Hello,
I am trying to verify an HMAC signature with the code below and the
EVP_DigestVerifyInit()
routine is failing with "error:0608F096:digital envelope
routines:EVP_PKEY_verify_init:operation not supported for this
keytype". Eventually it gets to EVP_PKEY_verify_init() and since the
ctx->pmeth->verify pointer is null, it sets this error. It's unclear
to me why this function pointer is NULL, can someone elaborate the
right way to do this via EVP interfaces?
Openssl Version: OpenSSL 1.1.1f 31 Mar 2020
Thanks,
Bill
/* This is just a testing key */
unsigned char hmac_key[] = {
0x30, 0x33, 0x33, 0x36, 0x61, 0x61, 0x37, 0x39,
0x34, 0x35, 0x61, 0x33, 0x63, 0x61, 0x64, 0x65,
0x63, 0x33, 0x63, 0x62, 0x64, 0x63, 0x36, 0x65,
0x37, 0x39, 0x30, 0x34, 0x33, 0x62, 0x35, 0x62
};
EVP_PKEY *ekey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, hmac_key,
sizeof(hmac_key));
assert_non_null(ekey);
EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
assert_non_null(mdctx);
int rc = EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, ekey);
unsigned long x = ERR_get_error();
printf("EVP_DigestSignInit failed, error 0x%lx: %s\n", x,
ERR_error_string(x, NULL));
assert_int_equal(rc, 1);
rc = EVP_DigestVerifyUpdate(mdctx, msg, msg_len);
assert_int_equal(rc, 1);
rc = EVP_DigestVerifyFinal(mdctx, sig, sig_len);
assert_int_equal(rc, 1);
EVP_MD_CTX_free(mdctx);
EVP_PKEY_free(ekey);
