HMAC verification with EVP Interface
Tomas Mraz
tomas at openssl.org
Thu Aug 26 07:59:38 UTC 2021
On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote:
> Hello,
>
> I am trying to verify an HMAC signature with the code below and the
> EVP_DigestVerifyInit()
> routine is failing with "error:0608F096:digital envelope
> routines:EVP_PKEY_verify_init:operation not supported for this
> keytype". Eventually it gets to EVP_PKEY_verify_init() and since the
> ctx->pmeth->verify pointer is null, it sets this error. It's unclear
> to me why this function pointer is NULL, can someone elaborate the
> right way to do this via EVP interfaces?
As HMAC is not a true signature algorithm there is no support for
the EVP_DigestVerifyInit() operation with HMAC 'signatures'. You just
have to use EVP_DigestSign*() operation to create a new HMAC and
compare with the original value.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list