HMAC verification with EVP Interface

Tomas Mraz tomas at
Thu Aug 26 07:59:38 UTC 2021

On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote:
> Hello,
> I am trying to verify an HMAC signature with the code below and the
> EVP_DigestVerifyInit()
> routine is failing with "error:0608F096:digital envelope
> routines:EVP_PKEY_verify_init:operation not supported for this
> keytype". Eventually it gets to EVP_PKEY_verify_init() and since the
> ctx->pmeth->verify pointer is null, it sets this error. It's unclear
> to me why this function pointer is NULL, can someone elaborate the
> right way to do this via EVP interfaces?

As HMAC is not a true signature algorithm there is no support for
the EVP_DigestVerifyInit() operation with HMAC 'signatures'. You just
have to use EVP_DigestSign*() operation to create a new HMAC and
compare with the original value.

Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your

More information about the openssl-users mailing list