HMAC verification with EVP Interface

William Roberts bill.c.roberts at
Wed Aug 25 18:20:05 UTC 2021


I am trying to verify an HMAC signature with the code below and the
routine is failing with "error:0608F096:digital envelope
routines:EVP_PKEY_verify_init:operation not supported for this
keytype". Eventually it gets to EVP_PKEY_verify_init() and since the
ctx->pmeth->verify pointer is null, it sets this error. It's unclear
to me why this function pointer is NULL, can someone elaborate the
right way to do this via EVP interfaces?

Openssl Version: OpenSSL 1.1.1f  31 Mar 2020


/* This is just a testing key */
unsigned char hmac_key[] = {
    0x30, 0x33, 0x33, 0x36, 0x61, 0x61, 0x37, 0x39,
    0x34, 0x35, 0x61, 0x33, 0x63, 0x61, 0x64, 0x65,
    0x63, 0x33, 0x63, 0x62, 0x64, 0x63, 0x36, 0x65,
    0x37, 0x39, 0x30, 0x34, 0x33, 0x62, 0x35, 0x62

EVP_PKEY *ekey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, hmac_key,

EVP_MD_CTX *mdctx = EVP_MD_CTX_new();

int rc = EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, ekey);
unsigned long x = ERR_get_error();
printf("EVP_DigestSignInit failed, error 0x%lx: %s\n", x,
ERR_error_string(x, NULL));
assert_int_equal(rc, 1);

rc = EVP_DigestVerifyUpdate(mdctx, msg, msg_len);
assert_int_equal(rc, 1);

rc = EVP_DigestVerifyFinal(mdctx, sig, sig_len);
assert_int_equal(rc, 1);


More information about the openssl-users mailing list