Index: third_party/tlslite/tlslite/mathtls.py |
diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslite/mathtls.py |
index 60a331ab90f66ebe26bb2171b6dad697884bdc15..0a23fe192fa805c27f23fd89d6c38d949328c061 100644 |
--- a/third_party/tlslite/tlslite/mathtls.py |
+++ b/third_party/tlslite/tlslite/mathtls.py |
@@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length): |
index += 1 |
return bytes |
-def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom): |
+def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom, |
+ handshakeHash, useExtendedMasterSecret): |
+ label = b"master secret" |
+ seed = clientRandom + serverRandom |
+ if useExtendedMasterSecret: |
+ label = b"extended master secret" |
+ seed = handshakeHash |
+ |
if version == (3,0): |
- masterSecret = PRF_SSL(premasterSecret, |
- clientRandom + serverRandom, 48) |
+ masterSecret = PRF_SSL(premasterSecret, seed, 48) |
elif version in ((3,1), (3,2)): |
- masterSecret = PRF(premasterSecret, b"master secret", |
- clientRandom + serverRandom, 48) |
+ masterSecret = PRF(premasterSecret, label, seed, 48) |
elif version == (3,3): |
- masterSecret = PRF_1_2(premasterSecret, b"master secret", |
- clientRandom + serverRandom, 48) |
+ masterSecret = PRF_1_2(premasterSecret, label, seed, 48) |
else: |
raise AssertionError() |
return masterSecret |