The branch master has been updated
       via  520150151bc5993194ba34464220454d8135099d (commit)
       via  bdc0df8ab5f3096aafd54d170c85887366920c4b (commit)
       via  f43c947dd924cfb1f69c800648f80881bb542027 (commit)
       via  2f5c405a1694220cca7be8cd96958c1c1245f0ed (commit)
       via  d91f902d73689c8a8c1bf684ff9d244197f8c7b3 (commit)
       via  acb30f4b593bbd1bdaa6495d0f641da7ef702b95 (commit)
       via  1453d736b5bb8abaa18482652828096b44c4bf3a (commit)
       via  c4d21d2f71363e9f6d4a0e377789555e655d96f4 (commit)
       via  36025d3b8716f6f8cadc983295398ccdd734a17b (commit)
       via  2c533a71c63ef223615fe4f6a0a89ffaffbd739a (commit)
       via  ddce5c29f535ce5f61013563732f80647d2c6977 (commit)
       via  d3308027e9bda451e43b52c36064fd70337e02a8 (commit)
       via  18a49e168f8b6917e2b013897392cf357bb15ded (commit)
       via  9197c226ea0b1c231a4141dcac055daddcb11466 (commit)
       via  37322687b0fb4c5c0bb637acd3e9785ffc71fa35 (commit)
       via  c76ffc78a513660b5f62bc32a64f44c62edede74 (commit)
       via  ef58f9af93cdd75b9798cdb177319995dc7a7d50 (commit)
       via  440b852a0f79ac4a7e101606a7c32d212e06d203 (commit)
       via  79f4417ed940793fe7d48d613c9b903d00630b69 (commit)
       via  8489026850b38447d8e3e68c4d4260585b7e8e3a (commit)
      from  31d2daecb384475da13c4bf7c76a2dde0077b2f2 (commit)


- Log -----------------------------------------------------------------
commit 520150151bc5993194ba34464220454d8135099d
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Tue Jul 21 16:23:19 2020 -0700

    Expose S390x HW ciphers' IV state to provider layer
    
    The S390x hardware-accelerated cipher implementations keep their IV
    state in an internal structure tied to the underlying implementation.
    However, the provider itself needs to be able to expose the IV state
    to libcrypto when processing the "iv-state" parameter.  In the absence
    of a S390x hardware-specific get_ctx_params() implementation,  be sure
    to copy the IV state from the hw-specific structure back to the
    generic PROV_CIPHER_CTX object after each cipher operation in order to
    synchronize the internal and fetchable state.
    
    [extended tests]
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit bdc0df8ab5f3096aafd54d170c85887366920c4b
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 9 14:29:33 2020 -0700

    Avoid deprecated API in evp_test.c
    
    Use EVP_CIPHER_CTX_get_iv_state() in cipher_test_enc() rather than
    the deprecated EVP_CIPHER_CTX_iv().
    
    [extended tests]
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit f43c947dd924cfb1f69c800648f80881bb542027
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 16:27:03 2020 -0700

    Avoid deprecated function in evp_lib.c
    
    Use EVP_CIPHER_CTX_get_iv() to implement EVP_CIPHER_set_asn1_iv(),
    rather than the deprecated EVP_CIPHER_CTX_original_iv().
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 2f5c405a1694220cca7be8cd96958c1c1245f0ed
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in EVP BLOCK_* macros
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in evp.h.
    
    These macros are internal-only, used to implement legacy libcrypto
    EVP ciphers, with no real provider involvement.  Accordingly, just use the
    EVP_CIPHER_CTX storage directly and don't try to reach into a provider-side
    context.
    
    This does necessitate including evp_local.h in several more files.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit d91f902d73689c8a8c1bf684ff9d244197f8c7b3
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_rc2.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_rc2.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit acb30f4b593bbd1bdaa6495d0f641da7ef702b95
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_xcbc_d.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_xcbc_d.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 1453d736b5bb8abaa18482652828096b44c4bf3a
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_sm4.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_sm4.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit c4d21d2f71363e9f6d4a0e377789555e655d96f4
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_des3.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_des3.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 36025d3b8716f6f8cadc983295398ccdd734a17b
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_des.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_des.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 2c533a71c63ef223615fe4f6a0a89ffaffbd739a
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_camellia.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_camellia.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit ddce5c29f535ce5f61013563732f80647d2c6977
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_aria.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_aria.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit d3308027e9bda451e43b52c36064fd70337e02a8
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_aes_ebc_hmac_sha256.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_aes_cbc_hmac_sha256.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 18a49e168f8b6917e2b013897392cf357bb15ded
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_aes_ebc_hmac_sha1.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_aes_cbc_hmac_sha1.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 9197c226ea0b1c231a4141dcac055daddcb11466
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 14:12:33 2020 -0700

    Use local IV storage in e_aes.c
    
    Inline the pre-13273237a65d46186b6bea0b51aec90670d4598a versions
    of EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
    EVP_CIPHER_CTX_iv_noconst() in e_aes.c.
    
    For the legacy implementations, there's no need to use an
    in-provider storage for the IV, when the crypto operations
    themselves will be performed outside of the provider.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 37322687b0fb4c5c0bb637acd3e9785ffc71fa35
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Thu Jul 2 13:03:58 2020 -0700

    Retire EVP_CTRL_GET_IV
    
    It is superseded by EVP_CIPHER_CTX_get_iv(), is only present on master,
    and had only a couple of in-tree callers that are easy to convert.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit c76ffc78a513660b5f62bc32a64f44c62edede74
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Mon Jun 22 11:37:31 2020 -0700

    Document EVP_CIPHER_CTX IV accessors
    
    Including the ones that were added in commit
    83b06347023a573433b6aa23c8042f89df869f9e with a note that they "may go
    away" and are now deprecated.
    
    Remove the missingcrypto.txt entries for the now-deprecated functions.
    
    [extended tests]
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit ef58f9af93cdd75b9798cdb177319995dc7a7d50
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Fri Jun 19 22:31:41 2020 -0700

    Make GCM providers more generous about fetching IVs
    
    The current check for iv_gen and iv_gen_rand only lets you fetch
    the IV for the case when it was set internally.  It might also make
    sense to fetch the IV if one was set at cipher-context creation time,
    so switch to checking the iv_state, which should be enough to ensure
    that there is valid data in the context to be copied out.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 440b852a0f79ac4a7e101606a7c32d212e06d203
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Fri Jun 19 20:42:29 2020 -0700

    Add tests for new EVP_CIPHER_CTX IV accessors
    
    Test that EVP_CIPHER_CTX_get_iv() returns the same IV that was
    given at initialization time, and that EVP_CIPHER_CTX_get_iv_state()
    returns the expected value after performing an encryption operation
    (which will differ from the previous value for CBC and OFB modes),
    for various modes of AES.
    
    Do this both for the implicit fetch and explicit fetch paths,
    at the cost of a slightly more complicated switch statement.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 79f4417ed940793fe7d48d613c9b903d00630b69
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Fri Jun 19 18:43:58 2020 -0700

    Deprecate and replace EVP_CIPHER_CTX_iv()/etc.
    
    The EVP_CIPHER_CTX_iv() family of functions are incompatible with
    the libcrypto/provider separation, since the implied API contract
    (they are undocumented) involves a pointer into the active cipher
    context structure.  However, the active IV data in a provider-side
    context need not even be in the same address space as libcrypto,
    so a replacement API is needed.
    
    The existing functions for accessing the (even the "original") IV had
    remained undocumented for quite some time, presumably due to unease
    about exposing the internals of the cipher state in such a manner.
    
    Provide more maintainable new APIs for accessing the initial ("oiv") and
    current-state ("iv") IV data, that copy the value into a caller-provided
    array, eliminating the need to provide a pointer into the internal
    cipher context, which accordingly no longer provides the ability to
    write to the internal cipher state.
    
    Unfortunately, in order to maintain API compatibility with OpenSSL
    1.1.1, the old functionality is still available, but is marked as
    deprecated for future removal.  This would entail removing the "octet
    pointer" parameter access, leaving only the "octet string" parameter
    type.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

commit 8489026850b38447d8e3e68c4d4260585b7e8e3a
Author: Benjamin Kaduk <bka...@akamai.com>
Date:   Fri Jun 19 13:50:22 2020 -0700

    Support cipher provider "iv state"
    
    Some modes (e.g., CBC and OFB) update the effective IV with each
    block-cipher invocation, making the "IV" stored in the (historically)
    EVP_CIPHER_CTX or (current) PROV_CIPHER_CTX distinct from the initial
    IV passed in at cipher initialization time.  The latter is stored in
    the "oiv" (original IV) field, and has historically been accessible
    via the EVP_CIPHER_CTX_original_iv() API.  The "effective IV" has
    also historically been accessible, via both EVP_CIPHER_CTX_iv()
    and EVP_CIPHER_CTX_iv_noconst(), the latter of which allows for
    *write* access to the internal cipher state.  This is particularly
    problematic given that provider-internal cipher state need not, in
    general, even be accessible from the same address space as libcrypto,
    so these APIs are not sustainable in the long term.  However, it still
    remains necessary to provide access to the contents of the "IV state"
    (e.g., when serializing cipher state for in-kernel TLS); a subsequent
    reinitialization of a cipher context using the "IV state" as the
    input IV will be able to resume processing of data in a compatible
    manner.
    
    This problem was introduced in commit
    089cb623be76b88a1eea6fcd135101037661bbc3, which effectively caused
    all IV queries to return the "original IV", removing access to the
    current IV state of the cipher.
    
    These functions for accessing the (even the "original") IV had remained
    undocumented for quite some time, presumably due to unease about
    exposing the internals of the cipher state in such a manner.
    
    Note that this also as a side effect "fixes" some "bugs" where things
    had been referring to the 'iv' field that should have been using the
    'oiv' field.  It also fixes the EVP_CTRL_GET_IV cipher control,
    which was clearly intended to expose the non-original IV, for
    use exporting the cipher state into the kernel for kTLS.
    
    Reviewed-by: Tomas Mraz <tm...@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/12233)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/e_aes.c                                 | 114 +++++++++------------
 crypto/evp/e_aes_cbc_hmac_sha1.c                   |  14 +--
 crypto/evp/e_aes_cbc_hmac_sha256.c                 |  10 +-
 crypto/evp/e_aria.c                                |  27 +++--
 crypto/evp/e_bf.c                                  |   1 +
 crypto/evp/e_camellia.c                            |  35 +++----
 crypto/evp/e_cast.c                                |   1 +
 crypto/evp/e_des.c                                 |  22 ++--
 crypto/evp/e_des3.c                                |  37 +++----
 crypto/evp/e_idea.c                                |   1 +
 crypto/evp/e_rc2.c                                 |   5 +-
 crypto/evp/e_seed.c                                |   1 +
 crypto/evp/e_sm4.c                                 |   4 +-
 crypto/evp/e_xcbc_d.c                              |   5 +-
 crypto/evp/evp_enc.c                               |   5 -
 crypto/evp/evp_lib.c                               |  29 +++++-
 doc/man3/EVP_CIPHER_CTX_get_iv.pod                 |  66 ++++++++++++
 doc/man7/provider-cipher.pod                       |   9 +-
 include/crypto/evp.h                               |  10 +-
 include/internal/ktls.h                            |   7 +-
 include/openssl/core_names.h                       |   1 +
 include/openssl/evp.h                              |  11 +-
 .../ciphers/cipher_aes_cbc_hmac_sha.c              |   7 ++
 .../ciphers/cipher_aes_hw_s390x.inc                |   3 +
 providers/implementations/ciphers/cipher_aes_ocb.c |  13 +++
 providers/implementations/ciphers/ciphercommon.c   |   8 ++
 .../implementations/ciphers/ciphercommon_ccm.c     |  13 +++
 .../implementations/ciphers/ciphercommon_gcm.c     |  17 ++-
 .../implementations/include/prov/ciphercommon.h    |   3 +-
 test/aesgcmtest.c                                  |   2 +-
 test/evp_extra_test.c                              | 113 ++++++++++++++++++++
 test/evp_test.c                                    |  16 +--
 util/libcrypto.num                                 |   8 +-
 util/missingcrypto.txt                             |   3 -
 34 files changed, 428 insertions(+), 193 deletions(-)
 create mode 100644 doc/man3/EVP_CIPHER_CTX_get_iv.pod

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index c037090695..08abd5fb09 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -179,8 +179,7 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
                             const unsigned char *in, size_t len)
 {
     aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
-                      EVP_CIPHER_CTX_iv_noconst(ctx),
-                      EVP_CIPHER_CTX_encrypting(ctx));
+                      ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));
 
     return 1;
 }
@@ -300,7 +299,7 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
 
     if (iv) {
         xctx->xts.key2 = &xctx->ks2;
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+        memcpy(ctx->iv, iv, 16);
     }
 
     return 1;
@@ -326,7 +325,7 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
         cctx->key_set = 1;
     }
     if (iv) {
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        memcpy(ctx->iv, iv, 15 - cctx->L);
         cctx->iv_set = 1;
     }
     return 1;
@@ -651,7 +650,7 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
 
     if (iv) {
         xctx->xts.key2 = &xctx->ks2;
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+        memcpy(ctx->iv, iv, 16);
     }
 
     return 1;
@@ -676,7 +675,7 @@ static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
         cctx->key_set = 1;
     }
     if (iv) {
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        memcpy(ctx->iv, iv, 15 - cctx->L);
         cctx->iv_set = 1;
     }
     return 1;
@@ -986,7 +985,7 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
                                   const unsigned char *ivec, int enc)
 {
     S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
-    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const unsigned char *iv = ctx->oiv;
     const int keylen = EVP_CIPHER_CTX_key_length(ctx);
     const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
 
@@ -1041,7 +1040,7 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
                                   const unsigned char *ivec, int enc)
 {
     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
-    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const unsigned char *iv = ctx->oiv;
     const int keylen = EVP_CIPHER_CTX_key_length(ctx);
     const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
 
@@ -1107,7 +1106,7 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
                                    const unsigned char *ivec, int enc)
 {
     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
-    const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+    const unsigned char *iv = ctx->oiv;
     const int keylen = EVP_CIPHER_CTX_key_length(ctx);
     const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
 
@@ -1333,17 +1332,16 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int 
type, int arg, void *ptr)
     S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
     S390X_AES_GCM_CTX *gctx_out;
     EVP_CIPHER_CTX *out;
-    unsigned char *buf, *iv;
+    unsigned char *buf;
     int ivlen, enc, len;
 
     switch (type) {
     case EVP_CTRL_INIT:
         ivlen = EVP_CIPHER_iv_length(c->cipher);
-        iv = EVP_CIPHER_CTX_iv_noconst(c);
         gctx->key_set = 0;
         gctx->iv_set = 0;
         gctx->ivlen = ivlen;
-        gctx->iv = iv;
+        gctx->iv = c->iv;
         gctx->taglen = -1;
         gctx->iv_gen = 0;
         gctx->tls_aad_len = -1;
@@ -1358,12 +1356,11 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int 
type, int arg, void *ptr)
             return 0;
 
         if (arg != 12) {
-            iv = EVP_CIPHER_CTX_iv_noconst(c);
             len = S390X_gcm_ivpadlen(arg);
 
             /* Allocate memory for iv if needed. */
             if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {
-                if (gctx->iv != iv)
+                if (gctx->iv != c->iv)
                     OPENSSL_free(gctx->iv);
 
                 if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {
@@ -1479,10 +1476,9 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int 
type, int arg, void *ptr)
     case EVP_CTRL_COPY:
         out = ptr;
         gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out);
-        iv = EVP_CIPHER_CTX_iv_noconst(c);
 
-        if (gctx->iv == iv) {
-            gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+        if (gctx->iv == c->iv) {
+            gctx_out->iv = out->iv;
         } else {
             len = S390X_gcm_ivpadlen(gctx->ivlen);
 
@@ -1657,13 +1653,11 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
     S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
-    const unsigned char *iv;
 
     if (gctx == NULL)
         return 0;
 
-    iv = EVP_CIPHER_CTX_iv(c);
-    if (iv != gctx->iv)
+    if (gctx->iv != c->iv)
         OPENSSL_free(gctx->iv);
 
     OPENSSL_cleanse(gctx, sizeof(*gctx));
@@ -1862,7 +1856,7 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
                                     const unsigned char *in, size_t len)
 {
     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
-    unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+    unsigned char *ivec = ctx->iv;
     unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
     const int enc = EVP_CIPHER_CTX_encrypting(ctx);
 
@@ -1916,7 +1910,6 @@ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
                                   const unsigned char *iv, int enc)
 {
     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
-    unsigned char *ivec;
     int keylen;
 
     if (iv == NULL && key == NULL)
@@ -1938,8 +1931,7 @@ static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
     }
 
     if (iv != NULL) {
-        ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
-        memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
+        memcpy(ctx->iv, iv, 15 - cctx->aes.ccm.l);
 
         cctx->aes.ccm.iv_set = 1;
     }
@@ -1959,7 +1951,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
     const int enc = EVP_CIPHER_CTX_encrypting(ctx);
     int rv;
-    unsigned char *buf, *ivec;
+    unsigned char *buf;
 
     if (!cctx->aes.ccm.key_set)
         return -1;
@@ -1981,8 +1973,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     if (out == NULL) {
         /* Update(): Pass message length. */
         if (in == NULL) {
-            ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
-            s390x_aes_ccm_setiv(cctx, ivec, len);
+            s390x_aes_ccm_setiv(cctx, ctx->iv, len);
 
             cctx->aes.ccm.len_set = 1;
             return len;
@@ -2007,8 +1998,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
          * In case message length was not previously set explicitly via
          * Update(), set it now.
          */
-        ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
-        s390x_aes_ccm_setiv(cctx, ivec, len);
+        s390x_aes_ccm_setiv(cctx, ctx->iv, len);
 
         cctx->aes.ccm.len_set = 1;
     }
@@ -2047,7 +2037,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c);
-    unsigned char *buf, *iv;
+    unsigned char *buf;
     int enc, len;
 
     switch (type) {
@@ -2101,8 +2091,7 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int 
type, int arg, void *ptr)
             return 0;
 
         /* Copy to first part of the iv. */
-        iv = EVP_CIPHER_CTX_iv_noconst(c);
-        memcpy(iv, ptr, arg);
+        memcpy(c->iv, ptr, arg);
         return 1;
 
     case EVP_CTRL_AEAD_SET_IVLEN:
@@ -2404,15 +2393,14 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
     if (dat->stream.cbc)
-        (*dat->stream.cbc) (in, out, len, &dat->ks,
-                            EVP_CIPHER_CTX_iv_noconst(ctx),
+        (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv,
                             EVP_CIPHER_CTX_encrypting(ctx));
     else if (EVP_CIPHER_CTX_encrypting(ctx))
-        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
-                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
+                              dat->block);
     else
         CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
-                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+                              ctx->iv, dat->block);
 
     return 1;
 }
@@ -2440,7 +2428,7 @@ static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 
     int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
-                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+                          ctx->iv, &num, dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -2452,7 +2440,7 @@ static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 
     int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
-                          EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          ctx->iv, &num,
                           EVP_CIPHER_CTX_encrypting(ctx), dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
@@ -2465,7 +2453,7 @@ static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 
     int num = EVP_CIPHER_CTX_num(ctx);
     CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
-                            EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                            ctx->iv, &num,
                             EVP_CIPHER_CTX_encrypting(ctx), dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
@@ -2479,7 +2467,7 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
         int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
-                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                ctx->iv, &num,
                                 EVP_CIPHER_CTX_encrypting(ctx), dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
         return 1;
@@ -2488,7 +2476,7 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     while (len >= MAXBITCHUNK) {
         int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
-                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                ctx->iv, &num,
                                 EVP_CIPHER_CTX_encrypting(ctx), dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
         len -= MAXBITCHUNK;
@@ -2498,7 +2486,7 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     if (len) {
         int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
-                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                ctx->iv, &num,
                                 EVP_CIPHER_CTX_encrypting(ctx), dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
@@ -2514,12 +2502,12 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 
     if (dat->stream.ctr)
         CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
-                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    ctx->iv,
                                     EVP_CIPHER_CTX_buf_noconst(ctx),
                                     &num, dat->stream.ctr);
     else
         CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
-                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              ctx->iv,
                               EVP_CIPHER_CTX_buf_noconst(ctx), &num,
                               dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
@@ -2536,7 +2524,7 @@ static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
     if (gctx == NULL)
         return 0;
     OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
-    if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+    if (gctx->iv != c->iv)
         OPENSSL_free(gctx->iv);
     return 1;
 }
@@ -2588,14 +2576,6 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int 
arg, void *ptr)
         memcpy(ptr, c->buf, arg);
         return 1;
 
-    case EVP_CTRL_GET_IV:
-        if (gctx->iv_gen != 1 && gctx->iv_gen_rand != 1)
-            return 0;
-        if (gctx->ivlen != arg)
-            return 0;
-        memcpy(ptr, gctx->iv, arg);
-        return 1;
-
     case EVP_CTRL_GCM_SET_IV_FIXED:
         /* Special case: -1 length restores whole IV */
         if (arg == -1) {
@@ -3213,7 +3193,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
 
     if (iv) {
         xctx->xts.key2 = &xctx->ks2;
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+        memcpy(ctx->iv, iv, 16);
     }
 
     return 1;
@@ -3245,9 +3225,8 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     if (xctx->stream)
         (*xctx->stream) (in, out, len,
                          xctx->xts.key1, xctx->xts.key2,
-                         EVP_CIPHER_CTX_iv_noconst(ctx));
-    else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx),
-                                   in, out, len,
+                         ctx->iv);
+    else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
                                    EVP_CIPHER_CTX_encrypting(ctx)))
         return 0;
     return 1;
@@ -3311,7 +3290,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int 
arg, void *ptr)
         if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
             return 0;
         /* Just copy to first part of IV */
-        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        memcpy(c->iv, ptr, arg);
         return 1;
 
     case EVP_CTRL_AEAD_SET_IVLEN:
@@ -3402,7 +3381,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
             cctx->key_set = 1;
         } while (0);
     if (iv) {
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        memcpy(ctx->iv, iv, 15 - cctx->L);
         cctx->iv_set = 1;
     }
     return 1;
@@ -3421,11 +3400,11 @@ static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
         memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
                EVP_CCM_TLS_EXPLICIT_IV_LEN);
     /* Get rest of IV from explicit IV */
-    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+    memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in,
            EVP_CCM_TLS_EXPLICIT_IV_LEN);
     /* Correct length value */
     len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
-    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+    if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
                             len))
             return -1;
     /* Use saved AAD */
@@ -3477,7 +3456,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 
     if (!out) {
         if (!in) {
-            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+            if (CRYPTO_ccm128_setiv(ccm, ctx->iv,
                                     15 - cctx->L, len))
                 return -1;
             cctx->len_set = 1;
@@ -3496,8 +3475,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 
     /* If not set length yet do it */
     if (!cctx->len_set) {
-        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
-                                15 - cctx->L, len))
+        if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
             return -1;
         cctx->len_set = 1;
     }
@@ -3564,8 +3542,8 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
             wctx->iv = NULL;
     }
     if (iv) {
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 
EVP_CIPHER_CTX_iv_length(ctx));
-        wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+        memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+        wctx->iv = ctx->iv;
     }
     return 1;
 }
@@ -3729,7 +3707,7 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int 
arg, void *ptr)
         octx->key_set = 0;
         octx->iv_set = 0;
         octx->ivlen = EVP_CIPHER_iv_length(c->cipher);
-        octx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        octx->iv = c->iv;
         octx->taglen = 16;
         octx->data_buf_len = 0;
         octx->aad_buf_len = 0;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index aa3b9d354e..f787d014d2 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -26,6 +26,7 @@
 #include "crypto/modes.h"
 #include "crypto/evp.h"
 #include "internal/constant_time.h"
+#include "evp_local.h"
 
 typedef struct {
     AES_KEY ks;
@@ -438,8 +439,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
             && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
             SHA1_Update(&key->md, in + iv, sha_off);
 
-            aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
-                               EVP_CIPHER_CTX_iv_noconst(ctx),
+            aesni_cbc_sha1_enc(in, out, blocks, &key->ks, ctx->iv,
                                &key->md, in + iv + sha_off);
             blocks *= SHA_CBLOCK;
             aes_off += blocks;
@@ -471,10 +471,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX 
*ctx, unsigned char *out,
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+                              &key->ks, ctx->iv, 1);
         } else {
             aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+                              &key->ks, ctx->iv, 1);
         }
     } else {
         union {
@@ -504,7 +504,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
                     return 0;
 
                 /* omit explicit iv */
-                memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE);
+                memcpy(ctx->iv, in, AES_BLOCK_SIZE);
 
                 in += AES_BLOCK_SIZE;
                 out += AES_BLOCK_SIZE;
@@ -525,7 +525,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 # endif
                 /* decrypt HMAC|padding at once */
                 aesni_cbc_encrypt(in, out, len, &key->ks,
-                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+                                  ctx->iv, 0);
 
             /* figure out payload length */
             pad = out[len - 1];
@@ -761,7 +761,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 # endif
                 /* decrypt HMAC|padding at once */
                 aesni_cbc_encrypt(in, out, len, &key->ks,
-                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+                                  ctx->iv, 0);
 
             SHA1_Update(&key->md, out, len);
         }
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c 
b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 72508c9851..6227002395 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -26,6 +26,7 @@
 #include "crypto/modes.h"
 #include "internal/constant_time.h"
 #include "crypto/evp.h"
+#include "evp_local.h"
 
 typedef struct {
     AES_KEY ks;
@@ -468,8 +469,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
             SHA256_Update(&key->md, in + iv, sha_off);
 
             (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,
-                                       EVP_CIPHER_CTX_iv_noconst(ctx),
-                                       &key->md, in + iv + sha_off);
+                                       ctx->iv, &key->md, in + iv + sha_off);
             blocks *= SHA256_CBLOCK;
             aes_off += blocks;
             sha_off += blocks;
@@ -500,10 +500,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX 
*ctx,
                 out[plen] = l;
             /* encrypt HMAC|padding at once */
             aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+                              &key->ks, ctx->iv, 1);
         } else {
             aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
-                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+                              &key->ks, ctx->iv, 1);
         }
     } else {
         union {
@@ -516,7 +516,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
 
         /* decrypt HMAC|padding at once */
         aesni_cbc_encrypt(in, out, len, &key->ks,
-                          EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+                          ctx->iv, 0);
 
         if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
             size_t inp_len, mask, j, i;
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index ba654f6b94..438693265d 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -173,8 +173,7 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     unsigned int num = EVP_CIPHER_CTX_num(ctx);
     EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx);
 
-    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
-                          EVP_CIPHER_CTX_iv_noconst(ctx),
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
                           EVP_CIPHER_CTX_buf_noconst(ctx), &num,
                           (block128_f) aria_encrypt);
     EVP_CIPHER_CTX_set_num(ctx, num);
@@ -252,7 +251,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int 
arg, void *ptr)
         gctx->key_set = 0;
         gctx->iv_set = 0;
         gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);
-        gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->iv = c->iv;
         gctx->taglen = -1;
         gctx->iv_gen = 0;
         gctx->tls_aad_len = -1;
@@ -267,7 +266,7 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int 
arg, void *ptr)
             return 0;
         /* Allocate memory for IV if needed */
         if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
-            if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+            if (gctx->iv != c->iv)
                 OPENSSL_free(gctx->iv);
             if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
                 EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
@@ -371,8 +370,8 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int 
arg, void *ptr)
                     return 0;
                 gctx_out->gcm.key = &gctx_out->ks;
             }
-            if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
-                gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+            if (gctx->iv == c->iv)
+                gctx_out->iv = out->iv;
             else {
                 if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
                     EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
@@ -493,7 +492,7 @@ static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx)
 {
     EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
 
-    if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(ctx))
+    if (gctx->iv != ctx->iv)
         OPENSSL_free(gctx->iv);
 
     return 1;
@@ -521,7 +520,7 @@ static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const 
unsigned char *key,
         cctx->key_set = 1;
     }
     if (iv) {
-        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        memcpy(ctx->iv, iv, 15 - cctx->L);
         cctx->iv_set = 1;
     }
     return 1;
@@ -577,7 +576,7 @@ static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int 
arg, void *ptr)
         if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
             return 0;
         /* Just copy to first part of IV */
-        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        memcpy(c->iv, ptr, arg);
         return 1;
 
     case EVP_CTRL_AEAD_SET_IVLEN:
@@ -641,11 +640,11 @@ static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
         memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
                EVP_CCM_TLS_EXPLICIT_IV_LEN);
     /* Get rest of IV from explicit IV */
-    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+    memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in,
            EVP_CCM_TLS_EXPLICIT_IV_LEN);
     /* Correct length value */
     len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
-    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+    if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,
                             len))
             return -1;
     /* Use saved AAD */
@@ -696,8 +695,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 
     if (!out) {
         if (!in) {
-            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
-                                    15 - cctx->L, len))
+            if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
                 return -1;
             cctx->len_set = 1;
             return len;
@@ -715,8 +713,7 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
 
     /* If not set length yet do it */
     if (!cctx->len_set) {
-        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
-                                15 - cctx->L, len))
+        if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
             return -1;
         cctx->len_set = 1;
     }
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index c9ca56dc70..9e240d1124 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -20,6 +20,7 @@
 # include "crypto/evp.h"
 # include <openssl/objects.h>
 # include <openssl/blowfish.h>
+# include "evp_local.h"
 
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index e9a29930fc..79ac163e3a 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -23,6 +23,7 @@
 #include "crypto/evp.h"
 #include "crypto/modes.h"
 #include "crypto/cmll_platform.h"
+#include "evp_local.h"
 
 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc);
@@ -219,15 +220,12 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     if (dat->stream.cbc)
-        (*dat->stream.cbc) (in, out, len, &dat->ks,
-                            EVP_CIPHER_CTX_iv_noconst(ctx),
+        (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv,
                             EVP_CIPHER_CTX_encrypting(ctx));
     else if (EVP_CIPHER_CTX_encrypting(ctx))
-        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
-                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
     else
-        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
-                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
 
     return 1;
 }
@@ -254,8 +252,7 @@ static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     int num = EVP_CIPHER_CTX_num(ctx);
-    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
-                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -266,8 +263,8 @@ static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     int num = EVP_CIPHER_CTX_num(ctx);
-    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
-                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, 
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
+                          EVP_CIPHER_CTX_encrypting(ctx), dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -278,8 +275,8 @@ static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     int num = EVP_CIPHER_CTX_num(ctx);
-    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
-                            EVP_CIPHER_CTX_iv_noconst(ctx), &num, 
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
+                            EVP_CIPHER_CTX_encrypting(ctx), dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -291,8 +288,8 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
         int num = EVP_CIPHER_CTX_num(ctx);
-        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
-                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, 
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
         return 1;
     }
@@ -300,7 +297,7 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     while (len >= MAXBITCHUNK) {
         int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
-                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, 
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                                ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx), 
dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
         len -= MAXBITCHUNK;
         out += MAXBITCHUNK;
@@ -309,7 +306,7 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     if (len) {
         int num = EVP_CIPHER_CTX_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
-                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, 
EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                                ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx), 
dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
 
@@ -323,13 +320,11 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     if (dat->stream.ctr)
-        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
-                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv,
                                     EVP_CIPHER_CTX_buf_noconst(ctx), &num,
                                     dat->stream.ctr);
     else
-        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
-                              EVP_CIPHER_CTX_iv_noconst(ctx),
+        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
                               EVP_CIPHER_CTX_buf_noconst(ctx), &num,
                               dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index 9ee06d060b..8325a5f8d2 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -21,6 +21,7 @@
 # include <openssl/objects.h>
 # include "crypto/evp.h"
 # include <openssl/cast.h>
+# include "evp_local.h"
 
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index 9d8af99d92..d3b2206bb7 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -21,6 +21,7 @@
 # include "crypto/evp.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
+# include "evp_local.h"
 
 typedef struct {
     union {
@@ -75,7 +76,7 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char 
*out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
-                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+                          (DES_cblock *)ctx->iv, &num);
         EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
@@ -85,7 +86,7 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char 
*out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_ofb64_encrypt(in, out, (long)inl,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
-                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+                          (DES_cblock *)ctx->iv, &num);
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
     return 1;
@@ -97,14 +98,13 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
 
     if (dat->stream.cbc != NULL) {
-        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks,
-                            EVP_CIPHER_CTX_iv_noconst(ctx));
+        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv);
         return 1;
     }
     while (inl >= EVP_MAXCHUNK) {
         DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                          EVP_CIPHER_CTX_get_cipher_data(ctx),
-                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         (DES_cblock *)ctx->iv,
                          EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
@@ -113,7 +113,7 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     if (inl)
         DES_ncbc_encrypt(in, out, (long)inl,
                          EVP_CIPHER_CTX_get_cipher_data(ctx),
-                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         (DES_cblock *)ctx->iv,
                          EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
@@ -125,7 +125,7 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
-                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          (DES_cblock *)ctx->iv, &num,
                           EVP_CIPHER_CTX_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
@@ -136,7 +136,7 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_cfb64_encrypt(in, out, (long)inl,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
-                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          (DES_cblock *)ctx->iv, &num,
                           EVP_CIPHER_CTX_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
@@ -160,7 +160,7 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
         for (n = 0; n < chunk * 8; ++n) {
             c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
             DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
-                            (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                            (DES_cblock *)ctx->iv,
                             EVP_CIPHER_CTX_encrypting(ctx));
             out[n / 8] =
                 (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
@@ -182,7 +182,7 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     while (inl >= EVP_MAXCHUNK) {
         DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
                         EVP_CIPHER_CTX_get_cipher_data(ctx),
-                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        (DES_cblock *)ctx->iv,
                         EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
@@ -191,7 +191,7 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     if (inl)
         DES_cfb_encrypt(in, out, 8, (long)inl,
                         EVP_CIPHER_CTX_get_cipher_data(ctx),
-                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        (DES_cblock *)ctx->iv,
                         EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 3f7802ef1f..be4030895a 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -87,7 +87,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
         DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2,
                                &data(ctx)->ks3,
-                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               (DES_cblock *)ctx->iv,
                                &num);
         EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
@@ -99,7 +99,7 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
         DES_ede3_ofb64_encrypt(in, out, (long)inl,
                                &data(ctx)->ks1, &data(ctx)->ks2,
                                &data(ctx)->ks3,
-                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               (DES_cblock *)ctx->iv,
                                &num);
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
@@ -113,14 +113,14 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
 
     if (dat->stream.cbc != NULL) {
         (*dat->stream.cbc) (in, out, inl, dat->ks.ks,
-                            EVP_CIPHER_CTX_iv_noconst(ctx));
+                            ctx->iv);
         return 1;
     }
 
     while (inl >= EVP_MAXCHUNK) {
         DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                              &dat->ks1, &dat->ks2, &dat->ks3,
-                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             (DES_cblock *)ctx->iv,
                              EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
@@ -129,7 +129,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     if (inl)
         DES_ede3_cbc_encrypt(in, out, (long)inl,
                              &dat->ks1, &dat->ks2, &dat->ks3,
-                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             (DES_cblock *)ctx->iv,
                              EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
@@ -141,8 +141,7 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2,
-                               &data(ctx)->ks3,
-                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &data(ctx)->ks3, (DES_cblock *)ctx->iv,
                                &num, EVP_CIPHER_CTX_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
@@ -153,8 +152,7 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
         int num = EVP_CIPHER_CTX_num(ctx);
         DES_ede3_cfb64_encrypt(in, out, (long)inl,
                                &data(ctx)->ks1, &data(ctx)->ks2,
-                               &data(ctx)->ks3,
-                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &data(ctx)->ks3, (DES_cblock *)ctx->iv,
                                &num, EVP_CIPHER_CTX_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
@@ -177,8 +175,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
         DES_ede3_cfb_encrypt(c, d, 1, 1,
                              &data(ctx)->ks1, &data(ctx)->ks2,
-                             &data(ctx)->ks3,
-                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
                              EVP_CIPHER_CTX_encrypting(ctx));
         out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
             | ((d[0] & 0x80) >> (unsigned int)(n % 8));
@@ -193,8 +190,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     while (inl >= EVP_MAXCHUNK) {
         DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
                              &data(ctx)->ks1, &data(ctx)->ks2,
-                             &data(ctx)->ks3,
-                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
                              EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
@@ -203,8 +199,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
     if (inl)
         DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
                              &data(ctx)->ks1, &data(ctx)->ks2,
-                             &data(ctx)->ks3,
-                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
                              EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
 }
@@ -330,7 +325,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
         return -1;
     if (out == NULL)
         return inl - 16;
-    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+    memcpy(ctx->iv, wrap_iv, 8);
     /* Decrypt first block which will end up as icv */
     des_ede_cbc_cipher(ctx, icv, in, 8);
     /* Decrypt central blocks */
@@ -348,7 +343,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     /* Reverse order of everything */
     BUF_reverse(icv, NULL, 8);
     BUF_reverse(out, NULL, inl - 16);
-    BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8);
+    BUF_reverse(ctx->iv, iv, 8);
     /* Decrypt again using new IV */
     des_ede_cbc_cipher(ctx, out, out, inl - 16);
     des_ede_cbc_cipher(ctx, icv, icv, 8);
@@ -360,7 +355,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     OPENSSL_cleanse(icv, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     OPENSSL_cleanse(iv, 8);
-    OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+    OPENSSL_cleanse(ctx->iv, 8);
     if (rv == -1)
         OPENSSL_cleanse(out, inl - 16);
 
@@ -380,13 +375,13 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned 
char *out,
     memcpy(out + inl + 8, sha1tmp, 8);
     OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
     /* Generate random IV */
-    if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
+    if (RAND_bytes(ctx->iv, 8) <= 0)
         return -1;
-    memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+    memcpy(out, ctx->iv, 8);
     /* Encrypt everything after IV in place */
     des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
     BUF_reverse(out, NULL, inl + 16);
-    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+    memcpy(ctx->iv, wrap_iv, 8);
     des_ede_cbc_cipher(ctx, out, out, inl + 16);
     return inl + 16;
 }
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index 43665887da..a4778a2c05 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -22,6 +22,7 @@
 # include <openssl/objects.h>
 # include "crypto/evp.h"
 # include <openssl/idea.h>
+# include "evp_local.h"
 
 /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
 
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index 88d8e524cc..a8fb18e72d 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -22,6 +22,7 @@
 # include <openssl/objects.h>
 # include "crypto/evp.h"
 # include <openssl/rc2.h>
+# include "evp_local.h"
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         const unsigned char *iv, int enc);
@@ -159,9 +160,7 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, 
ASN1_TYPE *type)
     if (type != NULL) {
         num = rc2_meth_to_magic(c);
         j = EVP_CIPHER_CTX_iv_length(c);
-        i = ASN1_TYPE_set_int_octetstring(type, num,
-                                          (unsigned char 
*)EVP_CIPHER_CTX_original_iv(c),
-                                          j);
+        i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
     }
     return i;
 }
diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
index 3f223ce936..98c7385f61 100644
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -20,6 +20,7 @@
 #include <assert.h>
 #include <openssl/seed.h>
 #include "crypto/evp.h"
+#include "evp_local.h"
 
 static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
index 4653c10a14..96c50cf13f 100644
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
@@ -15,6 +15,7 @@
 # include <openssl/modes.h>
 # include "crypto/sm4.h"
 # include "crypto/evp.h"
+# include "evp_local.h"
 
 typedef struct {
     SM4_KEY ks;
@@ -74,8 +75,7 @@ static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char 
*out,
     unsigned int num = EVP_CIPHER_CTX_num(ctx);
     EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
 
-    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
-                          EVP_CIPHER_CTX_iv_noconst(ctx),
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
                           EVP_CIPHER_CTX_buf_noconst(ctx), &num,
                           (block128_f)SM4_encrypt);
     EVP_CIPHER_CTX_set_num(ctx, num);
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
index f2b540e7cf..20756211b0 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -22,6 +22,7 @@
 # include <openssl/objects.h>
 # include "crypto/evp.h"
 # include <openssl/des.h>
+# include "evp_local.h"
 
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc);
@@ -72,7 +73,7 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char 
*out,
 {
     while (inl >= EVP_MAXCHUNK) {
         DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
-                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         (DES_cblock *)ctx->iv,
                          &data(ctx)->inw, &data(ctx)->outw,
                          EVP_CIPHER_CTX_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
@@ -81,7 +82,7 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char 
*out,
     }
     if (inl)
         DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
-                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         (DES_cblock *)ctx->iv,
                          &data(ctx)->inw, &data(ctx)->outw,
                          EVP_CIPHER_CTX_encrypting(ctx));
     return 1;
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 74d4afdac4..71b5386232 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -971,11 +971,6 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int 
arg, void *ptr)
     case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */
     default:
         goto end;
-    case EVP_CTRL_GET_IV:
-        set_params = 0;
-        params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV,
-                                                      ptr, sz);
-        break;
     case EVP_CTRL_AEAD_SET_IVLEN:
         if (arg < 0)
             return 0;
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 9f2165dc59..c4d41518ef 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -203,10 +203,9 @@ int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE 
*type)
 {
     int i = 0;
     unsigned int j;
-    unsigned char *oiv = NULL;
+    unsigned char oiv[EVP_MAX_IV_LENGTH];
 
-    if (type != NULL) {
-        oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c);
+    if (type != NULL && EVP_CIPHER_CTX_get_iv(c, oiv, sizeof(oiv))) {
         j = EVP_CIPHER_CTX_iv_length(c);
         OPENSSL_assert(j <= sizeof(c->iv));
         i = ASN1_TYPE_set_octetstring(type, oiv, j);
@@ -436,6 +435,7 @@ int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
     return ret == 1 ? (int)v : 0;
 }
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
 {
     int ok;
@@ -460,7 +460,7 @@ const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX 
*ctx)
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     params[0] =
-        OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v,
+        OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV_STATE, (void **)&v,
                                        sizeof(ctx->iv));
     ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
 
@@ -474,12 +474,31 @@ unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX 
*ctx)
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
     params[0] =
-        OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, (void **)&v,
+        OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV_STATE, (void **)&v,
                                        sizeof(ctx->iv));
     ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
 
     return ok != 0 ? v : NULL;
 }
+#endif /* OPENSSL_NO_DEPRECATED_3_0_0 */
+
+int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
+{
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] =
+        OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV_STATE, buf, 
len);
+    return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+}
+
+int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len)
+{
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    params[0] =
+        OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len);
+    return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params);
+}
 
 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
 {
diff --git a/doc/man3/EVP_CIPHER_CTX_get_iv.pod 
b/doc/man3/EVP_CIPHER_CTX_get_iv.pod
new file mode 100644
index 0000000000..e099d96dec
--- /dev/null
+++ b/doc/man3/EVP_CIPHER_CTX_get_iv.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER_CTX_get_iv, EVP_CIPHER_CTX_get_iv_state, EVP_CIPHER_CTX_iv, 
EVP_CIPHER_CTX_original_iv, EVP_CIPHER_CTX_iv_noconst - Routines to inspect 
EVP_CIPHER_CTX IV data
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
+ int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
+ const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
+ const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
+ unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+
+=head1 DESCRIPTION
+
+EVP_CIPHER_CTX_get_iv() and EVP_CIPHER_CTX_get_iv_state() copy initialization
+vector (IV) information from the B<EVP_CIPHER_CTX> into the caller-supplied
+buffer.  L<EVP_CIPHER_CTX_iv_length(3)> can be used to determine an
+appropriate buffer size, and if the supplied buffer is too small, an error
+will be returned (and no data copied).  EVP_CIPHER_CTX_get_iv() accesses the
+("original") IV that was supplied when the B<EVP_CIPHER_CTX> was created, and
+EVP_CIPHER_CTX_get_iv_state() accesses the current "IV state" of the cipher,
+which is updated during cipher operation for certain cipher modes (e.g., CBC
+and OFB).
+
+The functions EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
+EVP_CIPHER_CTX_iv_noconst() are deprecated functions that provide similar (at
+a conceptual level) functionality.  EVP_CIPHER_CTX_iv() returns a pointer to
+the beginning of the "IV state" as maintained internally in the
+B<EVP_CIPHER_CTX>; EVP_CIPHER_CTX_original_iv() returns a pointer to the
+beginning of the ("original") IV, as maintained by the B<EVP_CIPHER_CTX>, that
+was provided when the B<EVP_CIPHER_CTX> was initialized; and
+EVP_CIPHER_CTX_get_iv_noconst() is the same as EVP_CIPHER_CTX_iv() but has a
+different return type for the pointer.
+
+=head1 RETURN VALUES
+
+EVP_CIPHER_CTX_get_iv() and EVP_CIPHER_CTX_get_iv_state() return 1 on success
+and 0 on failure.
+
+The functions EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
+EVP_CIPHER_CTX_iv_noconst() return a pointer to an IV as an array of bytes on
+success, and NULL on failure.
+
+=head1 HISTORY
+
+EVP_CIPHER_CTX_get_iv() and EVP_CIPHER_CTX_get_iv_state() were added in
+OpenSSL 3.0.0.
+
+EVP_CIPHER_CTX_iv(), EVP_CIPHER_CTX_original_iv(), and
+EVP_CIPHER_CTX_iv_noconst() were added in OpenSSL 1.1.0, and were deprecated
+in OpenSSL 3.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index ee159ff7eb..d6d544c0ba 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -240,7 +240,14 @@ The length of the "ivlen" parameter should not exceed that 
of a B<size_t>.
 
 =item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr>
 
-Gets the IV for the associated cipher ctx.
+Gets the IV used to initialize the associated cipher ctx.
+
+=item "iv-state" (B<OSSL_CIPHER_PARAM_IV_STATE>) <octet string OR octet ptr>
+
+Gets the current pseudo-IV state for the associated cipher ctx, e.g.,
+the previous ciphertext block for CBC mode or the iteratively encrypted IV
+value for OFB mode.  Note that octet pointer access is deprecated and is
+provided only for backwards compatibility with historical libcrypto APIs.
 
 =item "num" (B<OSSL_CIPHER_PARAM_NUM>) <unsigned integer>
 
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 9ded000c10..07f7ee15ea 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -311,7 +311,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out, const uns
 {\
         while(inl>=EVP_MAXCHUNK) {\
             int num = EVP_CIPHER_CTX_num(ctx);\
-            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, 
&EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, 
&EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
             EVP_CIPHER_CTX_set_num(ctx, num);\
             inl-=EVP_MAXCHUNK;\
             in +=EVP_MAXCHUNK;\
@@ -319,7 +319,7 @@ static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned 
char *out, const uns
         }\
         if (inl) {\
             int num = EVP_CIPHER_CTX_num(ctx);\
-            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, 
&EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, 
&EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
             EVP_CIPHER_CTX_set_num(ctx, num);\
         }\
         return 1;\
@@ -330,13 +330,13 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out, const uns
 {\
         while(inl>=EVP_MAXCHUNK) \
             {\
-            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, 
&EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), 
EVP_CIPHER_CTX_encrypting(ctx));\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, 
&EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\
             inl-=EVP_MAXCHUNK;\
             in +=EVP_MAXCHUNK;\
             out+=EVP_MAXCHUNK;\
             }\
         if (inl)\
-            cprefix##_cbc_encrypt(in, out, (long)inl, 
&EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), 
EVP_CIPHER_CTX_encrypting(ctx));\
+            cprefix##_cbc_encrypt(in, out, (long)inl, 
&EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\
         return 1;\
 }
 
@@ -353,7 +353,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
             ((cbits == 1) \
                 && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
                 ? chunk*8 : chunk), \
-            &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
+            &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\
             &num, EVP_CIPHER_CTX_encrypting(ctx));\
         EVP_CIPHER_CTX_set_num(ctx, num);\
         inl -= chunk;\
diff --git a/include/internal/ktls.h b/include/internal/ktls.h
index 9212bb4343..535e563479 100644
--- a/include/internal/ktls.h
+++ b/include/internal/ktls.h
@@ -346,9 +346,10 @@ static ossl_inline int ktls_configure_crypto(const 
EVP_CIPHER *c, int tls_versio
 
     if (tls_version == TLS1_2_VERSION &&
         EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
-        EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GET_IV,
-                            EVP_GCM_TLS_FIXED_IV_LEN + 
EVP_GCM_TLS_EXPLICIT_IV_LEN,
-                            geniv);
+        if (!EVP_CIPHER_CTX_get_iv_state(dd, geniv,
+                                         EVP_GCM_TLS_FIXED_IV_LEN
+                                         + EVP_GCM_TLS_EXPLICIT_IV_LEN))
+            return 0;
         iiv = geniv;
     }
 
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index b511571fb3..53e68e778b 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -53,6 +53,7 @@ extern "C" {
 #define OSSL_CIPHER_PARAM_KEYLEN               "keylen"       /* size_t */
 #define OSSL_CIPHER_PARAM_IVLEN                "ivlen"        /* size_t */
 #define OSSL_CIPHER_PARAM_IV                   "iv"           /* octet_string 
OR octet_ptr */
+#define OSSL_CIPHER_PARAM_IV_STATE             "iv-state"     /* octet_string 
OR octet_ptr */
 #define OSSL_CIPHER_PARAM_NUM                  "num"          /* uint */
 #define OSSL_CIPHER_PARAM_ROUNDS               "rounds"       /* uint */
 #define OSSL_CIPHER_PARAM_AEAD_TAG             "tag"          /* octet_string 
*/
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 6ff1e5602e..76e5565f36 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -386,8 +386,7 @@ DEPRECATEDIN_3_0(int (*EVP_CIPHER_meth_get_ctrl(const 
EVP_CIPHER *cipher))
 # define         EVP_CTRL_SET_PIPELINE_INPUT_LENS        0x24
 /* Get the IV length used by the cipher */
 # define         EVP_CTRL_GET_IVLEN                      0x25
-/* Get the IV used by the cipher */
-# define         EVP_CTRL_GET_IV                         0x26
+/* 0x26 is unused */
 /* Tell the cipher it's doing a speed test (SIV disallows multiple ops) */
 # define         EVP_CTRL_SET_SPEED                      0x27
 /* Get the unprotectedAttrs from cipher ctx */
@@ -545,9 +544,11 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
-const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
-const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
-unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+DEPRECATEDIN_3_0(const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX 
*ctx))
+DEPRECATEDIN_3_0(const unsigned char *EVP_CIPHER_CTX_original_iv(const 
EVP_CIPHER_CTX *ctx))
+DEPRECATEDIN_3_0(unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx))
+int EVP_CIPHER_CTX_get_iv_state(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
+int EVP_CIPHER_CTX_get_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c 
b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
index 6cf6a1b111..8f731228d9 100644
--- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
+++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -234,6 +234,12 @@ static int aes_get_ctx_params(void *vctx, OSSL_PARAM 
params[])
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+    if (p != NULL
+        && !OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
     return 1;
 }
 
@@ -248,6 +254,7 @@ static const OSSL_PARAM 
cipher_aes_known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
     OSSL_PARAM_END
 };
 const OSSL_PARAM *aes_gettable_ctx_params(void *provctx)
diff --git a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc 
b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
index 56e2dc9e38..523e869c79 100644
--- a/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_s390x.inc
@@ -99,6 +99,7 @@ static int s390x_aes_ofb128_cipher_hw(PROV_CIPHER_CTX *dat, 
unsigned char *out,
         }
     }
 
+    memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
     adat->plat.s390x.res = n;
     return 1;
 }
@@ -161,6 +162,7 @@ static int s390x_aes_cfb128_cipher_hw(PROV_CIPHER_CTX *dat, 
unsigned char *out,
         }
     }
 
+    memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
     adat->plat.s390x.res = n;
     return 1;
 }
@@ -187,6 +189,7 @@ static int s390x_aes_cfb8_cipher_hw(PROV_CIPHER_CTX *dat, 
unsigned char *out,
 
     s390x_kmf(in, len, out, adat->plat.s390x.fc,
               &adat->plat.s390x.param.kmo_kmf);
+    memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen);
     return 1;
 }
 
diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c 
b/providers/implementations/ciphers/cipher_aes_ocb.c
index 162945f922..7be5c7f5e8 100644
--- a/providers/implementations/ciphers/cipher_aes_ocb.c
+++ b/providers/implementations/ciphers/cipher_aes_ocb.c
@@ -416,6 +416,18 @@ static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM 
params[])
             return 0;
         }
     }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+    if (p != NULL) {
+        if (ctx->base.ivlen > p->data_size) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+            return 0;
+        }
+        if (!OSSL_PARAM_set_octet_string(p, ctx->base.iv, ctx->base.ivlen)
+            && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.iv, ctx->base.ivlen)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+            return 0;
+        }
+    }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
     if (p != NULL) {
         if (p->data_type != OSSL_PARAM_OCTET_STRING) {
@@ -436,6 +448,7 @@ static const OSSL_PARAM 
cipher_ocb_known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
     OSSL_PARAM_END
 };
diff --git a/providers/implementations/ciphers/ciphercommon.c 
b/providers/implementations/ciphers/ciphercommon.c
index dd25f00db4..a5de18ab3b 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -112,6 +112,7 @@ static const OSSL_PARAM 
cipher_aead_known_gettable_ctx_params[] = {
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, NULL),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
     OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
@@ -478,6 +479,13 @@ int cipher_generic_get_ctx_params(void *vctx, OSSL_PARAM 
params[])
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
     }
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+    if (p != NULL
+        && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)
+        && !OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+        return 0;
+    }
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_NUM);
     if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->num)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c 
b/providers/implementations/ciphers/ciphercommon_ccm.c
index 2b9a0687e3..bdbfa74d40 100644
--- a/providers/implementations/ciphers/ciphercommon_ccm.c
+++ b/providers/implementations/ciphers/ciphercommon_ccm.c
@@ -171,6 +171,19 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[])
         }
     }
 
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+    if (p != NULL) {
+        if (ccm_get_ivlen(ctx) > p->data_size) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN);
+            return 0;
+        }
+        if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)
+            && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+            return 0;
+        }
+    }
+
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
     if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c 
b/providers/implementations/ciphers/ciphercommon_gcm.c
index 080fcc9bc2..06649b3dc3 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -154,7 +154,22 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
     if (p != NULL) {
-        if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1)
+        if (ctx->iv_state == IV_STATE_UNINITIALISED)
+            return 0;
+        if (ctx->ivlen > p->data_size) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+            return 0;
+        }
+        if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)
+            && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+            return 0;
+        }
+    }
+
+    p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV_STATE);
+    if (p != NULL) {
+        if (ctx->iv_state == IV_STATE_UNINITIALISED)
             return 0;
         if (ctx->ivlen > p->data_size) {
             ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
diff --git a/providers/implementations/include/prov/ciphercommon.h 
b/providers/implementations/include/prov/ciphercommon.h
index 43cec3cc2b..90f6d39d39 100644
--- a/providers/implementations/include/prov/ciphercommon.h
+++ b/providers/implementations/include/prov/ciphercommon.h
@@ -314,7 +314,8 @@ static const OSSL_PARAM name##_known_gettable_ctx_params[] 
= {                 \
     OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),                          
\
     OSSL_PARAM_uint(OSSL_CIPHER_PARAM_PADDING, NULL),                          
\
     OSSL_PARAM_uint(OSSL_CIPHER_PARAM_NUM, NULL),                              
\
-    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV, NULL, 0),                    
\
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_IV_STATE, NULL, 0),
 
 #define CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(name)                           
\
     OSSL_PARAM_END                                                             
\
diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c
index bacbb8f114..a68ec74d3a 100644
--- a/test/aesgcmtest.c
+++ b/test/aesgcmtest.c
@@ -58,7 +58,7 @@ static int do_encrypt(unsigned char *iv_gen, unsigned char 
*ct, int *ct_len,
           && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
                                            tag) > 0)
           && TEST_true(iv_gen == NULL
-                  || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_IV, 12, iv_gen) > 
0);
+                  || EVP_CIPHER_CTX_get_iv(ctx, iv_gen, 12));
     EVP_CIPHER_CTX_free(ctx);
     return ret;
 }
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index de615c80ab..4da65a2400 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1813,6 +1813,118 @@ static int test_rand_agglomeration(void)
     return res;
 }
 
+/*
+ * Test that we correctly return the original or "running" IV after
+ * an encryption operation.
+ * Run multiple times for some different relevant algorithms/modes.
+ */
+static int test_evp_iv(int idx)
+{
+    int ret = 0;
+    EVP_CIPHER_CTX *ctx = NULL;
+    unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
+                             0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
+    unsigned char init_iv[EVP_MAX_IV_LENGTH] =
+        {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
+         0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
+    static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
+                                         9, 10, 11, 12, 13, 14, 15, 16 };
+    unsigned char ciphertext[32], oiv[16], iv[16];
+    unsigned char *ref_iv;
+    unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 
0xb9,
+                                   0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 
0x5e};
+
+    unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 
0x64,
+                                   0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 
0xfd};
+    unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
+                                   0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
+    unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
+#ifndef OPENSSL_NO_OCB
+    unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
+                                   0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
+#endif
+    int len = sizeof(ciphertext);
+    size_t ivlen, ref_len;
+    const EVP_CIPHER *type = NULL;
+
+    switch(idx) {
+    case 0:
+        type = EVP_aes_128_cbc();
+        /* FALLTHROUGH */
+    case 5:
+        type = (type != NULL) ? type :
+                                EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
+        ref_iv = cbc_state;
+        ref_len = sizeof(cbc_state);
+        break;
+    case 1:
+        type = EVP_aes_128_ofb();
+        /* FALLTHROUGH */
+    case 6:
+        type = (type != NULL) ? type :
+                                EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
+        ref_iv = ofb_state;
+        ref_len = sizeof(ofb_state);
+        break;
+    case 2:
+        type = EVP_aes_128_gcm();
+        /* FALLTHROUGH */
+    case 7:
+        type = (type != NULL) ? type :
+                                EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
+        ref_iv = gcm_state;
+        ref_len = sizeof(gcm_state);
+        break;
+    case 3:
+        type = EVP_aes_128_ccm();
+        /* FALLTHROUGH */
+    case 8:
+        type = (type != NULL) ? type :
+                                EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
+        ref_iv = ccm_state;
+        ref_len = sizeof(ccm_state);
+        break;
+#ifdef OPENSSL_NO_OCB
+    case 4:
+    case 9:
+        return 1;
+#else
+    case 4:
+        type = EVP_aes_128_ocb();
+        /* FALLTHROUGH */
+    case 9:
+        type = (type != NULL) ? type :
+                                EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
+        ref_iv = ocb_state;
+        ref_len = sizeof(ocb_state);
+        break;
+#endif
+    default:
+        return 0;
+    }
+
+    if (!TEST_ptr(type)
+            || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
+            || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
+            || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
+                          (int)sizeof(msg)))
+            || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
+            || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
+            || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
+        goto err;
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
+            || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
+        goto err;
+
+    ret = 1;
+err:
+    EVP_CIPHER_CTX_free(ctx);
+    if (idx >= 5)
+        EVP_CIPHER_free((EVP_CIPHER *)type);
+    return ret;
+}
+
 int setup_tests(void)
 {
     testctx = OPENSSL_CTX_new();
@@ -1869,6 +1981,7 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
 
     ADD_TEST(test_rand_agglomeration);
+    ADD_ALL_TESTS(test_evp_iv, 10);
 
     return 1;
 }
diff --git a/test/evp_test.c b/test/evp_test.c
index f384a8d863..b980abc944 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -760,12 +760,16 @@ static int cipher_test_enc(EVP_TEST *t, int enc,
     }
 
     /* Check that we get the same IV back */
-    if (expected->iv != NULL
-        && (EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
-        && !TEST_mem_eq(expected->iv, expected->iv_len,
-                        EVP_CIPHER_CTX_iv(ctx_base), expected->iv_len)) {
-        t->err = "INVALID_IV";
-        goto err;
+    if (expected->iv != NULL) {
+        /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
+        unsigned char iv[128];
+        if (!TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx_base, iv, sizeof(iv)))
+                || ((EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) 
== 0
+                    && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
+                                    expected->iv_len))) {
+            t->err = "INVALID_IV";
+            goto err;
+        }
     }
 
     /* Test that the cipher dup functions correctly if it is supported */
diff --git a/util/libcrypto.num b/util/libcrypto.num
index f441232582..d5f7d9826c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2004,7 +2004,7 @@ PEM_read_bio_RSA_PUBKEY                 2050      3_0_0   
EXIST::FUNCTION:RSA
 OCSP_SINGLERESP_new                     2051   3_0_0   EXIST::FUNCTION:OCSP
 ASN1_SCTX_free                          2052   3_0_0   EXIST::FUNCTION:
 i2d_ECPrivateKey_fp                     2053   3_0_0   EXIST::FUNCTION:EC,STDIO
-EVP_CIPHER_CTX_original_iv              2054   3_0_0   EXIST::FUNCTION:
+EVP_CIPHER_CTX_original_iv              2054   3_0_0   
EXIST::FUNCTION:DEPRECATEDIN_3_0
 PKCS7_SIGNED_free                       2055   3_0_0   EXIST::FUNCTION:
 X509_TRUST_get0_name                    2056   3_0_0   EXIST::FUNCTION:
 ENGINE_get_load_pubkey_function         2057   3_0_0   
EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -2046,7 +2046,7 @@ CMS_SignerInfo_cert_cmp                 2092      3_0_0   
EXIST::FUNCTION:CMS
 PEM_read                                2093   3_0_0   EXIST::FUNCTION:STDIO
 X509_STORE_set_depth                    2094   3_0_0   EXIST::FUNCTION:
 EC_KEY_METHOD_get_sign                  2095   3_0_0   
EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-EVP_CIPHER_CTX_iv                       2096   3_0_0   EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv                       2096   3_0_0   
EXIST::FUNCTION:DEPRECATEDIN_3_0
 i2d_ESS_SIGNING_CERT                    2097   3_0_0   EXIST::FUNCTION:
 TS_RESP_set_tst_info                    2098   3_0_0   EXIST::FUNCTION:TS
 EVP_PKEY_CTX_set_data                   2099   3_0_0   EXIST::FUNCTION:
@@ -2840,7 +2840,7 @@ EVP_PKEY_encrypt_init                   2901      3_0_0   
EXIST::FUNCTION:
 i2d_RSAPrivateKey_fp                    2902   3_0_0   
EXIST::FUNCTION:RSA,STDIO
 X509_REQ_print                          2903   3_0_0   EXIST::FUNCTION:
 RSA_size                                2904   3_0_0   
EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
-EVP_CIPHER_CTX_iv_noconst               2905   3_0_0   EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv_noconst               2905   3_0_0   
EXIST::FUNCTION:DEPRECATEDIN_3_0
 DH_set_default_method                   2906   3_0_0   
EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 X509_ALGOR_new                          2907   3_0_0   EXIST::FUNCTION:
 EVP_aes_192_ofb                         2908   3_0_0   EXIST::FUNCTION:
@@ -5250,3 +5250,5 @@ EVP_PKEY_CTX_set_dh_kdf_outlen          ? 3_0_0   
EXIST::FUNCTION:DH
 EVP_PKEY_CTX_get_dh_kdf_outlen          ?      3_0_0   EXIST::FUNCTION:DH
 EVP_PKEY_CTX_set0_dh_kdf_ukm            ?      3_0_0   EXIST::FUNCTION:DH
 EVP_PKEY_CTX_get0_dh_kdf_ukm            ?      3_0_0   EXIST::FUNCTION:DH
+EVP_CIPHER_CTX_get_iv_state             ?      3_0_0   EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_iv                   ?      3_0_0   EXIST::FUNCTION:
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 3e8c62c610..3aa3b5065b 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -650,10 +650,7 @@ EVP_CIPHER_CTX_buf_noconst(3)
 EVP_CIPHER_CTX_clear_flags(3)
 EVP_CIPHER_CTX_copy(3)
 EVP_CIPHER_CTX_encrypting(3)
-EVP_CIPHER_CTX_iv(3)
-EVP_CIPHER_CTX_iv_noconst(3)
 EVP_CIPHER_CTX_num(3)
-EVP_CIPHER_CTX_original_iv(3)
 EVP_CIPHER_CTX_rand_key(3)
 EVP_CIPHER_CTX_set_flags(3)
 EVP_CIPHER_CTX_set_num(3)

Reply via email to