obfsproxy: obfs2: Key derivation with shared-secret enabled does an extra hash iteration

  digest_update(c, (uchar*)keytype, strlen(keytype));
  if (seed_nonzero(state->initiator_seed))
    digest_update(c, state->initiator_seed, OBFUSCATE_SEED_LENGTH);
  if (seed_nonzero(state->responder_seed))
    digest_update(c, state->responder_seed, OBFUSCATE_SEED_LENGTH);
  if (shared_seed_nonzero(state->secret_seed))
    digest_update(c, state->secret_seed, SHARED_SECRET_LENGTH);
  digest_update(c, (uchar*)keytype, strlen(keytype));
  digest_getdigest(c, buf, sizeof(buf));

  if (shared_seed_nonzero(state->secret_seed)) {
    digest_t *d;
    int i;
    for (i=0; i < OBFUSCATE_HASH_ITERATIONS; i++) {
      d = digest_new();
      digest_update(d, buf, sizeof(buf));
      digest_getdigest(d, buf, sizeof(buf));
      digest_free(d);
    }
  }

Spec says:

   Optionally, if the client and server share a secret value SECRET,
   they can replace the MAC function with:

      MAC(s,x) = H^n(s | x | H(SECRET) | s)

   where n = HASH_ITERATIONS.

but the above code actually does n+1 hash iterations.