HMAC verification with EVP Interface

William Roberts bill.c.roberts at gmail.com
Wed Aug 25 18:20:05 UTC 2021


Hello,

I am trying to verify an HMAC signature with the code below and the
EVP_DigestVerifyInit()
routine is failing with "error:0608F096:digital envelope
routines:EVP_PKEY_verify_init:operation not supported for this
keytype". Eventually it gets to EVP_PKEY_verify_init() and since the
ctx->pmeth->verify pointer is null, it sets this error. It's unclear
to me why this function pointer is NULL, can someone elaborate the
right way to do this via EVP interfaces?

Openssl Version: OpenSSL 1.1.1f  31 Mar 2020

Thanks,
Bill

/* This is just a testing key */
unsigned char hmac_key[] = {
    0x30, 0x33, 0x33, 0x36, 0x61, 0x61, 0x37, 0x39,
    0x34, 0x35, 0x61, 0x33, 0x63, 0x61, 0x64, 0x65,
    0x63, 0x33, 0x63, 0x62, 0x64, 0x63, 0x36, 0x65,
    0x37, 0x39, 0x30, 0x34, 0x33, 0x62, 0x35, 0x62
};

EVP_PKEY *ekey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, hmac_key,
                               sizeof(hmac_key));
assert_non_null(ekey);

EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
assert_non_null(mdctx);

int rc = EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, ekey);
unsigned long x = ERR_get_error();
printf("EVP_DigestSignInit failed, error 0x%lx: %s\n", x,
ERR_error_string(x, NULL));
assert_int_equal(rc, 1);

rc = EVP_DigestVerifyUpdate(mdctx, msg, msg_len);
assert_int_equal(rc, 1);

rc = EVP_DigestVerifyFinal(mdctx, sig, sig_len);
assert_int_equal(rc, 1);

EVP_MD_CTX_free(mdctx);
EVP_PKEY_free(ekey);


More information about the openssl-users mailing list