$OpenBSD$

index 6fa4e4e..bd7c4bd 100644
--- security/nss/lib/softoken/pkcs11.c.orig	Fri Feb 20 15:40:39 2015
+++ security/nss/lib/softoken/pkcs11.c	Fri Feb 20 15:40:39 2015
@@ -969,6 +969,17 @@ sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
     }
     object->infoFree = (SFTKFree) nsslowkey_DestroyPublicKey;
 
+    /* Check that an imported EC key is valid */
+    if (key_type == CKK_EC) {
+      NSSLOWKEYPublicKey *pubKey = (NSSLOWKEYPublicKey*) object->objectInfo;
+      SECStatus rv = EC_ValidatePublicKey(&pubKey->u.ec.ecParams,
+                                          &pubKey->u.ec.publicValue);
+
+      if (rv != SECSuccess) {
+        return CKR_TEMPLATE_INCONSISTENT;
+      }
+    }
+
     if (sftk_isTrue(object,CKA_TOKEN)) {
 	SFTKSlot *slot = session->slot;
 	SFTKDBHandle *certHandle = sftk_getCertDB(slot);