Utility function to retrieve handshake hashes.

    *hash = NULL;

}

/* Retrieve handshake hashes */

int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)

{

    unsigned char *p = out;

    int idx, ret = 0;

    long mask;

    EVP_MD_CTX ctx;

    const EVP_MD *md;

    EVP_MD_CTX_init(&ctx);

    for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {

        if (mask & ssl_get_algorithm2(s)) {

            int hashsize = EVP_MD_size(md);

            EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];

            if (!hdgst || hashsize < 0 || hashsize > outlen)

                goto err;

            if (!EVP_MD_CTX_copy_ex(&ctx, hdgst))

                goto err;

            if (!EVP_DigestFinal_ex(&ctx, p, NULL))

                goto err;

            p += hashsize;

            outlen -= hashsize;

        }

    }

    ret = p - out;

 err:

    EVP_MD_CTX_cleanup(&ctx);

    return ret;

}

void SSL_set_debug(SSL *s, int debug)

{

    s->debug = debug;

int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,

                                       int *al);

int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);

/* s3_cbc.c */

void ssl3_cbc_copy_mac(unsigned char *out,

                       const SSL3_RECORD *rec, unsigned md_size);

    return ((int)ret);

}

int tls1_final_finish_mac(SSL *s,

                          const char *str, int slen, unsigned char *out)

int tls1_final_finish_mac(SSL *s, const char *str, int slen,

                          unsigned char *out)

{

    unsigned int i;

    EVP_MD_CTX ctx;

    unsigned char buf[2 * EVP_MAX_MD_SIZE];

    unsigned char *q, buf2[12];

    int idx;

    long mask;

    int err = 0;

    const EVP_MD *md;

    q = buf;

    int hashlen;

    unsigned char hash[2 * EVP_MAX_MD_SIZE];

    unsigned char buf2[12];

    if (s->s3->handshake_buffer)

        if (!ssl3_digest_cached_records(s))

            return 0;

    EVP_MD_CTX_init(&ctx);

    hashlen = ssl_handshake_hash(s, hash, sizeof(hash));

    for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {

        if (mask & ssl_get_algorithm2(s)) {

            int hashsize = EVP_MD_size(md);

            EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];

            if (!hdgst || hashsize < 0

                || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {

                /*

                 * internal error: 'buf' is too small for this cipersuite!

                 */

                err = 1;

            } else {

                if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||

                    !EVP_DigestFinal_ex(&ctx, q, &i) ||

                    (i != (unsigned int)hashsize))

                    err = 1;

                q += hashsize;

            }

        }

    }

    if (hashlen == 0)

        return 0;

    if (!tls1_PRF(ssl_get_algorithm2(s),

                  str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,

                  str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0,

                  s->session->master_key, s->session->master_key_length,

                  out, buf2, sizeof buf2))

        err = 1;

    EVP_MD_CTX_cleanup(&ctx);

    if (err)

        return 0;

    else

    return sizeof buf2;

}