1 files changed, 16 insertions, 7 deletions

diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c
index 768c7c2..b32c8bc 100644
--- a/nss/lib/softoken/pkcs11.c
+++ b/nss/lib/softoken/pkcs11.c
@@ -1088,7 +1088,7 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
             }
             /* for ECDSA and EDDSA. Change if the structure of any of them is modified. */
             derive = (key_type == CKK_EC_EDWARDS) ? CK_FALSE : CK_TRUE; /* CK_TRUE for ECDH */
-            verify = CK_TRUE;                                           /* for ECDSA */
+            verify = CK_TRUE;                                           /* for ECDSA and EDDSA */
             encrypt = CK_FALSE;
             recover = CK_FALSE;
             wrap = CK_FALSE;
@@ -1285,8 +1285,10 @@ sftk_handlePrivateKeyObject(SFTKSession *session, SFTKObject *object, CK_KEY_TYP
             if (!sftk_hasAttribute(object, CKA_VALUE)) {
                 return CKR_TEMPLATE_INCOMPLETE;
             }
+            /* for ECDSA and EDDSA. Change if the structure of any of them is modified. */
+            derive = (key_type == CKK_EC_EDWARDS) ? CK_FALSE : CK_TRUE; /* CK_TRUE for ECDH */
+            sign = CK_TRUE;                                             /* for ECDSA and EDDSA */
             encrypt = CK_FALSE;
-            sign = CK_TRUE;
             recover = CK_FALSE;
             wrap = CK_FALSE;
             break;
@@ -3395,7 +3397,8 @@ sftk_getParameters(CK_C_INITIALIZE_ARGS *init_args, PRBool isFIPS,
                     if (libParams) {
                         /* memory allocated */
                         if (PR_Read(file_dc, libParams, len) == -1) {
-                            PR_Free(libParams);
+                            PORT_Free(libParams);
+                            libParams = NULL;
                         } else {
                             free_mem = PR_TRUE;
                             libParams[len] = '\0';
@@ -3407,7 +3410,7 @@ sftk_getParameters(CK_C_INITIALIZE_ARGS *init_args, PRBool isFIPS,
             }
         }
 
-        if (!libParams)
+        if (libParams == NULL)
             libParams = LIB_PARAM_DEFAULT;
 
     } else {
@@ -3424,7 +3427,7 @@ sftk_getParameters(CK_C_INITIALIZE_ARGS *init_args, PRBool isFIPS,
     crv = CKR_OK;
 loser:
     if (free_mem)
-        PR_Free(libParams);
+        PORT_Free(libParams);
 
     return crv;
 }
@@ -4803,8 +4806,14 @@ NSC_CreateObject(CK_SESSION_HANDLE hSession,
     if (object == NULL) {
         return CKR_HOST_MEMORY;
     }
-    object->isFIPS = PR_FALSE; /* if we created the object on the fly,
-                                * it's not a FIPS object */
+
+    /*
+     * sftk_NewObject will set object->isFIPS to PR_TRUE if the slot is FIPS.
+     * We don't need to worry about that here, as FC_CreateObject will always
+     * disallow the import of secret and private keys, regardless of isFIPS
+     * approval status. Therefore, at this point we know that the key is a
+     * public key, which is acceptable to be imported in plaintext.
+     */
 
     /*
      * load the template values into the object