2 files changed, 7 insertions, 10 deletions

diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index 02db85b6bf..9e126465fc 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -526,16 +526,16 @@ PK11_ImportDataKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, PK11Origin origin
         return NULL;
     }
     handle = PK11_GetObjectHandle(PK11_TypeGeneric, genObject, NULL);
-    if (handle == CK_INVALID_HANDLE) {
-        return NULL;
-    }
     /* A note about ownership of the PKCS #11 handle:
      * PK11_CreateGenericObject() will not destroy the object it creates
      * on Free, For that you want PK11_CreateManagedGenericObject().
      * Below we import the handle into the symKey structure. We pass
      * PR_TRUE as the owner so that the symKey will destroy the object
-     * once it's freed. This is way it's safe to free now. */
+     * once it's freed. This is why it's safe to destroy genObject now. */
     PK11_DestroyGenericObject(genObject);
+    if (handle == CK_INVALID_HANDLE) {
+        return NULL;
+    }
     return PK11_SymKeyFromHandle(slot, NULL, origin, type, handle, PR_TRUE, wincx);
 }
 
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index 90a429d952..e4c7a7329e 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -94,8 +94,7 @@ static PK11SlotList
     pk11_tlsSlotList,
     pk11_randomSlotList,
     pk11_sha256SlotList,
-    pk11_sha512SlotList, /* slots do SHA512 and SHA384 */
-    pk11_kyberSlotList;
+    pk11_sha512SlotList; /* slots do SHA512 and SHA384 */
 
 /************************************************************
  * Generic Slot List and Slot List element manipulations
@@ -850,7 +849,6 @@ PK11_InitSlotLists(void)
     pk11_InitSlotListStatic(&pk11_randomSlotList);
     pk11_InitSlotListStatic(&pk11_sha256SlotList);
     pk11_InitSlotListStatic(&pk11_sha512SlotList);
-    pk11_InitSlotListStatic(&pk11_kyberSlotList);
     return SECSuccess;
 }
 
@@ -877,7 +875,6 @@ PK11_DestroySlotLists(void)
     pk11_FreeSlotListStatic(&pk11_randomSlotList);
     pk11_FreeSlotListStatic(&pk11_sha256SlotList);
     pk11_FreeSlotListStatic(&pk11_sha512SlotList);
-    pk11_FreeSlotListStatic(&pk11_kyberSlotList);
     return;
 }
 
@@ -947,6 +944,8 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type)
         case CKM_ECDSA_SHA1:
         case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
         case CKM_ECDH1_DERIVE:
+        case CKM_NSS_KYBER_KEY_PAIR_GEN: /* Bug 1893029 */
+        case CKM_NSS_KYBER:
             return &pk11_ecSlotList;
         case CKM_SSL3_PRE_MASTER_KEY_GEN:
         case CKM_SSL3_MASTER_KEY_DERIVE:
@@ -962,8 +961,6 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type)
             return &pk11_ideaSlotList;
         case CKM_FAKE_RANDOM:
             return &pk11_randomSlotList;
-        case CKM_NSS_KYBER_KEY_PAIR_GEN:
-            return &pk11_kyberSlotList;
     }
     return NULL;
 }