Update NSS to 3.21 RTM and NSPR to 4.11 RTM

nss/lib/softoken/sftkpwd.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /* 
  *  The following code handles the storage of PKCS 11 modules used by the
  * NSS. For the rest of NSS, only one kind of database handle exists:
  *
  *     SFTKDBHandle
  *
  * There is one SFTKDBHandle for the each key database and one for each cert 
@@ skipping 846 matching lines @@
 sftkdb_PWCached(SFTKDBHandle *keydb)
 {
     return keydb->passwordKey.data ? SECSuccess : SECFailure;
 }
 
 
 static CK_RV
 sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
                        CK_OBJECT_HANDLE id, SECItem *newKey)
 {
-    CK_RV crv = CKR_OK;
-    CK_RV crv2;
     CK_ATTRIBUTE authAttrs[] = {
         {CKA_MODULUS, NULL, 0},
         {CKA_PUBLIC_EXPONENT, NULL, 0},
         {CKA_CERT_SHA1_HASH, NULL, 0},
         {CKA_CERT_MD5_HASH, NULL, 0},
         {CKA_TRUST_SERVER_AUTH, NULL, 0},
         {CKA_TRUST_CLIENT_AUTH, NULL, 0},
         {CKA_TRUST_EMAIL_PROTECTION, NULL, 0},
         {CKA_TRUST_CODE_SIGNING, NULL, 0},
         {CKA_TRUST_STEP_UP_APPROVED, NULL, 0},
         {CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0},
     };
     CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE);
-    int i, count;
+    unsigned int i, count;
     SFTKDBHandle *keyHandle = handle;
     SDB *keyTarget = NULL;
 
     id &= SFTK_OBJ_ID_MASK;
 
     if (handle->type != SFTK_KEYDB_TYPE) {
         keyHandle = handle->peerDB;
     }
 
     if (keyHandle == NULL) {
         return CKR_OK;
     }
 
     /* old DB's don't have meta data, finished with MACs */
     keyTarget = SFTK_GET_SDB(keyHandle);
     if ((keyTarget->sdb_flags &SDB_HAS_META) == 0) {
         return CKR_OK;
     }
 
     /*
      * STEP 1: find the MACed attributes of this object 
      */
-    crv2 = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
+    (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
     count = 0;
     /* allocate space for the attributes */
     for (i=0; i < authAttrCount; i++) {
         if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)){
             continue;
         }
         count++;
         authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen);
         if (authAttrs[i].pValue == NULL) {
-            crv = CKR_HOST_MEMORY;
             break;
         }
     }
 
     /* if count was zero, none were found, finished with MACs */
     if (count == 0) {
         return CKR_OK;
     }
 
-    crv = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
+    (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
     /* ignore error code, we expect some possible errors */
 
     /* GetAttributeValue just verified the old macs, safe to write
      * them out then... */
     for (i=0; i < authAttrCount; i++) {
         SECItem *signText;
         SECItem plainText;
         SECStatus rv;
 
         if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)){
@@ skipping 26 matching lines @@
     CK_ATTRIBUTE *first, *last;
     CK_ATTRIBUTE privAttrs[] = {
         {CKA_VALUE, NULL, 0},
         {CKA_PRIVATE_EXPONENT, NULL, 0},
         {CKA_PRIME_1, NULL, 0},
         {CKA_PRIME_2, NULL, 0},
         {CKA_EXPONENT_1, NULL, 0},
         {CKA_EXPONENT_2, NULL, 0},
         {CKA_COEFFICIENT, NULL, 0} };
     CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE);
-    int i, count;
+    unsigned int i, count;
 
     /*
      * STEP 1. Read the old attributes in the clear.
      */
 
     /* Get the attribute sizes.
      *  ignore the error code, we will have unknown attributes here */
     crv2 = sftkdb_GetAttributeValue(keydb, id, privAttrs, privAttrCount);
 
     /*
@@ skipping 123 matching lines @@
  * must be called with the old key active.
  */
 CK_RV
 sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template, 
                         CK_ULONG count, SECItem *newKey)
 {
     SDBFind *find = NULL;
     CK_ULONG idCount = SFTK_MAX_IDS;
     CK_OBJECT_HANDLE ids[SFTK_MAX_IDS];
     CK_RV crv, crv2;
-    int i;
+    unsigned int i;
 
     crv = sftkdb_FindObjectsInit(handle, template, count, &find);
 
     if (crv != CKR_OK) {
         return crv;
     }
     while ((crv == CKR_OK) && (idCount == SFTK_MAX_IDS)) {
         crv = sftkdb_FindObjects(handle, find, ids, SFTK_MAX_IDS, &idCount);
         for (i=0; (crv == CKR_OK) && (i < idCount); i++) {
             crv = sftk_convertAttributes(handle, ids[i], newKey);
@@ skipping 113 matching lines @@
 
     keydb->newKey = NULL;
 
     sftkdb_switchKeys(keydb, &newKey);
 
 loser:
     if (newKey.data) {
         PORT_ZFree(newKey.data,newKey.len);
     }
     if (result) {
-        SECITEM_FreeItem(result, PR_FALSE);
+        SECITEM_FreeItem(result, PR_TRUE);
     }
     if (rv != SECSuccess) {
         (*keydb->db->sdb_Abort)(keydb->db);
     }
     
     return rv;
 }
 
 /*
  * lose our cached password
  */
 SECStatus
 sftkdb_ClearPassword(SFTKDBHandle *keydb)
 {
     SECItem oldKey;
     oldKey.data = NULL;
     oldKey.len = 0;
     sftkdb_switchKeys(keydb, &oldKey);
     if (oldKey.data) {
         PORT_ZFree(oldKey.data, oldKey.len);
     }
     return SECSuccess;
 }