/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*

 * Base64 decoding (ascii to binary).

 */

#include "nssb64.h"

#include "nspr.h"

#include "secitem.h"

#include "secerr.h"

/*

 * XXX We want this basic support to go into NSPR (the PL part).

 * Until that can happen, the PL interface is going to be kept entirely

 * internal here -- all static functions and opaque data structures.

 * When someone can get it moved over into NSPR, that should be done:

 *    - giving everything names that are accepted by the NSPR module owners

 *  (though I tried to choose ones that would work without modification)

 *    - exporting the functions (remove static declarations and add

 *  to nssutil.def as necessary)

 *    - put prototypes into appropriate header file (probably replacing

 *  the entire current lib/libc/include/plbase64.h in NSPR)

 *  along with a typedef for the context structure (which should be

 *  kept opaque -- definition in the source file only, but typedef

 *  ala "typedef struct PLBase64FooStr PLBase64Foo;" in header file)

 *    - modify anything else as necessary to conform to NSPR required style

 *  (I looked but found no formatting guide to follow)

 *

 * You will want to move over everything from here down to the comment

 * which says "XXX End of base64 decoding code to be moved into NSPR",

 * into a new file in NSPR.

 */

/*

 **************************************************************

 * XXX Beginning of base64 decoding code to be moved into NSPR.

 */

/*

 * This typedef would belong in the NSPR header file (i.e. plbase64.h).

 */

typedef struct PLBase64DecoderStr PLBase64Decoder;

/*

 * The following implementation of base64 decoding was based on code

 * found in libmime (specifically, in mimeenc.c).  It has been adapted to

 * use PR types and naming as well as to provide other necessary semantics

 * (like buffer-in/buffer-out in addition to "streaming" without undue

 * performance hit of extra copying if you made the buffer versions

 * use the output_fn).  It also incorporates some aspects of the current

 * NSPR base64 decoding code.  As such, you may find similarities to

 * both of those implementations.  I tried to use names that reflected

 * the original code when possible.  For this reason you may find some

 * inconsistencies -- libmime used lots of "in" and "out" whereas the

 * NSPR version uses "src" and "dest"; sometimes I changed one to the other

 * and sometimes I left them when I thought the subroutines were at least

 * self-consistent.

 */

PR_BEGIN_EXTERN_C

/*

 * Opaque object used by the decoder to store state.

 */

struct PLBase64DecoderStr {

    /* Current token (or portion, if token_size < 4) being decoded. */

    unsigned char token[4];

    int token_size;

    /*

     * Where to write the decoded data (used when streaming, not when

     * doing all in-memory (buffer) operations).

     *

     * Note that this definition is chosen to be compatible with PR_Write.

     */

    PRInt32 (*output_fn)(void *output_arg, const unsigned char *buf,

                         PRInt32 size);

    void *output_arg;

    /*

     * Where the decoded output goes -- either temporarily (in the streaming

     * case, staged here before it goes to the output function) or what will

     * be the entire buffered result for users of the buffer version.

     */

    unsigned char *output_buffer;

    PRUint32 output_buflen; /* the total length of allocated buffer */

    PRUint32 output_length; /* the length that is currently populated */

};

PR_END_EXTERN_C

/*

 * Table to convert an ascii "code" to its corresponding binary value.

 * For ease of use, the binary values in the table are the actual values

 * PLUS ONE.  This is so that the special value of zero can denote an

 * invalid mapping; that was much easier than trying to fill in the other

 * values with some value other than zero, and to check for it.

 * Just remember to SUBTRACT ONE when using the value retrieved.

 */

static unsigned char base64_codetovaluep1[256] = {

    /*   0: */ 0, 0, 0, 0, 0, 0, 0, 0,

    /*   8: */ 0, 0, 0, 0, 0, 0, 0, 0,

    /*  16: */ 0, 0, 0, 0, 0, 0, 0, 0,

    /*  24: */ 0, 0, 0, 0, 0, 0, 0, 0,

    /*  32: */ 0, 0, 0, 0, 0, 0, 0, 0,

    /*  40: */ 0, 0, 0, 63, 0, 0, 0, 64,

    /*  48: */ 53, 54, 55, 56, 57, 58, 59, 60,

    /*  56: */ 61, 62, 0, 0, 0, 0, 0, 0,

    /*  64: */ 0, 1, 2, 3, 4, 5, 6, 7,

    /*  72: */ 8, 9, 10, 11, 12, 13, 14, 15,

    /*  80: */ 16, 17, 18, 19, 20, 21, 22, 23,

    /*  88: */ 24, 25, 26, 0, 0, 0, 0, 0,

    /*  96: */ 0, 27, 28, 29, 30, 31, 32, 33,

    /* 104: */ 34, 35, 36, 37, 38, 39, 40, 41,

    /* 112: */ 42, 43, 44, 45, 46, 47, 48, 49,

    /* 120: */ 50, 51, 52, 0, 0, 0, 0, 0,

    /* 128: */ 0, 0, 0, 0, 0, 0, 0, 0

    /* and rest are all zero as well */

};

#define B64_PAD '='

/*

 * Reads 4; writes 3 (known, or expected, to have no trailing padding).

 * Returns bytes written; -1 on error (unexpected character).

 */

static int

pl_base64_decode_4to3(const unsigned char *in, unsigned char *out)

{

    int j;

    PRUint32 num = 0;

    unsigned char bits;

    for (j = 0; j < 4; j++) {

        bits = base64_codetovaluep1[in[j]];

        if (bits == 0)

            return -1;

        num = (num << 6) | (bits - 1);

    }

    out[0] = (unsigned char)(num >> 16);

    out[1] = (unsigned char)((num >> 8) & 0xFF);

    out[2] = (unsigned char)(num & 0xFF);

    return 3;

}

/*

 * Reads 3; writes 2 (caller already confirmed EOF or trailing padding).

 * Returns bytes written; -1 on error (unexpected character).

 */

static int

pl_base64_decode_3to2(const unsigned char *in, unsigned char *out)

{

    PRUint32 num = 0;

    unsigned char bits1, bits2, bits3;

    bits1 = base64_codetovaluep1[in[0]];

    bits2 = base64_codetovaluep1[in[1]];

    bits3 = base64_codetovaluep1[in[2]];

    if ((bits1 == 0) || (bits2 == 0) || (bits3 == 0))

        return -1;

    num = ((PRUint32)(bits1 - 1)) << 10;

    num |= ((PRUint32)(bits2 - 1)) << 4;

    num |= ((PRUint32)(bits3 - 1)) >> 2;

    out[0] = (unsigned char)(num >> 8);

    out[1] = (unsigned char)(num & 0xFF);

    return 2;

}

/*

 * Reads 2; writes 1 (caller already confirmed EOF or trailing padding).

 * Returns bytes written; -1 on error (unexpected character).

 */

static int

pl_base64_decode_2to1(const unsigned char *in, unsigned char *out)

{

    PRUint32 num = 0;

    unsigned char bits1, bits2;

    bits1 = base64_codetovaluep1[in[0]];

    bits2 = base64_codetovaluep1[in[1]];

    if ((bits1 == 0) || (bits2 == 0))

        return -1;

    num = ((PRUint32)(bits1 - 1)) << 2;

    num |= ((PRUint32)(bits2 - 1)) >> 4;

    out[0] = (unsigned char)num;

    return 1;

}

/*

 * Reads 4; writes 0-3.  Returns bytes written or -1 on error.

 * (Writes less than 3 only at (presumed) EOF.)

 */

static int

pl_base64_decode_token(const unsigned char *in, unsigned char *out)

{

    if (in[3] != B64_PAD)

        return pl_base64_decode_4to3(in, out);

    if (in[2] == B64_PAD)

        return pl_base64_decode_2to1(in, out);

    return pl_base64_decode_3to2(in, out);

}

static PRStatus

pl_base64_decode_buffer(PLBase64Decoder *data, const unsigned char *in,

                        PRUint32 length)

{

    unsigned char *out = data->output_buffer;

    unsigned char *token = data->token;

    int i, n = 0;

    i = data->token_size;

    data->token_size = 0;

    while (length > 0) {

        while (i < 4 && length > 0) {

            /*

             * XXX Note that the following simply ignores any unexpected

             * characters.  This is exactly what the original code in

             * libmime did, and I am leaving it.  We certainly want to skip

             * over whitespace (we must); this does much more than that.

             * I am not confident changing it, and I don't want to slow

             * the processing down doing more complicated checking, but

             * someone else might have different ideas in the future.

             */

            if (base64_codetovaluep1[*in] > 0 || *in == B64_PAD)

                token[i++] = *in;

            in++;

            length--;

        }

        if (i < 4) {

            /* Didn't get enough for a complete token. */

            data->token_size = i;

            break;

        }

        i = 0;

        PR_ASSERT((PRUint32)(out - data->output_buffer + 3) <= data->output_buflen);

        /*

         * Assume we are not at the end; the following function only works

         * for an internal token (no trailing padding characters) but is

         * faster that way.  If it hits an invalid character (padding) it

         * will return an error; we break out of the loop and try again

         * calling the routine that will handle a final token.

         * Note that we intentionally do it this way rather than explicitly

         * add a check for padding here (because that would just slow down

         * the normal case) nor do we rely on checking whether we have more

         * input to process (because that would also slow it down but also

         * because we want to allow trailing garbage, especially white space

         * and cannot tell that without read-ahead, also a slow proposition).

         * Whew.  Understand?

         */

        n = pl_base64_decode_4to3(token, out);

        if (n < 0)

            break;

        /* Advance "out" by the number of bytes just written to it. */

        out += n;

        n = 0;

    }

    /*

     * See big comment above, before call to pl_base64_decode_4to3.

     * Here we check if we error'd out of loop, and allow for the case

     * that we are processing the last interesting token.  If the routine

     * which should handle padding characters also fails, then we just

     * have bad input and give up.

     */

    if (n < 0) {

        n = pl_base64_decode_token(token, out);

        if (n < 0)

            return PR_FAILURE;

        out += n;

    }

    /*

     * As explained above, we can get here with more input remaining, but

     * it should be all characters we do not care about (i.e. would be

     * ignored when transferring from "in" to "token" in loop above,

     * except here we choose to ignore extraneous pad characters, too).

     * Swallow it, performing that check.  If we find more characters that

     * we would expect to decode, something is wrong.

     */

    while (length > 0) {

        if (base64_codetovaluep1[*in] > 0)

            return PR_FAILURE;

        in++;

        length--;

    }

    /* Record the length of decoded data we have left in output_buffer. */

    data->output_length = (PRUint32)(out - data->output_buffer);

    return PR_SUCCESS;

}

/*

 * Flush any remaining buffered characters.  Given well-formed input,

 * this will have nothing to do.  If the input was missing the padding

 * characters at the end, though, there could be 1-3 characters left

 * behind -- we will tolerate that by adding the padding for them.

 */

static PRStatus

pl_base64_decode_flush(PLBase64Decoder *data)

{

    int count;

    /*

     * If no remaining characters, or all are padding (also not well-formed

     * input, but again, be tolerant), then nothing more to do.  (And, that

     * is considered successful.)

     */

    if (data->token_size == 0 || data->token[0] == B64_PAD)

        return PR_SUCCESS;

    /*

     * Assume we have all the interesting input except for some expected

     * padding characters.  Add them and decode the resulting token.

     */

    while (data->token_size < 4)

        data->token[data->token_size++] = B64_PAD;

    data->token_size = 0; /* so a subsequent flush call is a no-op */

    count = pl_base64_decode_token(data->token,

                                   data->output_buffer + data->output_length);

    if (count < 0)

        return PR_FAILURE;

    /*

     * If there is an output function, call it with this last bit of data.

     * Otherwise we are doing all buffered output, and the decoded bytes

     * are now there, we just need to reflect that in the length.

     */

    if (data->output_fn != NULL) {

        PRInt32 output_result;

        PR_ASSERT(data->output_length == 0);

        output_result = data->output_fn(data->output_arg,

                                        data->output_buffer,

                                        (PRInt32)count);

        if (output_result < 0)

            return PR_FAILURE;

    } else {

        data->output_length += count;

    }

    return PR_SUCCESS;

}

/*

 * The maximum space needed to hold the output of the decoder given

 * input data of length "size".

 */

static PRUint32

PL_Base64MaxDecodedLength(PRUint32 size)

{

    return size * 0.75;

}

/*

 * A distinct internal creation function for the buffer version to use.

 * (It does not want to specify an output_fn, and we want the normal

 * Create function to require that.)  If more common initialization

 * of the decoding context needs to be done, it should be done *here*.

 */

static PLBase64Decoder *

pl_base64_create_decoder(void)

{

    return PR_NEWZAP(PLBase64Decoder);

}

/*

 * Function to start a base64 decoding context.

 * An "output_fn" is required; the "output_arg" parameter to that is optional.

 */

static PLBase64Decoder *

PL_CreateBase64Decoder(PRInt32 (*output_fn)(void *, const unsigned char *,

                                            PRInt32),

                       void *output_arg)

{

    PLBase64Decoder *data;

    if (output_fn == NULL) {

        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);

        return NULL;

    }

    data = pl_base64_create_decoder();

    if (data != NULL) {

        data->output_fn = output_fn;

        data->output_arg = output_arg;

    }

    return data;

}

/*

 * Push data through the decoder, causing the output_fn (provided to Create)

 * to be called with the decoded data.

 */

static PRStatus

PL_UpdateBase64Decoder(PLBase64Decoder *data, const char *buffer,

                       PRUint32 size)

{

    PRUint32 need_length;

    PRStatus status;

    /* XXX Should we do argument checking only in debug build? */

    if (data == NULL || buffer == NULL || size == 0) {

        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);

        return PR_FAILURE;

    }

    /*

     * How much space could this update need for decoding?

     */

    need_length = PL_Base64MaxDecodedLength(size + data->token_size);

    /*

     * Make sure we have at least that much.  If not, (re-)allocate.

     */

    if (need_length > data->output_buflen) {

        unsigned char *output_buffer = data->output_buffer;

        if (output_buffer != NULL)

            output_buffer = (unsigned char *)PR_Realloc(output_buffer,

                                                        need_length);

        else

            output_buffer = (unsigned char *)PR_Malloc(need_length);

        if (output_buffer == NULL)

            return PR_FAILURE;

        data->output_buffer = output_buffer;

        data->output_buflen = need_length;

    }

    /* There should not have been any leftover output data in the buffer. */

    PR_ASSERT(data->output_length == 0);

    data->output_length = 0;

    status = pl_base64_decode_buffer(data, (const unsigned char *)buffer,

                                     size);

    /* Now that we have some decoded data, write it. */

    if (status == PR_SUCCESS && data->output_length > 0) {

        PRInt32 output_result;

        PR_ASSERT(data->output_fn != NULL);

        output_result = data->output_fn(data->output_arg,

                                        data->output_buffer,

                                        (PRInt32)data->output_length);

        if (output_result < 0)

            status = PR_FAILURE;

    }

    data->output_length = 0;

    return status;

}

/*

 * When you're done decoding, call this to free the data.  If "abort_p"

 * is false, then calling this may cause the output_fn to be called

 * one last time (as the last buffered data is flushed out).

 */

static PRStatus

PL_DestroyBase64Decoder(PLBase64Decoder *data, PRBool abort_p)

{

    PRStatus status = PR_SUCCESS;

    /* XXX Should we do argument checking only in debug build? */

    if (data == NULL) {

        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);

        return PR_FAILURE;

    }

    /* Flush out the last few buffered characters. */

    if (!abort_p)

        status = pl_base64_decode_flush(data);

    if (data->output_buffer != NULL)

        PR_Free(data->output_buffer);

    PR_Free(data);

    return status;

}

/*

 * Perform base64 decoding from an input buffer to an output buffer.

 * The output buffer can be provided (as "dest"); you can also pass in

 * a NULL and this function will allocate a buffer large enough for you,

 * and return it.  If you do provide the output buffer, you must also

 * provide the maximum length of that buffer (as "maxdestlen").

 * The actual decoded length of output will be returned to you in

 * "output_destlen".

 *

 * Return value is NULL on error, the output buffer (allocated or provided)

 * otherwise.

 */

static unsigned char *

PL_Base64DecodeBuffer(const char *src, PRUint32 srclen, unsigned char *dest,

                      PRUint32 maxdestlen, PRUint32 *output_destlen)

{

    PRUint32 need_length;

    unsigned char *output_buffer = NULL;

    PLBase64Decoder *data = NULL;

    PRStatus status;

    PR_ASSERT(srclen > 0);

    if (srclen == 0) {

        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);

        return NULL;

    }

    /*

     * How much space could we possibly need for decoding this input?

     */

    need_length = PL_Base64MaxDecodedLength(srclen);

    /*

     * Make sure we have at least that much, if output buffer provided.

     * If no output buffer provided, then we allocate that much.

     */

    if (dest != NULL) {

        PR_ASSERT(maxdestlen >= need_length);

        if (maxdestlen < need_length) {

            PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);

            goto loser;

        }

        output_buffer = dest;

    } else {

        output_buffer = (unsigned char *)PR_Malloc(need_length);

        if (output_buffer == NULL)

            goto loser;

        maxdestlen = need_length;

    }

    data = pl_base64_create_decoder();

    if (data == NULL)

        goto loser;

    data->output_buflen = maxdestlen;

    data->output_buffer = output_buffer;

    status = pl_base64_decode_buffer(data, (const unsigned char *)src,

                                     srclen);

    /*

     * We do not wait for Destroy to flush, because Destroy will also

     * get rid of our decoder context, which we need to look at first!

     */

    if (status == PR_SUCCESS)

        status = pl_base64_decode_flush(data);

    /* Must clear this or Destroy will free it. */

    data->output_buffer = NULL;

    if (status == PR_SUCCESS) {

        *output_destlen = data->output_length;

        status = PL_DestroyBase64Decoder(data, PR_FALSE);

        data = NULL;

        if (status == PR_FAILURE)

            goto loser;

        return output_buffer;

    }

loser:

    if (dest == NULL && output_buffer != NULL)

        PR_Free(output_buffer);

    if (data != NULL)

        (void)PL_DestroyBase64Decoder(data, PR_TRUE);

    return NULL;

}

/*

 * XXX End of base64 decoding code to be moved into NSPR.

 ********************************************************

 */

/*

 * This is the beginning of the NSS cover functions.  These will

 * provide the interface we want to expose as NSS-ish.  For example,

 * they will operate on our Items, do any special handling or checking

 * we want to do, etc.

 */

PR_BEGIN_EXTERN_C

/*

 * A boring cover structure for now.  Perhaps someday it will include

 * some more interesting fields.

 */

struct NSSBase64DecoderStr {

    PLBase64Decoder *pl_data;

};

PR_END_EXTERN_C

/*

 * Function to start a base64 decoding context.

 */

NSSBase64Decoder *

NSSBase64Decoder_Create(PRInt32 (*output_fn)(void *, const unsigned char *,

                                             PRInt32),

                        void *output_arg)

{

    PLBase64Decoder *pl_data;

    NSSBase64Decoder *nss_data;

    nss_data = PORT_ZNew(NSSBase64Decoder);

    if (nss_data == NULL)

        return NULL;

    pl_data = PL_CreateBase64Decoder(output_fn, output_arg);

    if (pl_data == NULL) {

        PORT_Free(nss_data);

        return NULL;

    }

    nss_data->pl_data = pl_data;

    return nss_data;

}

/*

 * Push data through the decoder, causing the output_fn (provided to Create)

 * to be called with the decoded data.

 */

SECStatus

NSSBase64Decoder_Update(NSSBase64Decoder *data, const char *buffer,

                        PRUint32 size)

{

    PRStatus pr_status;

    /* XXX Should we do argument checking only in debug build? */

    if (data == NULL) {

        PORT_SetError(SEC_ERROR_INVALID_ARGS);

        return SECFailure;

    }

    pr_status = PL_UpdateBase64Decoder(data->pl_data, buffer, size);

    if (pr_status == PR_FAILURE)

        return SECFailure;

    return SECSuccess;

}

/*

 * When you're done decoding, call this to free the data.  If "abort_p"

 * is false, then calling this may cause the output_fn to be called

 * one last time (as the last buffered data is flushed out).

 */

SECStatus

NSSBase64Decoder_Destroy(NSSBase64Decoder *data, PRBool abort_p)

{

    PRStatus pr_status;

    /* XXX Should we do argument checking only in debug build? */

    if (data == NULL) {

        PORT_SetError(SEC_ERROR_INVALID_ARGS);

        return SECFailure;

    }

    pr_status = PL_DestroyBase64Decoder(data->pl_data, abort_p);

    PORT_Free(data);

    if (pr_status == PR_FAILURE)

        return SECFailure;

    return SECSuccess;

}

/*

 * Perform base64 decoding from an ascii string "inStr" to an Item.

 * The length of the input must be provided as "inLen".  The Item

 * may be provided (as "outItemOpt"); you can also pass in a NULL

 * and the Item will be allocated for you.

 *

 * In any case, the data within the Item will be allocated for you.

 * All allocation will happen out of the passed-in "arenaOpt", if non-NULL.

 * If "arenaOpt" is NULL, standard allocation (heap) will be used and

 * you will want to free the result via SECITEM_FreeItem.

 *

 * Return value is NULL on error, the Item (allocated or provided) otherwise.

 */

SECItem *

NSSBase64_DecodeBuffer(PLArenaPool *arenaOpt, SECItem *outItemOpt,

                       const char *inStr, unsigned int inLen)

{

    SECItem *out_item = NULL;

    PRUint32 max_out_len = 0;

    void *mark = NULL;

    unsigned char *dummy = NULL;

    if ((outItemOpt != NULL && outItemOpt->data != NULL) || inLen == 0) {

        PORT_SetError(SEC_ERROR_INVALID_ARGS);

        return NULL;

    }

    if (arenaOpt != NULL)

        mark = PORT_ArenaMark(arenaOpt);

    max_out_len = PL_Base64MaxDecodedLength(inLen);

    if (max_out_len == 0) {

        goto loser;

    }

    out_item = SECITEM_AllocItem(arenaOpt, outItemOpt, max_out_len);

    if (out_item == NULL) {

        goto loser;

    }

    dummy = PL_Base64DecodeBuffer(inStr, inLen, out_item->data,

                                  max_out_len, &out_item->len);

    if (dummy == NULL) {

        goto loser;

    }

    if (arenaOpt != NULL) {

        PORT_ArenaUnmark(arenaOpt, mark);

    }

    return out_item;

loser:

    if (arenaOpt != NULL) {

        PORT_ArenaRelease(arenaOpt, mark);

        if (outItemOpt != NULL) {

            outItemOpt->data = NULL;

            outItemOpt->len = 0;

        }

    } else if (dummy == NULL) {

        SECITEM_FreeItem(out_item, (PRBool)(outItemOpt == NULL));

    }

    return NULL;

}

/*

 * XXX Everything below is deprecated.  If you add new stuff, put it

 * *above*, not below.

 */

/*

 * XXX The following "ATOB" functions are provided for backward compatibility

 * with current code.  They should be considered strongly deprecated.

 * When we can convert all our code over to using the new NSSBase64Decoder_

 * functions defined above, we should get rid of these altogether.  (Remove

 * protoypes from base64.h as well -- actually, remove that file completely).

 * If someone thinks either of these functions provides such a very useful

 * interface (though, as shown, the same functionality can already be

 * obtained by calling NSSBase64_DecodeBuffer directly), fine -- but then

 * that API should be provided with a nice new NSSFoo name and using

 * appropriate types, etc.

 */

#include "base64.h"

/*

** Return an PORT_Alloc'd string which is the base64 decoded version

** of the input string; set *lenp to the length of the returned data.

*/

unsigned char *

ATOB_AsciiToData(const char *string, unsigned int *lenp)

{

    SECItem binary_item, *dummy;

    binary_item.data = NULL;

    binary_item.len = 0;

    dummy = NSSBase64_DecodeBuffer(NULL, &binary_item, string,

                                   (PRUint32)PORT_Strlen(string));

    if (dummy == NULL)

        return NULL;

    PORT_Assert(dummy == &binary_item);

    *lenp = dummy->len;

    return dummy->data;

}

/*

** Convert from ascii to binary encoding of an item.

*/

SECStatus

ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)

{

    SECItem *dummy;

    if (binary_item == NULL) {

        PORT_SetError(SEC_ERROR_INVALID_ARGS);

        return SECFailure;

    }

    /*

     * XXX Would prefer to assert here if data is non-null (actually,

     * don't need to, just let NSSBase64_DecodeBuffer do it), so as to

     * to catch unintended memory leaks, but callers are not clean in

     * this respect so we need to explicitly clear here to avoid the

     * assert in NSSBase64_DecodeBuffer.

     */

    binary_item->data = NULL;

    binary_item->len = 0;

    dummy = NSSBase64_DecodeBuffer(NULL, binary_item, ascii,

                                   (PRUint32)PORT_Strlen(ascii));

    if (dummy == NULL)

        return SECFailure;

    return SECSuccess;

}