AES-CTR mode should enforce that IV matches block size

[apoelstra]

In https://github.com/DaGenix/rust-crypto/blob/master/src/blockmodes.rs#L684 it is possible to create a CTR-mode BlockEncryptor whose IV is larger than the 16-byte AES block size. This is a simple programming error but is extremely dangerous, because process will use the leftmost 16 bytes while add_ctr updates the IV starting from the right.

The result is that if, say, a 17 byte IV is provided by accident, the same ctr will be used 256 times in a row, effectively reducing AES-CTR to AES-ECB for 256 blocks.

An assert_eq!(ctr.len(), block_size); should be added in CtrMode::new to prevent this footgun.