On Thu, Aug 26, 2021 at 3:01 AM Tomas Mraz <tomas@xxxxxxxxxxx> wrote: > > On Wed, 2021-08-25 at 13:20 -0500, William Roberts wrote: > > Hello, > > > > I am trying to verify an HMAC signature with the code below and the > > EVP_DigestVerifyInit() > > routine is failing with "error:0608F096:digital envelope > > routines:EVP_PKEY_verify_init:operation not supported for this > > keytype". Eventually it gets to EVP_PKEY_verify_init() and since the > > ctx->pmeth->verify pointer is null, it sets this error. It's unclear > > to me why this function pointer is NULL, can someone elaborate the > > right way to do this via EVP interfaces? > > As HMAC is not a true signature algorithm there is no support for > the EVP_DigestVerifyInit() operation with HMAC 'signatures'. You just > have to use EVP_DigestSign*() operation to create a new HMAC and > compare with the original value. > Ahh okay thanks. This was in the wiki I just scrolled too far and ended up under asymmetric. For anyone looking it was on the on the wiki here: - https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying But considering that Verifying could do this, since it has both the message and hmac "signature", wouldn't it be nice to add this support since it's generated through the sign interface? In my mind a Sign operation always has a verify operation.
