Develop Reference

Getting different encryption strings between openssl CLI and C codeHello

I've been playing with openssl and am trying to write a simple program in C for encrypting a string. I'm trying to replicate the following command to encrypt the string "test" and then see the encrypted version using a given key and IV and AES-CBC-128:
echo test | openssl enc -e -aes-128-cbc -nosalt -K 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a -iv 00000000000000000000000000000000 | xxd
and this returns the encrypted string in hex of
a63b e13d 47a5 b94c c1cb 466e 28af 19d8
I'm trying to replicate this in C with the following:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/aes.h>
int main() {
AES_KEY aes;
unsigned char* input_string = "test";
unsigned char* encrypt_string;
unsigned int len;
unsigned char key[] = {0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A,
0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A, 0x5A};
unsigned char iv[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
uint32_t result;
result = AES_set_encrypt_key(key, 128, &aes);
if (result < 0) {
fprintf(stderr, "Unable to set encryption key in AES\n");
printf("%i", result);
exit(-1);
}
// set the encryption length
len = 0;
if ((strlen("test") + 1) % AES_BLOCK_SIZE == 0) {
len = strlen("test") + 1;
} else {
len = ((strlen("test") + 1) / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE;
}
encrypt_string = (unsigned char*)calloc(len, sizeof(unsigned char));
AES_cbc_encrypt(input_string, encrypt_string, 128, &aes, iv , AES_ENCRYPT);
printf("encrypted string = ");
for (int i=0; i<len; ++i) {
printf("%02X ", encrypt_string[i]);
}
printf("\n");
return 0;
}
and this returns the encrypted string as
encrypted string = C2 5D 07 2D D5 EC DB 94 3B FE 31 9F 51 DE EE 93
which doesn't match what I get from the CLI. What am I missing here that causing these not to match?

tiny-aes-c AES CTR 128 cuts off decrypted string in some cases

I've been trying to use the AES CTR 128 from tiny-aes-c (https://github.com/kokke/tiny-AES-c) to encrypt a randomly generated token, and it works, but not all the time. In some cases the retrieved string after encrypting and decrypting is cut off at some point. Here's the code:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "token_auth.h"
#include "aes.h"
uint8_t * create_token() {
static char charset[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
uint8_t *token = malloc(sizeof(uint8_t) * (TOKEN_LENGTH + 1));
int i = 0;
srand ( time(NULL) );
for (i = 0; i < TOKEN_LENGTH; i++) {
int pos = rand() % (int)(strlen(charset) - 1);
token[i] = (int) charset[pos] - 0;
}
token[TOKEN_LENGTH] = 0;
return token;
}
int main() {
uint8_t key[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
uint8_t iv[16] = { 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 };
uint8_t *in = create_token();
printf("\nInput: %s\nSize: %d", (char *) in, strlen((char *) in));
struct AES_ctx ctx;
AES_init_ctx_iv(&ctx, key, iv);
AES_CTR_xcrypt_buffer(&ctx, in, strlen((char *) in));
AES_init_ctx_iv(&ctx, key, iv);
AES_CTR_xcrypt_buffer(&ctx, in, strlen((char *) in));
printf("\nDEC: %s\n", (char *) in);
return 0;
}
TOKEN_LENGTH is 128. As an example of the behavior, the string NM5DlWyYInbeNtEWhBxGCdEjHSv2I6FzTMffJNgudrL2UsYe6zVJMA3wvAyhHeQD18UMXckcF8gBAfPGQNqGqwdW9MgS39w7huVfIgtoqJ212SKSIdBaJP9VErOJAmQT comes out NM5DlWyYInbeNtEWhBxGCdEjHSv2 after being encrypted and decrypted. I'm not really good at C, so it might just well be a problem with something else I've done, but at this point I'm lost. Any ideas? Thanks in advance.

The first call to AES_CTR_xcrypt_buffer encrypts the buffer in place in CTR mode.
The buffer still has the same size (128 in your case), but can contain NUL bytes.
The strlen call in the second call of AES_CTR_xcrypt_buffer for decryption can therefore result in a length < 128 if the buffer contains a NUL byte.
By the way: It works in cases where the encryption does not result in a NUL byte in the buffer.
So if you call it with TOKEN_LENGTH as the length parameter decryption will give the original string again:
AES_CTR_xcrypt_buffer(&ctx, in, TOKEN_LENGTH);

Openssl: encryption output issue

I am encrypting 3gpp test data with openssl code in c language in linux platform.
i have taken example from stack over flow and tried.But in the final encryption output zeros's are not displayed.i need to encrypt with 128 bit key.
Thanks in advance.
#include <openssl/aes.h>
#include <openssl/rand.h>
#include <openssl/hmac.h>
#include <openssl/buffer.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <math.h>
#define u32 unsigned int
#define u8 unsigned char
#define bufferSize 16
struct ctr_state
{
unsigned char ivec[AES_BLOCK_SIZE];
unsigned int num;
unsigned char ecount[AES_BLOCK_SIZE];
};
AES_KEY key;
unsigned char indata[AES_BLOCK_SIZE];
unsigned char outdata[AES_BLOCK_SIZE];
unsigned char iv[AES_BLOCK_SIZE];
struct ctr_state state;
int init_ctr(struct ctr_state *state, const unsigned char iv[16])
{
/* aes_ctr128_encrypt requires 'num' and 'ecount' set to zero on the
* first call. */
state->num = 0;
memset(state->ecount, 0, AES_BLOCK_SIZE);
/* Initialise counter in 'ivec' to 0 */
memset(state->ivec + 8, 0, 8);
/* Copy IV into 'ivec' */
memcpy(state->ivec, iv, 8);
}
int main(int argc, char *argv[])
{
u8 key1[16] = {
0xd3,0xc5,0xd5,0x92,0x32,0x7f,0xb1,0x1c,
0x40,0x35,0xc6,0x68,0x0a,0xf8,0xc6,0xd1
};
u8 count[4] ={0x39,0x8a,0x59,0xb4};
u32 tempCount = 0;
u8 bearer = 0x15;
u8 dir =0x01,i;
u32 length = 253 ;
u8 indata[32] = {
0x98, 0x1b, 0xa6, 0x82, 0x4c, 0x1b, 0xfb, 0x1a,
0xb4, 0x85, 0x47, 0x20, 0x29, 0xb7, 0x1d, 0x80,
0x8c, 0xe3, 0x3e, 0x2c, 0xc3, 0xc0, 0xb5, 0xfc,
0x1f, 0x3d, 0xe8, 0xa6, 0xdc, 0x66, 0xb1, 0xf0
};
tempCount = htonl((count[0] | (count[1] << 8) | count[2]<< 16 | count[3] << 24)); /* Jyothi Added */
iv[0] = (tempCount >> 24) & 0xff ;
iv[1] = (tempCount >> 16) & 0xff ;
iv[2] = (tempCount >> 8) & 0xff;
iv[3] = tempCount & 0xff;
iv[4] = htonl((( (bearer << 27) | ((dir & 0x1) << 26))));
iv[5] = iv[6]= iv[7] = 0;
printf("iv=\n");
for(i=0;i<16;i++)
printf("%x",iv[i]);
printf("\n");
printf("key1=\n");
for(i=0;i<16;i++)
printf("%x",key1[i]);
printf("\n");
//Initializing the encryption KEY
if (AES_set_encrypt_key(key1, 128, &key) < 0)
{
fprintf(stderr, "Could not set decryption key.");
exit(1);
}
init_ctr(&state, iv);//Counter call
printf("state.ivec after call=\n");
for(i=0;i<16;i++)
printf("%x",state.ivec[i]);
printf("\n");
printf("indata=\n");
for(i=0;i<32;i++)
printf("%x",indata[i]);
printf("\n");
for(i=1;i<2;i++){
//Encrypting Blocks of 16 bytes
AES_ctr128_encrypt(indata, outdata,253, &key, state.ivec, state.ecount, &state.num);
printf("outdata\n");
for(i=0;i<32;i++)
printf("%x",outdata[i]);
printf("\n");
}
}
i am getting output as below.
iv=
398a59b4ac00000000000
key1=
d3c5d592327fb11c4035c668af8c6d1
state.ivec after call=
398a59b4ac00000000000
indata=
981ba6824c1bfb1ab485472029b71d808ce33e2cc3c0b5fc1f3de8a6dc66b1f0
outdata
e9fed8a63d15534d71df2bf3e82214b2ed7dad2f233dc3c22d7bdeeed8e78
algorithm has to generate key stream as below:
71e57e24 710ea81e 6398b52b da5f3f94 3eede9f6 11328620 231f3f1b 328b3f88
but instead it is generating final encryption output without zero's
final expected output is as below:
e9fed8a6 3d155304 d71df20b f3e82214 b20ed7da d2f233dc 3c22d7bd eeed8e78

Change your printf format string to require that each char is output as two hex digits - currently you're losing leading zeroes.
printf("%02x",outdata[i]);
The zero tells it to pad up to two digits using zeroes, the default would be spaces.

How to do encryption using AES in Openssl

I am trying to write a sample program to do AES encryption using Openssl. I tried going through Openssl documentation( it's a pain), could not figure out much. I went through the code and found the API's using which i wrote a small program as below (please omit the line numbers). I don't see any encryption happening... am i missing something?
PS: I don't get any errors upon compilation.
1 #include <stdio.h>
2 #include <openssl/aes.h>
3
4 static const unsigned char key[] = {
5 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
6 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
7 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
8 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
9 };
10
11 void main()
12 {
13 unsigned char text[]="virident";
14 unsigned char out[10];
15 unsigned char decout[10];
16
17 AES_KEY wctx;
18
19 AES_set_encrypt_key(key, 128, &wctx);
20 AES_encrypt(text, out, &wctx);
21
22 printf("encryp data = %s\n", out);
23
24 AES_decrypt(out, decout, &wctx);
25 printf(" Decrypted o/p: %s \n", decout);
26
27
28 }
Please help me to figure this out...

Check out this link it has a example code to encrypt/decrypt data using AES256CBC using EVP API.
https://github.com/saju/misc/blob/master/misc/openssl_aes.c
Also you can check the use of AES256 CBC in a detailed open source project developed by me at https://github.com/llubu/mpro
The code is detailed enough with comments and if you still need much explanation about the API itself i suggest check out this book Network Security with OpenSSL by Viega/Messier/Chandra (google it you will easily find a pdf of this..) read chapter 6 which is specific to symmetric ciphers using EVP API.. This helped me a lot actually understanding the reasons behind using various functions and structures of EVP.
and if you want to dive deep into the Openssl crypto library, i suggest download the code from the openssl website (the version installed on your machine) and then look in the implementation of EVP and aeh api implementation.
One more suggestion from the code you posted above i see you are using the api from aes.h
instead use EVP. Check out the reason for doing this here OpenSSL using EVP vs. algorithm API for symmetric crypto nicely explained by Daniel in one of the question asked by me..

I am trying to write a sample program to do AES encryption using Openssl.
This answer is kind of popular, so I'm going to offer something more up-to-date since OpenSSL added some modes of operation that will probably help you.
First, don't use AES_encrypt and AES_decrypt. They are low level and harder to use. Additionally, it's a software-only routine, and it will never use hardware acceleration, like AES-NI. Finally, its subject to endianess issues on some obscure platforms.
Instead, use the EVP_* interfaces. The EVP_* functions use hardware acceleration, like AES-NI, if available. And it does not suffer endianess issues on obscure platforms.
Second, you can use a mode like CBC, but the ciphertext will lack integrity and authenticity assurances. So you usually want a mode like EAX, CCM, or GCM. (Or you manually have to apply a HMAC after the encryption under a separate key.)
Third, OpenSSL has a wiki page that will probably interest you: EVP Authenticated Encryption and Decryption. It uses GCM mode.
Finally, here's the program to encrypt using AES/GCM. The OpenSSL wiki example is based on it.
#include <openssl/evp.h>
#include <openssl/aes.h>
#include <openssl/err.h>
#include <string.h>
int main(int arc, char *argv[])
{
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
/* Set up the key and iv. Do I need to say to not hard code these in a real application? :-) */
/* A 256 bit key */
static const unsigned char key[] = "01234567890123456789012345678901";
/* A 128 bit IV */
static const unsigned char iv[] = "0123456789012345";
/* Message to be encrypted */
unsigned char plaintext[] = "The quick brown fox jumps over the lazy dog";
/* Some additional data to be authenticated */
static const unsigned char aad[] = "Some AAD data";
/* Buffer for ciphertext. Ensure the buffer is long enough for the
* ciphertext which may be longer than the plaintext, dependant on the
* algorithm and mode
*/
unsigned char ciphertext[128];
/* Buffer for the decrypted text */
unsigned char decryptedtext[128];
/* Buffer for the tag */
unsigned char tag[16];
int decryptedtext_len = 0, ciphertext_len = 0;
/* Encrypt the plaintext */
ciphertext_len = encrypt(plaintext, strlen(plaintext), aad, strlen(aad), key, iv, ciphertext, tag);
/* Do something useful with the ciphertext here */
printf("Ciphertext is:\n");
BIO_dump_fp(stdout, ciphertext, ciphertext_len);
printf("Tag is:\n");
BIO_dump_fp(stdout, tag, 14);
/* Mess with stuff */
/* ciphertext[0] ^= 1; */
/* tag[0] ^= 1; */
/* Decrypt the ciphertext */
decryptedtext_len = decrypt(ciphertext, ciphertext_len, aad, strlen(aad), tag, key, iv, decryptedtext);
if(decryptedtext_len < 0)
{
/* Verify error */
printf("Decrypted text failed to verify\n");
}
else
{
/* Add a NULL terminator. We are expecting printable text */
decryptedtext[decryptedtext_len] = '\0';
/* Show the decrypted text */
printf("Decrypted text is:\n");
printf("%s\n", decryptedtext);
}
/* Remove error strings */
ERR_free_strings();
return 0;
}
void handleErrors(void)
{
unsigned long errCode;
printf("An error occurred\n");
while(errCode = ERR_get_error())
{
char *err = ERR_error_string(errCode, NULL);
printf("%s\n", err);
}
abort();
}
int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *aad,
int aad_len, unsigned char *key, unsigned char *iv,
unsigned char *ciphertext, unsigned char *tag)
{
EVP_CIPHER_CTX *ctx = NULL;
int len = 0, ciphertext_len = 0;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
/* Initialise the encryption operation. */
if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
handleErrors();
/* Set IV length if default 12 bytes (96 bits) is not appropriate */
if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
handleErrors();
/* Initialise key and IV */
if(1 != EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors();
/* Provide any AAD data. This can be called zero or more times as
* required
*/
if(aad && aad_len > 0)
{
if(1 != EVP_EncryptUpdate(ctx, NULL, &len, aad, aad_len))
handleErrors();
}
/* Provide the message to be encrypted, and obtain the encrypted output.
* EVP_EncryptUpdate can be called multiple times if necessary
*/
if(plaintext)
{
if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
handleErrors();
ciphertext_len = len;
}
/* Finalise the encryption. Normally ciphertext bytes may be written at
* this stage, but this does not occur in GCM mode
*/
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) handleErrors();
ciphertext_len += len;
/* Get the tag */
if(1 != EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
handleErrors();
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
}
int decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *aad,
int aad_len, unsigned char *tag, unsigned char *key, unsigned char *iv,
unsigned char *plaintext)
{
EVP_CIPHER_CTX *ctx = NULL;
int len = 0, plaintext_len = 0, ret;
/* Create and initialise the context */
if(!(ctx = EVP_CIPHER_CTX_new())) handleErrors();
/* Initialise the decryption operation. */
if(!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
handleErrors();
/* Set IV length. Not necessary if this is 12 bytes (96 bits) */
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, NULL))
handleErrors();
/* Initialise key and IV */
if(!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) handleErrors();
/* Provide any AAD data. This can be called zero or more times as
* required
*/
if(aad && aad_len > 0)
{
if(!EVP_DecryptUpdate(ctx, NULL, &len, aad, aad_len))
handleErrors();
}
/* Provide the message to be decrypted, and obtain the plaintext output.
* EVP_DecryptUpdate can be called multiple times if necessary
*/
if(ciphertext)
{
if(!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
handleErrors();
plaintext_len = len;
}
/* Set expected tag value. Works in OpenSSL 1.0.1d and later */
if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
handleErrors();
/* Finalise the decryption. A positive return value indicates success,
* anything else is a failure - the plaintext is not trustworthy.
*/
ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
/* Clean up */
EVP_CIPHER_CTX_free(ctx);
if(ret > 0)
{
/* Success */
plaintext_len += len;
return plaintext_len;
}
else
{
/* Verify failed */
return -1;
}
}

I don't know what's wrong with yours but one thing for sure is you need to call AES_set_decrypt_key() before decrypting the message. Also don't try to print out as %s because the encrypted message isn't composed by ascii characters anymore.. For example:
static const unsigned char key[] = {
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
int main()
{
unsigned char text[]="hello world!";
unsigned char enc_out[80];
unsigned char dec_out[80];
AES_KEY enc_key, dec_key;
AES_set_encrypt_key(key, 128, &enc_key);
AES_encrypt(text, enc_out, &enc_key);
AES_set_decrypt_key(key,128,&dec_key);
AES_decrypt(enc_out, dec_out, &dec_key);
int i;
printf("original:\t");
for(i=0;*(text+i)!=0x00;i++)
printf("%X ",*(text+i));
printf("\nencrypted:\t");
for(i=0;*(enc_out+i)!=0x00;i++)
printf("%X ",*(enc_out+i));
printf("\ndecrypted:\t");
for(i=0;*(dec_out+i)!=0x00;i++)
printf("%X ",*(dec_out+i));
printf("\n");
return 0;
}
U1: your key is 192 bit isn't it...

My suggestion is to run
openssl enc -aes-256-cbc -in plain.txt -out encrypted.bin
under debugger and see what exactly what it is doing.
openssl.c is the only real tutorial/getting started/reference guide OpenSSL has. All other documentation is just an API reference.
U1: My guess is that you are not setting some other required options, like mode of operation (padding).
U2: this is probably a duplicate of this question:
AES CTR 256 Encryption Mode of operation on OpenSSL
and answers there will likely help.

EVP_DecryptFinal_ex Error on OpenSSL

I am playing around with OpenSSL EVP routines for decryption using AES 128 cbc mode.
I use the test vectors specified at the NIST site to test my program.
The program seems to fail at EVP_DecryptFinal_ex routine.
Can anybody please tell me what is the problem?
Also how do I do the error checking here to find out why this routine fails?
UPDATED:
Please check the code below. I have added the encrypt and decrypt part. Encrypt works. But during the decryption, although the results of both match, the hexvalue of the cipher seems 80 bytes as opposed to the expected 64 bytes(mentioned in NIST) although the decryption works and the decrypted text matches the plaintext!
Can somebody clarify?
The expected ciphertext value should be:
cipher: 0000 76 49 ab ac 81 19 b2 46 ce e9 8e 9b 12 e9 19 7d
0010 50 86 cb 9b 50 72 19 ee 95 db 11 3a 91 76 78 b2
0020 73 be d6 b8 e3 c1 74 3b 71 16 e6 9e 22 22 95 16
0030 3f f1 ca a1 68 1f ac 09 12 0e ca 30 75 86 e1 a7
here is the code:
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/evp.h>
int AES_BLOCK_SIZE;
int main(int argc, char **argv)
{
EVP_CIPHER_CTX en;
EVP_CIPHER_CTX de;
EVP_CIPHER_CTX_init(&en);
EVP_CIPHER_CTX_init(&de);
const EVP_CIPHER *cipher_type;
unsigned char *mode;
unsigned char *passkey, *passiv, *plaintxt;
int vector_len = 0;
char *plain;
char *plaintext;
unsigned char *ciphertext;
int olen, len;
int i =0;
//NIST VALUES TO CHECK
unsigned char iv[] =
{ 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0 };
unsigned char key[] =
{ 0x2b, 0x7e, 0x15, 0x16,
0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88,
0x09, 0xcf, 0x4f, 0x3c , 0 };
unsigned char input[] =
{ 0x6b, 0xc1, 0xbe, 0xe2,
0x2e, 0x40, 0x9f, 0x96,
0xe9, 0x3d, 0x7e, 0x11,
0x73, 0x93, 0x17, 0x2a,
0xae, 0x2d, 0x8a, 0x57,
0x1e, 0x03, 0xac, 0x9c,
0x9e, 0xb7, 0x6f, 0xac,
0x45, 0xaf, 0x8e, 0x51,
0x30, 0xc8, 0x1c, 0x46,
0xa3, 0x5c, 0xe4, 0x11,
0xe5, 0xfb, 0xc1, 0x19,
0x1a, 0x0a, 0x52, 0xef,
0xf6, 0x9f, 0x24, 0x45,
0xdf, 0x4f, 0x9b, 0x17,
0xad, 0x2b, 0x41, 0x7b,
0xe6, 0x6c, 0x37, 0x10, 0 };
printf("AES ALGORITHM FOR 128 bit CBC MODE\n");
cipher_type = EVP_aes_128_cbc();
AES_BLOCK_SIZE = 128;
passkey = key;
passiv = iv;
plain = input;
printf("iv=");
for(i = 0; i < sizeof iv; i++){
printf("%02x", iv[i]);
}
printf("\n");
printf("key=");
for(i = 0; i < sizeof key; i++){
printf("%02x", key[i]);
}
printf("\n");
printf("Initializing AES ALGORITHM FOR CBC MODE..\n");
EVP_EncryptInit_ex(&en, cipher_type, NULL, passkey, passiv);
EVP_DecryptInit_ex(&de, cipher_type, NULL, passkey, passiv);
olen = len = strlen(input)+1;
printf("len value before aes_encrypt \"%d\"\n", len);
int c_len = len + AES_BLOCK_SIZE - 1;
int f_len = 0;
ciphertext = (unsigned char *)malloc(c_len);
if(!EVP_EncryptInit_ex(&en, NULL, NULL, NULL, NULL)){
printf("ERROR in EVP_EncryptInit_ex \n");
return NULL;
}
if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
printf("ERROR in EVP_EncryptUpdate \n");
return NULL;
}
printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
printf("ERROR in EVP_EncryptFinal_ex \n");
return NULL;
}
printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(&en);
len = c_len + f_len;
printf("len value after aes_encrypt \"%d\"\n", len);
len = strlen(ciphertext);
printf("strlen value of ciphertext after aes_encrypt \"%d\"\n", len);
int p_len = len;
f_len = 0;
plaintext = (unsigned char *)malloc(p_len);
//memset(plaintext,0,sizeof(plaintext));
if(!EVP_DecryptInit_ex(&de, NULL, NULL, NULL, NULL)){
printf("ERROR in EVP_DecryptInit_ex \n");
return NULL;
}
EVP_CIPHER_CTX_set_padding(&de, 0);
if(!EVP_DecryptUpdate(&de, plaintext, &p_len, ciphertext, len)){
printf("ERROR in EVP_DecryptUpdate\n");
return NULL;
}
if(!EVP_DecryptFinal_ex(&de, plaintext+p_len, &f_len)){
printf("ERROR in EVP_DecryptFinal_ex\n");
return NULL;
}
EVP_CIPHER_CTX_cleanup(&de);
len = p_len + f_len;
printf("Decrypted value = %s\n", plaintext);
printf("len value after aes_decrypt \"%d\"\n", len);
if (strncmp(plaintext, input, olen))
printf("FAIL: enc/dec failed for \"%s\"\n", input);
else
printf("OK: enc/dec ok for \"%s\"\n", plaintext); // \"%s\"\n
printf("OK: ciphertext is \"%s\"\n", ciphertext); // \"%s\"\n
printf("\n");
unsigned char *s3 = ciphertext;
printf("s3 =\n");
int nc = 0;
while(*s3 != '\0'){
printf("%02x", *s3);
s3++;
nc ++;
if(nc == 16){
printf("\n");
nc = 0;
}
}
printf("\n");
//printf("nc = %d\n", nc);
free(ciphertext);
free(plaintext);
return 0;
}

Just like you need to match the key and IV when you encrypt and decrypt, you also need to match the padding setting. The NIST tests are not padded. Here's an excerpt from the OpenSSL documentation:
EVP_DecryptInit_ex(),
EVP_DecryptUpdate() and
EVP_DecryptFinal_ex() are the
corresponding decryption operations.
EVP_DecryptFinal() will return an
error code if padding is enabled and
the final block is not correctly
formatted. The parameters and
restrictions are identical to the
encryption operations except that if
padding is enabled the decrypted data
buffer out passed to
EVP_DecryptUpdate() should have
sufficient room for (inl +
cipher_block_size) bytes unless the
cipher block size is 1 in which case
inl bytes is sufficient.
Searching that same page for "padding", you'll see the function EVP_CIPHER_CTX_set_padding:
EVP_CIPHER_CTX_set_padding() enables
or disables padding. By default
encryption operations are padded using
standard block padding and the padding
is checked and removed when
decrypting. If the pad parameter is
zero then no padding is performed, the
total amount of data encrypted or
decrypted must then be a multiple of
the block size or an error will occur.
So at some point after you call EVP_CIPHER_CTX_init and before you start decrypting, you need to do this:
EVP_CIPHER_CTX_set_padding(&de, 0);

To show the errors after an OpenSSL function fails, you can use:
ERR_print_errors_fp(stderr);

I had the same problem with EVP_DecryptFinal_ex routine. I've found out that you won't get the lenght of ciphertext by strlen(ciphertext) because the function strlen() returns the length of C string.
Ciphertext after encryption can contain '\0' characters which are considered end of C string, so you won't get the right length of ciphertext with function strlen().
Instead you should remember the length of ciphertext after encrypting. In your program you do it with c_len and f_len:
if(!EVP_EncryptUpdate(&en, ciphertext, &c_len, plain, len)){
printf("ERROR in EVP_EncryptUpdate \n");
return NULL;
}//Here you get length of ciphertext in c_len
printf("strlen value of ciphertext after update \"%d\"\n", strlen(ciphertext));
if(!EVP_EncryptFinal_ex(&en, ciphertext+c_len, &f_len)){
printf("ERROR in EVP_EncryptFinal_ex \n");
return NULL;
}//Here you get the rest of padded ciphertext in f_len
//This printf won't print out the real lengt of ciphertext you should put in (c_len+f_len)
printf("strlen value of ciphertext after final \"%d\"\n", strlen(ciphertext));
EVP_CIPHER_CTX_cleanup(&en);
len = c_len + f_len;//This is the real length of ciphertext
printf("len value after aes_encrypt \"%d\"\n", len);
len = strlen(ciphertext);//And here you rewrite it, delete this line and you should get it right
Another thing, when you what to print out cipher text don't use:
printf("OK: ciphertext is \"%s\"\n", ciphertext);
"%s" is also considered as C string and can print out just part of the whole ciphertext. Use instead:
int i = 0;
printf("\nCiphertext:");
for(i = 0; i < len; i++)//variable len is length of ciphertext memorized after encryption.
{printf("%c",ciphertext[i]);}