FIPS counters for AES-CTR.

Change-Id: I0ea4c600741c3604d7b3b6df614b40d8c57116e4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46504
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

crypto/crypto_test.cc

@@ -49,6 +49,14 @@ TEST(CryptoTest, FIPSCountersEVP) {
         EVP_aes_256_gcm,
         fips_counter_evp_aes_256_gcm,
     },
+    {
+        EVP_aes_128_ctr,
+        fips_counter_evp_aes_128_ctr,
+    },
+    {
+        EVP_aes_256_ctr,
+        fips_counter_evp_aes_256_ctr,
+    },
   };
 
   uint8_t key[EVP_MAX_KEY_LENGTH] = {0};

crypto/fipsmodule/cipher/e_aes.c

@@ -141,10 +141,22 @@ typedef struct {
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
                         const uint8_t *iv, int enc) {
-  int ret, mode;
+  int ret;
   EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+  const int mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
+
+  if (mode == EVP_CIPH_CTR_MODE) {
+    switch (ctx->key_len) {
+      case 16:
+        boringssl_fips_inc_counter(fips_counter_evp_aes_128_ctr);
+        break;
+
+      case 32:
+        boringssl_fips_inc_counter(fips_counter_evp_aes_256_ctr);
+        break;
+    }
+  }
 
-  mode = ctx->cipher->flags & EVP_CIPH_MODE_MASK;
   if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) {
     if (hwaes_capable()) {
       ret = aes_hw_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks);

include/openssl/crypto.h

@@ -80,8 +80,10 @@ OPENSSL_EXPORT int FIPS_mode(void);
 enum fips_counter_t {
   fips_counter_evp_aes_128_gcm = 0,
   fips_counter_evp_aes_256_gcm = 1,
+  fips_counter_evp_aes_128_ctr = 2,
+  fips_counter_evp_aes_256_ctr = 3,
 
-  fips_counter_max = 1,
+  fips_counter_max = 3,
 };
 
 // FIPS_read_counter returns a counter of the number of times the specific