backout bug 835919, backout bug 850905
authorElio Maldonado <emaldona@redhat.com>
Wed, 10 Apr 2013 12:22:57 -0700
changeset 10729 7d72e33ef88f31883f5c2cea84d262ececd81ee0
parent 10728 351b2d508a32b42e2a3bd70f4537953aa12fe0ca
child 10730 2380cf2250c443b4aa37d927eda21ac066c98bbf
push id39
push useremaldona@redhat.com
push dateWed, 10 Apr 2013 19:23:18 +0000
bugs835919, 850905
backout bug 835919, backout bug 850905
cmd/Makefile
cmd/manifest.mn
cmd/platlibs.mk
cmd/shlibsign/shlibsign.c
lib/Makefile
lib/manifest.mn
tests/cipher/cipher.sh
tests/common/init.sh
tests/fips/fips.sh
--- a/cmd/Makefile
+++ b/cmd/Makefile
@@ -9,24 +9,16 @@ DEPTH = ..
 
 include manifest.mn
 include $(CORE_DEPTH)/coreconf/config.mk
 
 ifdef BUILD_LIBPKIX_TESTS
 DIRS += libpkix
 endif
 
-ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
-BLTEST_SRCDIR=
-FIPSTEST_SRCDIR=
-else
-BLTEST_SRCDIR   = bltest
-FIPSTEST_SRCDIR = fipstest
-endif
-
 LOWHASHTEST_SRCDIR=
 ifeq ($(FREEBL_LOWHASH),1)
 LOWHASHTEST_SRCDIR = lowhashtest  # Add the lowhashtest directory to DIRS.
 endif
 
 INCLUDES += \
 	-I$(DIST)/../public/security \
 	-I./include \
--- a/cmd/manifest.mn
+++ b/cmd/manifest.mn
@@ -6,29 +6,29 @@
 DEPTH	= ..
 # MODULE	= seccmd
 
 REQUIRES = nss nspr libdbm
 
 DIRS = lib  \
  addbuiltin \
  atob  \
- $(BLTEST_SRCDIR) \
+ bltest \
  btoa  \
  certcgi \
  certutil  \
  checkcert  \
  chktest  \
  crlutil  \
  crmftest \
  dbtest \
  derdump  \
  digest  \
  httpserv  \
- $(FIPSTEST_SRCDIR)  \
+ fipstest  \
  $(LOWHASHTEST_SRCDIR)  \
  listsuites \
  makepqg  \
  multinit \
  ocspclnt  \
  ocspresp \
  oidcalc  \
  p7content  \
--- a/cmd/platlibs.mk
+++ b/cmd/platlibs.mk
@@ -31,28 +31,17 @@ DBMLIB = $(NULL)
 else
 DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) 
 endif
 
 ifdef USE_STATIC_LIBS
 
 DEFINES += -DNSS_USE_STATIC_LIBS
 # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
-ifndef USE_SYSTEM_FREEBL
-CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
-SOFTOKENLIB=$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
-else
-# Use the system freebl and softoken libraries
-CRYPTOLIB=$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
-SOFTOKENLIB=
-EXTRA_SHARED_LIBS += \
-	-L$(SOFTOKEN_LIB_DIR) \
-	-lsoftokn3 \
-	$(NULL)
-endif
+CRYPTOLIB=$(SOFTOKEN_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
 
 PKIXLIB = \
 	$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkixutil.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkixsystem.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkixcrlsel.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkixmodule.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkixstore.$(LIB_SUFFIX) \
@@ -73,17 +62,17 @@ EXTRA_LIBS += \
 	$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
-	$(SOFTOKENLIB) \
+	$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
 	$(CRYPTOLIB) \
 	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
 	$(PKIXLIB) \
 	$(DBMLIB) \
 	$(DIST)/lib/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
@@ -108,17 +97,17 @@ EXTRA_LIBS += \
 	$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
-	$(SOFTOKENLIB) \
+	$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
 	$(CRYPTOLIB) \
 	$(DBMLIB) \
 	$(PKIXLIB) \
 	$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
@@ -191,32 +180,18 @@ EXTRA_SHARED_LIBS += \
 	-lnssutil3 \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \
 	-lnspr4 \
 	$(NULL)
 endif
 
-ifdef SOFTOKEN_LIB_DIR
-ifdef NSS_USE_SYSTEM_FREEBL
-EXTRA_SHARED_LIBS += -L$(SOFTOKEN_LIB_DIR) -lsoftokn3
-endif
-endif
-
 endif # USE_STATIC_LIBS
 
-# If a platform has a system freebl, set USE_SYSTEM_FREEBL to 1 and
-# FREEBL_LIBS to the linker command-line arguments for the system nss-util
-# (for example, -lfreebl3 on fedora) in the platform's config file in coreconf.
-ifdef NSS_USE_SYSTEM_FREEBL
-FREEBL_LIBS = $(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
-EXTRA_LIBS += $(FREEBL_LIBS)
-endif
-
 # If a platform has a system zlib, set USE_SYSTEM_ZLIB to 1 and
 # ZLIB_LIBS to the linker command-line arguments for the system zlib
 # (for example, -lz) in the platform's config file in coreconf.
 ifndef USE_SYSTEM_ZLIB
 ZLIB_LIBS = $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX)
 endif
 
 JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX)
--- a/cmd/shlibsign/shlibsign.c
+++ b/cmd/shlibsign/shlibsign.c
@@ -44,32 +44,31 @@
 #include "plstr.h"
 #include "prerror.h"
 
 /* softoken headers */
 #include "pkcs11.h"
 #include "pkcs11t.h"
 
 /* freebl headers */
-#include "blapit.h"
 #include "shsign.h"
 
 #define NUM_ELEM(array) (sizeof(array)/sizeof(array[0]))
 CK_BBOOL true = CK_TRUE;
 CK_BBOOL false = CK_FALSE;
 static PRBool verbose = PR_FALSE;
 
 static void
 usage (const char *program_name)
 {
     PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
     PR_fprintf (debug_out,
                 "type %s -H for more detail information.\n", program_name);
     PR_fprintf (debug_out,
-                "Usage: %s [-v] [-V] [-k keysize] [-o outfile] [-d dbdir] [-f pwfile]\n"
+                "Usage: %s [-v] [-V] [-o outfile] [-d dbdir] [-f pwfile]\n"
                 "          [-F] [-p pwd] -[P dbprefix ] "
                 "-i shared_library_name\n",
                 program_name);
     exit(1);
 }
 
 static void 
 long_usage(const char *program_name) 
@@ -80,17 +79,16 @@ long_usage(const char *program_name)
     PR_fprintf(debug_out, "\t-o <outfile> checksum outfile\n");
     PR_fprintf(debug_out, "\t-d <path>    database path location\n");
     PR_fprintf(debug_out, "\t-P <prefix>  database prefix\n");
     PR_fprintf(debug_out, "\t-f <file>    password File : echo pw > file \n");
     PR_fprintf(debug_out, "\t-F           FIPS mode\n"); 
     PR_fprintf(debug_out, "\t-p <pwd>     password\n");
     PR_fprintf(debug_out, "\t-v           verbose output\n");
     PR_fprintf(debug_out, "\t-V           perform Verify operations\n");
-    PR_fprintf(debug_out, "\t-k <key_size>  key size in bits, default 2048\n");
     PR_fprintf(debug_out, "\t-?           short help message\n");
     PR_fprintf(debug_out, "\t-h           short help message\n");
     PR_fprintf(debug_out, "\t-H           this help message\n");
     PR_fprintf(debug_out, "\n\n\tNote: Use of FIPS mode requires your ");
     PR_fprintf(debug_out, "library path is using \n");
     PR_fprintf(debug_out, "\t      pre-existing libraries with generated ");
     PR_fprintf(debug_out, "checksum files\n");
     PR_fprintf(debug_out, "\t      and database in FIPS mode \n");
@@ -722,26 +720,23 @@ int main(int argc, char **argv)
     CK_TOKEN_INFO tokenInfo;
     CK_FUNCTION_LIST_PTR pFunctionList = NULL;
     CK_RV crv = CKR_OK;
     CK_SESSION_HANDLE hRwSession;
     CK_SLOT_ID *pSlotList = NULL;
     CK_ULONG slotIndex = 0; 
     CK_MECHANISM digestmech;
     CK_ULONG digestLen = 0;
-    CK_BYTE digest[HASH_LENGTH_MAX];
-    CK_BYTE sign[DSA_MAX_SIGNATURE_LEN];
+    CK_BYTE digest[32]; /* SHA256_LENGTH */
+    CK_BYTE sign[64];   /* DSA SIGNATURE LENGTH */
     CK_ULONG signLen = 0 ;
     CK_MECHANISM signMech = {
         CKM_DSA, NULL, 0
     };
 
-    int expectedDigestLen;
-    int expectedSignatureLen;
-
     /*** DSA Key ***/
 
     CK_MECHANISM dsaKeyPairGenMech;
     CK_ATTRIBUTE dsaPubKeyTemplate[5];
     CK_ATTRIBUTE dsaPrivKeyTemplate[5];
     CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
     CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
 
@@ -913,28 +908,20 @@ int main(int argc, char **argv)
 
 	if (keySize && (mechInfo.ulMaxKeySize < keySize)) {
 	    PR_fprintf(PR_STDERR, 
 		"token doesn't support DSA2 (Max key size=%d)\n", 
 		mechInfo.ulMaxKeySize);
 	    goto cleanup;
 	}
 
-	if (keySize == 0) {
-	    if (mechInfo.ulMaxKeySize >=2048) {
-		keySize = 2048;
-	    } else {
-		keySize = 1024;
-	    }
-	}
-	if (keySize > mechInfo.ulMaxKeySize) {
-	    PR_fprintf(PR_STDERR, 
-		"Requested key size of %d bits exceeds the mechanism's maximum key size of %d bits\n",
-		keySize, mechInfo.ulMaxKeySize);
-	    goto cleanup;
+	if ((keySize == 0) && mechInfo.ulMaxKeySize >=2048 ) {
+	    keySize = 2048;
+	} else {
+	    keySize = 1024;
 	}
     }
 
     /* DSA key init */
     if (keySize == 1024) {
 	dsaPubKeyTemplate[0].type       = CKA_PRIME;
 	dsaPubKeyTemplate[0].pValue     = (CK_VOID_PTR) &prime;
 	dsaPubKeyTemplate[0].ulValueLen = sizeof(prime);
@@ -942,40 +929,32 @@ int main(int argc, char **argv)
 	dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR) &subprime;
 	dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime);
 	dsaPubKeyTemplate[2].type = CKA_BASE;
 	dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR) &base;
 	dsaPubKeyTemplate[2].ulValueLen = sizeof(base);
 	digestmech.mechanism = CKM_SHA_1;
 	digestmech.pParameter = NULL;
 	digestmech.ulParameterLen = 0;
-
-	expectedDigestLen = SHA1_LENGTH;
-	expectedSignatureLen = sizeof(subprime)*2;   /* length of q*2 */;
-
     } else if (keySize == 2048) {
 	dsaPubKeyTemplate[0].type       = CKA_PRIME;
 	dsaPubKeyTemplate[0].pValue     = (CK_VOID_PTR) &prime2;
 	dsaPubKeyTemplate[0].ulValueLen = sizeof(prime2);
 	dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
 	dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR) &subprime2;
 	dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime2);
 	dsaPubKeyTemplate[2].type = CKA_BASE;
 	dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR) &base2;
 	dsaPubKeyTemplate[2].ulValueLen = sizeof(base2);
 	digestmech.mechanism = CKM_SHA256;
 	digestmech.pParameter = NULL;
 	digestmech.ulParameterLen = 0;
-
-	expectedDigestLen = SHA256_LENGTH;
-	expectedSignatureLen = sizeof(subprime2)*2; /* length of q*2 */
-
     } else {
 	/* future - generate pqg */
-        PR_fprintf(PR_STDERR, "Only keysizes 1024 and 2048 are supported\n");
+        PR_fprintf(PR_STDERR, "Only keysizes 1024 and 2048 are supported");
 	goto cleanup;
     }
     dsaPubKeyTemplate[3].type = CKA_TOKEN;
     dsaPubKeyTemplate[3].pValue = &false; /* session object */
     dsaPubKeyTemplate[3].ulValueLen = sizeof(false);
     dsaPubKeyTemplate[4].type = CKA_VERIFY;
     dsaPubKeyTemplate[4].pValue = &true;
     dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
@@ -1120,19 +1099,19 @@ int main(int argc, char **argv)
     digestLen = sizeof(digest);
     crv = pFunctionList->C_DigestFinal(hRwSession, (CK_BYTE_PTR)digest,
                                        &digestLen);
     if (crv != CKR_OK) {
         pk11error("C_DigestFinal failed", crv);
         goto cleanup;
     }
 
-    if (digestLen != expectedDigestLen) {
+    if (digestLen != sizeof(digest)) {
         PR_fprintf(PR_STDERR, "digestLen has incorrect length %lu "
-                "it should be %lu \n",digestLen, expectedDigestLen);
+                "it should be %lu \n",digestLen, sizeof(digest));
         goto cleanup;
     }
 
     /* sign the hash */
     memset(sign, 0, sizeof(sign));
     /* SignUpdate  */
     crv = pFunctionList->C_SignInit(hRwSession, &signMech, hDSAprivKey);
     if (crv != CKR_OK) {
@@ -1143,19 +1122,19 @@ int main(int argc, char **argv)
     signLen = sizeof(sign);
     crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE * ) digest, digestLen,
                                 sign, &signLen);
     if (crv != CKR_OK) {
         pk11error("C_Sign failed", crv);
         goto cleanup;
     }
 
-    if (signLen != expectedSignatureLen) {
+    if (signLen != sizeof(sign)) {
         PR_fprintf(PR_STDERR, "signLen has incorrect length %lu "
-                    "it should be %lu \n", signLen, expectedSignatureLen);
+                    "it should be %lu \n", signLen, sizeof(sign));
         goto cleanup;
     }
 
     if (verify) {
         crv = pFunctionList->C_VerifyInit(hRwSession, &signMech, hDSApubKey);
         if (crv != CKR_OK) {
             pk11error("C_VerifyInit failed", crv);
             goto cleanup;
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -57,19 +57,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
 #######################################################################
 
 
 
 #######################################################################
 # (7) Execute "local" rules. (OPTIONAL).                              #
 #######################################################################
 
-ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
-# Not included when building nss without softoken
-UTIL_SRCDIR=
-FREEBL_SRCDIR=
-SOFTOKEN_SRCDIR=
-else
-# default is to include all
-UTIL_SRCDIR = util
-FREEBL_SRCDIR = freebl
-SOFTOKEN_SRCDIR = softoken
-endif
--- a/lib/manifest.mn
+++ b/lib/manifest.mn
@@ -11,17 +11,17 @@ DEPTH      = ..
 #  softoken and prereqs.
 #  stan (not a separate dll yet)
 #  libpkix (not a separate dll)
 #  nss base (traditional)
 #  ssl
 #  smime
 #  ckfw (builtins module)
 #  crmf jar (not dll's)
-DIRS = $(UTIL_SRCDIR) $(FREEBL_SRCDIR) $(SQLITE_SRCDIR) $(SOFTOKEN_SRCDIR) \
+DIRS =  util freebl $(SQLITE_SRCDIR) $(DBM_SRCDIR) softoken \
 	base dev pki \
 	libpkix \
 	certdb certhigh pk11wrap cryptohi nss \
 	$(ZLIB_SRCDIR) ssl \
 	pkcs12 pkcs7 smime \
 	crmf jar \
 	ckfw $(SYSINIT_SRCDIR) \
 	$(NULL)
--- a/tests/cipher/cipher.sh
+++ b/tests/cipher/cipher.sh
@@ -61,26 +61,23 @@ cipher_main()
   do
       if [ -n "$EXP_RET" -a "$EXP_RET" != "#" ] ; then
           PARAM=`echo $PARAM | sed -e "s/_-/ -/g"`
           TESTNAME=`echo $TESTNAME | sed -e "s/_/ /g"`
           echo "$SCRIPTNAME: $TESTNAME --------------------------------"
           failedStr=""
           inOff=0
           res=0
-          # If built nss without softoken use the system installed bltest tool. 
-          # The FREEBL_BINDIR location is plaform dependent. See the comments
-          # regarding this location in nss/tests/common/init.sh. 
           while [ $inOff -lt 8 ]
           do
              outOff=0
              while [ $outOff -lt 8 ]
              do
                  echo "bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff"
-                 ${PROFTOOL} ${FREBL_BINDIR}/bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff
+                 ${PROFTOOL} ${BINDIR}/bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff
                  if [ $? -ne 0 ]; then
                      failedStr="$failedStr[$inOff:$outOff]"
                  fi
                  outOff=`expr $outOff + 1`
              done
              inOff=`expr $inOff + 1`
           done
           if [ -n "$failedStr" ]; then
@@ -118,20 +115,12 @@ cipher_cleanup()
 {
   html "</TABLE><BR>"
   cd ${QADIR}
   . common/cleanup.sh
 }
 
 ################## main #################################################
 
-# When building without softoken, bltest isn't built. It was already
-# built and the cipher suite run as part of an nss-softoken build. 
-if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then
-    echo "bltest not built, skipping this test." >> ${LOGFILE}
-    res = 0
-    html_msg $res $EXP_RET "$TESTNAME"
-    return 0
-fi
 cipher_init
 cipher_main
 cipher_gcm
 cipher_cleanup
--- a/tests/common/init.sh
+++ b/tests/common/init.sh
@@ -642,19 +642,11 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOU
         IOPR=1
     fi
     #################################################
 
     if [ "${OS_ARCH}" != "WINNT" -a "${OS_ARCH}" != "Android" ]; then
         ulimit -c unlimited
     fi 
 
-    #################################################################
-    # If we built nss without softoken use the system installed tool.
-    # Fedora, for example, uses /usr/lib${ARCH}/unsupported-tools but
-    # other platform may place the system installed tests somewhere else.
-    # The FREEBL_BINDIR environment variable will have been set by the
-    # package maintainer.
-    #
-    FREEBL_BINDIR = [ ${NSS_BUILD_WITHOUT_SOFTOKEN} = "1" ] && ${FREEBL_BINDIR} || ${BINDIR}
     SCRIPTNAME=$0
     INIT_SOURCED=TRUE   #whatever one does - NEVER export this one please
 fi
--- a/tests/fips/fips.sh
+++ b/tests/fips/fips.sh
@@ -218,32 +218,19 @@ fips_140()
   LIBDIR="${DIST}/${OBJDIR}/lib"
   MANGLEDIR="${FIPSDIR}/mangle"
    
   # There are different versions of cp command on different systems, some of them 
   # copies only symlinks, others doesn't have option to disable links, so there
   # is needed to copy files one by one. 
   echo "mkdir ${MANGLEDIR}"
   mkdir ${MANGLEDIR}
-  # When building nss without softoken use the system installed softoken library located
-  # in SOFTOKEN_LIB_DIR. This variable will have been set by the nss package mainainer.
-  # Fedora, for example, installs it in /usr/lib${ARCH} but other platforms may place
-  # the libraries in a different location. 
   for lib in `ls ${LIBDIR}`; do
-    # Only softoken is used in the mangling test
-    if [ ${lib} = ${DLL_PREFIX}softokn3.so ]; then
-      if [ ${NSS_BUILD_WITHOUT_SOFTOKEN} = "1" ]; then
-        # use the system installed softoken library
-        echo "cp ${SOFTOKEN_LIB_DIR}/${lib} ${MANGLEDIR}"
-        cp ${SOFTOKEN_LIB_DIR}/${lib} ${MANGLEDIR}
-      else
-        echo "cp ${LIBDIR}/${lib} ${MANGLEDIR}"
-        cp ${LIBDIR}/${lib} ${MANGLEDIR}
-      fi
-    fi
+    echo "cp ${LIBDIR}/${lib} ${MANGLEDIR}"
+    cp ${LIBDIR}/${lib} ${MANGLEDIR}
   done
     
   echo "$SCRIPTNAME: Detect mangled softoken--------------------------"
   SOFTOKEN=${MANGLEDIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX}
 
   echo "mangling ${SOFTOKEN}"
   echo "mangle -i ${SOFTOKEN} -o -8 -b 5"
   ${BINDIR}/mangle -i ${SOFTOKEN} -o -8 -b 5 2>&1