Coverage Report

Created: 2024-11-21 07:03

/src/nss-nspr/nss/lib/util/nssb64d.c
Line
Count
Source (jump to first uncovered line)
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5
/*
6
 * Base64 decoding (ascii to binary).
7
 */
8
9
#include "nssb64.h"
10
#include "nspr.h"
11
#include "secitem.h"
12
#include "secerr.h"
13
14
/*
15
 * XXX We want this basic support to go into NSPR (the PL part).
16
 * Until that can happen, the PL interface is going to be kept entirely
17
 * internal here -- all static functions and opaque data structures.
18
 * When someone can get it moved over into NSPR, that should be done:
19
 *    - giving everything names that are accepted by the NSPR module owners
20
 *  (though I tried to choose ones that would work without modification)
21
 *    - exporting the functions (remove static declarations and add
22
 *  to nssutil.def as necessary)
23
 *    - put prototypes into appropriate header file (probably replacing
24
 *  the entire current lib/libc/include/plbase64.h in NSPR)
25
 *  along with a typedef for the context structure (which should be
26
 *  kept opaque -- definition in the source file only, but typedef
27
 *  ala "typedef struct PLBase64FooStr PLBase64Foo;" in header file)
28
 *    - modify anything else as necessary to conform to NSPR required style
29
 *  (I looked but found no formatting guide to follow)
30
 *
31
 * You will want to move over everything from here down to the comment
32
 * which says "XXX End of base64 decoding code to be moved into NSPR",
33
 * into a new file in NSPR.
34
 */
35
36
/*
37
 **************************************************************
38
 * XXX Beginning of base64 decoding code to be moved into NSPR.
39
 */
40
41
/*
42
 * This typedef would belong in the NSPR header file (i.e. plbase64.h).
43
 */
44
typedef struct PLBase64DecoderStr PLBase64Decoder;
45
46
/*
47
 * The following implementation of base64 decoding was based on code
48
 * found in libmime (specifically, in mimeenc.c).  It has been adapted to
49
 * use PR types and naming as well as to provide other necessary semantics
50
 * (like buffer-in/buffer-out in addition to "streaming" without undue
51
 * performance hit of extra copying if you made the buffer versions
52
 * use the output_fn).  It also incorporates some aspects of the current
53
 * NSPR base64 decoding code.  As such, you may find similarities to
54
 * both of those implementations.  I tried to use names that reflected
55
 * the original code when possible.  For this reason you may find some
56
 * inconsistencies -- libmime used lots of "in" and "out" whereas the
57
 * NSPR version uses "src" and "dest"; sometimes I changed one to the other
58
 * and sometimes I left them when I thought the subroutines were at least
59
 * self-consistent.
60
 */
61
62
PR_BEGIN_EXTERN_C
63
64
/*
65
 * Opaque object used by the decoder to store state.
66
 */
67
struct PLBase64DecoderStr {
68
    /* Current token (or portion, if token_size < 4) being decoded. */
69
    unsigned char token[4];
70
    int token_size;
71
72
    /*
73
     * Where to write the decoded data (used when streaming, not when
74
     * doing all in-memory (buffer) operations).
75
     *
76
     * Note that this definition is chosen to be compatible with PR_Write.
77
     */
78
    PRInt32 (*output_fn)(void *output_arg, const unsigned char *buf,
79
                         PRInt32 size);
80
    void *output_arg;
81
82
    /*
83
     * Where the decoded output goes -- either temporarily (in the streaming
84
     * case, staged here before it goes to the output function) or what will
85
     * be the entire buffered result for users of the buffer version.
86
     */
87
    unsigned char *output_buffer;
88
    PRUint32 output_buflen; /* the total length of allocated buffer */
89
    PRUint32 output_length; /* the length that is currently populated */
90
};
91
92
PR_END_EXTERN_C
93
94
/* A constant time range check for unsigned chars.
95
 * Returns 255 if a <= x <= b and 0 otherwise.
96
 */
97
static inline unsigned char
98
ct_u8_in_range(unsigned char x, unsigned char a, unsigned char b)
99
0
{
100
    /*  Let x, a, b be ints in {0, 1, ... 255}.
101
     *  The value (a - x - 1) is in {-256, ..., 254}, so the low
102
     *  8 bits of
103
     *      (a - x - 1) >> 8
104
     *  are all 1 if a <= x and all 0 if a > x.
105
     *
106
     *  Likewise the low 8 bits of
107
     *      ((a - x - 1) >> 8) & ((x - c - 1) >> 8)
108
     *  are all 1 if a <= x <= c and all 0 otherwise.
109
     *
110
     *  The same is true if we perform the shift after the AND
111
     *      ((a - x - 1) & (x - b - 1)) >> 8.
112
     */
113
0
    return (unsigned char)(((a - x - 1) & (x - b - 1)) >> 8);
114
0
}
115
116
/* Convert a base64 code [A-Za-z0-9+/] to its value in {1, 2, ..., 64}.
117
 * The use of 1-64 instead of 0-63 is so that the special value of zero can
118
 * denote an invalid mapping; that was much easier than trying to fill in the
119
 * other values with some value other than zero, and to check for it.
120
 * Just remember to SUBTRACT ONE when using the value retrieved.
121
 */
122
static unsigned char
123
pl_base64_codetovaluep1(unsigned char code)
124
0
{
125
0
    unsigned char mask;
126
0
    unsigned char res = 0;
127
128
    /* The range 'A' to 'Z' is mapped to 1 to 26 */
129
0
    mask = ct_u8_in_range(code, 'A', 'Z');
130
0
    res |= mask & (code - 'A' + 1);
131
132
    /* The range 'a' to 'z' is mapped to 27 to 52 */
133
0
    mask = ct_u8_in_range(code, 'a', 'z');
134
0
    res |= mask & (code - 'a' + 27);
135
136
    /* The range '0' to '9' is mapped to 53 to 62 */
137
0
    mask = ct_u8_in_range(code, '0', '9');
138
0
    res |= mask & (code - '0' + 53);
139
140
    /* The code '+' is mapped to 63 */
141
0
    mask = ct_u8_in_range(code, '+', '+');
142
0
    res |= mask & 63;
143
144
    /* The code '/' is mapped to 64 */
145
0
    mask = ct_u8_in_range(code, '/', '/');
146
0
    res |= mask & 64;
147
148
    /* All other characters, including '=' are mapped to 0. */
149
0
    return res;
150
0
}
151
152
0
#define B64_PAD '='
153
154
/*
155
 * Reads 4; writes 3 (known, or expected, to have no trailing padding).
156
 * Returns bytes written; -1 on error (unexpected character).
157
 */
158
static int
159
pl_base64_decode_4to3(const unsigned char *in, unsigned char *out)
160
0
{
161
0
    int j;
162
0
    PRUint32 num = 0;
163
0
    unsigned char bits;
164
165
0
    for (j = 0; j < 4; j++) {
166
0
        bits = pl_base64_codetovaluep1(in[j]);
167
0
        if (bits == 0)
168
0
            return -1;
169
0
        num = (num << 6) | (bits - 1);
170
0
    }
171
172
0
    out[0] = (unsigned char)(num >> 16);
173
0
    out[1] = (unsigned char)((num >> 8) & 0xFF);
174
0
    out[2] = (unsigned char)(num & 0xFF);
175
176
0
    return 3;
177
0
}
178
179
/*
180
 * Reads 3; writes 2 (caller already confirmed EOF or trailing padding).
181
 * Returns bytes written; -1 on error (unexpected character).
182
 */
183
static int
184
pl_base64_decode_3to2(const unsigned char *in, unsigned char *out)
185
0
{
186
0
    PRUint32 num = 0;
187
0
    unsigned char bits1, bits2, bits3;
188
189
0
    bits1 = pl_base64_codetovaluep1(in[0]);
190
0
    bits2 = pl_base64_codetovaluep1(in[1]);
191
0
    bits3 = pl_base64_codetovaluep1(in[2]);
192
193
0
    if ((bits1 == 0) || (bits2 == 0) || (bits3 == 0))
194
0
        return -1;
195
196
0
    num = ((PRUint32)(bits1 - 1)) << 10;
197
0
    num |= ((PRUint32)(bits2 - 1)) << 4;
198
0
    num |= ((PRUint32)(bits3 - 1)) >> 2;
199
200
0
    out[0] = (unsigned char)(num >> 8);
201
0
    out[1] = (unsigned char)(num & 0xFF);
202
203
0
    return 2;
204
0
}
205
206
/*
207
 * Reads 2; writes 1 (caller already confirmed EOF or trailing padding).
208
 * Returns bytes written; -1 on error (unexpected character).
209
 */
210
static int
211
pl_base64_decode_2to1(const unsigned char *in, unsigned char *out)
212
0
{
213
0
    PRUint32 num = 0;
214
0
    unsigned char bits1, bits2;
215
216
0
    bits1 = pl_base64_codetovaluep1(in[0]);
217
0
    bits2 = pl_base64_codetovaluep1(in[1]);
218
219
0
    if ((bits1 == 0) || (bits2 == 0))
220
0
        return -1;
221
222
0
    num = ((PRUint32)(bits1 - 1)) << 2;
223
0
    num |= ((PRUint32)(bits2 - 1)) >> 4;
224
225
0
    out[0] = (unsigned char)num;
226
227
0
    return 1;
228
0
}
229
230
/*
231
 * Reads 4; writes 0-3.  Returns bytes written or -1 on error.
232
 * (Writes less than 3 only at (presumed) EOF.)
233
 */
234
static int
235
pl_base64_decode_token(const unsigned char *in, unsigned char *out)
236
0
{
237
0
    if (in[3] != B64_PAD)
238
0
        return pl_base64_decode_4to3(in, out);
239
240
0
    if (in[2] == B64_PAD)
241
0
        return pl_base64_decode_2to1(in, out);
242
243
0
    return pl_base64_decode_3to2(in, out);
244
0
}
245
246
static PRStatus
247
pl_base64_decode_buffer(PLBase64Decoder *data, const unsigned char *in,
248
                        PRUint32 length)
249
0
{
250
0
    unsigned char *out = data->output_buffer;
251
0
    unsigned char *token = data->token;
252
0
    int i, n = 0;
253
254
0
    i = data->token_size;
255
0
    data->token_size = 0;
256
257
0
    while (length > 0) {
258
0
        while (i < 4 && length > 0) {
259
            /*
260
             * XXX Note that the following simply ignores any unexpected
261
             * characters.  This is exactly what the original code in
262
             * libmime did, and I am leaving it.  We certainly want to skip
263
             * over whitespace (we must); this does much more than that.
264
             * I am not confident changing it, and I don't want to slow
265
             * the processing down doing more complicated checking, but
266
             * someone else might have different ideas in the future.
267
             */
268
0
            if (pl_base64_codetovaluep1(*in) > 0 || *in == B64_PAD)
269
0
                token[i++] = *in;
270
0
            in++;
271
0
            length--;
272
0
        }
273
274
0
        if (i < 4) {
275
            /* Didn't get enough for a complete token. */
276
0
            data->token_size = i;
277
0
            break;
278
0
        }
279
0
        i = 0;
280
281
0
        PR_ASSERT((PRUint32)(out - data->output_buffer + 3) <= data->output_buflen);
282
283
        /*
284
         * Assume we are not at the end; the following function only works
285
         * for an internal token (no trailing padding characters) but is
286
         * faster that way.  If it hits an invalid character (padding) it
287
         * will return an error; we break out of the loop and try again
288
         * calling the routine that will handle a final token.
289
         * Note that we intentionally do it this way rather than explicitly
290
         * add a check for padding here (because that would just slow down
291
         * the normal case) nor do we rely on checking whether we have more
292
         * input to process (because that would also slow it down but also
293
         * because we want to allow trailing garbage, especially white space
294
         * and cannot tell that without read-ahead, also a slow proposition).
295
         * Whew.  Understand?
296
         */
297
0
        n = pl_base64_decode_4to3(token, out);
298
0
        if (n < 0)
299
0
            break;
300
301
        /* Advance "out" by the number of bytes just written to it. */
302
0
        out += n;
303
0
        n = 0;
304
0
    }
305
306
    /*
307
     * See big comment above, before call to pl_base64_decode_4to3.
308
     * Here we check if we error'd out of loop, and allow for the case
309
     * that we are processing the last interesting token.  If the routine
310
     * which should handle padding characters also fails, then we just
311
     * have bad input and give up.
312
     */
313
0
    if (n < 0) {
314
0
        n = pl_base64_decode_token(token, out);
315
0
        if (n < 0)
316
0
            return PR_FAILURE;
317
318
0
        out += n;
319
0
    }
320
321
    /*
322
     * As explained above, we can get here with more input remaining, but
323
     * it should be all characters we do not care about (i.e. would be
324
     * ignored when transferring from "in" to "token" in loop above,
325
     * except here we choose to ignore extraneous pad characters, too).
326
     * Swallow it, performing that check.  If we find more characters that
327
     * we would expect to decode, something is wrong.
328
     */
329
0
    while (length > 0) {
330
0
        if (pl_base64_codetovaluep1(*in) > 0)
331
0
            return PR_FAILURE;
332
0
        in++;
333
0
        length--;
334
0
    }
335
336
    /* Record the length of decoded data we have left in output_buffer. */
337
0
    data->output_length = (PRUint32)(out - data->output_buffer);
338
0
    return PR_SUCCESS;
339
0
}
340
341
/*
342
 * Flush any remaining buffered characters.  Given well-formed input,
343
 * this will have nothing to do.  If the input was missing the padding
344
 * characters at the end, though, there could be 1-3 characters left
345
 * behind -- we will tolerate that by adding the padding for them.
346
 */
347
static PRStatus
348
pl_base64_decode_flush(PLBase64Decoder *data)
349
0
{
350
0
    int count;
351
352
    /*
353
     * If no remaining characters, or all are padding (also not well-formed
354
     * input, but again, be tolerant), then nothing more to do.  (And, that
355
     * is considered successful.)
356
     */
357
0
    if (data->token_size == 0 || data->token[0] == B64_PAD)
358
0
        return PR_SUCCESS;
359
360
    /*
361
     * Assume we have all the interesting input except for some expected
362
     * padding characters.  Add them and decode the resulting token.
363
     */
364
0
    while (data->token_size < 4)
365
0
        data->token[data->token_size++] = B64_PAD;
366
367
0
    data->token_size = 0; /* so a subsequent flush call is a no-op */
368
369
0
    count = pl_base64_decode_token(data->token,
370
0
                                   data->output_buffer + data->output_length);
371
0
    if (count < 0)
372
0
        return PR_FAILURE;
373
374
    /*
375
     * If there is an output function, call it with this last bit of data.
376
     * Otherwise we are doing all buffered output, and the decoded bytes
377
     * are now there, we just need to reflect that in the length.
378
     */
379
0
    if (data->output_fn != NULL) {
380
0
        PRInt32 output_result;
381
382
0
        PR_ASSERT(data->output_length == 0);
383
0
        output_result = data->output_fn(data->output_arg,
384
0
                                        data->output_buffer,
385
0
                                        (PRInt32)count);
386
0
        if (output_result < 0)
387
0
            return PR_FAILURE;
388
0
    } else {
389
0
        data->output_length += count;
390
0
    }
391
392
0
    return PR_SUCCESS;
393
0
}
394
395
/*
396
 * The maximum space needed to hold the output of the decoder given
397
 * input data of length "size".
398
 */
399
static PRUint32
400
PL_Base64MaxDecodedLength(PRUint32 size)
401
0
{
402
0
    return size * 0.75;
403
0
}
404
405
/*
406
 * A distinct internal creation function for the buffer version to use.
407
 * (It does not want to specify an output_fn, and we want the normal
408
 * Create function to require that.)  If more common initialization
409
 * of the decoding context needs to be done, it should be done *here*.
410
 */
411
static PLBase64Decoder *
412
pl_base64_create_decoder(void)
413
0
{
414
0
    return PR_NEWZAP(PLBase64Decoder);
415
0
}
416
417
/*
418
 * Function to start a base64 decoding context.
419
 * An "output_fn" is required; the "output_arg" parameter to that is optional.
420
 */
421
static PLBase64Decoder *
422
PL_CreateBase64Decoder(PRInt32 (*output_fn)(void *, const unsigned char *,
423
                                            PRInt32),
424
                       void *output_arg)
425
0
{
426
0
    PLBase64Decoder *data;
427
428
0
    if (output_fn == NULL) {
429
0
        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
430
0
        return NULL;
431
0
    }
432
433
0
    data = pl_base64_create_decoder();
434
0
    if (data != NULL) {
435
0
        data->output_fn = output_fn;
436
0
        data->output_arg = output_arg;
437
0
    }
438
0
    return data;
439
0
}
440
441
/*
442
 * Push data through the decoder, causing the output_fn (provided to Create)
443
 * to be called with the decoded data.
444
 */
445
static PRStatus
446
PL_UpdateBase64Decoder(PLBase64Decoder *data, const char *buffer,
447
                       PRUint32 size)
448
0
{
449
0
    PRUint32 need_length;
450
0
    PRStatus status;
451
452
    /* XXX Should we do argument checking only in debug build? */
453
0
    if (data == NULL || buffer == NULL || size == 0) {
454
0
        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
455
0
        return PR_FAILURE;
456
0
    }
457
458
    /*
459
     * How much space could this update need for decoding?
460
     */
461
0
    need_length = PL_Base64MaxDecodedLength(size + data->token_size);
462
463
    /*
464
     * Make sure we have at least that much.  If not, (re-)allocate.
465
     */
466
0
    if (need_length > data->output_buflen) {
467
0
        unsigned char *output_buffer = data->output_buffer;
468
469
0
        if (output_buffer != NULL)
470
0
            output_buffer = (unsigned char *)PR_Realloc(output_buffer,
471
0
                                                        need_length);
472
0
        else
473
0
            output_buffer = (unsigned char *)PR_Malloc(need_length);
474
475
0
        if (output_buffer == NULL)
476
0
            return PR_FAILURE;
477
478
0
        data->output_buffer = output_buffer;
479
0
        data->output_buflen = need_length;
480
0
    }
481
482
    /* There should not have been any leftover output data in the buffer. */
483
0
    PR_ASSERT(data->output_length == 0);
484
0
    data->output_length = 0;
485
486
0
    status = pl_base64_decode_buffer(data, (const unsigned char *)buffer,
487
0
                                     size);
488
489
    /* Now that we have some decoded data, write it. */
490
0
    if (status == PR_SUCCESS && data->output_length > 0) {
491
0
        PRInt32 output_result;
492
493
0
        PR_ASSERT(data->output_fn != NULL);
494
0
        output_result = data->output_fn(data->output_arg,
495
0
                                        data->output_buffer,
496
0
                                        (PRInt32)data->output_length);
497
0
        if (output_result < 0)
498
0
            status = PR_FAILURE;
499
0
    }
500
501
0
    data->output_length = 0;
502
0
    return status;
503
0
}
504
505
/*
506
 * When you're done decoding, call this to free the data.  If "abort_p"
507
 * is false, then calling this may cause the output_fn to be called
508
 * one last time (as the last buffered data is flushed out).
509
 */
510
static PRStatus
511
PL_DestroyBase64Decoder(PLBase64Decoder *data, PRBool abort_p)
512
0
{
513
0
    PRStatus status = PR_SUCCESS;
514
515
    /* XXX Should we do argument checking only in debug build? */
516
0
    if (data == NULL) {
517
0
        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
518
0
        return PR_FAILURE;
519
0
    }
520
521
    /* Flush out the last few buffered characters. */
522
0
    if (!abort_p)
523
0
        status = pl_base64_decode_flush(data);
524
525
0
    if (data->output_buffer != NULL)
526
0
        PR_Free(data->output_buffer);
527
0
    PR_Free(data);
528
529
0
    return status;
530
0
}
531
532
/*
533
 * Perform base64 decoding from an input buffer to an output buffer.
534
 * The output buffer can be provided (as "dest"); you can also pass in
535
 * a NULL and this function will allocate a buffer large enough for you,
536
 * and return it.  If you do provide the output buffer, you must also
537
 * provide the maximum length of that buffer (as "maxdestlen").
538
 * The actual decoded length of output will be returned to you in
539
 * "output_destlen".
540
 *
541
 * Return value is NULL on error, the output buffer (allocated or provided)
542
 * otherwise.
543
 */
544
static unsigned char *
545
PL_Base64DecodeBuffer(const char *src, PRUint32 srclen, unsigned char *dest,
546
                      PRUint32 maxdestlen, PRUint32 *output_destlen)
547
0
{
548
0
    PRUint32 need_length;
549
0
    unsigned char *output_buffer = NULL;
550
0
    PLBase64Decoder *data = NULL;
551
0
    PRStatus status;
552
553
0
    PR_ASSERT(srclen > 0);
554
0
    if (srclen == 0) {
555
0
        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
556
0
        return NULL;
557
0
    }
558
559
    /*
560
     * How much space could we possibly need for decoding this input?
561
     */
562
0
    need_length = PL_Base64MaxDecodedLength(srclen);
563
564
    /*
565
     * Make sure we have at least that much, if output buffer provided.
566
     * If no output buffer provided, then we allocate that much.
567
     */
568
0
    if (dest != NULL) {
569
0
        PR_ASSERT(maxdestlen >= need_length);
570
0
        if (maxdestlen < need_length) {
571
0
            PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
572
0
            goto loser;
573
0
        }
574
0
        output_buffer = dest;
575
0
    } else {
576
0
        output_buffer = (unsigned char *)PR_Malloc(need_length);
577
0
        if (output_buffer == NULL)
578
0
            goto loser;
579
0
        maxdestlen = need_length;
580
0
    }
581
582
0
    data = pl_base64_create_decoder();
583
0
    if (data == NULL)
584
0
        goto loser;
585
586
0
    data->output_buflen = maxdestlen;
587
0
    data->output_buffer = output_buffer;
588
589
0
    status = pl_base64_decode_buffer(data, (const unsigned char *)src,
590
0
                                     srclen);
591
592
    /*
593
     * We do not wait for Destroy to flush, because Destroy will also
594
     * get rid of our decoder context, which we need to look at first!
595
     */
596
0
    if (status == PR_SUCCESS)
597
0
        status = pl_base64_decode_flush(data);
598
599
    /* Must clear this or Destroy will free it. */
600
0
    data->output_buffer = NULL;
601
602
0
    if (status == PR_SUCCESS) {
603
0
        *output_destlen = data->output_length;
604
0
        status = PL_DestroyBase64Decoder(data, PR_FALSE);
605
0
        data = NULL;
606
0
        if (status == PR_FAILURE)
607
0
            goto loser;
608
0
        return output_buffer;
609
0
    }
610
611
0
loser:
612
0
    if (dest == NULL && output_buffer != NULL)
613
0
        PR_Free(output_buffer);
614
0
    if (data != NULL)
615
0
        (void)PL_DestroyBase64Decoder(data, PR_TRUE);
616
0
    return NULL;
617
0
}
618
619
/*
620
 * XXX End of base64 decoding code to be moved into NSPR.
621
 ********************************************************
622
 */
623
624
/*
625
 * This is the beginning of the NSS cover functions.  These will
626
 * provide the interface we want to expose as NSS-ish.  For example,
627
 * they will operate on our Items, do any special handling or checking
628
 * we want to do, etc.
629
 */
630
631
PR_BEGIN_EXTERN_C
632
633
/*
634
 * A boring cover structure for now.  Perhaps someday it will include
635
 * some more interesting fields.
636
 */
637
struct NSSBase64DecoderStr {
638
    PLBase64Decoder *pl_data;
639
};
640
641
PR_END_EXTERN_C
642
643
/*
644
 * Function to start a base64 decoding context.
645
 */
646
NSSBase64Decoder *
647
NSSBase64Decoder_Create(PRInt32 (*output_fn)(void *, const unsigned char *,
648
                                             PRInt32),
649
                        void *output_arg)
650
0
{
651
0
    PLBase64Decoder *pl_data;
652
0
    NSSBase64Decoder *nss_data;
653
654
0
    nss_data = PORT_ZNew(NSSBase64Decoder);
655
0
    if (nss_data == NULL)
656
0
        return NULL;
657
658
0
    pl_data = PL_CreateBase64Decoder(output_fn, output_arg);
659
0
    if (pl_data == NULL) {
660
0
        PORT_Free(nss_data);
661
0
        return NULL;
662
0
    }
663
664
0
    nss_data->pl_data = pl_data;
665
0
    return nss_data;
666
0
}
667
668
/*
669
 * Push data through the decoder, causing the output_fn (provided to Create)
670
 * to be called with the decoded data.
671
 */
672
SECStatus
673
NSSBase64Decoder_Update(NSSBase64Decoder *data, const char *buffer,
674
                        PRUint32 size)
675
0
{
676
0
    PRStatus pr_status;
677
678
    /* XXX Should we do argument checking only in debug build? */
679
0
    if (data == NULL) {
680
0
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
681
0
        return SECFailure;
682
0
    }
683
684
0
    pr_status = PL_UpdateBase64Decoder(data->pl_data, buffer, size);
685
0
    if (pr_status == PR_FAILURE)
686
0
        return SECFailure;
687
688
0
    return SECSuccess;
689
0
}
690
691
/*
692
 * When you're done decoding, call this to free the data.  If "abort_p"
693
 * is false, then calling this may cause the output_fn to be called
694
 * one last time (as the last buffered data is flushed out).
695
 */
696
SECStatus
697
NSSBase64Decoder_Destroy(NSSBase64Decoder *data, PRBool abort_p)
698
0
{
699
0
    PRStatus pr_status;
700
701
    /* XXX Should we do argument checking only in debug build? */
702
0
    if (data == NULL) {
703
0
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
704
0
        return SECFailure;
705
0
    }
706
707
0
    pr_status = PL_DestroyBase64Decoder(data->pl_data, abort_p);
708
709
0
    PORT_Free(data);
710
711
0
    if (pr_status == PR_FAILURE)
712
0
        return SECFailure;
713
714
0
    return SECSuccess;
715
0
}
716
717
/*
718
 * Perform base64 decoding from an ascii string "inStr" to an Item.
719
 * The length of the input must be provided as "inLen".  The Item
720
 * may be provided (as "outItemOpt"); you can also pass in a NULL
721
 * and the Item will be allocated for you.
722
 *
723
 * In any case, the data within the Item will be allocated for you.
724
 * All allocation will happen out of the passed-in "arenaOpt", if non-NULL.
725
 * If "arenaOpt" is NULL, standard allocation (heap) will be used and
726
 * you will want to free the result via SECITEM_FreeItem.
727
 *
728
 * Return value is NULL on error, the Item (allocated or provided) otherwise.
729
 */
730
SECItem *
731
NSSBase64_DecodeBuffer(PLArenaPool *arenaOpt, SECItem *outItemOpt,
732
                       const char *inStr, unsigned int inLen)
733
0
{
734
0
    SECItem *out_item = NULL;
735
0
    PRUint32 max_out_len = 0;
736
0
    void *mark = NULL;
737
0
    unsigned char *dummy = NULL;
738
739
0
    if ((outItemOpt != NULL && outItemOpt->data != NULL) || inLen == 0) {
740
0
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
741
0
        return NULL;
742
0
    }
743
744
0
    if (arenaOpt != NULL)
745
0
        mark = PORT_ArenaMark(arenaOpt);
746
747
0
    max_out_len = PL_Base64MaxDecodedLength(inLen);
748
0
    if (max_out_len == 0) {
749
0
        goto loser;
750
0
    }
751
0
    out_item = SECITEM_AllocItem(arenaOpt, outItemOpt, max_out_len);
752
0
    if (out_item == NULL) {
753
0
        goto loser;
754
0
    }
755
756
0
    dummy = PL_Base64DecodeBuffer(inStr, inLen, out_item->data,
757
0
                                  max_out_len, &out_item->len);
758
0
    if (dummy == NULL) {
759
0
        goto loser;
760
0
    }
761
0
    if (arenaOpt != NULL) {
762
0
        PORT_ArenaUnmark(arenaOpt, mark);
763
0
    }
764
0
    return out_item;
765
766
0
loser:
767
0
    if (arenaOpt != NULL) {
768
0
        PORT_ArenaRelease(arenaOpt, mark);
769
0
        if (outItemOpt != NULL) {
770
0
            outItemOpt->data = NULL;
771
0
            outItemOpt->len = 0;
772
0
        }
773
0
    } else if (dummy == NULL) {
774
0
        SECITEM_FreeItem(out_item, (PRBool)(outItemOpt == NULL));
775
0
    }
776
0
    return NULL;
777
0
}
778
779
/*
780
 * XXX Everything below is deprecated.  If you add new stuff, put it
781
 * *above*, not below.
782
 */
783
784
/*
785
 * XXX The following "ATOB" functions are provided for backward compatibility
786
 * with current code.  They should be considered strongly deprecated.
787
 * When we can convert all our code over to using the new NSSBase64Decoder_
788
 * functions defined above, we should get rid of these altogether.  (Remove
789
 * protoypes from base64.h as well -- actually, remove that file completely).
790
 * If someone thinks either of these functions provides such a very useful
791
 * interface (though, as shown, the same functionality can already be
792
 * obtained by calling NSSBase64_DecodeBuffer directly), fine -- but then
793
 * that API should be provided with a nice new NSSFoo name and using
794
 * appropriate types, etc.
795
 */
796
797
#include "base64.h"
798
799
/*
800
** Return an PORT_Alloc'd string which is the base64 decoded version
801
** of the input string; set *lenp to the length of the returned data.
802
*/
803
unsigned char *
804
ATOB_AsciiToData(const char *string, unsigned int *lenp)
805
0
{
806
0
    SECItem binary_item, *dummy;
807
808
0
    binary_item.data = NULL;
809
0
    binary_item.len = 0;
810
811
0
    dummy = NSSBase64_DecodeBuffer(NULL, &binary_item, string,
812
0
                                   (PRUint32)PORT_Strlen(string));
813
0
    if (dummy == NULL)
814
0
        return NULL;
815
816
0
    PORT_Assert(dummy == &binary_item);
817
818
0
    *lenp = dummy->len;
819
0
    return dummy->data;
820
0
}
821
822
/*
823
** Convert from ascii to binary encoding of an item.
824
*/
825
SECStatus
826
ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
827
0
{
828
0
    SECItem *dummy;
829
830
0
    if (binary_item == NULL) {
831
0
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
832
0
        return SECFailure;
833
0
    }
834
835
    /*
836
     * XXX Would prefer to assert here if data is non-null (actually,
837
     * don't need to, just let NSSBase64_DecodeBuffer do it), so as to
838
     * to catch unintended memory leaks, but callers are not clean in
839
     * this respect so we need to explicitly clear here to avoid the
840
     * assert in NSSBase64_DecodeBuffer.
841
     */
842
0
    binary_item->data = NULL;
843
0
    binary_item->len = 0;
844
845
0
    dummy = NSSBase64_DecodeBuffer(NULL, binary_item, ascii,
846
0
                                   (PRUint32)PORT_Strlen(ascii));
847
848
0
    if (dummy == NULL)
849
0
        return SECFailure;
850
851
0
    return SECSuccess;
852
0
}