I'm trying to build a function that accepts commands using UART and extracts a sub string from the command to write it into ESP32 EFUSE.
static void uart_event_task()
{
uart_event_t event;
size_t buffered_size;
uint8_t *dtmp = (uint8_t *)malloc(RD_BUF_SIZE);
char cmd[30];
char serialNum[20];
for (;;)
{
// Waiting for UART event.
if (xQueueReceive(uart0_queue, (void *)&event, (TickType_t)portMAX_DELAY))
{
bzero(dtmp, RD_BUF_SIZE);
ESP_LOGI(TAG_CONFIG, "uart[%d] event:", EX_UART_NUM);
switch (event.type)
{
// Event of UART receving data
/*We'd better handler data event fast, there would be much more data events than
other types of events. If we take too much time on data event, the queue might
be full.*/
case UART_DATA:
ESP_LOGI(TAG_CONFIG, "[UART DATA]: %d", event.size);
uart_read_bytes(EX_UART_NUM, dtmp, event.size, portMAX_DELAY);
ESP_LOGI(TAG_CONFIG, "[DATA EVT]:");
// char data = (const char) dtmp;
// printf("letter: %s", data);
// int evSize = event.size;
int lastChar = 0;
for (int i = 0; i <= event.size; i++)
{
const char letter = (const char)dtmp[i];
if (dtmp[i] == 10 || dtmp[i] == 0)
{
break;
}
cmd[i] = letter;
lastChar = i;
}
cmd[++lastChar] = '\0';
ESP_LOGE(TAG_CONFIG, "Your command: %s ", cmd);
if (strstr(cmd, set_serial) != NULL)
{
// contains
int lastChar2 = 0;
for (int i = strlen(set_serial) + 1; i < lastChar; i++)
{
int index = i - strlen(set_serial) - 1;
serialNum[index] = cmd[i];
lastChar2 = index;
}
serialNum[++lastChar2] = '\0';
ESP_LOGW(TAG_CONFIG, "setting serial: %s ", serialNum);
int len = strlen(serialNum);
char hex_str[(len * 2) + 1];
// converting ascii string to hex string
string2hexString(serialNum, hex_str);
printf("serialNum: %s\n", serialNum);
printf("hex_str: %s\n", hex_str);
esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(EFUSE_BLK3);
write_efuse_fields(serialNum, coding_scheme);
}
This function works perfectly and I can print the serial number as string or as hex:
serialNum: exampleserial123
hex_str: 6578616D706C6573657269616C313233
The next function writes this data to the efuse of the esp:
static void write_efuse_fields(char *serial_num, esp_efuse_coding_scheme_t coding_scheme)
{
// uint8_t unique_id[16] = {0x48, 0x42, 0x30, 0x31, 0x39, 0x39, 0x39, 0x39, 0x30, 0x31, 0x32, 0x33};
ESP_ERROR_CHECK_WITHOUT_ABORT(esp_efuse_write_field_blob(ESP_EFUSE_USER_DATA, &serial_num, 128));
}
when I read the efuse block after running the above code:
ee 17 fd 3f 00 00 00 ff e4 38 fd 3f 0f 00 00 00
Hex to text: îý?ÿä8ý?
If I use the hex output in write_efuse_fields(hex_str, coding_scheme)
I will get:
90 17 fd 3f 00 00 00 ff e4 38 fd 3f 0f 00 00 00
Hex to text: ý?ÿä8ý?
When I do:
uint8_t unique_id[16] = {0x48, 0x42, 0x30, 0x31, 0x39, 0x39, 0x39, 0x39, 0x30, 0x31, 0x32, 0x33};
ESP_ERROR_CHECK_WITHOUT_ABORT(esp_efuse_write_field_blob(ESP_EFUSE_USER_DATA, &unique_id, 128));
I get the expected result.
What is the correct way to convert my char array to a byte like array (similar to unique_id) to get the esp_efuse_write_field_blob to accept it?
Related
I've been playing with openssl and am trying to write a simple program in C for encrypting a string. I'm trying to replicate the following command to encrypt the string "test" and then see the encrypted version using a given key and IV and AES-CBC-128:
echo test | openssl enc -e -aes-128-cbc -nosalt -K 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a -iv 00000000000000000000000000000000 | xxd
and this returns the encrypted string in hex of
a63b e13d 47a5 b94c c1cb 466e 28af 19d8
I'm trying to replicate this in C with the following:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
int main() {
AES_KEY aes;
unsigned char* input_string = "test";
unsigned char* encrypt_string;
unsigned int len;
unsigned char key[] = {0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A};
unsigned char iv[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
uint32_t result;
result = AES_set_encrypt_key(key, 128, &aes);
if (result < 0) {
fprintf(stderr, "Unable to set encryption key in AES\n");
printf("%i", result);
exit(-1);
}
// set the encryption length
len = 0;
if ((strlen("test") + 1) % AES_BLOCK_SIZE == 0) {
len = strlen("test") + 1;
} else {
len = ((strlen("test") + 1) / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE;
}
encrypt_string = (unsigned char*)calloc(len, sizeof(unsigned char));
AES_cbc_encrypt(input_string, encrypt_string, 128, &aes, iv , AES_ENCRYPT);
printf("encrypted string = ");
for (int i=0; i<len; ++i) {
printf("%02X ", encrypt_string[i]);
}
printf("\n");
return 0;
}
and this returns the encrypted string as
encrypted string = C2 5D 07 2D D5 EC DB 94 3B FE 31 9F 51 DE EE 93
which doesn't match what I get from the CLI. What am I missing here that causing these not to match?
I try to create a module for encrypt network packets but when try get data from sk_buff and print it in Hexa not get a correct packet.
I use this method to print data in Hexa :
void pkt_hex_dump(struct sk_buff *skb)
{
size_t len;
int rowsize = 16;
int i, l, linelen, remaining;
int li = 0;
uint8_t *data, ch;
printk("Packet hex dump:\n");
data = (uint8_t *) skb_mac_header(skb);
if (skb_is_nonlinear(skb)) {
len = skb->data_len;
} else {
len = skb->len;
}
remaining = len;
for (i = 0; i < len; i += rowsize) {
printk("%06d\t", li);
linelen = min(remaining, rowsize);
remaining -= rowsize;
for (l = 0; l < linelen; l++) {
ch = data[l];
//data[l] = '1';
printk(KERN_CONT "%02X ", (uint32_t) ch);
}
data += linelen;
li += 10;
printk(KERN_CONT "\n");
}
}
I used this sample to create a chat application.
And output when I send hello world message from client to server is :
[ 3981.963124] Packet hex dump:
[ 3981.963125] 000000 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00
[ 3981.963128] 000010 00 34 6A 1F 40 00 40 06 D1 A2 7F 00 01 01 7F 00
[ 3981.963130] 000020 00 01 07 E4 BD 36 A2 52 E9 62 6D 40 3D FE 80 10
[ 3981.963133] 000030 02 00 FF 28
And I try to follow this solution but can't get any output.
My hook function
static unsigned int hfunc( void *priv, struct sk_buff *skb, const struct nf_hook_state *state){
struct iphdr *iph; /* IPv4 header */
struct tcphdr *tcph; /* TCP header */
uint16_t sport;
uint16_t dport;
struct ethhdr *ether = eth_hdr(skb);
iph = ip_hdr(skb); /* get IP header */
tcph = tcp_hdr(skb); /* get TCP header */
sport = ntohs(tcph->source);
dport = ntohs(tcph->dest);
/* Watch only port of interest */
if (dport == PTCP_WATCH_PORT || sport == PTCP_WATCH_PORT){
printk(KERN_INFO "UDP packet is received: {'sport': %d; 'dport': %d}\n", sport, dport);
printk("Source: %x:%x:%x:%x:%x:%x\n", ether->h_source[0], ether->h_source[1], ether->h_source[2], ether->h_source[3], ether->h_source[4], ether->h_source[5]);
printk("Destination: %x:%x:%x:%x:%x:%x\n", ether->h_dest[0], ether->h_dest[1], ether->h_dest[2], ether->h_dest[3], ether->h_dest[4], ether->h_dest[5]);
printk("Protocol: %d\n", ether->h_proto);
pkt_hex_dump(skb);
}
return NF_ACCEPT;
}
I'm working on HMAC generation and verifying to check data integrity. I can correctly generate the MAC value but when sending it through socket to another program for verification, I faced with formatting mismatch. I appreciate your support. Thanks.
unsigned char* MAC(unsigned char* key,unsigned char* message)
{
unsigned char* result;
unsigned int result_len = 32;
int i;
result = (unsigned char*) malloc(sizeof(char) * result_len);
result = HMAC(EVP_sha256 (), key , strlen (key), message , strlen(message) , NULL, NULL);
return result;
}
int verifyMAC(unsigned char* key,unsigned char* message, unsigned char* receivedTag)
{
printf("\n\n ==================== MAC Verification ==================\n\n");
unsigned char* newHash; // newly generated hash value
unsigned int newHash_len = 32;
int i,flag=0;
newHash = (unsigned char*) malloc(sizeof(char) * newHash_len);
newHash = HMAC(EVP_sha256 (), key , strlen (key), message , strlen(message) , NULL, NULL);
for (i=0; i!=newHash_len; i++)
{
if (receivedTag[i]!=newHash[i])
{
printf("DATA MISMATCH: Found %02X instead of %02X at index %d!\n", newHash[i], receivedTag[i], i);
break;
}
}
if (i==newHash_len)
{
printf("MAC verified!\n");
flag = 1;
}
return flag;
}
int main(int argc, char *argv[])
{
unsigned char* key = "1234567890";
unsigned char* message = (unsigned char*) "hello world";
....
}
Console result:
Hashed data: E4 5F 60 72 61 7C CE 5E 06 A9 5B E4 81 C4 33 51 02 3D 99 23 35 99 EA C9 FD AF FC 95 81 42 62 9A
==================== MAC Verification ==================
DATA MISMATCH: Found E4 instead of 65 at index 0!
ERROR: data is modified
I thought this problem was somewhat interesting so I went through the trouble to recreate the scenario. Maybe this is not even right. But a simple case of what I thought the problem is:
void main(int argc, char *argv[])
{
//the original hash
unsigned char newHash[] = {0xE4, 0x5F, 0x60, 0x72, 0x61, 0x7C, 0xCE, 0x5E, 0x06, 0xA9, 0x5B, 0xE4, 0x81, 0xC4, 0x33, 0x51,
0x02, 0x3D, 0x99, 0x23, 0x35, 0x99, 0xEA, 0xC9, 0xFD, 0xAF, 0xFC, 0x95, 0x81, 0x42, 0x62, 0x9A};
//what I think is recieved from the socket
unsigned char* receivedTag = "e45f6072617cce5e06a95be481c43351023d99233599eac9fdaffc958142629a";
for (int i=0; i!=32; i++)
{
if (receivedTag[i]!=newHash[i])
{
printf("DATA MISMATCH: Found %02X instead of %02X at index %d!\n", newHash[i], receivedTag[i], i);
break;
}
}
return;
}
and the output was
DATA MISMATCH: Found E4 instead of 65 at index 0!
So, I thought the solution would be to just convert the Hex array to string just like it was received from the socket.
Maybe this is not the most elegant of ways to do things. But a solution None the less.
char* hexStringToCharString(unsigned char hash[], int length);
void main(int argc, char *argv[])
{
//the original hash
unsigned char newHash[] = {0xE4, 0x5F, 0x60, 0x72, 0x61, 0x7C, 0xCE, 0x5E, 0x06, 0xA9, 0x5B, 0xE4, 0x81, 0xC4, 0x33, 0x51,
0x02, 0x3D, 0x99, 0x23, 0x35, 0x99, 0xEA, 0xC9, 0xFD, 0xAF, 0xFC, 0x95, 0x81, 0x42, 0x62, 0x9A};
//what I think is recieved from the socket
unsigned char* receivedTag = "e45f6072617cce5e06a95be481c43351023d99233599eac9fdaffc958142629a";
char *newString = hexStringToCharString(newHash, 32);
for (int i=0; i!=strlen(newString); i++)
{
if (receivedTag[i]!=newString[i])
{
printf("DATA MISMATCH: Found %02X instead of %02X at index %d!\n", newHash[i], receivedTag[i], i);
break;
}
}
free(newString);
printf("Yay\n");
return;
}
char* hexStringToCharString(unsigned char hash[], int length){
char temp[3];
//need length*2 characters which is 64 plus one for null!
char *theString = (char *)malloc(sizeof(char)*((length*2)+1));
strcpy(theString, "");
for(int i=0;i<length;i++){
sprintf(temp, "%02x", hash[i]);
strcat(theString, temp);
}
return theString;
}
The output in this case
Yay
So, Maybe this is entirely wrong. But if you find this solution needs editing then comment below.
I want to use a memory-saving AES-128 implementation. I found the implementation of Karl Malbrain.
I am using it with the code below:
void encryptUboot(void){
//uint8_t key[AES_KEY_LENGTH] = {0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99};
uint8_t key[AES_KEY_LENGTH] = {0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x21, 0x21};
uint8_t keyschedule[AES_KEY_LENGTH * AES_ROUNDS] = {0x00};
uint8_t message[5] = "test";
uint8_t cipher[16] = {0x00};
uint8_t i;
if(debug) printf("\n[D] Running AES-128 encryption\n");
aes_expand_key(key, keyschedule);
aes_encrypt(message, keyschedule, cipher);
printf("message: %s | cipher: ", message);
for(i = 0; i<AES_KEY_LENGTH; i++){
printf("%02x ", cipher[i]);
}
}
This outputs:
[D] Running AES-128 encryption
message: test | cipher: 2d 58 45 71 24 43 f5 cd 69 6d 07 b3 a3 29 de 8f
However, using the code from here (zip file) with the code below ...
// AES usage example
// compile as: gcc main.c aes.h aes.c
#include <stdlib.h>
#include "aes.h"
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
unsigned char key[KEY_128] = {0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x21, 0x21};
unsigned char ptext[16] = "test";
unsigned char ctext[16];
unsigned char decptext[16];
unsigned int i = 0;
aes_ctx_t *ctx;
init_aes();
ctx = aes_alloc_ctx(key, sizeof(key));
if(!ctx) {
perror("aes_alloc_ctx");
return EXIT_FAILURE;
}
aes_encrypt(ctx, ptext, ctext);
for(i=0;i<KEY_128;i++) printf("%02x ", ctext[i]);
puts("");
aes_decrypt(ctx, ctext, decptext);
puts(decptext);
aes_free_ctx(ctx);
return EXIT_SUCCESS;
}
.. it outputs a different cipher:
1f 53 3f 60 15 d5 ab 16 69 b6 c6 3b 9e 77 2f 0c
test
Do you see my mistake? Obviously, I am instrumenting these libraries in a wrong way.
Thanks,
-P
Although I couldn't find the exact function you use in Malbrains code, I believe your problem lies in the difference in array length for message. The algorithm encrypts blocks of 128 bit (16 bytes), but you only allocated 5 bytes.
uint8_t message[5] = "test";
vs
unsigned char ptext[16] = "test";
Try initialising it with exactly the same data.
uint8_t message[16];
memset(message, 0, sizeof(message));
memcpy(message, "test", 5);
I am playing around with OpenSSL EVP routines for decryption using AES 128 cbc mode.
I use the test vectors specified at the NIST site to test my program.
The program seems to fail at EVP_DecryptFinal_ex routine.
Can anybody please tell me what is the problem?
Also how do I do the error checking here to find out why this routine fails?
UPDATED:
Please check the code below. I have added the encrypt and decrypt part. Encrypt works. But during the decryption, although the results of both match, the hexvalue of the cipher seems 80 bytes as opposed to the expected 64 bytes(mentioned in NIST) although the decryption works and the decrypted text matches the plaintext!
Can somebody clarify?
The expected ciphertext value should be:
cipher: 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d
0010 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2
0020 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16
0030 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7
here is the code:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>
int AES_BLOCK_SIZE;
int main(int argc, char **argv)
{
EVP_CIPHER_CTX en;
EVP_CIPHER_CTX de;
EVP_CIPHER_CTX_init(&en);
EVP_CIPHER_CTX_init(&de);
const EVP_CIPHER *cipher_type;
unsigned char *mode;
unsigned char *passkey, *passiv, *plaintxt;
int vector_len = 0;
char *plain;
char *plaintext;
unsigned char *ciphertext;
int olen, len;
int i =0;
//NIST VALUES TO CHECK
unsigned char iv[] =
{ 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0 };
unsigned char key[] =
{ 0x2b, 0x7e, 0x15, 0x16,
0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88,
0x09, 0xcf, 0x4f, 0x3c , 0 };
unsigned char input[] =
{ 0x6b, 0xc1, 0xbe, 0xe2,
0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11,
0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57,
0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac,
0x45, 0xaf, 0x8e, 0x51,
0x30, 0xc8, 0x1c, 0x46,
0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19,
0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45,
0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b,
0xe6, 0x6c, 0x37, 0x10, 0 };
printf("AES ALGORITHM FOR 128 bit CBC MODE\n");
cipher_type = EVP_aes_128_cbc();
AES_BLOCK_SIZE = 128;
passkey = key;
passiv = iv;
plain = input;
printf("iv=");
for(i = 0; i < sizeof iv; i++){
printf("%02x", iv[i]);
}
printf("\n");
printf("key=");
for(i = 0; i < sizeof key; i++){
printf("%02x", key[i]);
}
printf("\n");
printf("Initializing AES ALGORITHM FOR CBC MODE..\n");
EVP_EncryptInit_ex(&en, cipher_type, NULL, passkey, passiv);
EVP_DecryptInit_ex(&de, cipher_type, NULL, passkey, passiv);
olen = len = strlen(input)+1;
printf("len value before aes_encrypt \"%d\"\n", len);
int c_len = len + AES_BLOCK_SIZE - 1;
int f_len = 0;
ciphertext = (unsigned char *)malloc(c_len);
if(!EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL)){
printf("ERROR in EVP_EncryptInit_ex \n");
return NULL;
}
if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
printf("ERROR in EVP_EncryptUpdate \n");
return NULL;
}
printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
printf("ERROR in EVP_EncryptFinal_ex \n");
return NULL;
}
printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(&en);
len = c_len + f_len;
printf("len value after aes_encrypt \"%d\"\n", len);
len = strlen(ciphertext);
printf("strlen value of ciphertext after aes_encrypt \"%d\"\n", len);
int p_len = len;
f_len = 0;
plaintext = (unsigned char *)malloc(p_len);
//memset(plaintext,0,sizeof(plaintext));
if(!EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL)){
printf("ERROR in EVP_DecryptInit_ex \n");
return NULL;
}
EVP_CIPHER_CTX_set_padding(&de, 0);
if(!EVP_DecryptUpdate(&de, plaintext, &p_len, ciphertext, len)){
printf("ERROR in EVP_DecryptUpdate\n");
return NULL;
}
if(!EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len)){
printf("ERROR in EVP_DecryptFinal_ex\n");
return NULL;
}
EVP_CIPHER_CTX_cleanup(&de);
len = p_len + f_len;
printf("Decrypted value = %s\n", plaintext);
printf("len value after aes_decrypt \"%d\"\n", len);
if (strncmp(plaintext, input, olen))
printf("FAIL: enc/dec failed for \"%s\"\n", input);
else
printf("OK: enc/dec ok for \"%s\"\n", plaintext); // \"%s\"\n
printf("OK: ciphertext is \"%s\"\n", ciphertext); // \"%s\"\n
printf("\n");
unsigned char *s3 = ciphertext;
printf("s3 =\n");
int nc = 0;
while(*s3 != '\0'){
printf("%02x", *s3);
s3++;
nc ++;
if(nc == 16){
printf("\n");
nc = 0;
}
}
printf("\n");
//printf("nc = %d\n", nc);
free(ciphertext);
free(plaintext);
return 0;
}
Just like you need to match the key and IV when you encrypt and decrypt, you also need to match the padding setting. The NIST tests are not padded. Here's an excerpt from the OpenSSL documentation:
EVP_DecryptInit_ex(),
EVP_DecryptUpdate() and
EVP_DecryptFinal_ex() are the
corresponding decryption operations.
EVP_DecryptFinal() will return an
error code if padding is enabled and
the final block is not correctly
formatted. The parameters and
restrictions are identical to the
encryption operations except that if
padding is enabled the decrypted data
buffer out passed to
EVP_DecryptUpdate() should have
sufficient room for (inl +
cipher_block_size) bytes unless the
cipher block size is 1 in which case
inl bytes is sufficient.
Searching that same page for "padding", you'll see the function EVP_CIPHER_CTX_set_padding:
EVP_CIPHER_CTX_set_padding() enables
or disables padding. By default
encryption operations are padded using
standard block padding and the padding
is checked and removed when
decrypting. If the pad parameter is
zero then no padding is performed, the
total amount of data encrypted or
decrypted must then be a multiple of
the block size or an error will occur.
So at some point after you call EVP_CIPHER_CTX_init and before you start decrypting, you need to do this:
EVP_CIPHER_CTX_set_padding(&de, 0);
To show the errors after an OpenSSL function fails, you can use:
ERR_print_errors_fp(stderr);
I had the same problem with EVP_DecryptFinal_ex routine. I've found out that you won't get the lenght of ciphertext by strlen(ciphertext) because the function strlen() returns the length of C string.
Ciphertext after encryption can contain '\0' characters which are considered end of C string, so you won't get the right length of ciphertext with function strlen().
Instead you should remember the length of ciphertext after encrypting. In your program you do it with c_len and f_len:
if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
printf("ERROR in EVP_EncryptUpdate \n");
return NULL;
}//Here you get length of ciphertext in c_len
printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
printf("ERROR in EVP_EncryptFinal_ex \n");
return NULL;
}//Here you get the rest of padded ciphertext in f_len
//This printf won't print out the real lengt of ciphertext you should put in (c_len+f_len)
printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(&en);
len = c_len + f_len;//This is the real length of ciphertext
printf("len value after aes_encrypt \"%d\"\n", len);
len = strlen(ciphertext);//And here you rewrite it, delete this line and you should get it right
Another thing, when you what to print out cipher text don't use:
printf("OK: ciphertext is \"%s\"\n", ciphertext);
"%s" is also considered as C string and can print out just part of the whole ciphertext. Use instead:
int i = 0;
printf("\nCiphertext:");
for(i = 0; i < len; i++)//variable len is length of ciphertext memorized after encryption.
{printf("%c",ciphertext[i]);}