You may be asking about CBC-MAC. For that, I think you just encrypt your message or file with an IV of 0 and then take the last block (16 bytes for AES256-cbc). I found a blog post that describes how to do this with OpenSSL:

openssl enc -e -aes-256-cbc -K 0123456789ABCDEF -iv 0000000000000000 < file | tail -c 16 | od -A n

• -K is where you provide your key, which the wiki page says should be different than what you’re using to encrypt the file, if you’re encrypting it at all.
• -iv obviously provides an all-zero IV, which is the key for CBC-MAC.
• The tail -c 16 is to get the last AES256-cbc block, which is 16-bytes long.
• od is to convert it to hex, which that web site says is common. Otherwise instead of od -A n you could do base64 if that’s more applicable, or leave it off completely to have just the raw bytes.

You can’t take an AES HMAC of a file because AES256-cbc is a block cipher, not a hashing algorithm. AES256-cbc is for encrypting and decrypting a file. HMAC is for verifying a file’s integrity and requires a hash algorithm at its core such as SHA-1 or MD5.

Are you trying to sign or verify a file, or encrypt it? To sign, check out the OpenSSL dgst command and use simple HMACs like MD5 or SHA-1, or go all out and digitally sign it with DSS/DSA.

Also, I believe using a block cipher as a MAC is called an EMAC, but OpenSSL doesn’t do EMAC as far as I know. EMAC just takes the last block of an encrypted file and encrypts it to create a MAC.