The Tor Browser: comparison security/nss/lib/util/nssb64d.c

--1:000000000000
+:f8170ce15b49
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+* Base64 decoding (ascii to binary).
+*/
+#include "nssb64.h"
+#include "nspr.h"
+#include "secitem.h"
+#include "secerr.h"
+/*
+* XXX We want this basic support to go into NSPR (the PL part).
+* Until that can happen, the PL interface is going to be kept entirely
+* internal here -- all static functions and opaque data structures.
+* When someone can get it moved over into NSPR, that should be done:
+*    - giving everything names that are accepted by the NSPR module owners
+*	(though I tried to choose ones that would work without modification)
+*    - exporting the functions (remove static declarations and add
+*	to nssutil.def as necessary)
+*    - put prototypes into appropriate header file (probably replacing
+*	the entire current lib/libc/include/plbase64.h in NSPR)
+*	along with a typedef for the context structure (which should be
+*	kept opaque -- definition in the source file only, but typedef
+*	ala "typedef struct PLBase64FooStr PLBase64Foo;" in header file)
+*    - modify anything else as necessary to conform to NSPR required style
+*	(I looked but found no formatting guide to follow)
+*
+* You will want to move over everything from here down to the comment
+* which says "XXX End of base64 decoding code to be moved into NSPR",
+* into a new file in NSPR.
+*/
+/*
+**************************************************************
+* XXX Beginning of base64 decoding code to be moved into NSPR.
+*/
+/*
+* This typedef would belong in the NSPR header file (i.e. plbase64.h).
+*/
+typedef struct PLBase64DecoderStr PLBase64Decoder;
+/*
+* The following implementation of base64 decoding was based on code
+* found in libmime (specifically, in mimeenc.c).  It has been adapted to
+* use PR types and naming as well as to provide other necessary semantics
+* (like buffer-in/buffer-out in addition to "streaming" without undue
+* performance hit of extra copying if you made the buffer versions
+* use the output_fn).  It also incorporates some aspects of the current
+* NSPR base64 decoding code.  As such, you may find similarities to
+* both of those implementations.  I tried to use names that reflected
+* the original code when possible.  For this reason you may find some
+* inconsistencies -- libmime used lots of "in" and "out" whereas the
+* NSPR version uses "src" and "dest"; sometimes I changed one to the other
+* and sometimes I left them when I thought the subroutines were at least
+* self-consistent.
+*/
+PR_BEGIN_EXTERN_C
+/*
+* Opaque object used by the decoder to store state.
+*/
+struct PLBase64DecoderStr {
+/* Current token (or portion, if token_size < 4) being decoded. */
+unsigned char token[4];
+int token_size;
+/*
+* Where to write the decoded data (used when streaming, not when
+* doing all in-memory (buffer) operations).
+*
+* Note that this definition is chosen to be compatible with PR_Write.
+*/
+PRInt32 (*output_fn) (void *output_arg, const unsigned char *buf,
+			  PRInt32 size);
+void *output_arg;
+/*
+* Where the decoded output goes -- either temporarily (in the streaming
+* case, staged here before it goes to the output function) or what will
+* be the entire buffered result for users of the buffer version.
+*/
+unsigned char *output_buffer;
+PRUint32 output_buflen;	/* the total length of allocated buffer */
+PRUint32 output_length;	/* the length that is currently populated */
+};
+PR_END_EXTERN_C
+/*
+* Table to convert an ascii "code" to its corresponding binary value.
+* For ease of use, the binary values in the table are the actual values
+* PLUS ONE.  This is so that the special value of zero can denote an
+* invalid mapping; that was much easier than trying to fill in the other
+* values with some value other than zero, and to check for it.
+* Just remember to SUBTRACT ONE when using the value retrieved.
+*/
+static unsigned char base64_codetovaluep1[256] = {
+/*   0: */	  0,	  0,	  0,	  0,	  0,	  0,	  0,	  0,
+/*   8: */	  0,	  0,	  0,	  0,	  0,	  0,	  0,	  0,
+/*  16: */	  0,	  0,	  0,	  0,	  0,	  0,	  0,	  0,
+/*  24: */	  0,	  0,	  0,	  0,	  0,	  0,	  0,	  0,
+/*  32: */	  0,	  0,	  0,	  0,	  0,	  0,	  0,	  0,
+/*  40: */	  0,	  0,	  0,	 63,	  0,	  0,	  0,	 64,
+/*  48: */	 53,	 54,	 55,	 56,	 57,	 58,	 59,	 60,
+/*  56: */	 61,	 62,	  0,	  0,	  0,	  0,	  0,	  0,
+/*  64: */	  0,	  1,	  2,	  3,	  4,	  5,	  6,	  7,
+/*  72: */	  8,	  9,	 10,	 11,	 12,	 13,	 14,	 15,
+/*  80: */	 16,	 17,	 18,	 19,	 20,	 21,	 22,	 23,
+/*  88: */	 24,	 25,	 26,	  0,	  0,	  0,	  0,	  0,
+/*  96: */	  0,	 27,	 28,	 29,	 30,	 31,	 32,	 33,
+/* 104: */	 34,	 35,	 36,	 37,	 38,	 39,	 40,	 41,
+/* 112: */	 42,	 43,	 44,	 45,	 46,	 47,	 48,	 49,
+/* 120: */	 50,	 51,	 52,	  0,	  0,	  0,	  0,	  0,
+/* 128: */	  0,	  0,	  0,	  0,	  0,	  0,	  0,	  0
+/* and rest are all zero as well */
+};
+#define B64_PAD	'='
+/*
+* Reads 4; writes 3 (known, or expected, to have no trailing padding).
+* Returns bytes written; -1 on error (unexpected character).
+*/
+static int
+pl_base64_decode_4to3 (const unsigned char *in, unsigned char *out)
+{
+int j;
+PRUint32 num = 0;
+unsigned char bits;
+for (j = 0; j < 4; j++) {
+	bits = base64_codetovaluep1[in[j]];
+	if (bits == 0)
+	    return -1;
+	num = (num << 6) | (bits - 1);
+}
+out[0] = (unsigned char) (num >> 16);
+out[1] = (unsigned char) ((num >> 8) & 0xFF);
+out[2] = (unsigned char) (num & 0xFF);
+return 3;
+}
+/*
+* Reads 3; writes 2 (caller already confirmed EOF or trailing padding).
+* Returns bytes written; -1 on error (unexpected character).
+*/
+static int
+pl_base64_decode_3to2 (const unsigned char *in, unsigned char *out)
+{
+PRUint32 num = 0;
+unsigned char bits1, bits2, bits3;
+bits1 = base64_codetovaluep1[in[0]];
+bits2 = base64_codetovaluep1[in[1]];
+bits3 = base64_codetovaluep1[in[2]];
+if ((bits1 == 0) || (bits2 == 0) || (bits3 == 0))
+	return -1;
+num = ((PRUint32)(bits1 - 1)) << 10;
+num |= ((PRUint32)(bits2 - 1)) << 4;
+num |= ((PRUint32)(bits3 - 1)) >> 2;
+out[0] = (unsigned char) (num >> 8);
+out[1] = (unsigned char) (num & 0xFF);
+return 2;
+}
+/*
+* Reads 2; writes 1 (caller already confirmed EOF or trailing padding).
+* Returns bytes written; -1 on error (unexpected character).
+*/
+static int
+pl_base64_decode_2to1 (const unsigned char *in, unsigned char *out)
+{
+PRUint32 num = 0;
+unsigned char bits1, bits2;
+bits1 = base64_codetovaluep1[in[0]];
+bits2 = base64_codetovaluep1[in[1]];
+if ((bits1 == 0) || (bits2 == 0))
+	return -1;
+num = ((PRUint32)(bits1 - 1)) << 2;
+num |= ((PRUint32)(bits2 - 1)) >> 4;
+out[0] = (unsigned char) num;
+return 1;
+}
+/*
+* Reads 4; writes 0-3.  Returns bytes written or -1 on error.
+* (Writes less than 3 only at (presumed) EOF.)
+*/
+static int
+pl_base64_decode_token (const unsigned char *in, unsigned char *out)
+{
+if (in[3] != B64_PAD)
+	return pl_base64_decode_4to3 (in, out);
+if (in[2] == B64_PAD)
+	return pl_base64_decode_2to1 (in, out);
+return pl_base64_decode_3to2 (in, out);
+}
+static PRStatus
+pl_base64_decode_buffer (PLBase64Decoder *data, const unsigned char *in,
+			 PRUint32 length)
+{
+unsigned char *out = data->output_buffer;
+unsigned char *token = data->token;
+int i, n = 0;
+i = data->token_size;
+data->token_size = 0;
+while (length > 0) {
+	while (i < 4 && length > 0) {
+	    /*
+	     * XXX Note that the following simply ignores any unexpected
+	     * characters.  This is exactly what the original code in
+	     * libmime did, and I am leaving it.  We certainly want to skip
+	     * over whitespace (we must); this does much more than that.
+	     * I am not confident changing it, and I don't want to slow
+	     * the processing down doing more complicated checking, but
+	     * someone else might have different ideas in the future.
+	     */
+	    if (base64_codetovaluep1[*in] > 0 || *in == B64_PAD)
+		token[i++] = *in;
+	    in++;
+	    length--;
+	}
+	if (i < 4) {
+	    /* Didn't get enough for a complete token. */
+	    data->token_size = i;
+	    break;
+	}
+	i = 0;
+	PR_ASSERT((out - data->output_buffer + 3) <= data->output_buflen);
+	/*
+	 * Assume we are not at the end; the following function only works
+	 * for an internal token (no trailing padding characters) but is
+	 * faster that way.  If it hits an invalid character (padding) it
+	 * will return an error; we break out of the loop and try again
+	 * calling the routine that will handle a final token.
+	 * Note that we intentionally do it this way rather than explicitly
+	 * add a check for padding here (because that would just slow down
+	 * the normal case) nor do we rely on checking whether we have more
+	 * input to process (because that would also slow it down but also
+	 * because we want to allow trailing garbage, especially white space
+	 * and cannot tell that without read-ahead, also a slow proposition).
+	 * Whew.  Understand?
+	 */
+	n = pl_base64_decode_4to3 (token, out);
+	if (n < 0)
+	    break;
+	/* Advance "out" by the number of bytes just written to it. */
+	out += n;
+	n = 0;
+}
+/*
+* See big comment above, before call to pl_base64_decode_4to3.
+* Here we check if we error'd out of loop, and allow for the case
+* that we are processing the last interesting token.  If the routine
+* which should handle padding characters also fails, then we just
+* have bad input and give up.
+*/
+if (n < 0) {
+	n = pl_base64_decode_token (token, out);
+	if (n < 0)
+	    return PR_FAILURE;
+	out += n;
+}
+/*
+* As explained above, we can get here with more input remaining, but
+* it should be all characters we do not care about (i.e. would be
+* ignored when transferring from "in" to "token" in loop above,
+* except here we choose to ignore extraneous pad characters, too).
+* Swallow it, performing that check.  If we find more characters that
+* we would expect to decode, something is wrong.
+*/
+while (length > 0) {
+	if (base64_codetovaluep1[*in] > 0)
+	    return PR_FAILURE;
+	in++;
+	length--;
+}
+/* Record the length of decoded data we have left in output_buffer. */
+data->output_length = (PRUint32) (out - data->output_buffer);
+return PR_SUCCESS;
+}
+/*
+* Flush any remaining buffered characters.  Given well-formed input,
+* this will have nothing to do.  If the input was missing the padding
+* characters at the end, though, there could be 1-3 characters left
+* behind -- we will tolerate that by adding the padding for them.
+*/
+static PRStatus
+pl_base64_decode_flush (PLBase64Decoder *data)
+{
+int count;
+/*
+* If no remaining characters, or all are padding (also not well-formed
+* input, but again, be tolerant), then nothing more to do.  (And, that
+* is considered successful.)
+*/
+if (data->token_size == 0 || data->token[0] == B64_PAD)
+	return PR_SUCCESS;
+/*
+* Assume we have all the interesting input except for some expected
+* padding characters.  Add them and decode the resulting token.
+*/
+while (data->token_size < 4)
+	data->token[data->token_size++] = B64_PAD;
+data->token_size = 0;	/* so a subsequent flush call is a no-op */
+count = pl_base64_decode_token (data->token,
+				    data->output_buffer + data->output_length);
+if (count < 0)
+	return PR_FAILURE;
+/*
+* If there is an output function, call it with this last bit of data.
+* Otherwise we are doing all buffered output, and the decoded bytes
+* are now there, we just need to reflect that in the length.
+*/
+if (data->output_fn != NULL) {
+	PRInt32 output_result;
+	PR_ASSERT(data->output_length == 0);
+	output_result = data->output_fn (data->output_arg,
+					 data->output_buffer,
+					 (PRInt32) count);
+	if (output_result < 0)
+	    return  PR_FAILURE;
+} else {
+	data->output_length += count;
+}
+return PR_SUCCESS;
+}
+/*
+* The maximum space needed to hold the output of the decoder given
+* input data of length "size".
+*/
+static PRUint32
+PL_Base64MaxDecodedLength (PRUint32 size)
+{
+return ((size * 3) / 4);
+}
+/*
+* A distinct internal creation function for the buffer version to use.
+* (It does not want to specify an output_fn, and we want the normal
+* Create function to require that.)  If more common initialization
+* of the decoding context needs to be done, it should be done *here*.
+*/
+static PLBase64Decoder *
+pl_base64_create_decoder (void)
+{
+return PR_NEWZAP(PLBase64Decoder);
+}
+/*
+* Function to start a base64 decoding context.
+* An "output_fn" is required; the "output_arg" parameter to that is optional.
+*/
+static PLBase64Decoder *
+PL_CreateBase64Decoder (PRInt32 (*output_fn) (void *, const unsigned char *,
+					      PRInt32),
+			void *output_arg)
+{
+PLBase64Decoder *data;
+if (output_fn == NULL) {
+	PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
+	return NULL;
+}
+data = pl_base64_create_decoder ();
+if (data != NULL) {
+	data->output_fn = output_fn;
+	data->output_arg = output_arg;
+}
+return data;
+}
+/*
+* Push data through the decoder, causing the output_fn (provided to Create)
+* to be called with the decoded data.
+*/
+static PRStatus
+PL_UpdateBase64Decoder (PLBase64Decoder *data, const char *buffer,
+			PRUint32 size)
+{
+PRUint32 need_length;
+PRStatus status;
+/* XXX Should we do argument checking only in debug build? */
+if (data == NULL || buffer == NULL || size == 0) {
+	PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
+	return PR_FAILURE;
+}
+/*
+* How much space could this update need for decoding?
+*/
+need_length = PL_Base64MaxDecodedLength (size + data->token_size);
+/*
+* Make sure we have at least that much.  If not, (re-)allocate.
+*/
+if (need_length > data->output_buflen) {
+	unsigned char *output_buffer = data->output_buffer;
+	if (output_buffer != NULL)
+	    output_buffer = (unsigned char *) PR_Realloc(output_buffer,
+							 need_length);
+	else
+	    output_buffer = (unsigned char *) PR_Malloc(need_length);
+	if (output_buffer == NULL)
+	    return PR_FAILURE;
+	data->output_buffer = output_buffer;
+	data->output_buflen = need_length;
+}
+/* There should not have been any leftover output data in the buffer. */
+PR_ASSERT(data->output_length == 0);
+data->output_length = 0;
+status = pl_base64_decode_buffer (data, (const unsigned char *) buffer,
+				      size);
+/* Now that we have some decoded data, write it. */
+if (status == PR_SUCCESS && data->output_length > 0) {
+	PRInt32 output_result;
+	PR_ASSERT(data->output_fn != NULL);
+	output_result = data->output_fn (data->output_arg,
+					 data->output_buffer,
+					 (PRInt32) data->output_length);
+	if (output_result < 0)
+	    status = PR_FAILURE;
+}
+data->output_length = 0;
+return status;
+}
+/*
+* When you're done decoding, call this to free the data.  If "abort_p"
+* is false, then calling this may cause the output_fn to be called
+* one last time (as the last buffered data is flushed out).
+*/
+static PRStatus
+PL_DestroyBase64Decoder (PLBase64Decoder *data, PRBool abort_p)
+{
+PRStatus status = PR_SUCCESS;
+/* XXX Should we do argument checking only in debug build? */
+if (data == NULL) {
+	PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
+	return PR_FAILURE;
+}
+/* Flush out the last few buffered characters. */
+if (!abort_p)
+	status = pl_base64_decode_flush (data);
+if (data->output_buffer != NULL)
+	PR_Free(data->output_buffer);
+PR_Free(data);
+return status;
+}
+/*
+* Perform base64 decoding from an input buffer to an output buffer.
+* The output buffer can be provided (as "dest"); you can also pass in
+* a NULL and this function will allocate a buffer large enough for you,
+* and return it.  If you do provide the output buffer, you must also
+* provide the maximum length of that buffer (as "maxdestlen").
+* The actual decoded length of output will be returned to you in
+* "output_destlen".
+*
+* Return value is NULL on error, the output buffer (allocated or provided)
+* otherwise.
+*/
+static unsigned char *
+PL_Base64DecodeBuffer (const char *src, PRUint32 srclen, unsigned char *dest,
+		       PRUint32 maxdestlen, PRUint32 *output_destlen)
+{
+PRUint32 need_length;
+unsigned char *output_buffer = NULL;
+PLBase64Decoder *data = NULL;
+PRStatus status;
+PR_ASSERT(srclen > 0);
+if (srclen == 0) {
+	PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+	return NULL;
+}
+/*
+* How much space could we possibly need for decoding this input?
+*/
+need_length = PL_Base64MaxDecodedLength (srclen);
+/*
+* Make sure we have at least that much, if output buffer provided.
+* If no output buffer provided, then we allocate that much.
+*/
+if (dest != NULL) {
+	PR_ASSERT(maxdestlen >= need_length);
+	if (maxdestlen < need_length) {
+	    PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+	    goto loser;
+	}
+	output_buffer = dest;
+} else {
+	output_buffer = (unsigned char *) PR_Malloc(need_length);
+	if (output_buffer == NULL)
+	    goto loser;
+	maxdestlen = need_length;
+}
+data = pl_base64_create_decoder();
+if (data == NULL)
+	goto loser;
+data->output_buflen = maxdestlen;
+data->output_buffer = output_buffer;
+status = pl_base64_decode_buffer (data, (const unsigned char *) src,
+				      srclen);
+/*
+* We do not wait for Destroy to flush, because Destroy will also
+* get rid of our decoder context, which we need to look at first!
+*/
+if (status == PR_SUCCESS)
+	status = pl_base64_decode_flush (data);
+/* Must clear this or Destroy will free it. */
+data->output_buffer = NULL;
+if (status == PR_SUCCESS) {
+	*output_destlen = data->output_length;
+	status = PL_DestroyBase64Decoder (data, PR_FALSE);
+	data = NULL;
+	if (status == PR_FAILURE)
+	    goto loser;
+	return output_buffer;
+}
+loser:
+if (dest == NULL && output_buffer != NULL)
+	PR_Free(output_buffer);
+if (data != NULL)
+	(void) PL_DestroyBase64Decoder (data, PR_TRUE);
+return NULL;
+}
+/*
+* XXX End of base64 decoding code to be moved into NSPR.
+********************************************************
+*/
+/*
+* This is the beginning of the NSS cover functions.  These will
+* provide the interface we want to expose as NSS-ish.  For example,
+* they will operate on our Items, do any special handling or checking
+* we want to do, etc.
+*/
+PR_BEGIN_EXTERN_C
+/*
+* A boring cover structure for now.  Perhaps someday it will include
+* some more interesting fields.
+*/
+struct NSSBase64DecoderStr {
+PLBase64Decoder *pl_data;
+};
+PR_END_EXTERN_C
+/*
+* Function to start a base64 decoding context.
+*/
+NSSBase64Decoder *
+NSSBase64Decoder_Create (PRInt32 (*output_fn) (void *, const unsigned char *,
+					       PRInt32),
+			 void *output_arg)
+{
+PLBase64Decoder *pl_data;
+NSSBase64Decoder *nss_data;
+nss_data = PORT_ZNew(NSSBase64Decoder);
+if (nss_data == NULL)
+	return NULL;
+pl_data = PL_CreateBase64Decoder (output_fn, output_arg);
+if (pl_data == NULL) {
+	PORT_Free(nss_data);
+	return NULL;
+}
+nss_data->pl_data = pl_data;
+return nss_data;
+}
+/*
+* Push data through the decoder, causing the output_fn (provided to Create)
+* to be called with the decoded data.
+*/
+SECStatus
+NSSBase64Decoder_Update (NSSBase64Decoder *data, const char *buffer,
+			 PRUint32 size)
+{
+PRStatus pr_status;
+/* XXX Should we do argument checking only in debug build? */
+if (data == NULL) {
+	PORT_SetError (SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+}
+pr_status = PL_UpdateBase64Decoder (data->pl_data, buffer, size);
+if (pr_status == PR_FAILURE)
+	return SECFailure;
+return SECSuccess;
+}
+/*
+* When you're done decoding, call this to free the data.  If "abort_p"
+* is false, then calling this may cause the output_fn to be called
+* one last time (as the last buffered data is flushed out).
+*/
+SECStatus
+NSSBase64Decoder_Destroy (NSSBase64Decoder *data, PRBool abort_p)
+{
+PRStatus pr_status;
+/* XXX Should we do argument checking only in debug build? */
+if (data == NULL) {
+	PORT_SetError (SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+}
+pr_status = PL_DestroyBase64Decoder (data->pl_data, abort_p);
+PORT_Free(data);
+if (pr_status == PR_FAILURE)
+	return SECFailure;
+return SECSuccess;
+}
+/*
+* Perform base64 decoding from an ascii string "inStr" to an Item.
+* The length of the input must be provided as "inLen".  The Item
+* may be provided (as "outItemOpt"); you can also pass in a NULL
+* and the Item will be allocated for you.
+*
+* In any case, the data within the Item will be allocated for you.
+* All allocation will happen out of the passed-in "arenaOpt", if non-NULL.
+* If "arenaOpt" is NULL, standard allocation (heap) will be used and
+* you will want to free the result via SECITEM_FreeItem.
+*
+* Return value is NULL on error, the Item (allocated or provided) otherwise.
+*/
+SECItem *
+NSSBase64_DecodeBuffer (PLArenaPool *arenaOpt, SECItem *outItemOpt,
+			const char *inStr, unsigned int inLen)
+{
+SECItem *out_item = NULL;
+PRUint32 max_out_len = 0;
+PRUint32 out_len;
+void *mark = NULL;
+unsigned char *dummy;
+if ((outItemOpt != NULL && outItemOpt->data != NULL) || inLen == 0) {
+	PORT_SetError (SEC_ERROR_INVALID_ARGS);
+	return NULL;
+}
+if (arenaOpt != NULL)
+	mark = PORT_ArenaMark (arenaOpt);
+max_out_len = PL_Base64MaxDecodedLength (inLen);
+out_item = SECITEM_AllocItem (arenaOpt, outItemOpt, max_out_len);
+if (out_item == NULL) {
+	if (arenaOpt != NULL)
+	    PORT_ArenaRelease (arenaOpt, mark);
+	return NULL;
+}
+dummy = PL_Base64DecodeBuffer (inStr, inLen, out_item->data,
+				   max_out_len, &out_len);
+if (dummy == NULL) {
+	if (arenaOpt != NULL) {
+	    PORT_ArenaRelease (arenaOpt, mark);
+	    if (outItemOpt != NULL) {
+		outItemOpt->data = NULL;
+		outItemOpt->len = 0;
+	    }
+	} else {
+	    SECITEM_FreeItem (out_item,
+			      (outItemOpt == NULL) ? PR_TRUE : PR_FALSE);
+	}
+	return NULL;
+}
+if (arenaOpt != NULL)
+	PORT_ArenaUnmark (arenaOpt, mark);
+out_item->len = out_len;
+return out_item;
+}
+/*
+* XXX Everything below is deprecated.  If you add new stuff, put it
+* *above*, not below.
+*/
+/*
+* XXX The following "ATOB" functions are provided for backward compatibility
+* with current code.  They should be considered strongly deprecated.
+* When we can convert all our code over to using the new NSSBase64Decoder_
+* functions defined above, we should get rid of these altogether.  (Remove
+* protoypes from base64.h as well -- actually, remove that file completely).
+* If someone thinks either of these functions provides such a very useful
+* interface (though, as shown, the same functionality can already be
+* obtained by calling NSSBase64_DecodeBuffer directly), fine -- but then
+* that API should be provided with a nice new NSSFoo name and using
+* appropriate types, etc.
+*/
+#include "base64.h"
+/*
+** Return an PORT_Alloc'd string which is the base64 decoded version
+** of the input string; set *lenp to the length of the returned data.
+*/
+unsigned char *
+ATOB_AsciiToData(const char *string, unsigned int *lenp)
+{
+SECItem binary_item, *dummy;
+binary_item.data = NULL;
+binary_item.len = 0;
+dummy = NSSBase64_DecodeBuffer (NULL, &binary_item, string,
+				    (PRUint32) PORT_Strlen(string));
+if (dummy == NULL)
+	return NULL;
+PORT_Assert(dummy == &binary_item);
+*lenp = dummy->len;
+return dummy->data;
+}
+/*
+** Convert from ascii to binary encoding of an item.
+*/
+SECStatus
+ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
+{
+SECItem *dummy;
+if (binary_item == NULL) {
+	PORT_SetError (SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+}
+/*
+* XXX Would prefer to assert here if data is non-null (actually,
+* don't need to, just let NSSBase64_DecodeBuffer do it), so as to
+* to catch unintended memory leaks, but callers are not clean in
+* this respect so we need to explicitly clear here to avoid the
+* assert in NSSBase64_DecodeBuffer.
+*/
+binary_item->data = NULL;
+binary_item->len = 0;
+dummy = NSSBase64_DecodeBuffer (NULL, binary_item, ascii,
+				    (PRUint32) PORT_Strlen(ascii));
+if (dummy == NULL)
+	return SECFailure;
+return SECSuccess;
+}

The Tor Browser / file comparison

comparison: security/nss/lib/util/nssb64d.c

security/nss/lib/util/nssb64d.c