1 files changed, 6 insertions, 5 deletions

diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index bcd9cf874..2b34b9519 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -4179,13 +4179,9 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	sid->u.ssl3.cipherSuite == ss->ssl3.hs.cipher_suite) do {
 	ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
 
-	PK11SlotInfo *slot;
-	PK11SymKey *  wrapKey;     /* wrapping key */
-	CK_FLAGS      keyFlags      = 0;
-
 	SECItem       wrappedMS;   /* wrapped master secret. */
 
-        ss->sec.authAlgorithm = sid->authAlgorithm;
+	ss->sec.authAlgorithm = sid->authAlgorithm;
 	ss->sec.authKeyBits   = sid->authKeyBits;
 	ss->sec.keaType       = sid->keaType;
 	ss->sec.keaKeyBits    = sid->keaKeyBits;
@@ -4196,6 +4192,10 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	 * c) key is unwrapped, and we're bypassing PKCS11.
 	 */
 	if (sid->u.ssl3.keys.msIsWrapped) {
+	    PK11SlotInfo *slot;
+	    PK11SymKey *  wrapKey;     /* wrapping key */
+	    CK_FLAGS      keyFlags      = 0;
+
 	    if (ss->opt.bypassPKCS11) {
 		/* we cannot restart a non-bypass session in a 
 		** bypass socket.
@@ -4246,6 +4246,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	} else {
 	    /* We CAN restart a bypass session in a non-bypass socket. */
 	    /* need to import the raw master secret to session object */
+	    PK11SlotInfo *slot = PK11_GetInternalSlot();
 	    wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
 	    wrappedMS.len  = sid->u.ssl3.keys.wrapped_master_secret_len;
 	    pwSpec->master_secret =