[openssl-gost] [gost-engine/engine] cf402d: gost_crypt: process full available block in CFB an...

["Alexei A. Smekalkine" <noreply@github.com>]

  Branch: refs/heads/openssl_1_1_0
  Home:   https://github.com/gost-engine/engine
  Commit: cf402dd4d89271d5b1ca4ea938ce7a2f13a44d58
      https://github.com/gost-engine/engine/commit/cf402dd4d89271d5b1ca4ea938ce7a2f13a44d58
  Author: Alexei A. Smekalkine <ikle@ikle.ru>
  Date:   2020-12-06 (Sun, 06 Dec 2020)

  Changed paths:
    M gost_crypt.c

  Log Message:
  -----------
  gost_crypt: process full available block in CFB and CNT mode

If at the input of the encryption function in the CFB mode we have
an integer number of blocks, then in the main loop all blocks will be
processed, except for the last one due to an incorrect border check.
The last block will be fully processed as a "partial" remainder, but
the initialization vector will not be updated. And, thus, the value
of IV will always be incorrect in this case.

This breaks stateless protocols due to an invalid initialization vector:
all messages except the first cannot be decrypted. (Naturally, we are
talking about a case with disabled key meshing, which does not allow
context recovery due to an erroneous implementation.)

It is worth noting here that the code for processing partial blocks
(both at the input of the encryption functions and at the output) is
a historically unnecessary artifact, since we do not set the
EVP_CIPH_FLAG_CUSTOM_CIPHER flag and, as a result, OpenSSL processes
partial blocks for us.

This patch corrects the checking of the main loop boundary.

A similar error is present in the code for the CNT mode, but there it
does not manifest itself in any way, because the restoration of the
state in this mode is impossible: even after disabling key meshing, we
still have the state-dependent transformation of the IV.

As an extra result of this fix, the code for processing partial blocks
can be completely removed now.