nssb64d.c (26569B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 /* 6 * Base64 decoding (ascii to binary). 7 */ 8 9 #include "nssb64.h" 10 #include "nspr.h" 11 #include "secitem.h" 12 #include "secerr.h" 13 14 /* 15 * XXX We want this basic support to go into NSPR (the PL part). 16 * Until that can happen, the PL interface is going to be kept entirely 17 * internal here -- all static functions and opaque data structures. 18 * When someone can get it moved over into NSPR, that should be done: 19 * - giving everything names that are accepted by the NSPR module owners 20 * (though I tried to choose ones that would work without modification) 21 * - exporting the functions (remove static declarations and add 22 * to nssutil.def as necessary) 23 * - put prototypes into appropriate header file (probably replacing 24 * the entire current lib/libc/include/plbase64.h in NSPR) 25 * along with a typedef for the context structure (which should be 26 * kept opaque -- definition in the source file only, but typedef 27 * ala "typedef struct PLBase64FooStr PLBase64Foo;" in header file) 28 * - modify anything else as necessary to conform to NSPR required style 29 * (I looked but found no formatting guide to follow) 30 * 31 * You will want to move over everything from here down to the comment 32 * which says "XXX End of base64 decoding code to be moved into NSPR", 33 * into a new file in NSPR. 34 */ 35 36 /* 37 ************************************************************** 38 * XXX Beginning of base64 decoding code to be moved into NSPR. 39 */ 40 41 /* 42 * This typedef would belong in the NSPR header file (i.e. plbase64.h). 43 */ 44 typedef struct PLBase64DecoderStr PLBase64Decoder; 45 46 /* 47 * The following implementation of base64 decoding was based on code 48 * found in libmime (specifically, in mimeenc.c). It has been adapted to 49 * use PR types and naming as well as to provide other necessary semantics 50 * (like buffer-in/buffer-out in addition to "streaming" without undue 51 * performance hit of extra copying if you made the buffer versions 52 * use the output_fn). It also incorporates some aspects of the current 53 * NSPR base64 decoding code. As such, you may find similarities to 54 * both of those implementations. I tried to use names that reflected 55 * the original code when possible. For this reason you may find some 56 * inconsistencies -- libmime used lots of "in" and "out" whereas the 57 * NSPR version uses "src" and "dest"; sometimes I changed one to the other 58 * and sometimes I left them when I thought the subroutines were at least 59 * self-consistent. 60 */ 61 62 PR_BEGIN_EXTERN_C 63 64 /* 65 * Opaque object used by the decoder to store state. 66 */ 67 struct PLBase64DecoderStr { 68 /* Current token (or portion, if token_size < 4) being decoded. */ 69 unsigned char token[4]; 70 int token_size; 71 72 /* 73 * Where to write the decoded data (used when streaming, not when 74 * doing all in-memory (buffer) operations). 75 * 76 * Note that this definition is chosen to be compatible with PR_Write. 77 */ 78 PRInt32 (*output_fn)(void *output_arg, const unsigned char *buf, 79 PRInt32 size); 80 void *output_arg; 81 82 /* 83 * Where the decoded output goes -- either temporarily (in the streaming 84 * case, staged here before it goes to the output function) or what will 85 * be the entire buffered result for users of the buffer version. 86 */ 87 unsigned char *output_buffer; 88 PRUint32 output_buflen; /* the total length of allocated buffer */ 89 PRUint32 output_length; /* the length that is currently populated */ 90 }; 91 92 PR_END_EXTERN_C 93 94 /* A constant time range check for unsigned chars. 95 * Returns 255 if a <= x <= b and 0 otherwise. 96 */ 97 static inline unsigned char 98 ct_u8_in_range(unsigned char x, unsigned char a, unsigned char b) 99 { 100 /* Let x, a, b be ints in {0, 1, ... 255}. 101 * The value (a - x - 1) is in {-256, ..., 254}, so the low 102 * 8 bits of 103 * (a - x - 1) >> 8 104 * are all 1 if a <= x and all 0 if a > x. 105 * 106 * Likewise the low 8 bits of 107 * ((a - x - 1) >> 8) & ((x - c - 1) >> 8) 108 * are all 1 if a <= x <= c and all 0 otherwise. 109 * 110 * The same is true if we perform the shift after the AND 111 * ((a - x - 1) & (x - b - 1)) >> 8. 112 */ 113 return (unsigned char)(((a - x - 1) & (x - b - 1)) >> 8); 114 } 115 116 /* Convert a base64 code [A-Za-z0-9+/] to its value in {1, 2, ..., 64}. 117 * The use of 1-64 instead of 0-63 is so that the special value of zero can 118 * denote an invalid mapping; that was much easier than trying to fill in the 119 * other values with some value other than zero, and to check for it. 120 * Just remember to SUBTRACT ONE when using the value retrieved. 121 */ 122 static unsigned char 123 pl_base64_codetovaluep1(unsigned char code) 124 { 125 unsigned char mask; 126 unsigned char res = 0; 127 128 /* The range 'A' to 'Z' is mapped to 1 to 26 */ 129 mask = ct_u8_in_range(code, 'A', 'Z'); 130 res |= mask & (code - 'A' + 1); 131 132 /* The range 'a' to 'z' is mapped to 27 to 52 */ 133 mask = ct_u8_in_range(code, 'a', 'z'); 134 res |= mask & (code - 'a' + 27); 135 136 /* The range '0' to '9' is mapped to 53 to 62 */ 137 mask = ct_u8_in_range(code, '0', '9'); 138 res |= mask & (code - '0' + 53); 139 140 /* The code '+' is mapped to 63 */ 141 mask = ct_u8_in_range(code, '+', '+'); 142 res |= mask & 63; 143 144 /* The code '/' is mapped to 64 */ 145 mask = ct_u8_in_range(code, '/', '/'); 146 res |= mask & 64; 147 148 /* All other characters, including '=' are mapped to 0. */ 149 return res; 150 } 151 152 #define B64_PAD '=' 153 154 /* 155 * Reads 4; writes 3 (known, or expected, to have no trailing padding). 156 * Returns bytes written; -1 on error (unexpected character). 157 */ 158 static int 159 pl_base64_decode_4to3(const unsigned char *in, unsigned char *out) 160 { 161 int j; 162 PRUint32 num = 0; 163 unsigned char bits; 164 165 for (j = 0; j < 4; j++) { 166 bits = pl_base64_codetovaluep1(in[j]); 167 if (bits == 0) 168 return -1; 169 num = (num << 6) | (bits - 1); 170 } 171 172 out[0] = (unsigned char)(num >> 16); 173 out[1] = (unsigned char)((num >> 8) & 0xFF); 174 out[2] = (unsigned char)(num & 0xFF); 175 176 return 3; 177 } 178 179 /* 180 * Reads 3; writes 2 (caller already confirmed EOF or trailing padding). 181 * Returns bytes written; -1 on error (unexpected character). 182 */ 183 static int 184 pl_base64_decode_3to2(const unsigned char *in, unsigned char *out) 185 { 186 PRUint32 num = 0; 187 unsigned char bits1, bits2, bits3; 188 189 bits1 = pl_base64_codetovaluep1(in[0]); 190 bits2 = pl_base64_codetovaluep1(in[1]); 191 bits3 = pl_base64_codetovaluep1(in[2]); 192 193 if ((bits1 == 0) || (bits2 == 0) || (bits3 == 0)) 194 return -1; 195 196 num = ((PRUint32)(bits1 - 1)) << 10; 197 num |= ((PRUint32)(bits2 - 1)) << 4; 198 num |= ((PRUint32)(bits3 - 1)) >> 2; 199 200 out[0] = (unsigned char)(num >> 8); 201 out[1] = (unsigned char)(num & 0xFF); 202 203 return 2; 204 } 205 206 /* 207 * Reads 2; writes 1 (caller already confirmed EOF or trailing padding). 208 * Returns bytes written; -1 on error (unexpected character). 209 */ 210 static int 211 pl_base64_decode_2to1(const unsigned char *in, unsigned char *out) 212 { 213 PRUint32 num = 0; 214 unsigned char bits1, bits2; 215 216 bits1 = pl_base64_codetovaluep1(in[0]); 217 bits2 = pl_base64_codetovaluep1(in[1]); 218 219 if ((bits1 == 0) || (bits2 == 0)) 220 return -1; 221 222 num = ((PRUint32)(bits1 - 1)) << 2; 223 num |= ((PRUint32)(bits2 - 1)) >> 4; 224 225 out[0] = (unsigned char)num; 226 227 return 1; 228 } 229 230 /* 231 * Reads 4; writes 0-3. Returns bytes written or -1 on error. 232 * (Writes less than 3 only at (presumed) EOF.) 233 */ 234 static int 235 pl_base64_decode_token(const unsigned char *in, unsigned char *out) 236 { 237 if (in[3] != B64_PAD) 238 return pl_base64_decode_4to3(in, out); 239 240 if (in[2] == B64_PAD) 241 return pl_base64_decode_2to1(in, out); 242 243 return pl_base64_decode_3to2(in, out); 244 } 245 246 static PRStatus 247 pl_base64_decode_buffer(PLBase64Decoder *data, const unsigned char *in, 248 PRUint32 length) 249 { 250 unsigned char *out = data->output_buffer; 251 unsigned char *token = data->token; 252 int i, n = 0; 253 254 i = data->token_size; 255 data->token_size = 0; 256 257 while (length > 0) { 258 while (i < 4 && length > 0) { 259 /* 260 * XXX Note that the following simply ignores any unexpected 261 * characters. This is exactly what the original code in 262 * libmime did, and I am leaving it. We certainly want to skip 263 * over whitespace (we must); this does much more than that. 264 * I am not confident changing it, and I don't want to slow 265 * the processing down doing more complicated checking, but 266 * someone else might have different ideas in the future. 267 */ 268 if (pl_base64_codetovaluep1(*in) > 0 || *in == B64_PAD) 269 token[i++] = *in; 270 in++; 271 length--; 272 } 273 274 if (i < 4) { 275 /* Didn't get enough for a complete token. */ 276 data->token_size = i; 277 break; 278 } 279 i = 0; 280 281 PR_ASSERT((PRUint32)(out - data->output_buffer + 3) <= data->output_buflen); 282 283 /* 284 * Assume we are not at the end; the following function only works 285 * for an internal token (no trailing padding characters) but is 286 * faster that way. If it hits an invalid character (padding) it 287 * will return an error; we break out of the loop and try again 288 * calling the routine that will handle a final token. 289 * Note that we intentionally do it this way rather than explicitly 290 * add a check for padding here (because that would just slow down 291 * the normal case) nor do we rely on checking whether we have more 292 * input to process (because that would also slow it down but also 293 * because we want to allow trailing garbage, especially white space 294 * and cannot tell that without read-ahead, also a slow proposition). 295 * Whew. Understand? 296 */ 297 n = pl_base64_decode_4to3(token, out); 298 if (n < 0) 299 break; 300 301 /* Advance "out" by the number of bytes just written to it. */ 302 out += n; 303 n = 0; 304 } 305 306 /* 307 * See big comment above, before call to pl_base64_decode_4to3. 308 * Here we check if we error'd out of loop, and allow for the case 309 * that we are processing the last interesting token. If the routine 310 * which should handle padding characters also fails, then we just 311 * have bad input and give up. 312 */ 313 if (n < 0) { 314 n = pl_base64_decode_token(token, out); 315 if (n < 0) 316 return PR_FAILURE; 317 318 out += n; 319 } 320 321 /* 322 * As explained above, we can get here with more input remaining, but 323 * it should be all characters we do not care about (i.e. would be 324 * ignored when transferring from "in" to "token" in loop above, 325 * except here we choose to ignore extraneous pad characters, too). 326 * Swallow it, performing that check. If we find more characters that 327 * we would expect to decode, something is wrong. 328 */ 329 while (length > 0) { 330 if (pl_base64_codetovaluep1(*in) > 0) 331 return PR_FAILURE; 332 in++; 333 length--; 334 } 335 336 /* Record the length of decoded data we have left in output_buffer. */ 337 data->output_length = (PRUint32)(out - data->output_buffer); 338 return PR_SUCCESS; 339 } 340 341 /* 342 * Flush any remaining buffered characters. Given well-formed input, 343 * this will have nothing to do. If the input was missing the padding 344 * characters at the end, though, there could be 1-3 characters left 345 * behind -- we will tolerate that by adding the padding for them. 346 */ 347 static PRStatus 348 pl_base64_decode_flush(PLBase64Decoder *data) 349 { 350 int count; 351 352 /* 353 * If no remaining characters, or all are padding (also not well-formed 354 * input, but again, be tolerant), then nothing more to do. (And, that 355 * is considered successful.) 356 */ 357 if (data->token_size == 0 || data->token[0] == B64_PAD) 358 return PR_SUCCESS; 359 360 if (!data->output_buffer) 361 return PR_FAILURE; 362 363 /* 364 * Assume we have all the interesting input except for some expected 365 * padding characters. Add them and decode the resulting token. 366 */ 367 while (data->token_size < 4) 368 data->token[data->token_size++] = B64_PAD; 369 370 data->token_size = 0; /* so a subsequent flush call is a no-op */ 371 372 count = pl_base64_decode_token(data->token, 373 data->output_buffer + data->output_length); 374 if (count < 0) 375 return PR_FAILURE; 376 377 /* 378 * If there is an output function, call it with this last bit of data. 379 * Otherwise we are doing all buffered output, and the decoded bytes 380 * are now there, we just need to reflect that in the length. 381 */ 382 if (data->output_fn != NULL) { 383 PRInt32 output_result; 384 385 PR_ASSERT(data->output_length == 0); 386 output_result = data->output_fn(data->output_arg, 387 data->output_buffer, 388 (PRInt32)count); 389 if (output_result < 0) 390 return PR_FAILURE; 391 } else { 392 data->output_length += count; 393 } 394 395 return PR_SUCCESS; 396 } 397 398 /* 399 * The maximum space needed to hold the output of the decoder given 400 * input data of length "size". 401 */ 402 static PRUint32 403 PL_Base64MaxDecodedLength(PRUint32 size) 404 { 405 return (((PRUint64)size) * 3) / 4; 406 } 407 408 /* 409 * A distinct internal creation function for the buffer version to use. 410 * (It does not want to specify an output_fn, and we want the normal 411 * Create function to require that.) If more common initialization 412 * of the decoding context needs to be done, it should be done *here*. 413 */ 414 static PLBase64Decoder * 415 pl_base64_create_decoder(void) 416 { 417 return PR_NEWZAP(PLBase64Decoder); 418 } 419 420 /* 421 * Function to start a base64 decoding context. 422 * An "output_fn" is required; the "output_arg" parameter to that is optional. 423 */ 424 static PLBase64Decoder * 425 PL_CreateBase64Decoder(PRInt32 (*output_fn)(void *, const unsigned char *, 426 PRInt32), 427 void *output_arg) 428 { 429 PLBase64Decoder *data; 430 431 if (output_fn == NULL) { 432 PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0); 433 return NULL; 434 } 435 436 data = pl_base64_create_decoder(); 437 if (data != NULL) { 438 data->output_fn = output_fn; 439 data->output_arg = output_arg; 440 } 441 return data; 442 } 443 444 /* 445 * Push data through the decoder, causing the output_fn (provided to Create) 446 * to be called with the decoded data. 447 */ 448 static PRStatus 449 PL_UpdateBase64Decoder(PLBase64Decoder *data, const char *buffer, 450 PRUint32 size) 451 { 452 PRUint32 need_length; 453 PRStatus status; 454 455 /* XXX Should we do argument checking only in debug build? */ 456 if (data == NULL || buffer == NULL || size == 0) { 457 PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0); 458 return PR_FAILURE; 459 } 460 461 /* 462 * How much space could this update need for decoding? 463 */ 464 need_length = PL_Base64MaxDecodedLength(size + data->token_size); 465 466 /* 467 * Make sure we have at least that much. If not, (re-)allocate. 468 */ 469 if (need_length > data->output_buflen) { 470 unsigned char *output_buffer = data->output_buffer; 471 472 if (output_buffer != NULL) 473 output_buffer = (unsigned char *)PR_Realloc(output_buffer, 474 need_length); 475 else 476 output_buffer = (unsigned char *)PR_Malloc(need_length); 477 478 if (output_buffer == NULL) 479 return PR_FAILURE; 480 481 data->output_buffer = output_buffer; 482 data->output_buflen = need_length; 483 } 484 485 /* There should not have been any leftover output data in the buffer. */ 486 PR_ASSERT(data->output_length == 0); 487 data->output_length = 0; 488 489 status = pl_base64_decode_buffer(data, (const unsigned char *)buffer, 490 size); 491 492 /* Now that we have some decoded data, write it. */ 493 if (status == PR_SUCCESS && data->output_length > 0) { 494 PRInt32 output_result; 495 496 PR_ASSERT(data->output_fn != NULL); 497 output_result = data->output_fn(data->output_arg, 498 data->output_buffer, 499 (PRInt32)data->output_length); 500 if (output_result < 0) 501 status = PR_FAILURE; 502 } 503 504 data->output_length = 0; 505 return status; 506 } 507 508 /* 509 * When you're done decoding, call this to free the data. If "abort_p" 510 * is false, then calling this may cause the output_fn to be called 511 * one last time (as the last buffered data is flushed out). 512 */ 513 static PRStatus 514 PL_DestroyBase64Decoder(PLBase64Decoder *data, PRBool abort_p) 515 { 516 PRStatus status = PR_SUCCESS; 517 518 /* XXX Should we do argument checking only in debug build? */ 519 if (data == NULL) { 520 PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0); 521 return PR_FAILURE; 522 } 523 524 /* Flush out the last few buffered characters. */ 525 if (!abort_p) 526 status = pl_base64_decode_flush(data); 527 528 if (data->output_buffer != NULL) 529 PR_Free(data->output_buffer); 530 PR_Free(data); 531 532 return status; 533 } 534 535 /* 536 * Perform base64 decoding from an input buffer to an output buffer. 537 * The output buffer can be provided (as "dest"); you can also pass in 538 * a NULL and this function will allocate a buffer large enough for you, 539 * and return it. If you do provide the output buffer, you must also 540 * provide the maximum length of that buffer (as "maxdestlen"). 541 * The actual decoded length of output will be returned to you in 542 * "output_destlen". 543 * 544 * Return value is NULL on error, the output buffer (allocated or provided) 545 * otherwise. 546 */ 547 static unsigned char * 548 PL_Base64DecodeBuffer(const char *src, PRUint32 srclen, unsigned char *dest, 549 PRUint32 maxdestlen, PRUint32 *output_destlen) 550 { 551 PRUint32 need_length; 552 unsigned char *output_buffer = NULL; 553 PLBase64Decoder *data = NULL; 554 PRStatus status; 555 556 PR_ASSERT(srclen > 0); 557 if (srclen == 0) { 558 PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0); 559 return NULL; 560 } 561 562 /* 563 * How much space could we possibly need for decoding this input? 564 */ 565 need_length = PL_Base64MaxDecodedLength(srclen); 566 567 /* 568 * Make sure we have at least that much, if output buffer provided. 569 * If no output buffer provided, then we allocate that much. 570 */ 571 if (dest != NULL) { 572 PR_ASSERT(maxdestlen >= need_length); 573 if (maxdestlen < need_length) { 574 PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0); 575 goto loser; 576 } 577 output_buffer = dest; 578 } else { 579 output_buffer = (unsigned char *)PR_Malloc(need_length); 580 if (output_buffer == NULL) 581 goto loser; 582 maxdestlen = need_length; 583 } 584 585 data = pl_base64_create_decoder(); 586 if (data == NULL) 587 goto loser; 588 589 data->output_buflen = maxdestlen; 590 data->output_buffer = output_buffer; 591 592 status = pl_base64_decode_buffer(data, (const unsigned char *)src, 593 srclen); 594 595 /* 596 * We do not wait for Destroy to flush, because Destroy will also 597 * get rid of our decoder context, which we need to look at first! 598 */ 599 if (status == PR_SUCCESS) 600 status = pl_base64_decode_flush(data); 601 602 /* Must clear this or Destroy will free it. */ 603 data->output_buffer = NULL; 604 605 if (status == PR_SUCCESS) { 606 *output_destlen = data->output_length; 607 status = PL_DestroyBase64Decoder(data, PR_FALSE); 608 data = NULL; 609 if (status == PR_FAILURE) 610 goto loser; 611 return output_buffer; 612 } 613 614 loser: 615 if (dest == NULL && output_buffer != NULL) 616 PR_Free(output_buffer); 617 if (data != NULL) 618 (void)PL_DestroyBase64Decoder(data, PR_TRUE); 619 return NULL; 620 } 621 622 /* 623 * XXX End of base64 decoding code to be moved into NSPR. 624 ******************************************************** 625 */ 626 627 /* 628 * This is the beginning of the NSS cover functions. These will 629 * provide the interface we want to expose as NSS-ish. For example, 630 * they will operate on our Items, do any special handling or checking 631 * we want to do, etc. 632 */ 633 634 PR_BEGIN_EXTERN_C 635 636 /* 637 * A boring cover structure for now. Perhaps someday it will include 638 * some more interesting fields. 639 */ 640 struct NSSBase64DecoderStr { 641 PLBase64Decoder *pl_data; 642 }; 643 644 PR_END_EXTERN_C 645 646 /* 647 * Function to start a base64 decoding context. 648 */ 649 NSSBase64Decoder * 650 NSSBase64Decoder_Create(PRInt32 (*output_fn)(void *, const unsigned char *, 651 PRInt32), 652 void *output_arg) 653 { 654 PLBase64Decoder *pl_data; 655 NSSBase64Decoder *nss_data; 656 657 nss_data = PORT_ZNew(NSSBase64Decoder); 658 if (nss_data == NULL) 659 return NULL; 660 661 pl_data = PL_CreateBase64Decoder(output_fn, output_arg); 662 if (pl_data == NULL) { 663 PORT_Free(nss_data); 664 return NULL; 665 } 666 667 nss_data->pl_data = pl_data; 668 return nss_data; 669 } 670 671 /* 672 * Push data through the decoder, causing the output_fn (provided to Create) 673 * to be called with the decoded data. 674 */ 675 SECStatus 676 NSSBase64Decoder_Update(NSSBase64Decoder *data, const char *buffer, 677 PRUint32 size) 678 { 679 PRStatus pr_status; 680 681 /* XXX Should we do argument checking only in debug build? */ 682 if (data == NULL) { 683 PORT_SetError(SEC_ERROR_INVALID_ARGS); 684 return SECFailure; 685 } 686 687 pr_status = PL_UpdateBase64Decoder(data->pl_data, buffer, size); 688 if (pr_status == PR_FAILURE) 689 return SECFailure; 690 691 return SECSuccess; 692 } 693 694 /* 695 * When you're done decoding, call this to free the data. If "abort_p" 696 * is false, then calling this may cause the output_fn to be called 697 * one last time (as the last buffered data is flushed out). 698 */ 699 SECStatus 700 NSSBase64Decoder_Destroy(NSSBase64Decoder *data, PRBool abort_p) 701 { 702 PRStatus pr_status; 703 704 /* XXX Should we do argument checking only in debug build? */ 705 if (data == NULL) { 706 PORT_SetError(SEC_ERROR_INVALID_ARGS); 707 return SECFailure; 708 } 709 710 pr_status = PL_DestroyBase64Decoder(data->pl_data, abort_p); 711 712 PORT_Free(data); 713 714 if (pr_status == PR_FAILURE) 715 return SECFailure; 716 717 return SECSuccess; 718 } 719 720 /* 721 * Perform base64 decoding from an ascii string "inStr" to an Item. 722 * The length of the input must be provided as "inLen". The Item 723 * may be provided (as "outItemOpt"); you can also pass in a NULL 724 * and the Item will be allocated for you. 725 * 726 * In any case, the data within the Item will be allocated for you. 727 * All allocation will happen out of the passed-in "arenaOpt", if non-NULL. 728 * If "arenaOpt" is NULL, standard allocation (heap) will be used and 729 * you will want to free the result via SECITEM_FreeItem. 730 * 731 * Return value is NULL on error, the Item (allocated or provided) otherwise. 732 */ 733 SECItem * 734 NSSBase64_DecodeBuffer(PLArenaPool *arenaOpt, SECItem *outItemOpt, 735 const char *inStr, unsigned int inLen) 736 { 737 SECItem *out_item = NULL; 738 PRUint32 max_out_len = 0; 739 void *mark = NULL; 740 unsigned char *dummy = NULL; 741 742 if ((outItemOpt != NULL && outItemOpt->data != NULL) || inLen == 0) { 743 PORT_SetError(SEC_ERROR_INVALID_ARGS); 744 return NULL; 745 } 746 747 if (arenaOpt != NULL) 748 mark = PORT_ArenaMark(arenaOpt); 749 750 max_out_len = PL_Base64MaxDecodedLength(inLen); 751 if (max_out_len == 0) { 752 goto loser; 753 } 754 out_item = SECITEM_AllocItem(arenaOpt, outItemOpt, max_out_len); 755 if (out_item == NULL) { 756 goto loser; 757 } 758 759 dummy = PL_Base64DecodeBuffer(inStr, inLen, out_item->data, 760 max_out_len, &out_item->len); 761 if (dummy == NULL) { 762 goto loser; 763 } 764 if (arenaOpt != NULL) { 765 PORT_ArenaUnmark(arenaOpt, mark); 766 } 767 return out_item; 768 769 loser: 770 if (arenaOpt != NULL) { 771 PORT_ArenaRelease(arenaOpt, mark); 772 if (outItemOpt != NULL) { 773 outItemOpt->data = NULL; 774 outItemOpt->len = 0; 775 } 776 } else if (dummy == NULL) { 777 SECITEM_FreeItem(out_item, (PRBool)(outItemOpt == NULL)); 778 } 779 return NULL; 780 } 781 782 /* 783 * XXX Everything below is deprecated. If you add new stuff, put it 784 * *above*, not below. 785 */ 786 787 /* 788 * XXX The following "ATOB" functions are provided for backward compatibility 789 * with current code. They should be considered strongly deprecated. 790 * When we can convert all our code over to using the new NSSBase64Decoder_ 791 * functions defined above, we should get rid of these altogether. (Remove 792 * protoypes from base64.h as well -- actually, remove that file completely). 793 * If someone thinks either of these functions provides such a very useful 794 * interface (though, as shown, the same functionality can already be 795 * obtained by calling NSSBase64_DecodeBuffer directly), fine -- but then 796 * that API should be provided with a nice new NSSFoo name and using 797 * appropriate types, etc. 798 */ 799 800 #include "base64.h" 801 802 /* 803 ** Return an PORT_Alloc'd string which is the base64 decoded version 804 ** of the input string; set *lenp to the length of the returned data. 805 */ 806 unsigned char * 807 ATOB_AsciiToData(const char *string, unsigned int *lenp) 808 { 809 SECItem binary_item, *dummy; 810 811 binary_item.data = NULL; 812 binary_item.len = 0; 813 814 dummy = NSSBase64_DecodeBuffer(NULL, &binary_item, string, 815 (PRUint32)PORT_Strlen(string)); 816 if (dummy == NULL) 817 return NULL; 818 819 PORT_Assert(dummy == &binary_item); 820 821 *lenp = dummy->len; 822 return dummy->data; 823 } 824 825 /* 826 ** Convert from ascii to binary encoding of an item. 827 */ 828 SECStatus 829 ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii) 830 { 831 SECItem *dummy; 832 833 if (binary_item == NULL) { 834 PORT_SetError(SEC_ERROR_INVALID_ARGS); 835 return SECFailure; 836 } 837 838 /* 839 * XXX Would prefer to assert here if data is non-null (actually, 840 * don't need to, just let NSSBase64_DecodeBuffer do it), so as to 841 * to catch unintended memory leaks, but callers are not clean in 842 * this respect so we need to explicitly clear here to avoid the 843 * assert in NSSBase64_DecodeBuffer. 844 */ 845 binary_item->data = NULL; 846 binary_item->len = 0; 847 848 dummy = NSSBase64_DecodeBuffer(NULL, binary_item, ascii, 849 (PRUint32)PORT_Strlen(ascii)); 850 851 if (dummy == NULL) 852 return SECFailure; 853 854 return SECSuccess; 855 }