The posted C# code and C code linked (but not posted) do different things. The output will therefore be different as well.
The WinCrypt code performs the following:
- Create a SHA1 hash of the key bytes
- Derive a session key from the resulting hash using RC4
- Initialize an HMAC_SHA1 digest using the derived key
- Perform the HMAC CryptHashData with the HMAC
- Request the resulting hash bytes
The C# code performs the following:
- Create an HMAC_SHA1 using the key bytes as the actual key (no derivation)
- Perform the HMAC via ComputeHash, returning the resulting hash digest
In other words, they're different because they're doing different things. Which one is "right" is dependent on what you're trying to do (which was not mentioned in the question).
OpenSSL Equivalent to the C# code
unsigned char key[] = { 0x70,0x61,0x73,0x73,0x77,0x6F,0x72,0x64 };
unsigned char bytes[] = { 0x6D,0x65,0x73,0x73,0x61,0x67,0x65 };
unsigned char md[32] = {0};
unsigned int md_len = (int)sizeof(md);
HMAC_CTX ctx;
HMAC_CTX_init(&ctx);
HMAC_Init(&ctx, key, (int)sizeof(key), EVP_sha1());
HMAC_Update(&ctx, bytes, sizeof(bytes));
HMAC_Final(&ctx, md, &md_len);
The resulting digest in md
matches the C# code respectively (omitted, but take my word for it or test it yourself).