From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <nornagon@nornagon.net>
Date: Fri, 18 Jan 2019 14:23:28 -0800
Subject: expose aes-{128,256}-cfb

This exposes AES-CFB ciphers through the EVP APIs. BoringSSL has
implementations for these ciphers, but Node doesn't realise that because
without this patch, they're not listed in the APIs that Node uses.

This should be upstreamed. See e.g.
https://boringssl-review.googlesource.com/c/boringssl/+/33984 for a
similar patch that was merged upstream.

diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.c
index 786a5d5fb13d7ceafc9b7d58c0aaccb88552506d..5ede89f9f0761d1da1baa899e9a02b77ffcffe93 100644
--- a/crypto/cipher_extra/cipher_extra.c
+++ b/crypto/cipher_extra/cipher_extra.c
@@ -105,10 +105,14 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
     return EVP_des_ede3_cbc();
   } else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) {
     return EVP_aes_128_cbc();
+  } else if (OPENSSL_strcasecmp(name, "aes-128-cfb") == 0) {
+    return EVP_aes_128_cfb128();
   } else if (OPENSSL_strcasecmp(name, "aes-192-cbc") == 0) {
     return EVP_aes_192_cbc();
   } else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) {
     return EVP_aes_256_cbc();
+  } else if (OPENSSL_strcasecmp(name, "aes-256-cfb") == 0) {
+    return EVP_aes_256_cfb128();
   } else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) {
     return EVP_aes_128_ctr();
   } else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) {
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.c
index 5a41a7b7dc9afee65d9004c497da735073715bd3..c6c901eaff474eaa3f06128ea825b8203d064a52 100644
--- a/decrepit/evp/evp_do_all.c
+++ b/decrepit/evp/evp_do_all.c
@@ -20,8 +20,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
                                                const char *unused, void *arg),
                               void *arg) {
   callback(EVP_aes_128_cbc(), "AES-128-CBC", NULL, arg);
+  callback(EVP_aes_128_cfb128(), "AES-128-CFB", NULL, arg);
   callback(EVP_aes_192_cbc(), "AES-192-CBC", NULL, arg);
   callback(EVP_aes_256_cbc(), "AES-256-CBC", NULL, arg);
+  callback(EVP_aes_256_cfb128(), "AES-256-CFB", NULL, arg);
   callback(EVP_aes_128_ctr(), "AES-128-CTR", NULL, arg);
   callback(EVP_aes_192_ctr(), "AES-192-CTR", NULL, arg);
   callback(EVP_aes_256_ctr(), "AES-256-CTR", NULL, arg);
@@ -44,8 +46,10 @@ void EVP_CIPHER_do_all_sorted(void (*callback)(const EVP_CIPHER *cipher,
 
   // OpenSSL returns everything twice, the second time in lower case.
   callback(EVP_aes_128_cbc(), "aes-128-cbc", NULL, arg);
+  callback(EVP_aes_128_cfb128(), "aes-128-cfb", NULL, arg);
   callback(EVP_aes_192_cbc(), "aes-192-cbc", NULL, arg);
   callback(EVP_aes_256_cbc(), "aes-256-cbc", NULL, arg);
+  callback(EVP_aes_256_cfb128(), "aes-256-cfb", NULL, arg);
   callback(EVP_aes_128_ctr(), "aes-128-ctr", NULL, arg);
   callback(EVP_aes_192_ctr(), "aes-192-ctr", NULL, arg);
   callback(EVP_aes_256_ctr(), "aes-256-ctr", NULL, arg);
diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
index badd496293fb9748adacff10478ea702d1155c5f..8565934bac9a810281b04946cb9f38d7623320f7 100644
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h
@@ -430,6 +430,7 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_ecb(void);
 
 // EVP_aes_128_cfb128 is only available in decrepit.
 OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_cfb128(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_256_cfb128(void);
 
 // EVP_aes_128_cfb is an alias for |EVP_aes_128_cfb128| and is only available in
 // decrepit.