| Index: third_party/tlslite/tlslite/tlsconnection.py
|
| diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
|
| index dfac274b6e939f631db5099046c9b8f89838b60a..0416151345ed21c862bcc1cd060280d5f2fa68bd 100644
|
| --- a/third_party/tlslite/tlslite/tlsconnection.py
|
| +++ b/third_party/tlslite/tlslite/tlsconnection.py
|
| @@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer):
|
| masterSecret = calcMasterSecret(self.version,
|
| premasterSecret,
|
| clientRandom,
|
| - serverRandom)
|
| + serverRandom,
|
| + b"", False)
|
| verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
|
| elif self.version in ((3,1), (3,2)):
|
| verifyBytes = self._handshake_md5.digest() + \
|
| @@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer):
|
| cipherSuite, cipherImplementations, nextProto):
|
|
|
| masterSecret = calcMasterSecret(self.version, premasterSecret,
|
| - clientRandom, serverRandom)
|
| + clientRandom, serverRandom, b"", False)
|
| self._calcPendingStates(cipherSuite, masterSecret,
|
| clientRandom, serverRandom,
|
| cipherImplementations)
|
| @@ -1326,6 +1327,9 @@ class TLSConnection(TLSRecordLayer):
|
| cipherSuite, CertificateType.x509, tackExt,
|
| nextProtos)
|
| serverHello.channel_id = clientHello.channel_id
|
| + serverHello.extended_master_secret = \
|
| + clientHello.extended_master_secret and \
|
| + settings.enableExtendedMasterSecret
|
| if clientHello.support_signed_cert_timestamps:
|
| serverHello.signed_cert_timestamps = signedCertTimestamps
|
| if clientHello.status_request:
|
| @@ -1383,7 +1387,8 @@ class TLSConnection(TLSRecordLayer):
|
| for result in self._serverFinished(premasterSecret,
|
| clientHello.random, serverHello.random,
|
| cipherSuite, settings.cipherImplementations,
|
| - nextProtos, clientHello.channel_id):
|
| + nextProtos, clientHello.channel_id,
|
| + serverHello.extended_master_secret):
|
| if result in (0,1): yield result
|
| else: break
|
| masterSecret = result
|
| @@ -1523,6 +1528,9 @@ class TLSConnection(TLSRecordLayer):
|
| serverHello.create(self.version, getRandomBytes(32),
|
| session.sessionID, session.cipherSuite,
|
| CertificateType.x509, None, None)
|
| + serverHello.extended_master_secret = \
|
| + clientHello.extended_master_secret and \
|
| + settings.enableExtendedMasterSecret
|
| for result in self._sendMsg(serverHello):
|
| yield result
|
|
|
| @@ -1743,7 +1751,8 @@ class TLSConnection(TLSRecordLayer):
|
| if clientCertChain:
|
| if self.version == (3,0):
|
| masterSecret = calcMasterSecret(self.version, premasterSecret,
|
| - clientHello.random, serverHello.random)
|
| + clientHello.random, serverHello.random,
|
| + b"", False)
|
| verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"")
|
| elif self.version in ((3,1), (3,2)):
|
| verifyBytes = self._handshake_md5.digest() + \
|
| @@ -1827,9 +1836,11 @@ class TLSConnection(TLSRecordLayer):
|
|
|
| def _serverFinished(self, premasterSecret, clientRandom, serverRandom,
|
| cipherSuite, cipherImplementations, nextProtos,
|
| - doingChannelID):
|
| + doingChannelID, useExtendedMasterSecret):
|
| masterSecret = calcMasterSecret(self.version, premasterSecret,
|
| - clientRandom, serverRandom)
|
| + clientRandom, serverRandom,
|
| + self._ems_handshake_hash,
|
| + useExtendedMasterSecret)
|
|
|
| #Calculate pending connection states
|
| self._calcPendingStates(cipherSuite, masterSecret,
|
|
|
Chromium Code Reviews
Issue 1306553002:
Implement extended master secret in tlslite (again) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master