[tor-bugs] #29241 [Core Tor/Tor]: NSS SSL_ExportKeyingMaterial failing

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Mar 29 16:50:01 UTC 2019


#29241: NSS SSL_ExportKeyingMaterial failing
-------------------------------------------------+-------------------------
 Reporter:  sysrqb                               |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  accepted
 Priority:  High                                 |      Milestone:  Tor:
                                                 |  0.4.0.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  regression, 035-backport?,           |  Actual Points:
  040-must, spec                                 |
Parent ID:                                       |         Points:  2
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by nickm):

 Ah.  The reason I could not reproduce this is that it does not happen with
 TLS 1.3.  The error code here is `SEC_ERROR_LIBRARY_FAILURE`, apparently
 set by `ssl3_TLSPRFWithMasterSecret` in NSS.

 Looking at the source code of that function, this error is possible in
 these cases:
   * No master secret has been negotiated yet.
   * TLS 1.2 is in use, and the PRF hash is something other than SHA256.

 The second case seems likelier.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29241#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list