Delete bundled copy of NSS and replace with README.

nss/lib/util/nssb64d.c

-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * Base64 decoding (ascii to binary).
- */
-
-#include "nssb64.h"
-#include "nspr.h"
-#include "secitem.h"
-#include "secerr.h"
-
-/*
- * XXX We want this basic support to go into NSPR (the PL part).
- * Until that can happen, the PL interface is going to be kept entirely
- * internal here -- all static functions and opaque data structures.
- * When someone can get it moved over into NSPR, that should be done:
- *    - giving everything names that are accepted by the NSPR module owners
- *      (though I tried to choose ones that would work without modification)
- *    - exporting the functions (remove static declarations and add
- *      to nssutil.def as necessary)
- *    - put prototypes into appropriate header file (probably replacing
- *      the entire current lib/libc/include/plbase64.h in NSPR)
- *      along with a typedef for the context structure (which should be
- *      kept opaque -- definition in the source file only, but typedef
- *      ala "typedef struct PLBase64FooStr PLBase64Foo;" in header file)
- *    - modify anything else as necessary to conform to NSPR required style
- *      (I looked but found no formatting guide to follow)
- *
- * You will want to move over everything from here down to the comment
- * which says "XXX End of base64 decoding code to be moved into NSPR",
- * into a new file in NSPR.
- */
-
-/*
- **************************************************************
- * XXX Beginning of base64 decoding code to be moved into NSPR.
- */
-
-/*
- * This typedef would belong in the NSPR header file (i.e. plbase64.h).
- */
-typedef struct PLBase64DecoderStr PLBase64Decoder;
-
-/*
- * The following implementation of base64 decoding was based on code
- * found in libmime (specifically, in mimeenc.c).  It has been adapted to
- * use PR types and naming as well as to provide other necessary semantics
- * (like buffer-in/buffer-out in addition to "streaming" without undue
- * performance hit of extra copying if you made the buffer versions
- * use the output_fn).  It also incorporates some aspects of the current
- * NSPR base64 decoding code.  As such, you may find similarities to
- * both of those implementations.  I tried to use names that reflected
- * the original code when possible.  For this reason you may find some
- * inconsistencies -- libmime used lots of "in" and "out" whereas the
- * NSPR version uses "src" and "dest"; sometimes I changed one to the other
- * and sometimes I left them when I thought the subroutines were at least
- * self-consistent.
- */
-
-PR_BEGIN_EXTERN_C
-
-/*
- * Opaque object used by the decoder to store state.
- */
-struct PLBase64DecoderStr {
-    /* Current token (or portion, if token_size < 4) being decoded. */
-    unsigned char token[4];
-    int token_size;
-
-    /*
-     * Where to write the decoded data (used when streaming, not when
-     * doing all in-memory (buffer) operations).
-     *
-     * Note that this definition is chosen to be compatible with PR_Write.
-     */
-    PRInt32 (*output_fn) (void *output_arg, const unsigned char *buf,
-                          PRInt32 size);
-    void *output_arg;
-
-    /*
-     * Where the decoded output goes -- either temporarily (in the streaming
-     * case, staged here before it goes to the output function) or what will
-     * be the entire buffered result for users of the buffer version.
-     */
-    unsigned char *output_buffer;
-    PRUint32 output_buflen;     /* the total length of allocated buffer */
-    PRUint32 output_length;     /* the length that is currently populated */
-};
-
-PR_END_EXTERN_C
-
-
-/*
- * Table to convert an ascii "code" to its corresponding binary value.
- * For ease of use, the binary values in the table are the actual values
- * PLUS ONE.  This is so that the special value of zero can denote an
- * invalid mapping; that was much easier than trying to fill in the other
- * values with some value other than zero, and to check for it.
- * Just remember to SUBTRACT ONE when using the value retrieved.
- */
-static unsigned char base64_codetovaluep1[256] = {
-/*   0: */        0,      0,      0,      0,      0,      0,      0,      0,
-/*   8: */        0,      0,      0,      0,      0,      0,      0,      0,
-/*  16: */        0,      0,      0,      0,      0,      0,      0,      0,
-/*  24: */        0,      0,      0,      0,      0,      0,      0,      0,
-/*  32: */        0,      0,      0,      0,      0,      0,      0,      0,
-/*  40: */        0,      0,      0,     63,      0,      0,      0,     64,
-/*  48: */       53,     54,     55,     56,     57,     58,     59,     60,
-/*  56: */       61,     62,      0,      0,      0,      0,      0,      0,
-/*  64: */        0,      1,      2,      3,      4,      5,      6,      7,
-/*  72: */        8,      9,     10,     11,     12,     13,     14,     15,
-/*  80: */       16,     17,     18,     19,     20,     21,     22,     23,
-/*  88: */       24,     25,     26,      0,      0,      0,      0,      0,
-/*  96: */        0,     27,     28,     29,     30,     31,     32,     33,
-/* 104: */       34,     35,     36,     37,     38,     39,     40,     41,
-/* 112: */       42,     43,     44,     45,     46,     47,     48,     49,
-/* 120: */       50,     51,     52,      0,      0,      0,      0,      0,
-/* 128: */        0,      0,      0,      0,      0,      0,      0,      0
-/* and rest are all zero as well */
-};
-
-#define B64_PAD '='
-
-
-/*
- * Reads 4; writes 3 (known, or expected, to have no trailing padding).
- * Returns bytes written; -1 on error (unexpected character).
- */
-static int
-pl_base64_decode_4to3 (const unsigned char *in, unsigned char *out)
-{
-    int j;
-    PRUint32 num = 0;
-    unsigned char bits;
-
-    for (j = 0; j < 4; j++) {
-        bits = base64_codetovaluep1[in[j]];
-        if (bits == 0)
-            return -1;
-        num = (num << 6) | (bits - 1);
-    }
-
-    out[0] = (unsigned char) (num >> 16);
-    out[1] = (unsigned char) ((num >> 8) & 0xFF);
-    out[2] = (unsigned char) (num & 0xFF);
-
-    return 3;
-}
-
-/*
- * Reads 3; writes 2 (caller already confirmed EOF or trailing padding).
- * Returns bytes written; -1 on error (unexpected character).
- */
-static int
-pl_base64_decode_3to2 (const unsigned char *in, unsigned char *out)
-{
-    PRUint32 num = 0;
-    unsigned char bits1, bits2, bits3;
-
-    bits1 = base64_codetovaluep1[in[0]];
-    bits2 = base64_codetovaluep1[in[1]];
-    bits3 = base64_codetovaluep1[in[2]];
-
-    if ((bits1 == 0) || (bits2 == 0) || (bits3 == 0))
-        return -1;
-
-    num = ((PRUint32)(bits1 - 1)) << 10;
-    num |= ((PRUint32)(bits2 - 1)) << 4;
-    num |= ((PRUint32)(bits3 - 1)) >> 2;
-
-    out[0] = (unsigned char) (num >> 8);
-    out[1] = (unsigned char) (num & 0xFF);
-
-    return 2;
-}
-
-/*
- * Reads 2; writes 1 (caller already confirmed EOF or trailing padding).
- * Returns bytes written; -1 on error (unexpected character).
- */
-static int
-pl_base64_decode_2to1 (const unsigned char *in, unsigned char *out)
-{
-    PRUint32 num = 0;
-    unsigned char bits1, bits2;
-
-    bits1 = base64_codetovaluep1[in[0]];
-    bits2 = base64_codetovaluep1[in[1]];
-
-    if ((bits1 == 0) || (bits2 == 0))
-        return -1;
-
-    num = ((PRUint32)(bits1 - 1)) << 2;
-    num |= ((PRUint32)(bits2 - 1)) >> 4;
-
-    out[0] = (unsigned char) num;
-
-    return 1;
-}
-
-/*
- * Reads 4; writes 0-3.  Returns bytes written or -1 on error.
- * (Writes less than 3 only at (presumed) EOF.)
- */
-static int
-pl_base64_decode_token (const unsigned char *in, unsigned char *out)
-{
-    if (in[3] != B64_PAD)
-        return pl_base64_decode_4to3 (in, out);
-
-    if (in[2] == B64_PAD)
-        return pl_base64_decode_2to1 (in, out);
-
-    return pl_base64_decode_3to2 (in, out);
-}
-
-static PRStatus
-pl_base64_decode_buffer (PLBase64Decoder *data, const unsigned char *in,
-                         PRUint32 length)
-{
-    unsigned char *out = data->output_buffer;
-    unsigned char *token = data->token;
-    int i, n = 0;
-
-    i = data->token_size;
-    data->token_size = 0;
-
-    while (length > 0) {
-        while (i < 4 && length > 0) {
-            /*
-             * XXX Note that the following simply ignores any unexpected
-             * characters.  This is exactly what the original code in
-             * libmime did, and I am leaving it.  We certainly want to skip
-             * over whitespace (we must); this does much more than that.
-             * I am not confident changing it, and I don't want to slow
-             * the processing down doing more complicated checking, but
-             * someone else might have different ideas in the future.
-             */
-            if (base64_codetovaluep1[*in] > 0 || *in == B64_PAD)
-                token[i++] = *in;
-            in++;
-            length--;
-        }
-
-        if (i < 4) {
-            /* Didn't get enough for a complete token. */
-            data->token_size = i;
-            break;
-        }
-        i = 0;
-
-        PR_ASSERT((out - data->output_buffer + 3) <= data->output_buflen);
-
-        /*
-         * Assume we are not at the end; the following function only works
-         * for an internal token (no trailing padding characters) but is
-         * faster that way.  If it hits an invalid character (padding) it
-         * will return an error; we break out of the loop and try again
-         * calling the routine that will handle a final token.
-         * Note that we intentionally do it this way rather than explicitly
-         * add a check for padding here (because that would just slow down
-         * the normal case) nor do we rely on checking whether we have more
-         * input to process (because that would also slow it down but also
-         * because we want to allow trailing garbage, especially white space
-         * and cannot tell that without read-ahead, also a slow proposition).
-         * Whew.  Understand?
-         */
-        n = pl_base64_decode_4to3 (token, out);
-        if (n < 0)
-            break;
-
-        /* Advance "out" by the number of bytes just written to it. */
-        out += n;
-        n = 0;
-    }
-
-    /*
-     * See big comment above, before call to pl_base64_decode_4to3.
-     * Here we check if we error'd out of loop, and allow for the case
-     * that we are processing the last interesting token.  If the routine
-     * which should handle padding characters also fails, then we just
-     * have bad input and give up.
-     */
-    if (n < 0) {
-        n = pl_base64_decode_token (token, out);
-        if (n < 0)
-            return PR_FAILURE;
-
-        out += n;
-    }
-
-    /*
-     * As explained above, we can get here with more input remaining, but
-     * it should be all characters we do not care about (i.e. would be
-     * ignored when transferring from "in" to "token" in loop above,
-     * except here we choose to ignore extraneous pad characters, too).
-     * Swallow it, performing that check.  If we find more characters that
-     * we would expect to decode, something is wrong.
-     */
-    while (length > 0) {
-        if (base64_codetovaluep1[*in] > 0)
-            return PR_FAILURE;
-        in++;
-        length--;
-    }
-
-    /* Record the length of decoded data we have left in output_buffer. */
-    data->output_length = (PRUint32) (out - data->output_buffer);
-    return PR_SUCCESS;
-}
-
-/*
- * Flush any remaining buffered characters.  Given well-formed input,
- * this will have nothing to do.  If the input was missing the padding
- * characters at the end, though, there could be 1-3 characters left
- * behind -- we will tolerate that by adding the padding for them.
- */
-static PRStatus
-pl_base64_decode_flush (PLBase64Decoder *data)
-{
-    int count;
-
-    /*
-     * If no remaining characters, or all are padding (also not well-formed
-     * input, but again, be tolerant), then nothing more to do.  (And, that
-     * is considered successful.)
-     */
-    if (data->token_size == 0 || data->token[0] == B64_PAD)
-        return PR_SUCCESS;
-
-    /*
-     * Assume we have all the interesting input except for some expected
-     * padding characters.  Add them and decode the resulting token.
-     */
-    while (data->token_size < 4)
-        data->token[data->token_size++] = B64_PAD;
-
-    data->token_size = 0;       /* so a subsequent flush call is a no-op */
-
-    count = pl_base64_decode_token (data->token,
-                                    data->output_buffer + data->output_length);
-    if (count < 0)
-        return PR_FAILURE;
-
-    /*
-     * If there is an output function, call it with this last bit of data.
-     * Otherwise we are doing all buffered output, and the decoded bytes
-     * are now there, we just need to reflect that in the length.
-     */
-    if (data->output_fn != NULL) {
-        PRInt32 output_result;
-
-        PR_ASSERT(data->output_length == 0);
-        output_result = data->output_fn (data->output_arg,
-                                         data->output_buffer,
-                                         (PRInt32) count);
-        if (output_result < 0)
-            return  PR_FAILURE;
-    } else {
-        data->output_length += count;
-    }
-
-    return PR_SUCCESS;
-}
-
-
-/*
- * The maximum space needed to hold the output of the decoder given
- * input data of length "size".
- */
-static PRUint32
-PL_Base64MaxDecodedLength (PRUint32 size)
-{
-    return ((size * 3) / 4);
-}
-
-
-/*
- * A distinct internal creation function for the buffer version to use.
- * (It does not want to specify an output_fn, and we want the normal
- * Create function to require that.)  If more common initialization
- * of the decoding context needs to be done, it should be done *here*.
- */
-static PLBase64Decoder *
-pl_base64_create_decoder (void)
-{
-    return PR_NEWZAP(PLBase64Decoder);
-}
-
-/*
- * Function to start a base64 decoding context.
- * An "output_fn" is required; the "output_arg" parameter to that is optional.
- */
-static PLBase64Decoder *
-PL_CreateBase64Decoder (PRInt32 (*output_fn) (void *, const unsigned char *,
-                                              PRInt32),
-                        void *output_arg)
-{
-    PLBase64Decoder *data;
-
-    if (output_fn == NULL) {
-        PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
-        return NULL;
-    }
-
-    data = pl_base64_create_decoder ();
-    if (data != NULL) {
-        data->output_fn = output_fn;
-        data->output_arg = output_arg;
-    }
-    return data;
-}
-
-
-/*
- * Push data through the decoder, causing the output_fn (provided to Create)
- * to be called with the decoded data.
- */
-static PRStatus
-PL_UpdateBase64Decoder (PLBase64Decoder *data, const char *buffer,
-                        PRUint32 size)
-{
-    PRUint32 need_length;
-    PRStatus status;
-
-    /* XXX Should we do argument checking only in debug build? */
-    if (data == NULL || buffer == NULL || size == 0) {
-        PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
-        return PR_FAILURE;
-    }
-
-    /*
-     * How much space could this update need for decoding?
-     */
-    need_length = PL_Base64MaxDecodedLength (size + data->token_size);
-
-    /*
-     * Make sure we have at least that much.  If not, (re-)allocate.
-     */
-    if (need_length > data->output_buflen) {
-        unsigned char *output_buffer = data->output_buffer;
-
-        if (output_buffer != NULL)
-            output_buffer = (unsigned char *) PR_Realloc(output_buffer,
-                                                         need_length);
-        else
-            output_buffer = (unsigned char *) PR_Malloc(need_length);
-
-        if (output_buffer == NULL)
-            return PR_FAILURE;
-
-        data->output_buffer = output_buffer;
-        data->output_buflen = need_length;
-    }
-
-    /* There should not have been any leftover output data in the buffer. */
-    PR_ASSERT(data->output_length == 0);
-    data->output_length = 0;
-
-    status = pl_base64_decode_buffer (data, (const unsigned char *) buffer,
-                                      size);
-
-    /* Now that we have some decoded data, write it. */
-    if (status == PR_SUCCESS && data->output_length > 0) {
-        PRInt32 output_result;
-
-        PR_ASSERT(data->output_fn != NULL);
-        output_result = data->output_fn (data->output_arg,
-                                         data->output_buffer,
-                                         (PRInt32) data->output_length);
-        if (output_result < 0)
-            status = PR_FAILURE;
-    }
-
-    data->output_length = 0;
-    return status;
-}
-
-
-/*
- * When you're done decoding, call this to free the data.  If "abort_p"
- * is false, then calling this may cause the output_fn to be called
- * one last time (as the last buffered data is flushed out).
- */
-static PRStatus
-PL_DestroyBase64Decoder (PLBase64Decoder *data, PRBool abort_p)
-{
-    PRStatus status = PR_SUCCESS;
-
-    /* XXX Should we do argument checking only in debug build? */
-    if (data == NULL) {
-        PR_SetError (PR_INVALID_ARGUMENT_ERROR, 0);
-        return PR_FAILURE;
-    }
-
-    /* Flush out the last few buffered characters. */
-    if (!abort_p)
-        status = pl_base64_decode_flush (data);
-
-    if (data->output_buffer != NULL)
-        PR_Free(data->output_buffer);
-    PR_Free(data);
-
-    return status;
-}
-
-
-/*
- * Perform base64 decoding from an input buffer to an output buffer.
- * The output buffer can be provided (as "dest"); you can also pass in
- * a NULL and this function will allocate a buffer large enough for you,
- * and return it.  If you do provide the output buffer, you must also
- * provide the maximum length of that buffer (as "maxdestlen").
- * The actual decoded length of output will be returned to you in
- * "output_destlen".
- *
- * Return value is NULL on error, the output buffer (allocated or provided)
- * otherwise.
- */
-static unsigned char *
-PL_Base64DecodeBuffer (const char *src, PRUint32 srclen, unsigned char *dest,
-                       PRUint32 maxdestlen, PRUint32 *output_destlen)
-{
-    PRUint32 need_length;
-    unsigned char *output_buffer = NULL;
-    PLBase64Decoder *data = NULL;
-    PRStatus status;
-
-    PR_ASSERT(srclen > 0);
-    if (srclen == 0) {
-        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
-        return NULL;
-    }
-
-    /*
-     * How much space could we possibly need for decoding this input?
-     */
-    need_length = PL_Base64MaxDecodedLength (srclen);
-
-    /*
-     * Make sure we have at least that much, if output buffer provided.
-     * If no output buffer provided, then we allocate that much.
-     */
-    if (dest != NULL) {
-        PR_ASSERT(maxdestlen >= need_length);
-        if (maxdestlen < need_length) {
-            PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
-            goto loser;
-        }
-        output_buffer = dest;
-    } else {
-        output_buffer = (unsigned char *) PR_Malloc(need_length);
-        if (output_buffer == NULL)
-            goto loser;
-        maxdestlen = need_length;
-    }
-
-    data = pl_base64_create_decoder();
-    if (data == NULL)
-        goto loser;
-
-    data->output_buflen = maxdestlen;
-    data->output_buffer = output_buffer;
-
-    status = pl_base64_decode_buffer (data, (const unsigned char *) src,
-                                      srclen);
-
-    /*
-     * We do not wait for Destroy to flush, because Destroy will also
-     * get rid of our decoder context, which we need to look at first!
-     */
-    if (status == PR_SUCCESS)
-        status = pl_base64_decode_flush (data);
-
-    /* Must clear this or Destroy will free it. */
-    data->output_buffer = NULL;
-
-    if (status == PR_SUCCESS) {
-        *output_destlen = data->output_length;
-        status = PL_DestroyBase64Decoder (data, PR_FALSE);
-        data = NULL;
-        if (status == PR_FAILURE)
-            goto loser;
-        return output_buffer;
-    }
-
-loser:
-    if (dest == NULL && output_buffer != NULL)
-        PR_Free(output_buffer);
-    if (data != NULL)
-        (void) PL_DestroyBase64Decoder (data, PR_TRUE);
-    return NULL;
-}
-
-
-/*
- * XXX End of base64 decoding code to be moved into NSPR.
- ********************************************************
- */
-
-/*
- * This is the beginning of the NSS cover functions.  These will
- * provide the interface we want to expose as NSS-ish.  For example,
- * they will operate on our Items, do any special handling or checking
- * we want to do, etc.
- */
-
-
-PR_BEGIN_EXTERN_C
-
-/*
- * A boring cover structure for now.  Perhaps someday it will include
- * some more interesting fields.
- */
-struct NSSBase64DecoderStr {
-    PLBase64Decoder *pl_data;
-};
-
-PR_END_EXTERN_C
-
-
-/*
- * Function to start a base64 decoding context.
- */
-NSSBase64Decoder *
-NSSBase64Decoder_Create (PRInt32 (*output_fn) (void *, const unsigned char *,
-                                               PRInt32),
-                         void *output_arg)
-{
-    PLBase64Decoder *pl_data;
-    NSSBase64Decoder *nss_data;
-
-    nss_data = PORT_ZNew(NSSBase64Decoder);
-    if (nss_data == NULL)
-        return NULL;
-
-    pl_data = PL_CreateBase64Decoder (output_fn, output_arg);
-    if (pl_data == NULL) {
-        PORT_Free(nss_data);
-        return NULL;
-    }
-
-    nss_data->pl_data = pl_data;
-    return nss_data;
-}
-
-
-/*
- * Push data through the decoder, causing the output_fn (provided to Create)
- * to be called with the decoded data.
- */
-SECStatus
-NSSBase64Decoder_Update (NSSBase64Decoder *data, const char *buffer,
-                         PRUint32 size)
-{
-    PRStatus pr_status;
-
-    /* XXX Should we do argument checking only in debug build? */
-    if (data == NULL) {
-        PORT_SetError (SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    pr_status = PL_UpdateBase64Decoder (data->pl_data, buffer, size);
-    if (pr_status == PR_FAILURE)
-        return SECFailure;
-
-    return SECSuccess;
-}
-
-
-/*
- * When you're done decoding, call this to free the data.  If "abort_p"
- * is false, then calling this may cause the output_fn to be called
- * one last time (as the last buffered data is flushed out).
- */
-SECStatus
-NSSBase64Decoder_Destroy (NSSBase64Decoder *data, PRBool abort_p)
-{
-    PRStatus pr_status;
-
-    /* XXX Should we do argument checking only in debug build? */
-    if (data == NULL) {
-        PORT_SetError (SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    pr_status = PL_DestroyBase64Decoder (data->pl_data, abort_p);
-
-    PORT_Free(data);
-
-    if (pr_status == PR_FAILURE)
-        return SECFailure;
-
-    return SECSuccess;
-}
-
-
-/*
- * Perform base64 decoding from an ascii string "inStr" to an Item.
- * The length of the input must be provided as "inLen".  The Item
- * may be provided (as "outItemOpt"); you can also pass in a NULL
- * and the Item will be allocated for you.
- *
- * In any case, the data within the Item will be allocated for you.
- * All allocation will happen out of the passed-in "arenaOpt", if non-NULL.
- * If "arenaOpt" is NULL, standard allocation (heap) will be used and
- * you will want to free the result via SECITEM_FreeItem.
- *
- * Return value is NULL on error, the Item (allocated or provided) otherwise.
- */
-SECItem *
-NSSBase64_DecodeBuffer (PLArenaPool *arenaOpt, SECItem *outItemOpt,
-                        const char *inStr, unsigned int inLen)
-{
-    SECItem *out_item = NULL;
-    PRUint32 max_out_len = 0;
-    PRUint32 out_len;
-    void *mark = NULL;
-    unsigned char *dummy;
-
-    if ((outItemOpt != NULL && outItemOpt->data != NULL) || inLen == 0) {
-        PORT_SetError (SEC_ERROR_INVALID_ARGS);
-        return NULL;
-    }
-
-    if (arenaOpt != NULL)
-        mark = PORT_ArenaMark (arenaOpt);
-
-    max_out_len = PL_Base64MaxDecodedLength (inLen);
-    out_item = SECITEM_AllocItem (arenaOpt, outItemOpt, max_out_len);
-    if (out_item == NULL) {
-        if (arenaOpt != NULL)
-            PORT_ArenaRelease (arenaOpt, mark);
-        return NULL;
-    }
-
-    dummy = PL_Base64DecodeBuffer (inStr, inLen, out_item->data,
-                                   max_out_len, &out_len);
-    if (dummy == NULL) {
-        if (arenaOpt != NULL) {
-            PORT_ArenaRelease (arenaOpt, mark);
-            if (outItemOpt != NULL) {
-                outItemOpt->data = NULL;
-                outItemOpt->len = 0;
-            }
-        } else {
-            SECITEM_FreeItem (out_item,
-                              (outItemOpt == NULL) ? PR_TRUE : PR_FALSE);
-        }
-        return NULL;
-    }
-
-    if (arenaOpt != NULL)
-        PORT_ArenaUnmark (arenaOpt, mark);
-    out_item->len = out_len;
-    return out_item;
-}
-
-
-/*
- * XXX Everything below is deprecated.  If you add new stuff, put it
- * *above*, not below.
- */
-
-/*
- * XXX The following "ATOB" functions are provided for backward compatibility
- * with current code.  They should be considered strongly deprecated.
- * When we can convert all our code over to using the new NSSBase64Decoder_
- * functions defined above, we should get rid of these altogether.  (Remove
- * protoypes from base64.h as well -- actually, remove that file completely).
- * If someone thinks either of these functions provides such a very useful
- * interface (though, as shown, the same functionality can already be
- * obtained by calling NSSBase64_DecodeBuffer directly), fine -- but then
- * that API should be provided with a nice new NSSFoo name and using
- * appropriate types, etc.
- */
-
-#include "base64.h"
-
-/*
-** Return an PORT_Alloc'd string which is the base64 decoded version
-** of the input string; set *lenp to the length of the returned data.
-*/
-unsigned char *
-ATOB_AsciiToData(const char *string, unsigned int *lenp)
-{
-    SECItem binary_item, *dummy;
-
-    binary_item.data = NULL;
-    binary_item.len = 0;
-
-    dummy = NSSBase64_DecodeBuffer (NULL, &binary_item, string,
-                                    (PRUint32) PORT_Strlen(string));
-    if (dummy == NULL)
-        return NULL;
-
-    PORT_Assert(dummy == &binary_item);
-
-    *lenp = dummy->len;
-    return dummy->data;
-}
- 
-/*
-** Convert from ascii to binary encoding of an item.
-*/
-SECStatus
-ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
-{
-    SECItem *dummy;
-
-    if (binary_item == NULL) {
-        PORT_SetError (SEC_ERROR_INVALID_ARGS);
-        return SECFailure;
-    }
-
-    /*
-     * XXX Would prefer to assert here if data is non-null (actually,
-     * don't need to, just let NSSBase64_DecodeBuffer do it), so as to
-     * to catch unintended memory leaks, but callers are not clean in
-     * this respect so we need to explicitly clear here to avoid the
-     * assert in NSSBase64_DecodeBuffer.
-     */
-    binary_item->data = NULL;
-    binary_item->len = 0;
-
-    dummy = NSSBase64_DecodeBuffer (NULL, binary_item, ascii,
-                                    (PRUint32) PORT_Strlen(ascii));
-
-    if (dummy == NULL)
-        return SECFailure;
-
-    return SECSuccess;
-}