Update NSPR to 4.12 and NSS to 3.23 on iOS

nss/lib/pk11wrap/pk11load.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * The following handles the loading, unloading and management of
  * various PCKS #11 modules
  */
 #define FORCE_PR_LOG 1
 #include "seccomon.h"
 #include "pkcs11.h"
@@ skipping 480 matching lines @@
     }
 
     /*
      * We need to get the function list
      */
     if ((*entry)((CK_FUNCTION_LIST_PTR *)&mod->functionList) != CKR_OK) 
                                                                 goto fail;
 
 #ifdef DEBUG_MODULE
     if (PR_TRUE) {
-        modToDBG = PR_GetEnv("NSS_DEBUG_PKCS11_MODULE");
+        modToDBG = PR_GetEnvSecure("NSS_DEBUG_PKCS11_MODULE");
         if (modToDBG && strcmp(mod->commonName, modToDBG) == 0) {
             mod->functionList = (void *)nss_InsertDeviceLog(
                                    (CK_FUNCTION_LIST_PTR)mod->functionList);
         }
     }
 #endif
 
     mod->isThreadSafe = PR_TRUE;
 
     /* Now we initialize the module */
@@ skipping 71 matching lines @@
     
     mod->loaded = PR_TRUE;
     mod->moduleID = nextModuleID++;
     return SECSuccess;
 fail2:
     if (enforceAlreadyInitializedError || (!alreadyLoaded)) {
         PK11_GETTAB(mod)->C_Finalize(NULL);
     }
 fail:
     mod->functionList = NULL;
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
     if (library && !disableUnload) {
         PR_UnloadLibrary(library);
     }
     return SECFailure;
 }
 
 SECStatus
 SECMOD_UnloadModule(SECMODModule *mod) {
     PRLibrary *library;
     char *disableUnload = NULL;
 
     if (!mod->loaded) {
         return SECFailure;
     }
     if (finalizeModules) {
         if (mod->functionList &&!mod->moduleDBOnly) {
             PK11_GETTAB(mod)->C_Finalize(NULL);
         }
     }
     mod->moduleID = 0;
     mod->loaded = PR_FALSE;
     
     /* do we want the semantics to allow unloading the internal library?
      * if not, we should change this to SECFailure and move it above the
      * mod->loaded = PR_FALSE; */
     if (mod->internal && (mod->dllName == NULL)) {
 #ifndef NSS_STATIC
         if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
           if (softokenLib) {
-              disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+              disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
               if (!disableUnload) {
 #ifdef DEBUG
                   PRStatus status = PR_UnloadLibrary(softokenLib);
                   PORT_Assert(PR_SUCCESS == status);
 #else
                   PR_UnloadLibrary(softokenLib);
 #endif
               }
               softokenLib = NULL;
           }
           loadSoftokenOnce = pristineCallOnce;
         }
 #endif
         return SECSuccess;
     }
 
     library = (PRLibrary *)mod->library;
     /* paranoia */
     if (library == NULL) {
 #if defined(NSS_STATIC) && !defined(NSS_DISABLE_ROOT_CERTS)
         if (strstr(mod->dllName, "nssckbi") != NULL) {
             return SECSuccess;
         }
 #endif
         return SECFailure;
     }
 
-    disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
     if (!disableUnload) {
         PR_UnloadLibrary(library);
     }
     return SECSuccess;
 }
 
 void
 nss_DumpModuleLog(void)
 {
 #ifdef DEBUG_MODULE
     if (modToDBG) {
         print_final_statistics();
     }
 #endif
 }