Opened 3 months ago

Last modified 9 days ago

#29241 merge_ready defect

NSS SSL_ExportKeyingMaterial failing

Reported by: sysrqb Owned by: nickm
Priority: High Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version: Tor: 0.3.5.1-alpha
Severity: Normal Keywords: regression, 035-backport, 040-must, spec, teor-merge, 040-backport, consider-backport-after-0405
Cc: Actual Points: 1.7
Parent ID: Points: 2
Reviewer: Sponsor:

Description

Possibly similar/related to #28616/#28973.

[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )
[warn] Couldn't send authenticate cell
[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent.
[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )
[warn] Couldn't send authenticate cell
[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )
[warn] Couldn't send authenticate cell
[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )
[warn] Couldn't send authenticate cell
[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )
[warn] Couldn't send authenticate cell
[notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
[notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
[notice] Bootstrapped 90% (ap_handshake_done): Handshake fininshed with a relay to build circuits
[notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )
[warn] Couldn't send authenticate cell
[notice] Bootstrapped 100% (done): Done
[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )
[warn] Couldn't send authenticate cell
[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )
[warn] Couldn't send authenticate cell
[warn] connection_or_compute_authenticate_cell_body(): Bug: TLS key export failed for unknown reason. (on Tor 0.4.0.1-alpha )

Reported by Alex on tor-relays@ - https://lists.torproject.org/pipermail/tor-relays/2019-January/016890.html

Child Tickets

Change History (18)

comment:1 Changed 3 months ago by nickm

Keywords: regression 035-backport? added
Milestone: Tor: 0.4.0.x-final

comment:2 Changed 2 months ago by nickm

Keywords: 040-must added

Marking tickets as 040-must based on triage with dgoulet.

comment:3 Changed 2 months ago by nickm

Keywords: spec added
Priority: MediumHigh

comment:4 Changed 2 months ago by nickm

Owner: set to nickm
Status: newaccepted

comment:5 Changed 2 months ago by nickm

Points: 2

comment:6 Changed 4 weeks ago by nickm

Strangely, I can't reproduce this with chutney, but it reproduces immediately if I run with an orport -- even an unreachable one.

comment:7 Changed 4 weeks ago by nickm

Ah. The reason I could not reproduce this is that it does not happen with TLS 1.3. The error code here is SEC_ERROR_LIBRARY_FAILURE, apparently set by ssl3_TLSPRFWithMasterSecret in NSS.

Looking at the source code of that function, this error is possible in these cases:

  • No master secret has been negotiated yet.
  • TLS 1.2 is in use, and the PRF hash is something other than SHA256.

The second case seems likelier.

comment:8 Changed 4 weeks ago by nickm

Ooh. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 seems to be the ciphersuite in these failing cases. I wonder...

comment:9 Changed 4 weeks ago by nickm

Actual Points: 1.5
Status: acceptedneeds_review

Aha. There is a bug (or a missing feature?) in NSS where you can't use SSL_ExportKeyingMaterial() with a TLS1.2 ciphersuite that uses SHA384 as its PRF hash: https://bugzilla.mozilla.org/show_bug.cgi?id=1312976 .

See branch ticket29241_040 with PR at https://github.com/torproject/tor/pull/869

comment:10 Changed 3 weeks ago by asn

Reviewer: catalyst

comment:11 Changed 3 weeks ago by asn

Reviewer: catalystteor

comment:12 Changed 3 weeks ago by teor

Reviewer: teor

I don't need to be the reviewer on this task: someone else who is less busy can do it. Or it can just wait.

comment:13 Changed 3 weeks ago by asn

Status: needs_reviewmerge_ready

Good find. LGTM!

comment:14 Changed 3 weeks ago by nickm

Keywords: teor-merge added

comment:15 Changed 3 weeks ago by teor

Keywords: consider-backport-after-0405-alpha 035-backport 040-backport added; 035-backport? removed
Milestone: Tor: 0.4.0.x-finalTor: 0.3.5.x-final
Version: Tor: 0.3.5.1-alpha

This change seems simple enough to backport to 0.3.5, and it also seems important to fix. (Although there aren't that many NSS relays out there.)

I backported to 0.3.5 and fixed the bugfix version in a changes file:
https://github.com/torproject/tor/pull/911

I'll merge to 0.4.0 and later once CI passes on 0.3.5.

comment:16 Changed 3 weeks ago by teor

Milestone: Tor: 0.3.5.x-finalTor: 0.4.1.x-final

Oops, this should still be in 0.4.1.

comment:17 Changed 3 weeks ago by teor

Actual Points: 1.51.7
Milestone: Tor: 0.4.1.x-finalTor: 0.3.5.x-final

Merged to 0.4.0 and later.

Added a commit to master:
practracker: accept 6 extra lines in tortls_nss.c:tor_tls_context_new()

comment:18 Changed 9 days ago by teor

Keywords: consider-backport-after-0405 added; consider-backport-after-0405-alpha removed

Drop the -alpha from backport tags

Note: See TracTickets for help on using tickets.