Deprecate and replace EVP_CIPHER_CTX_iv()/etc.

The EVP_CIPHER_CTX_iv() family of functions are incompatible with
the libcrypto/provider separation, since the implied API contract
(they are undocumented) involves a pointer into the active cipher
context structure.  However, the active IV data in a provider-side
context need not even be in the same address space as libcrypto,
so a replacement API is needed.

The existing functions for accessing the (even the "original") IV had
remained undocumented for quite some time, presumably due to unease
about exposing the internals of the cipher state in such a manner.

Provide more maintainable new APIs for accessing the initial ("oiv") and
current-state ("iv") IV data, that copy the value into a caller-provided
array, eliminating the need to provide a pointer into the internal
cipher context, which accordingly no longer provides the ability to
write to the internal cipher state.

Unfortunately, in order to maintain API compatibility with OpenSSL
1.1.1, the old functionality is still available, but is marked as
deprecated for future removal.  This would entail removing the "octet
pointer" parameter access, leaving only the "octet string" parameter
type.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from #12233)

crypto/evp/evp_lib.c

@@ -436,6 +436,7 @@ int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
     return ret == 1 ? (int)v : 0;
 }
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
 {
     int ok;
@@ -480,6 +481,25 @@ unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
 
     return ok != 0 ? v : NULL;
 }
+#endif /* OPENSSL_NO_DEPRECATED_3_0_0 */
+
+int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
+{
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] =
+        OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV_STATE, buf, len);
+    return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+}
+
+int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
+{
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] =
+        OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len);
+    return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+}
 
 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
 {

include/openssl/evp.h

@@ -545,9 +545,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
-const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
-const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
-unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+DEPRECATEDIN_3_0(const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx))
+DEPRECATEDIN_3_0(const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx))
+DEPRECATEDIN_3_0(unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx))
+int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
+int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);

util/libcrypto.num

@@ -2004,7 +2004,7 @@ PEM_read_bio_RSA_PUBKEY                 2050	3_0_0	EXIST::FUNCTION:RSA
 OCSP_SINGLERESP_new                     2051	3_0_0	EXIST::FUNCTION:OCSP
 ASN1_SCTX_free                          2052	3_0_0	EXIST::FUNCTION:
 i2d_ECPrivateKey_fp                     2053	3_0_0	EXIST::FUNCTION:EC,STDIO
-EVP_CIPHER_CTX_original_iv              2054	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_original_iv              2054	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 PKCS7_SIGNED_free                       2055	3_0_0	EXIST::FUNCTION:
 X509_TRUST_get0_name                    2056	3_0_0	EXIST::FUNCTION:
 ENGINE_get_load_pubkey_function         2057	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -2046,7 +2046,7 @@ CMS_SignerInfo_cert_cmp                 2092	3_0_0	EXIST::FUNCTION:CMS
 PEM_read                                2093	3_0_0	EXIST::FUNCTION:STDIO
 X509_STORE_set_depth                    2094	3_0_0	EXIST::FUNCTION:
 EC_KEY_METHOD_get_sign                  2095	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-EVP_CIPHER_CTX_iv                       2096	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv                       2096	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 i2d_ESS_SIGNING_CERT                    2097	3_0_0	EXIST::FUNCTION:
 TS_RESP_set_tst_info                    2098	3_0_0	EXIST::FUNCTION:TS
 EVP_PKEY_CTX_set_data                   2099	3_0_0	EXIST::FUNCTION:
@@ -2840,7 +2840,7 @@ EVP_PKEY_encrypt_init                   2901	3_0_0	EXIST::FUNCTION:
 i2d_RSAPrivateKey_fp                    2902	3_0_0	EXIST::FUNCTION:RSA,STDIO
 X509_REQ_print                          2903	3_0_0	EXIST::FUNCTION:
 RSA_size                                2904	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-EVP_CIPHER_CTX_iv_noconst               2905	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv_noconst               2905	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 DH_set_default_method                   2906	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 X509_ALGOR_new                          2907	3_0_0	EXIST::FUNCTION:
 EVP_aes_192_ofb                         2908	3_0_0	EXIST::FUNCTION:
@@ -5250,3 +5250,5 @@ EVP_PKEY_CTX_set_dh_kdf_outlen          ?	3_0_0	EXIST::FUNCTION:DH
 EVP_PKEY_CTX_get_dh_kdf_outlen          ?	3_0_0	EXIST::FUNCTION:DH
 EVP_PKEY_CTX_set0_dh_kdf_ukm            ?	3_0_0	EXIST::FUNCTION:DH
 EVP_PKEY_CTX_get0_dh_kdf_ukm            ?	3_0_0	EXIST::FUNCTION:DH
+EVP_CIPHER_CTX_get_iv_state             ?	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_iv                   ?	3_0_0	EXIST::FUNCTION: