diff -pu a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c
--- a/nss/lib/ssl/sslinfo.c	2014-01-17 17:49:26.072517368 -0800
+++ b/nss/lib/ssl/sslinfo.c	2014-01-17 18:00:29.773545219 -0800
@@ -350,8 +350,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
 	return SECFailure;
     }
 
+    ssl_GetRecvBufLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
     if (ss->version < SSL_LIBRARY_VERSION_3_1_TLS) {
 	PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION);
+	ssl_ReleaseSSL3HandshakeLock(ss);
+	ssl_ReleaseRecvBufLock(ss);
 	return SECFailure;
     }
 
@@ -362,13 +367,17 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
     }
     val = PORT_Alloc(valLen);
     if (!val) {
+	ssl_ReleaseSSL3HandshakeLock(ss);
+	ssl_ReleaseRecvBufLock(ss);
 	return SECFailure;
     }
     i = 0;
+
     PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
     i += SSL3_RANDOM_LENGTH;
     PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
     i += SSL3_RANDOM_LENGTH;
+
     if (hasContext) {
 	val[i++] = contextLen >> 8;
 	val[i++] = contextLen;
@@ -389,6 +398,8 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
 					 valLen, out, outLen);
     }
     ssl_ReleaseSpecReadLock(ss);
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_ReleaseRecvBufLock(ss);
 
     PORT_ZFree(val, valLen);
     return rv;