openssl-3 API clash with libressl: EVP_CIPHER_CTX_get_iv()

[marckleinebudde]

During the development of openssl-3 in #12233 the functions EVP_CIPHER_CTX_get_iv_state() and EVP_CIPHER_CTX_get_iv() were introduced.

However, in libressl for almost two years, a function with the same name EVP_CIPHER_CTX_get_iv() already exists (libressl/openbsd@db321d7792). This function is used in openssh since commit openssh/openssh-portable@482d23b.

This breaks openssh, when compiling with openssl-3. I've raised this issue on the openssh ML (https://lists.mindrot.org/pipermail/openssh-unix-dev/2020-December/039003.html) and @daztucker asked to rename the functions:

Maybe OpenSSL could change it before 3.0 instead of shipping an incompatible API? EVP_CIPHER_CTX_get_original_iv would be consistent with the function they deprecated. ie:

EVP_CIPHER_CTX_get_iv -> EVP_CIPHER_CTX_get_original_iv
EVP_CIPHER_CTX_get_iv_state -> EVP_CIPHER_CTX_get_iv

[kroeckx]

This is a duplicate of #13411

[paulidale]

We will address the names of these APIs because the current names are confusing.

[paulidale]

Confirming that this is a duplicate of #13411. Closing this one.

[kaduk]

EVP_CIPHER_CTX_get_original_iv would be consistent with the function they deprecated

Just to note it here: the whole point of picking a new name was to not be consistent with the function that was deprecated, since we concluded (at least at the time) that it was a bad name.