+ output_result = data->output_fn(data->output_arg,
+ data->output_buffer,
+ (PRInt32)data->output_length);
+ if (output_result < 0)
+ status = PR_FAILURE;
+ }
+
+ data->output_length = 0;
+ return status;
+}
+
+/*
+ * When you're done decoding, call this to free the data. If "abort_p"
+ * is false, then calling this may cause the output_fn to be called
+ * one last time (as the last buffered data is flushed out).
+ */
+static PRStatus
+PL_DestroyBase64Decoder(PLBase64Decoder *data, PRBool abort_p)
+{
+ PRStatus status = PR_SUCCESS;
+
+ /* XXX Should we do argument checking only in debug build? */
+ if (data == NULL) {
+ PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+ return PR_FAILURE;
+ }
+
+ /* Flush out the last few buffered characters. */
+ if (!abort_p)
+ status = pl_base64_decode_flush(data);
+
+ if (data->output_buffer != NULL)
+ PR_Free(data->output_buffer);
+ PR_Free(data);
+
+ return status;
+}
+
+/*
+ * Perform base64 decoding from an input buffer to an output buffer.
+ * The output buffer can be provided (as "dest"); you can also pass in
+ * a NULL and this function will allocate a buffer large enough for you,
+ * and return it. If you do provide the output buffer, you must also
+ * provide the maximum length of that buffer (as "maxdestlen").
+ * The actual decoded length of output will be returned to you in
+ * "output_destlen".
+ *
+ * Return value is NULL on error, the output buffer (allocated or provided)
+ * otherwise.
+ */
+static unsigned char *
+PL_Base64DecodeBuffer(const char *src, PRUint32 srclen, unsigned char *dest,
+ PRUint32 maxdestlen, PRUint32 *output_destlen)
+{
+ PRUint32 need_length;
+ unsigned char *output_buffer = NULL;
+ PLBase64Decoder *data = NULL;
+ PRStatus status;
+
+ PR_ASSERT(srclen > 0);
+ if (srclen == 0) {
+ PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+ return NULL;
+ }
+
+ /*
+ * How much space could we possibly need for decoding this input?
+ */
+ need_length = PL_Base64MaxDecodedLength(srclen);
+
+ /*
+ * Make sure we have at least that much, if output buffer provided.
+ * If no output buffer provided, then we allocate that much.
+ */
+ if (dest != NULL) {
+ PR_ASSERT(maxdestlen >= need_length);
+ if (maxdestlen < need_length) {
+ PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+ goto loser;
+ }
+ output_buffer = dest;
+ } else {
+ output_buffer = (unsigned char *)PR_Malloc(need_length);
+ if (output_buffer == NULL)
+ goto loser;
+ maxdestlen = need_length;
+ }
+
+ data = pl_base64_create_decoder();
+ if (data == NULL)
+ goto loser;
+
+ data->output_buflen = maxdestlen;
+ data->output_buffer = output_buffer;
+
+ status = pl_base64_decode_buffer(data, (const unsigned char *)src,
+ srclen);
+
+ /*
+ * We do not wait for Destroy to flush, because Destroy will also
+ * get rid of our decoder context, which we need to look at first!
+ */
+ if (status == PR_SUCCESS)
+ status = pl_base64_decode_flush(data);
+
+ /* Must clear this or Destroy will free it. */
+ data->output_buffer = NULL;
+
+ if (status == PR_SUCCESS) {
+ *output_destlen = data->output_length;
+ status = PL_DestroyBase64Decoder(data, PR_FALSE);
+ data = NULL;
+ if (status == PR_FAILURE)
+ goto loser;
+ return output_buffer;
+ }
+
+loser:
+ if (dest == NULL && output_buffer != NULL)
+ PR_Free(output_buffer);
+ if (data != NULL)
+ (void)PL_DestroyBase64Decoder(data, PR_TRUE);
+ return NULL;
+}
+
+/*
+ * XXX End of base64 decoding code to be moved into NSPR.
+ ********************************************************
+ */
+
+/*
+ * This is the beginning of the NSS cover functions. These will
+ * provide the interface we want to expose as NSS-ish. For example,
+ * they will operate on our Items, do any special handling or checking
+ * we want to do, etc.
+ */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * A boring cover structure for now. Perhaps someday it will include
+ * some more interesting fields.
+ */
+struct NSSBase64DecoderStr {
+ PLBase64Decoder *pl_data;
+};
+
+PR_END_EXTERN_C
+
+/*
+ * Function to start a base64 decoding context.
+ */
+NSSBase64Decoder *
+NSSBase64Decoder_Create(PRInt32 (*output_fn)(void *, const unsigned char *,
+ PRInt32),
+ void *output_arg)
+{
+ PLBase64Decoder *pl_data;
+ NSSBase64Decoder *nss_data;
+
+ nss_data = PORT_ZNew(NSSBase64Decoder);
+ if (nss_data == NULL)
+ return NULL;
+
+ pl_data = PL_CreateBase64Decoder(output_fn, output_arg);
+ if (pl_data == NULL) {
+ PORT_Free(nss_data);
+ return NULL;
+ }
+
+ nss_data->pl_data = pl_data;
+ return nss_data;
+}
+
+/*
+ * Push data through the decoder, causing the output_fn (provided to Create)
+ * to be called with the decoded data.
+ */
+SECStatus
+NSSBase64Decoder_Update(NSSBase64Decoder *data, const char *buffer,
+ PRUint32 size)
+{
+ PRStatus pr_status;
+
+ /* XXX Should we do argument checking only in debug build? */
+ if (data == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ pr_status = PL_UpdateBase64Decoder(data->pl_data, buffer, size);
+ if (pr_status == PR_FAILURE)
+ return SECFailure;
+
+ return SECSuccess;
+}
+
+/*
+ * When you're done decoding, call this to free the data. If "abort_p"
+ * is false, then calling this may cause the output_fn to be called
+ * one last time (as the last buffered data is flushed out).
+ */
+SECStatus
+NSSBase64Decoder_Destroy(NSSBase64Decoder *data, PRBool abort_p)
+{
+ PRStatus pr_status;
+
+ /* XXX Should we do argument checking only in debug build? */
+ if (data == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ pr_status = PL_DestroyBase64Decoder(data->pl_data, abort_p);
+
+ PORT_Free(data);
+
+ if (pr_status == PR_FAILURE)
+ return SECFailure;
+
+ return SECSuccess;
+}
+
+/*
+ * Perform base64 decoding from an ascii string "inStr" to an Item.
+ * The length of the input must be provided as "inLen". The Item
+ * may be provided (as "outItemOpt"); you can also pass in a NULL
+ * and the Item will be allocated for you.
+ *
+ * In any case, the data within the Item will be allocated for you.
+ * All allocation will happen out of the passed-in "arenaOpt", if non-NULL.
+ * If "arenaOpt" is NULL, standard allocation (heap) will be used and
+ * you will want to free the result via SECITEM_FreeItem.
+ *
+ * Return value is NULL on error, the Item (allocated or provided) otherwise.
+ */
+SECItem *
+NSSBase64_DecodeBuffer(PLArenaPool *arenaOpt, SECItem *outItemOpt,
+ const char *inStr, unsigned int inLen)
+{
+ SECItem *out_item = NULL;
+ PRUint32 max_out_len = 0;
+ void *mark = NULL;
+ unsigned char *dummy = NULL;
+
+ if ((outItemOpt != NULL && outItemOpt->data != NULL) || inLen == 0) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ if (arenaOpt != NULL)
+ mark = PORT_ArenaMark(arenaOpt);
+
+ max_out_len = PL_Base64MaxDecodedLength(inLen);
+ if (max_out_len == 0) {
+ goto loser;
+ }
+ out_item = SECITEM_AllocItem(arenaOpt, outItemOpt, max_out_len);
+ if (out_item == NULL) {
+ goto loser;
+ }
+
+ dummy = PL_Base64DecodeBuffer(inStr, inLen, out_item->data,
+ max_out_len, &out_item->len);
+ if (dummy == NULL) {
+ goto loser;
+ }
+ if (arenaOpt != NULL) {
+ PORT_ArenaUnmark(arenaOpt, mark);
+ }
+ return out_item;
+
+loser:
+ if (arenaOpt != NULL) {
+ PORT_ArenaRelease(arenaOpt, mark);
+ if (outItemOpt != NULL) {
+ outItemOpt->data = NULL;
+ outItemOpt->len = 0;
+ }
+ } else if (dummy == NULL) {
+ SECITEM_FreeItem(out_item, (PRBool)(outItemOpt == NULL));
+ }
+ return NULL;
+}
+
+/*
+ * XXX Everything below is deprecated. If you add new stuff, put it
+ * *above*, not below.
+ */
+
+/*
+ * XXX The following "ATOB" functions are provided for backward compatibility
+ * with current code. They should be considered strongly deprecated.
+ * When we can convert all our code over to using the new NSSBase64Decoder_
+ * functions defined above, we should get rid of these altogether. (Remove
+ * protoypes from base64.h as well -- actually, remove that file completely).
+ * If someone thinks either of these functions provides such a very useful
+ * interface (though, as shown, the same functionality can already be
+ * obtained by calling NSSBase64_DecodeBuffer directly), fine -- but then
+ * that API should be provided with a nice new NSSFoo name and using
+ * appropriate types, etc.
+ */
+
+#include "base64.h"
+
+/*
+** Return an PORT_Alloc'd string which is the base64 decoded version
+** of the input string; set *lenp to the length of the returned data.
+*/
+unsigned char *
+ATOB_AsciiToData(const char *string, unsigned int *lenp)
+{
+ SECItem binary_item, *dummy;
+
+ binary_item.data = NULL;
+ binary_item.len = 0;
+
+ dummy = NSSBase64_DecodeBuffer(NULL, &binary_item, string,
+ (PRUint32)PORT_Strlen(string));
+ if (dummy == NULL)
+ return NULL;
+
+ PORT_Assert(dummy == &binary_item);
+
+ *lenp = dummy->len;
+ return dummy->data;
+}
+
+/*
+** Convert from ascii to binary encoding of an item.
+*/
+SECStatus
+ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
+{
+ SECItem *dummy;
+
+ if (binary_item == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+
+ /*
+ * XXX Would prefer to assert here if data is non-null (actually,
+ * don't need to, just let NSSBase64_DecodeBuffer do it), so as to
+ * to catch unintended memory leaks, but callers are not clean in
+ * this respect so we need to explicitly clear here to avoid the
+ * assert in NSSBase64_DecodeBuffer.
+ */
+ binary_item->data = NULL;
+ binary_item->len = 0;
+
+ dummy = NSSBase64_DecodeBuffer(NULL, binary_item, ascii,
+ (PRUint32)PORT_Strlen(ascii));
+
+ if (dummy == NULL)
+ return SECFailure;
+
+ return SECSuccess;
+}