aes: Avoid unwanted overflow check when using u32::MAX as the counter.

The problem occurs:
* release mode with `RUSTFLAGS="-C overflow-checks"`
* release mode with `overflow-checks = true` in the Cargo.toml profile.
* debug mode.

Thanks to Mike (GitHub user MikeRomaniuk).

Author: briansmith

src/aead/aes.rs

@@ -154,7 +154,7 @@ impl Counter {
     pub(super) fn increment_by_less_safe(&mut self, increment_by: NonZeroU32) {
         let [.., c0, c1, c2, c3] = &mut self.0;
         let old_value: u32 = u32::from_be_bytes([*c0, *c1, *c2, *c3]);
-        let new_value = old_value + increment_by.get();
+        let new_value = old_value.wrapping_add(increment_by.get());
         [*c0, *c1, *c2, *c3] = u32::to_be_bytes(new_value);
     }
 }

tests/quic_aes_128_tests.txt

@@ -1,3 +1,11 @@
 KEY = e8904ecc2e37a6e4cc02271e319c804b
 SAMPLE = 13484ec85dc4d36349697c7d4ea1a159
 MASK = 67387ebf3a
+
+KEY = e8904ecc2e37a6e4cc02271e319c804b
+SAMPLE = 00000000000000000000000fffffffff
+MASK = feb191f8af
+
+KEY = e8904ecc2e37a6e4cc02271e319c804b
+SAMPLE = 000000000000000fffffffffffffffff
+MASK = 6f23441ee8

tests/quic_aes_256_tests.txt

@@ -1,3 +1,11 @@
 KEY = 85af7213814aec7b92ace6284a906643912ec8853d00d158a927b8697c7ff585
 SAMPLE = 82a0db90f4cee12fa4afeddb74396cf6
 MASK = 670897adf5
+
+KEY = 85af7213814aec7b92ace6284a906643912ec8853d00d158a927b8697c7ff585
+SAMPLE = 000000000000000000000000ffffffff
+MASK = b77a18bb3f
+
+KEY = 85af7213814aec7b92ace6284a906643912ec8853d00d158a927b8697c7ff585
+SAMPLE = 000000000000000fffffffffffffffff
+MASK = 4aadd3cbef