如何使用sha256计算tls1.2客户端finished的消息认证码？

当我按照RFC5246给出的公式计算客户端finish消息的mac时，与正确的值不一致，而且现在的mac好像是明文拼接到报文后面的

MAC(MAC_write_key, seq_num +
                            TLSCompressed.type +
                            TLSCompressed.version +
                            TLSCompressed.length +
                            TLSCompressed.fragment);

这里是wireshark抓包日志，其中有finished消息明文数据以及client_write_mac_key,但是计算不出正确的值，想请教各位专家，是哪里出了问题呀

Client MAC key[32]:
| be c2 87 5e 1b fa 69 9e a8 61 3b ce 3d eb af d7 |...^..i..a;.=...|
| 0a f6 89 1b 2b 0e 3f a7 a0 ea 67 2e 0b 83 82 14 |....+.?...g.....|
Server MAC key[32]:
| 6c c7 27 ec 07 7e cd 89 c0 86 ea 8b 29 7f 57 16 |l.'..~......).W.|
| 89 4f 42 e8 2c 10 eb 23 23 bf 01 7a 41 e4 2a 91 |.OB.,..##..zA.*.|
Client Write key[16]:
| 79 07 b9 22 ff dc 62 62 e4 39 06 2c 23 5e 32 ce |y.."..bb.9.,#^2.|
Server Write key[16]:
| f9 13 8f 4c 8c 04 3e b2 89 34 37 ba 00 c1 8c e7 |...L..>..47.....|
Client Write IV[16]:
| eb 95 f2 99 9a e5 78 a8 60 ef a4 81 d5 75 97 b6 |......x.`....u..|
Server Write IV[16]:
| 1d 8c b5 4e 7b fc 62 27 33 62 51 1b f5 df 13 63 |...N{.b'3bQ....c|
ssl_decrypt_record ciphertext len 80
Ciphertext[80]:
| 45 d0 b2 af 1e 10 06 c1 13 a2 b0 1b 19 e4 be a5 |E...............|
| 28 cf 73 d3 9a 62 81 65 71 10 2a b9 97 5b d2 df |(.s..b.eq.*..[..|
| 63 86 6c e3 e5 3f e6 24 97 2a 1d cc e1 9a 6b bb |c.l..?.$.*....k.|
| 1c 09 6e 76 c0 8b 51 fd 78 32 3f 5e f2 dd e0 c2 |..nv..Q.x2?^....|
| 5e a3 b7 5a 84 50 79 7e a5 a4 0d ae 7f cc cf f1 |^..Z.Py~........|
ssl_decrypt_record: allocating 112 bytes for decrypt data (old len 32)
Plaintext[32]:
| 14 00 00 0c 44 c2 59 5a 0c 91 06 27 4c f0 f8 74 |....D.YZ...'L..t|
| 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f |................|
ssl_decrypt_record found padding 15 final len 16
checking mac (len 16, version 303, ct 22 seq 0)
tls_check_mac mac type:SHA256 md 8
Mac[32]:
| 1c 09 6e 76 c0 8b 51 fd 78 32 3f 5e f2 dd e0 c2 |..nv..Q.x2?^....|
| 5e a3 b7 5a 84 50 79 7e a5 a4 0d ae 7f cc cf f1 |^..Z.Py~........|
ssl_decrypt_record: mac ok

以下是我的代码：

int MAC_SHA256(unsigned char *data, unsigned char *key, unsigned char *out, int data_len){
    const EVP_MD *md = EVP_sha256();
    unsigned int len = 0;
    HMAC(md, key, 32, data, data_len, out, &len);
    int i;
    for(i = 0; i < len; i++){
        printf("%02X", out[i]);
    }
    printf("\n");
    return 1;
}
int main(){
    unsigned char key[] = {
        0xbe, 0xc2, 0x87, 0x5e, 0x1b, 0xfa, 0x69, 0x9e,
        0xa8, 0x61, 0x3b, 0xce, 0x3d, 0xeb, 0xaf, 0xd7,
        0x0a, 0xf6, 0x89, 0x1b, 0x2b, 0x0e, 0x3f, 0xa7,
        0xa0, 0xea, 0x67, 0x2e, 0x0b, 0x83, 0x82, 0x14
    };
    unsigned char data[] = 
    "\x00\x00\x00\x00\x00\x00\x00\x00\x16\x03\x03\x00\x10"
    "\x14\x00\x00\x0c\x44\xc2\x59\x5a\x0c\x91\x06\x27\x4c\xf0\xf8\x74";
    unsigned char out[32];
    MAC_SHA256(data, key, out, 29);
}

输出为290816B11AF5F613E44FE3DE1FF7C84DB63E212662EBAD485EC578135C242EB8，与原文不一致
一开始我以为原mac是加密的，对mac解密后为6AC5DF7209F6FD37ABCF2587CB55A6723A780E1540189C9A43058C3888F7FC73还是不一致