[openssl] master update

Richard Levitte levitte at openssl.org
Thu Jul 16 12:22:13 UTC 2020


The branch master has been updated
       via  e4162f86d7fd92058e5558bd81ce9dbc615fec3f (commit)
       via  660c534435e238c6bd8065c1d544a1c4d3c555a3 (commit)
       via  865adf97c9b8271788ee7293ecde9e8a643a1c45 (commit)
      from  8dab4de53887639abc1152288fac76506beb87b3 (commit)


- Log -----------------------------------------------------------------
commit e4162f86d7fd92058e5558bd81ce9dbc615fec3f
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jul 16 06:49:45 2020 +0200

    DRBG: Fix the renamed functions after the EVP_MAC name reversal
    
    [extended tests]
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/12186)

commit 660c534435e238c6bd8065c1d544a1c4d3c555a3
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jun 18 09:30:48 2020 +0100

    Revert "kdf: make function naming consistent."
    
    The commit claimed to make things more consistent. In fact it makes it
    less so. Revert back to the previous namig convention.
    
    This reverts commit 765d04c9460a304c8119f57941341a149498b9db.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12186)

commit 865adf97c9b8271788ee7293ecde9e8a643a1c45
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jun 18 09:26:22 2020 +0100

    Revert "The EVP_MAC functions have been renamed for consistency.  The EVP_MAC_CTX_*"
    
    The commit claimed to make things more consistent. In fact it makes it
    less so. Revert back to the previous namig convention.
    
    This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12186)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                    |  8 ++--
 apps/fipsinstall.c                            | 10 ++--
 apps/kdf.c                                    |  6 +--
 apps/lib/s_cb.c                               |  4 +-
 apps/mac.c                                    |  6 +--
 crypto/cmac/cm_ameth.c                        |  4 +-
 crypto/crmf/crmf_pbm.c                        |  6 +--
 crypto/dh/dh_kdf.c                            |  6 +--
 crypto/ec/ecdh_kdf.c                          |  6 +--
 crypto/err/openssl.txt                        |  2 +
 crypto/evp/kdf_lib.c                          | 20 ++++----
 crypto/evp/mac_lib.c                          | 20 ++++----
 crypto/evp/p5_crpt2.c                         |  6 +--
 crypto/evp/p_lib.c                            |  6 +--
 crypto/evp/pbe_scrypt.c                       |  6 +--
 crypto/evp/pkey_kdf.c                         | 14 +++---
 crypto/evp/pkey_mac.c                         | 37 ++++++++-------
 crypto/modes/siv128.c                         | 28 ++++++------
 doc/man1/openssl-kdf.pod.in                   |  2 +-
 doc/man1/openssl-mac.pod.in                   |  2 +-
 doc/man3/EVP_KDF.pod                          | 40 ++++++++--------
 doc/man3/EVP_MAC.pod                          | 46 +++++++++----------
 doc/man3/HMAC.pod                             |  2 +-
 doc/man3/OSSL_PARAM_allocate_from_text.pod    |  2 +-
 doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 14 +++---
 doc/man7/EVP_KDF-HKDF.pod                     | 16 +++----
 doc/man7/EVP_KDF-KB.pod                       | 20 ++++----
 doc/man7/EVP_KDF-KRB5KDF.pod                  |  8 ++--
 doc/man7/EVP_KDF-PBKDF2.pod                   |  6 +--
 doc/man7/EVP_KDF-SCRYPT.pod                   | 16 +++----
 doc/man7/EVP_KDF-SS.pod                       | 32 ++++++-------
 doc/man7/EVP_KDF-SSHKDF.pod                   | 12 ++---
 doc/man7/EVP_KDF-TLS1_PRF.pod                 | 16 +++----
 doc/man7/EVP_KDF-X942.pod                     | 18 ++++----
 doc/man7/EVP_KDF-X963.pod                     | 16 +++----
 doc/man7/EVP_MAC-BLAKE2.pod                   |  6 +--
 doc/man7/EVP_MAC-CMAC.pod                     |  6 +--
 doc/man7/EVP_MAC-GMAC.pod                     |  6 +--
 doc/man7/EVP_MAC-HMAC.pod                     |  6 +--
 doc/man7/EVP_MAC-KMAC.pod                     |  6 +--
 doc/man7/EVP_MAC-Poly1305.pod                 |  6 +--
 doc/man7/EVP_MAC-Siphash.pod                  |  6 +--
 include/openssl/evp.h                         | 36 ++++++++++++++-
 include/openssl/kdf.h                         | 12 ++---
 include/openssl/mac.h                         | 59 ------------------------
 providers/common/provider_util.c              |  8 ++--
 providers/fips/self_test.c                    |  6 +--
 providers/fips/self_test_kats.c               |  6 +--
 providers/implementations/kdfs/kbkdf.c        | 14 +++---
 providers/implementations/kdfs/sskdf.c        | 16 +++----
 providers/implementations/kdfs/tls1_prf.c     | 22 ++++-----
 providers/implementations/rands/drbg_hmac.c   |  8 ++--
 ssl/t1_enc.c                                  |  8 ++--
 ssl/t1_lib.c                                  |  8 ++--
 ssl/tls13_enc.c                               | 28 ++++++------
 test/bad_dtls_test.c                          |  6 +--
 test/evp_kdf_test.c                           | 66 +++++++++++++--------------
 test/evp_test.c                               | 15 +++---
 test/sslapitest.c                             |  2 +-
 util/libcrypto.num                            | 24 +++++-----
 60 files changed, 411 insertions(+), 438 deletions(-)
 delete mode 100644 include/openssl/mac.h

diff --git a/CHANGES.md b/CHANGES.md
index a7cb2c5bb1..3a267d6c25 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -424,8 +424,8 @@ OpenSSL 3.0
    and HMAC_CTX_get_md.
 
    Use of these low level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_MAC_new_ctx(3)>,
-   L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+   time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
+   L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
    and L<EVP_MAC_final(3)>.
 
    *Paul Dale*
@@ -448,8 +448,8 @@ OpenSSL 3.0
    CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume.
 
    Use of these low level functions has been informally discouraged for a long
-   time.  Instead applications should use L<EVP_MAC_new_ctx(3)>,
-   L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
+   time.  Instead applications should use L<EVP_MAC_CTX_new(3)>,
+   L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>, L<EVP_MAC_update(3)>
    and L<EVP_MAC_final(3)>.
 
    *Paul Dale*
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index 7efdd65d46..c8687bec8f 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -375,7 +375,7 @@ opthelp:
         goto end;
     }
 
-    ctx = EVP_MAC_new_ctx(mac);
+    ctx = EVP_MAC_CTX_new(mac);
     if (ctx == NULL) {
         BIO_printf(bio_err, "Unable to create MAC CTX for module check\n");
         goto end;
@@ -389,7 +389,7 @@ opthelp:
         if (params == NULL)
             goto end;
 
-        if (!EVP_MAC_set_ctx_params(ctx, params)) {
+        if (!EVP_MAC_CTX_set_params(ctx, params)) {
             BIO_printf(bio_err, "MAC parameter error\n");
             ERR_print_errors(bio_err);
             ok = 0;
@@ -399,7 +399,7 @@ opthelp:
             goto end;
     }
 
-    ctx2 = EVP_MAC_dup_ctx(ctx);
+    ctx2 = EVP_MAC_CTX_dup(ctx);
     if (ctx2 == NULL) {
         BIO_printf(bio_err, "Unable to create MAC CTX for install indicator\n");
         goto end;
@@ -459,8 +459,8 @@ cleanup:
     BIO_free(module_bio);
     sk_OPENSSL_STRING_free(opts);
     EVP_MAC_free(mac);
-    EVP_MAC_free_ctx(ctx2);
-    EVP_MAC_free_ctx(ctx);
+    EVP_MAC_CTX_free(ctx2);
+    EVP_MAC_CTX_free(ctx);
     OPENSSL_free(read_buffer);
     free_config_and_unload(conf);
     return ret;
diff --git a/apps/kdf.c b/apps/kdf.c
index dd6cc9255c..8d11807f5f 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -104,7 +104,7 @@ opthelp:
         goto opthelp;
     }
 
-    ctx = EVP_KDF_new_ctx(kdf);
+    ctx = EVP_KDF_CTX_new(kdf);
     if (ctx == NULL)
         goto err;
 
@@ -116,7 +116,7 @@ opthelp:
         if (params == NULL)
             goto err;
 
-        if (!EVP_KDF_set_ctx_params(ctx, params)) {
+        if (!EVP_KDF_CTX_set_params(ctx, params)) {
             BIO_printf(bio_err, "KDF parameter error\n");
             ERR_print_errors(bio_err);
             ok = 0;
@@ -161,7 +161,7 @@ err:
     OPENSSL_clear_free(dkm_bytes, dkm_len);
     sk_OPENSSL_STRING_free(opts);
     EVP_KDF_free(kdf);
-    EVP_KDF_free_ctx(ctx);
+    EVP_KDF_CTX_free(ctx);
     BIO_free(out);
     OPENSSL_free(hexout);
     return ret;
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index de72bde9ed..ba9ef12afb 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -788,7 +788,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
             BIO_printf(bio_err, "HMAC not found\n");
             goto end;
     }
-    ctx = EVP_MAC_new_ctx(hmac);
+    ctx = EVP_MAC_CTX_new(hmac);
     if (ctx == NULL) {
             BIO_printf(bio_err, "HMAC context allocation failed\n");
             goto end;
@@ -797,7 +797,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, cookie_secret,
                                              COOKIE_SECRET_LENGTH);
     *p = OSSL_PARAM_construct_end();
-    if (!EVP_MAC_set_ctx_params(ctx, params)) {
+    if (!EVP_MAC_CTX_set_params(ctx, params)) {
             BIO_printf(bio_err, "HMAC context parameter setting failed\n");
             goto end;
     }
diff --git a/apps/mac.c b/apps/mac.c
index e84321b83a..30f0daabcc 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -114,7 +114,7 @@ opthelp:
         goto opthelp;
     }
 
-    ctx = EVP_MAC_new_ctx(mac);
+    ctx = EVP_MAC_CTX_new(mac);
     if (ctx == NULL)
         goto err;
 
@@ -126,7 +126,7 @@ opthelp:
         if (params == NULL)
             goto err;
 
-        if (!EVP_MAC_set_ctx_params(ctx, params)) {
+        if (!EVP_MAC_CTX_set_params(ctx, params)) {
             BIO_printf(bio_err, "MAC parameter error\n");
             ERR_print_errors(bio_err);
             ok = 0;
@@ -199,7 +199,7 @@ err:
     sk_OPENSSL_STRING_free(opts);
     BIO_free(in);
     BIO_free(out);
-    EVP_MAC_free_ctx(ctx);
+    EVP_MAC_CTX_free(ctx);
     EVP_MAC_free(mac);
     return ret;
 }
diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c
index ece3d8f91c..aa06cdc98a 100644
--- a/crypto/cmac/cm_ameth.c
+++ b/crypto/cmac/cm_ameth.c
@@ -31,9 +31,9 @@ static int cmac_size(const EVP_PKEY *pkey)
 static void cmac_key_free(EVP_PKEY *pkey)
 {
     EVP_MAC_CTX *cmctx = EVP_PKEY_get0(pkey);
-    EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_get_ctx_mac(cmctx);
+    EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_CTX_mac(cmctx);
 
-    EVP_MAC_free_ctx(cmctx);
+    EVP_MAC_CTX_free(cmctx);
     EVP_MAC_free(mac);
 }
 
diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c
index a087bc4423..f674eeeff7 100644
--- a/crypto/crmf/crmf_pbm.c
+++ b/crypto/crmf/crmf_pbm.c
@@ -202,8 +202,8 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
     macparams[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
                                                      basekey, bklen);
     if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) == NULL
-            || (mctx = EVP_MAC_new_ctx(mac)) == NULL
-            || !EVP_MAC_set_ctx_params(mctx, macparams)
+            || (mctx = EVP_MAC_CTX_new(mac)) == NULL
+            || !EVP_MAC_CTX_set_params(mctx, macparams)
             || !EVP_MAC_init(mctx)
             || !EVP_MAC_update(mctx, msg, msglen)
             || !EVP_MAC_final(mctx, mac_res, outlen, EVP_MAX_MD_SIZE))
@@ -214,7 +214,7 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp,
  err:
     /* cleanup */
     OPENSSL_cleanse(basekey, bklen);
-    EVP_MAC_free_ctx(mctx);
+    EVP_MAC_CTX_free(mctx);
     EVP_MAC_free(mac);
     EVP_MD_CTX_free(ctx);
 
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index 50a1df858a..1b8a320db1 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -46,7 +46,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
         return 0;
 
     kdf = EVP_KDF_fetch(provctx, OSSL_KDF_NAME_X942KDF, NULL);
-    if ((kctx = EVP_KDF_new_ctx(kdf)) == NULL)
+    if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL)
         goto err;
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                             (char *)mdname, 0);
@@ -58,10 +58,10 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
                                             (char *)oid_sn, 0);
     *p = OSSL_PARAM_construct_end();
-    ret = EVP_KDF_set_ctx_params(kctx, params) > 0
+    ret = EVP_KDF_CTX_set_params(kctx, params) > 0
         && EVP_KDF_derive(kctx, out, outlen) > 0;
 err:
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     EVP_KDF_free(kdf);
     return ret;
 }
diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index a502846d55..fb501c6ada 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -32,7 +32,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
     const char *mdname = EVP_MD_name(md);
     EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL);
 
-    if ((kctx = EVP_KDF_new_ctx(kdf)) != NULL) {
+    if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) {
         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                                 (char *)mdname, 0);
         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
@@ -41,9 +41,9 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
                                                  (void *)sinfo, sinfolen);
         *p = OSSL_PARAM_construct_end();
 
-        ret = EVP_KDF_set_ctx_params(kctx, params) > 0
+        ret = EVP_KDF_CTX_set_params(kctx, params) > 0
             && EVP_KDF_derive(kctx, out, outlen) > 0;
-        EVP_KDF_free_ctx(kctx);
+        EVP_KDF_CTX_free(kctx);
     }
     EVP_KDF_free(kdf);
     return ret;
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 579c2dce9a..fe937e6139 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -843,6 +843,8 @@ EVP_F_EVP_KEYEXCH_FETCH:245:EVP_KEYEXCH_fetch
 EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch
 EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl
 EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str
+EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup
+EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new
 EVP_F_EVP_MAC_INIT:212:EVP_MAC_init
 EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size
 EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex
diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
index 2461498093..d22bb39c82 100644
--- a/crypto/evp/kdf_lib.c
+++ b/crypto/evp/kdf_lib.c
@@ -23,7 +23,7 @@
 #include "internal/provider.h"
 #include "evp_local.h"
 
-EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf)
+EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf)
 {
     EVP_KDF_CTX *ctx = NULL;
 
@@ -34,7 +34,7 @@ EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf)
     if (ctx == NULL
         || (ctx->data = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL
         || !EVP_KDF_up_ref(kdf)) {
-        EVPerr(0, ERR_R_MALLOC_FAILURE);
+        EVPerr(EVP_F_EVP_KDF_CTX_NEW, ERR_R_MALLOC_FAILURE);
         if (ctx != NULL)
             kdf->freectx(ctx->data);
         OPENSSL_free(ctx);
@@ -45,7 +45,7 @@ EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf)
     return ctx;
 }
 
-void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx)
+void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx)
 {
     if (ctx != NULL) {
         ctx->meth->freectx(ctx->data);
@@ -55,7 +55,7 @@ void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx)
     }
 }
 
-EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src)
+EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src)
 {
     EVP_KDF_CTX *dst;
 
@@ -64,20 +64,20 @@ EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src)
 
     dst = OPENSSL_malloc(sizeof(*dst));
     if (dst == NULL) {
-        EVPerr(0, ERR_R_MALLOC_FAILURE);
+        EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
     memcpy(dst, src, sizeof(*dst));
     if (!EVP_KDF_up_ref(dst->meth)) {
-        EVPerr(0, ERR_R_MALLOC_FAILURE);
+        EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE);
         OPENSSL_free(dst);
         return NULL;
     }
 
     dst->data = src->meth->dupctx(src->data);
     if (dst->data == NULL) {
-        EVP_KDF_free_ctx(dst);
+        EVP_KDF_CTX_free(dst);
         return NULL;
     }
     return dst;
@@ -98,7 +98,7 @@ const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf)
     return kdf->prov;
 }
 
-const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx)
+const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx)
 {
     return ctx->meth;
 }
@@ -151,14 +151,14 @@ int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[])
     return 1;
 }
 
-int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[])
+int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[])
 {
     if (ctx->meth->get_ctx_params != NULL)
         return ctx->meth->get_ctx_params(ctx->data, params);
     return 1;
 }
 
-int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[])
+int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[])
 {
     if (ctx->meth->set_ctx_params != NULL)
         return ctx->meth->set_ctx_params(ctx->data, params);
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 8fe9708797..b7bfe8921f 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -19,14 +19,14 @@
 #include "internal/provider.h"
 #include "evp_local.h"
 
-EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac)
+EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac)
 {
     EVP_MAC_CTX *ctx = OPENSSL_zalloc(sizeof(EVP_MAC_CTX));
 
     if (ctx == NULL
         || (ctx->data = mac->newctx(ossl_provider_ctx(mac->prov))) == NULL
         || !EVP_MAC_up_ref(mac)) {
-        EVPerr(0, ERR_R_MALLOC_FAILURE);
+        EVPerr(EVP_F_EVP_MAC_CTX_NEW, ERR_R_MALLOC_FAILURE);
         if (ctx != NULL)
             mac->freectx(ctx->data);
         OPENSSL_free(ctx);
@@ -37,7 +37,7 @@ EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac)
     return ctx;
 }
 
-void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx)
+void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx)
 {
     if (ctx != NULL) {
         ctx->meth->freectx(ctx->data);
@@ -48,7 +48,7 @@ void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx)
     OPENSSL_free(ctx);
 }
 
-EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src)
+EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src)
 {
     EVP_MAC_CTX *dst;
 
@@ -57,27 +57,27 @@ EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src)
 
     dst = OPENSSL_malloc(sizeof(*dst));
     if (dst == NULL) {
-        EVPerr(0, ERR_R_MALLOC_FAILURE);
+        EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
     *dst = *src;
     if (!EVP_MAC_up_ref(dst->meth)) {
-        EVPerr(0, ERR_R_MALLOC_FAILURE);
+        EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE);
         OPENSSL_free(dst);
         return NULL;
     }
 
     dst->data = src->meth->dupctx(src->data);
     if (dst->data == NULL) {
-        EVP_MAC_free_ctx(dst);
+        EVP_MAC_CTX_free(dst);
         return NULL;
     }
 
     return dst;
 }
 
-EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx)
+EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx)
 {
     return ctx->meth;
 }
@@ -144,14 +144,14 @@ int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[])
     return 1;
 }
 
-int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[])
+int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[])
 {
     if (ctx->meth->get_ctx_params != NULL)
         return ctx->meth->get_ctx_params(ctx->data, params);
     return 1;
 }
 
-int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[])
+int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[])
 {
     if (ctx->meth->set_ctx_params != NULL)
         return ctx->meth->set_ctx_params(ctx->data, params);
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index e2f7734afc..6e89ffd999 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -41,7 +41,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         salt = (unsigned char *)empty;
 
     kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL);
-    kctx = EVP_KDF_new_ctx(kdf);
+    kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL)
         return 0;
@@ -54,11 +54,11 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                             (char *)mdname, 0);
     *p = OSSL_PARAM_construct_end();
-    if (EVP_KDF_set_ctx_params(kctx, params) != 1
+    if (EVP_KDF_CTX_set_params(kctx, params) != 1
             || EVP_KDF_derive(kctx, out, keylen) != 1)
         rv = 0;
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
 
     OSSL_TRACE_BEGIN(PKCS5V2) {
         BIO_printf(trc_out, "Password:\n");
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 4dc1e0a5b2..aa11608688 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -595,7 +595,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
         prov == NULL ? NULL : ossl_provider_library_context(prov);
     EVP_PKEY *ret = EVP_PKEY_new();
     EVP_MAC *cmac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, NULL);
-    EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_new_ctx(cmac) : NULL;
+    EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_CTX_new(cmac) : NULL;
     OSSL_PARAM params[4];
     size_t paramsn = 0;
 
@@ -620,7 +620,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
                                           (char *)priv, len);
     params[paramsn] = OSSL_PARAM_construct_end();
 
-    if (!EVP_MAC_set_ctx_params(cmctx, params)) {
+    if (!EVP_MAC_CTX_set_params(cmctx, params)) {
         EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED);
         goto err;
     }
@@ -630,7 +630,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
 
  err:
     EVP_PKEY_free(ret);
-    EVP_MAC_free_ctx(cmctx);
+    EVP_MAC_CTX_free(cmctx);
     EVP_MAC_free(cmac);
     return NULL;
 # else
diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c
index 3fdc82d5a9..fa7b1de17c 100644
--- a/crypto/evp/pbe_scrypt.c
+++ b/crypto/evp/pbe_scrypt.c
@@ -63,7 +63,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
         maxmem = SCRYPT_MAX_MEM;
 
     kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL);
-    kctx = EVP_KDF_new_ctx(kdf);
+    kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL)
         return 0;
@@ -78,11 +78,11 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
     *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p);
     *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
     *z = OSSL_PARAM_construct_end();
-    if (EVP_KDF_set_ctx_params(kctx, params) != 1
+    if (EVP_KDF_CTX_set_params(kctx, params) != 1
             || EVP_KDF_derive(kctx, key, keylen) != 1)
         rv = 0;
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return rv;
 }
 
diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c
index dff16bfd41..ac4a0fa461 100644
--- a/crypto/evp/pkey_kdf.c
+++ b/crypto/evp/pkey_kdf.c
@@ -50,7 +50,7 @@ static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
         return 0;
 
     kdf = EVP_KDF_fetch(NULL, kdf_name, NULL);
-    kctx = EVP_KDF_new_ctx(kdf);
+    kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL) {
         OPENSSL_free(pkctx);
@@ -66,7 +66,7 @@ static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx)
 {
     EVP_PKEY_KDF_CTX *pkctx = ctx->data;
 
-    EVP_KDF_free_ctx(pkctx->kctx);
+    EVP_KDF_CTX_free(pkctx->kctx);
     pkey_kdf_free_collected(pkctx);
     OPENSSL_free(pkctx);
 }
@@ -202,7 +202,7 @@ static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         break;
     }
 
-    return EVP_KDF_set_ctx_params(kctx, params);
+    return EVP_KDF_CTX_set_params(kctx, params);
 }
 
 static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
@@ -210,7 +210,7 @@ static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
 {
     EVP_PKEY_KDF_CTX *pkctx = ctx->data;
     EVP_KDF_CTX *kctx = pkctx->kctx;
-    const EVP_KDF *kdf = EVP_KDF_get_ctx_kdf(kctx);
+    const EVP_KDF *kdf = EVP_KDF_CTX_kdf(kctx);
     BUF_MEM **collector = NULL;
     const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(kdf);
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
@@ -239,7 +239,7 @@ static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
     if (collector != NULL)
         ok = collect(collector, params[0].data, params[0].data_size);
     else
-        ok = EVP_KDF_set_ctx_params(kctx, params);
+        ok = EVP_KDF_CTX_set_params(kctx, params);
     OPENSSL_free(params[0].data);
     return ok;
 }
@@ -274,7 +274,7 @@ static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                                               pkctx->collected_seed->data,
                                               pkctx->collected_seed->length);
 
-        r = EVP_KDF_set_ctx_params(kctx, params);
+        r = EVP_KDF_CTX_set_params(kctx, params);
         pkey_kdf_free_collected(pkctx);
         if (!r)
             return 0;
@@ -287,7 +287,7 @@ static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                                               pkctx->collected_info->data,
                                               pkctx->collected_info->length);
 
-        r = EVP_KDF_set_ctx_params(kctx, params);
+        r = EVP_KDF_CTX_set_params(kctx, params);
         pkey_kdf_free_collected(pkctx);
         if (!r)
             return 0;
diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c
index 784fca956d..7e36b3c6bd 100644
--- a/crypto/evp/pkey_mac.c
+++ b/crypto/evp/pkey_mac.c
@@ -74,7 +74,7 @@ static int pkey_mac_init(EVP_PKEY_CTX *ctx)
     }
 
     if (mac != NULL) {
-        hctx->ctx = EVP_MAC_new_ctx(mac);
+        hctx->ctx = EVP_MAC_CTX_new(mac);
         if (hctx->ctx == NULL) {
             OPENSSL_free(hctx);
             return 0;
@@ -119,7 +119,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
     EVP_PKEY_CTX_set_data(dst, dctx);
     dst->keygen_info_count = 0;
 
-    dctx->ctx = EVP_MAC_dup_ctx(sctx->ctx);
+    dctx->ctx = EVP_MAC_CTX_dup(sctx->ctx);
     if (dctx->ctx == NULL)
         goto err;
 
@@ -131,7 +131,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
      * fetches the MAC method anew in this case.  Therefore, its reference
      * count must be adjusted here.
      */
-    if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(dctx->ctx)))
+    if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(dctx->ctx)))
         goto err;
 
     dctx->type = sctx->type;
@@ -166,8 +166,7 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx)
     MAC_PKEY_CTX *hctx = ctx == NULL ? NULL : EVP_PKEY_CTX_get_data(ctx);
 
     if (hctx != NULL) {
-        EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_get_ctx_mac(hctx->ctx)
-                                         : NULL;
+        EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_CTX_mac(hctx->ctx) : NULL;
 
         switch (hctx->type) {
         case MAC_TYPE_RAW:
@@ -175,7 +174,7 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx)
                                hctx->raw_data.ktmp.length);
             break;
         }
-        EVP_MAC_free_ctx(hctx->ctx);
+        EVP_MAC_CTX_free(hctx->ctx);
         EVP_MAC_free(mac);
         OPENSSL_free(hctx);
         EVP_PKEY_CTX_set_data(ctx, NULL);
@@ -210,10 +209,10 @@ static int pkey_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
                 return 0;
             }
 
-            cmkey = EVP_MAC_dup_ctx(hctx->ctx);
+            cmkey = EVP_MAC_CTX_dup(hctx->ctx);
             if (cmkey == NULL)
                 return 0;
-            if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(hctx->ctx)))
+            if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(hctx->ctx)))
                 return 0;
             EVP_PKEY_assign(pkey, nid, cmkey);
         }
@@ -259,7 +258,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
     }
 
     if (set_key) {
-        if (!EVP_MAC_is_a(EVP_MAC_get_ctx_mac(hctx->ctx),
+        if (!EVP_MAC_is_a(EVP_MAC_CTX_mac(hctx->ctx),
                           OBJ_nid2sn(EVP_PKEY_id(EVP_PKEY_CTX_get0_pkey(ctx)))))
             return 0;
         key = EVP_PKEY_get0(EVP_PKEY_CTX_get0_pkey(ctx));
@@ -284,7 +283,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
                 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
                                                   key->data, key->length);
         params[params_n++] = OSSL_PARAM_construct_end();
-        rv = EVP_MAC_set_ctx_params(hctx->ctx, params);
+        rv = EVP_MAC_CTX_set_params(hctx->ctx, params);
     }
     return rv;
 }
@@ -334,7 +333,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                     return 0;
                 }
 
-                if (!EVP_MAC_set_ctx_params(hctx->ctx, params)
+                if (!EVP_MAC_CTX_set_params(hctx->ctx, params)
                     || !EVP_MAC_init(hctx->ctx))
                     return 0;
             }
@@ -355,10 +354,10 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
                 if (ctx->pkey == NULL)
                     return 0;
-                new_mac_ctx = EVP_MAC_dup_ctx(ctx->pkey->pkey.ptr);
+                new_mac_ctx = EVP_MAC_CTX_dup(ctx->pkey->pkey.ptr);
                 if (new_mac_ctx == NULL)
                     return 0;
-                EVP_MAC_free_ctx(hctx->ctx);
+                EVP_MAC_CTX_free(hctx->ctx);
                 hctx->ctx = new_mac_ctx;
             }
             break;
@@ -393,13 +392,13 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 return 0;
             }
 
-            if (!EVP_MAC_set_ctx_params(hctx->ctx, params))
+            if (!EVP_MAC_CTX_set_params(hctx->ctx, params))
                 return 0;
 
             params[0] =
                 OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &verify);
 
-            if (!EVP_MAC_get_ctx_params(hctx->ctx, params))
+            if (!EVP_MAC_CTX_get_params(hctx->ctx, params))
                 return 0;
 
             /*
@@ -437,7 +436,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                     return 0;
                 }
 
-                return EVP_MAC_set_ctx_params(hctx->ctx, params);
+                return EVP_MAC_CTX_set_params(hctx->ctx, params);
             }
             break;
         default:
@@ -482,7 +481,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                                                       key->data, key->length);
                 params[params_n] = OSSL_PARAM_construct_end();
 
-                return EVP_MAC_set_ctx_params(hctx->ctx, params);
+                return EVP_MAC_CTX_set_params(hctx->ctx, params);
             }
             break;
         case MAC_TYPE_MAC:
@@ -517,7 +516,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx,
         EVPerr(0, EVP_R_FETCH_FAILED);
         return 0;
     }
-    mac = EVP_MAC_get_ctx_mac(hctx->ctx);
+    mac = EVP_MAC_CTX_mac(hctx->ctx);
 
     /*
      * Translation of some control names that are equivalent to a single
@@ -539,7 +538,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx,
         return 0;
     params[1] = OSSL_PARAM_construct_end();
 
-    ok = EVP_MAC_set_ctx_params(hctx->ctx, params);
+    ok = EVP_MAC_CTX_set_params(hctx->ctx, params);
     OPENSSL_free(params[0].data);
     return ok;
 }
diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index f7fadf26d4..d3655674b4 100644
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -94,7 +94,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou
     EVP_MAC_CTX *mac_ctx;
     int ret = 0;
 
-    mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init);
+    mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init);
     if (mac_ctx == NULL)
         return 0;
 
@@ -121,7 +121,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou
     ret = 1;
 
 err:
-    EVP_MAC_free_ctx(mac_ctx);
+    EVP_MAC_CTX_free(mac_ctx);
     return ret;
 }
 
@@ -182,20 +182,20 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
             /* TODO(3.0) library context */
             || (ctx->mac =
                 EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL)) == NULL
-            || (ctx->mac_ctx_init = EVP_MAC_new_ctx(ctx->mac)) == NULL
-            || !EVP_MAC_set_ctx_params(ctx->mac_ctx_init, params)
+            || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL
+            || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params)
             || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL)
-            || (mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL
+            || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL
             || !EVP_MAC_update(mac_ctx, zero, sizeof(zero))
             || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len,
                               sizeof(ctx->d.byte))) {
         EVP_CIPHER_CTX_free(ctx->cipher_ctx);
-        EVP_MAC_free_ctx(ctx->mac_ctx_init);
-        EVP_MAC_free_ctx(mac_ctx);
+        EVP_MAC_CTX_free(ctx->mac_ctx_init);
+        EVP_MAC_CTX_free(mac_ctx);
         EVP_MAC_free(ctx->mac);
         return 0;
     }
-    EVP_MAC_free_ctx(mac_ctx);
+    EVP_MAC_CTX_free(mac_ctx);
 
     ctx->final_ret = -1;
     ctx->crypto_ok = 1;
@@ -211,8 +211,8 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src)
     memcpy(&dest->d, &src->d, sizeof(src->d));
     if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx))
         return 0;
-    EVP_MAC_free_ctx(dest->mac_ctx_init);
-    dest->mac_ctx_init = EVP_MAC_dup_ctx(src->mac_ctx_init);
+    EVP_MAC_CTX_free(dest->mac_ctx_init);
+    dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init);
     if (dest->mac_ctx_init == NULL)
         return 0;
     return 1;
@@ -232,15 +232,15 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
 
     siv128_dbl(&ctx->d);
 
-    if ((mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL
+    if ((mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL
         || !EVP_MAC_update(mac_ctx, aad, len)
         || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len,
                           sizeof(mac_out.byte))
         || out_len != SIV_LEN) {
-        EVP_MAC_free_ctx(mac_ctx);
+        EVP_MAC_CTX_free(mac_ctx);
         return 0;
     }
-    EVP_MAC_free_ctx(mac_ctx);
+    EVP_MAC_CTX_free(mac_ctx);
 
     siv128_xorblock(&ctx->d, &mac_out);
 
@@ -352,7 +352,7 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx)
     if (ctx != NULL) {
         EVP_CIPHER_CTX_free(ctx->cipher_ctx);
         ctx->cipher_ctx = NULL;
-        EVP_MAC_free_ctx(ctx->mac_ctx_init);
+        EVP_MAC_CTX_free(ctx->mac_ctx_init);
         ctx->mac_ctx_init = NULL;
         EVP_MAC_free(ctx->mac);
         ctx->mac = NULL;
diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in
index e92eee27ba..9c585325ba 100644
--- a/doc/man1/openssl-kdf.pod.in
+++ b/doc/man1/openssl-kdf.pod.in
@@ -46,7 +46,7 @@ Output the derived key in binary form. Uses hexadecimal text format if not speci
 Passes options to the KDF algorithm.
 A comprehensive list of parameters can be found in the EVP_KDF_CTX
 implementation documentation.
-Common parameter names used by EVP_KDF_set_ctx_params() are:
+Common parameter names used by EVP_KDF_CTX_set_params() are:
 
 =over 4
 
diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in
index ff1b83fbd3..4c9cc3bc31 100644
--- a/doc/man1/openssl-mac.pod.in
+++ b/doc/man1/openssl-mac.pod.in
@@ -49,7 +49,7 @@ Output the MAC in binary form. Uses hexadecimal text format if not specified.
 Passes options to the MAC algorithm.
 A comprehensive list of controls can be found in the EVP_MAC implementation
 documentation.
-Common parameter names used by EVP_MAC_get_ctx_params() are:
+Common parameter names used by EVP_MAC_CTX_get_params() are:
 
 =over 4
 
diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod
index 5bf7994de8..d97d33936d 100644
--- a/doc/man3/EVP_KDF.pod
+++ b/doc/man3/EVP_KDF.pod
@@ -3,11 +3,11 @@
 =head1 NAME
 
 EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref,
-EVP_KDF_CTX, EVP_KDF_new_ctx, EVP_KDF_free_ctx, EVP_KDF_dup_ctx,
+EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup,
 EVP_KDF_reset, EVP_KDF_derive,
-EVP_KDF_size, EVP_KDF_provider, EVP_KDF_get_ctx_kdf, EVP_KDF_is_a,
+EVP_KDF_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a,
 EVP_KDF_number, EVP_KDF_names_do_all,
-EVP_KDF_get_ctx_params, EVP_KDF_set_ctx_params, EVP_KDF_do_all_provided,
+EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided,
 EVP_KDF_get_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params,
 EVP_KDF_gettable_params - EVP KDF routines
 
@@ -18,10 +18,10 @@ EVP_KDF_gettable_params - EVP KDF routines
  typedef struct evp_kdf_st EVP_KDF;
  typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
 
- EVP_KDF_CTX *EVP_KDF_new_ctx(const EVP_KDF *kdf);
- const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx);
- void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx);
- EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src);
+ EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
+ const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
+ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
+ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
  void EVP_KDF_reset(EVP_KDF_CTX *ctx);
  size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
  int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
@@ -39,8 +39,8 @@ EVP_KDF_gettable_params - EVP KDF routines
                            void (*fn)(const char *name, void *data),
                            void *data);
  int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]);
- int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
- int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
+ int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
  const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf);
  const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf);
  const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf);
@@ -52,8 +52,8 @@ The EVP KDF routines are a high-level interface to Key Derivation Function
 algorithms and should be used instead of algorithm-specific functions.
 
 After creating a B<EVP_KDF_CTX> for the required algorithm using
-EVP_KDF_new_ctx(), inputs to the algorithm are supplied
-using calls to EVP_KDF_set_ctx_params() before
+EVP_KDF_CTX_new(), inputs to the algorithm are supplied
+using calls to EVP_KDF_CTX_set_params() before
 calling EVP_KDF_derive() to derive the key.
 
 =head2 Types
@@ -82,12 +82,12 @@ NULL is a valid parameter, for which this function is a no-op.
 
 =head2 Context manipulation functions
 
-EVP_KDF_new_ctx() creates a new context for the KDF implementation I<kdf>.
+EVP_KDF_CTX_new() creates a new context for the KDF implementation I<kdf>.
 
-EVP_KDF_free_ctx() frees up the context I<ctx>.  If I<ctx> is NULL, nothing
+EVP_KDF_CTX_free() frees up the context I<ctx>.  If I<ctx> is NULL, nothing
 is done.
 
-EVP_KDF_get_ctx_kdf() returns the B<EVP_KDF> associated with the context
+EVP_KDF_CTX_kdf() returns the B<EVP_KDF> associated with the context
 I<ctx>.
 
 =head2 Computing functions
@@ -107,14 +107,14 @@ parameters should be retrieved.
 Note that a parameter that is unknown in the underlying context is
 simply ignored.
 
-EVP_KDF_get_ctx_params() retrieves chosen parameters, given the
+EVP_KDF_CTX_get_params() retrieves chosen parameters, given the
 context I<ctx> and its underlying context.
 The set of parameters given with I<params> determine exactly what
 parameters should be retrieved.
 Note that a parameter that is unknown in the underlying context is
 simply ignored.
 
-EVP_KDF_set_ctx_params() passes chosen parameters to the underlying
+EVP_KDF_CTX_set_params() passes chosen parameters to the underlying
 context, given a context I<ctx>.
 The set of parameters given with I<params> determine exactly what
 parameters are passed down.
@@ -126,8 +126,8 @@ defined by the implementation.
 EVP_KDF_gettable_params(), EVP_KDF_gettable_ctx_params() and
 EVP_KDF_settable_ctx_params() get a constant B<OSSL_PARAM> array that
 describes the retrievable and settable parameters, i.e. parameters that
-can be used with EVP_KDF_get_params(), EVP_KDF_get_ctx_params()
-and EVP_KDF_set_ctx_params(), respectively.
+can be used with EVP_KDF_get_params(), EVP_KDF_CTX_get_params()
+and EVP_KDF_CTX_set_params(), respectively.
 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
 
 =head2 Information functions
@@ -237,10 +237,10 @@ NULL on error.
 
 EVP_KDF_up_ref() returns 1 on success, 0 on error.
 
-EVP_KDF_new_ctx() returns either the newly allocated
+EVP_KDF_CTX_new() returns either the newly allocated
 B<EVP_KDF_CTX> structure or NULL if an error occurred.
 
-EVP_KDF_free_ctx() and EVP_KDF_reset() do not return a value.
+EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value.
 
 EVP_KDF_size() returns the output size.  B<SIZE_MAX> is returned to indicate
 that the algorithm produces a variable amount of output; 0 to indicate failure.
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index b8fa1ce630..9e35d57c17 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -5,8 +5,8 @@
 EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free,
 EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all,
 EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params,
-EVP_MAC_CTX, EVP_MAC_new_ctx, EVP_MAC_free_ctx, EVP_MAC_dup_ctx,
-EVP_MAC_get_ctx_mac, EVP_MAC_get_ctx_params, EVP_MAC_set_ctx_params,
+EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup,
+EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
 EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final,
 EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params,
 EVP_MAC_do_all_provided - EVP MAC routines
@@ -30,12 +30,12 @@ EVP_MAC_do_all_provided - EVP MAC routines
  const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac);
  int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
 
- EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac);
- void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx);
- EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src);
- EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx);
- int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
- int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
+ EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
+ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
+ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
+ EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
+ int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
+ int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
 
  size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
  int EVP_MAC_init(EVP_MAC_CTX *ctx);
@@ -96,18 +96,18 @@ NULL is a valid parameter, for which this function is a no-op.
 
 =head2 Context manipulation functions
 
-EVP_MAC_new_ctx() creates a new context for the MAC type I<mac>.
+EVP_MAC_CTX_new() creates a new context for the MAC type I<mac>.
 The created context can then be used with most other functions
 described here.
 
-EVP_MAC_free_ctx() frees the contents of the context, including an
+EVP_MAC_CTX_free() frees the contents of the context, including an
 underlying context if there is one, as well as the context itself.
 NULL is a valid parameter, for which this function is a no-op.
 
-EVP_MAC_dup_ctx() duplicates the I<src> context and returns a newly allocated
+EVP_MAC_CTX_dup() duplicates the I<src> context and returns a newly allocated
 context.
 
-EVP_MAC_get_ctx_mac() returns the B<EVP_MAC> associated with the context
+EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context
 I<ctx>.
 
 =head2 Computing functions
@@ -136,14 +136,14 @@ parameters should be retrieved.
 Note that a parameter that is unknown in the underlying context is
 simply ignored.
 
-EVP_MAC_get_ctx_params() retrieves chosen parameters, given the
+EVP_MAC_CTX_get_params() retrieves chosen parameters, given the
 context I<ctx> and its underlying context.
 The set of parameters given with I<params> determine exactly what
 parameters should be retrieved.
 Note that a parameter that is unknown in the underlying context is
 simply ignored.
 
-EVP_MAC_set_ctx_params() passes chosen parameters to the underlying
+EVP_MAC_CTX_set_params() passes chosen parameters to the underlying
 context, given a context I<ctx>.
 The set of parameters given with I<params> determine exactly what
 parameters are passed down.
@@ -155,8 +155,8 @@ defined by the implementation.
 EVP_MAC_gettable_params(), EVP_MAC_gettable_ctx_params() and
 EVP_MAC_settable_ctx_params() get a constant B<OSSL_PARAM> array that
 describes the retrievable and settable parameters, i.e. parameters that
-can be used with EVP_MAC_get_params(), EVP_MAC_get_ctx_params()
-and EVP_MAC_set_ctx_params(), respectively.
+can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params()
+and EVP_MAC_CTX_set_params(), respectively.
 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
 
 =head2 Information functions
@@ -270,12 +270,12 @@ the given name, otherwise 0.
 EVP_MAC_provider() returns a pointer to the provider for the MAC, or
 NULL on error.
 
-EVP_MAC_new_ctx() and EVP_MAC_dup_ctx() return a pointer to a newly
+EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly
 created EVP_MAC_CTX, or NULL if allocation failed.
 
-EVP_MAC_free_ctx() returns nothing at all.
+EVP_MAC_CTX_free() returns nothing at all.
 
-EVP_MAC_get_ctx_params() and EVP_MAC_set_ctx_params() return 1 on
+EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on
 success, 0 on error.
 
 EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0
@@ -327,8 +327,8 @@ EVP_MAC_do_all_provided() returns nothing at all.
 
       if (mac == NULL
           || key == NULL
-          || (ctx = EVP_MAC_new_ctx(mac)) == NULL
-          || EVP_MAC_set_ctx_params(ctx, params) <= 0)
+          || (ctx = EVP_MAC_CTX_new(mac)) == NULL
+          || EVP_MAC_CTX_set_params(ctx, params) <= 0)
           goto err;
 
       if (!EVP_MAC_init(ctx))
@@ -347,12 +347,12 @@ EVP_MAC_do_all_provided() returns nothing at all.
           printf("%02X", buf[i]);
       printf("\n");
 
-      EVP_MAC_free_ctx(ctx);
+      EVP_MAC_CTX_free(ctx);
       EVP_MAC_free(mac);
       exit(0);
 
    err:
-      EVP_MAC_free_ctx(ctx);
+      EVP_MAC_CTX_free(ctx);
       EVP_MAC_free(mac);
       fprintf(stderr, "Something went wrong\n");
       ERR_print_errors_fp(stderr);
diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod
index f441208585..816d6e325d 100644
--- a/doc/man3/HMAC.pod
+++ b/doc/man3/HMAC.pod
@@ -54,7 +54,7 @@ L<openssl_user_macros(7)>:
 =head1 DESCRIPTION
 
 All of the functions described on this page are deprecated. Applications should
-instead use L<EVP_MAC_new_ctx(3)>, L<EVP_MAC_free_ctx(3)>, L<EVP_MAC_init(3)>,
+instead use L<EVP_MAC_CTX_new(3)>, L<EVP_MAC_CTX_free(3)>, L<EVP_MAC_init(3)>,
 L<EVP_MAC_update(3)> and L<EVP_MAC_final(3)>.
 
 HMAC is a MAC (message authentication code), i.e. a keyed hash
diff --git a/doc/man3/OSSL_PARAM_allocate_from_text.pod b/doc/man3/OSSL_PARAM_allocate_from_text.pod
index 539b2179c4..011685c8c8 100644
--- a/doc/man3/OSSL_PARAM_allocate_from_text.pod
+++ b/doc/man3/OSSL_PARAM_allocate_from_text.pod
@@ -175,7 +175,7 @@ Can be written like this instead:
           goto err;
   }
   params[params_n] = OSSL_PARAM_construct_end();
-  if (!EVP_MAC_set_ctx_params(ctx, params))
+  if (!EVP_MAC_CTX_set_params(ctx, params))
       goto err;
   while (params_n-- > 0)
       OPENSSL_free(params[params_n].data);
diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
index ee726b3b64..a81dc76591 100644
--- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -49,7 +49,7 @@ ticket information or it starts a full TLS handshake to create a new session
 ticket.
 
 Before the callback function is started I<ctx> and I<hctx> have been
-initialised with L<EVP_CIPHER_CTX_reset(3)> and L<EVP_MAC_new_ctx(3)>
+initialised with L<EVP_CIPHER_CTX_reset(3)> and L<EVP_MAC_CTX_new(3)>
 respectively.
 
 For new sessions tickets, when the client doesn't present a session ticket, or
@@ -66,7 +66,7 @@ maximum IV length is B<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>.
 The initialization vector I<iv> should be a random value. The cipher context
 I<ctx> should use the initialisation vector I<iv>. The cipher context can be
 set using L<EVP_EncryptInit_ex(3)>. The hmac context and digest can be set using
-L<EVP_MAC_set_ctx_params(3)> with the B<OSSL_MAC_PARAM_KEY> and
+L<EVP_MAC_CTX_set_params(3)> with the B<OSSL_MAC_PARAM_KEY> and
 B<OSSL_MAC_PARAM_DIGEST> parameters respectively.
 
 When the client presents a session ticket, the callback function with be called
@@ -76,7 +76,7 @@ the session ticket. The OpenSSL library expects that the I<name> will be used
 to retrieve a cryptographic parameters and that the cryptographic context
 I<ctx> will be set with the retrieved parameters and the initialization vector
 I<iv>. using a function like L<EVP_DecryptInit_ex(3)>. The key material and
-digest for I<hctx> need to be set using L<EVP_MAC_set_ctx_params(3)> with the
+digest for I<hctx> need to be set using L<EVP_MAC_CTX_set_params(3)> with the
 B<OSSL_MAC_PARAM_KEY> and B<OSSL_MAC_PARAM_DIGEST> parameters respectively.
 
 If the I<name> is still valid but a renewal of the ticket is required the
@@ -120,8 +120,8 @@ The SSL_CTX_set_tlsext_ticket_key_cb() function is identical to
 SSL_CTX_set_tlsext_ticket_key_evp_cb() except that it takes a deprecated
 HMAC_CTX pointer instead of an EVP_MAC_CTX one.
 Before this callback function is started I<hctx> will have been
-initialised with L<EVP_MAC_new_ctx(3)> and the digest set with
-L<EVP_MAC_set_ctx_params(3)>.
+initialised with L<EVP_MAC_CTX_new(3)> and the digest set with
+L<EVP_MAC_CTX_set_params(3)>.
 The I<hctx> key material can be set using L<HMAC_Init_ex(3)>.
 
 =head1 NOTES
@@ -186,7 +186,7 @@ Reference Implementation:
          params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
                                                       "sha256", 0);
          params[2] = OSSL_PARAM_construct_end();
-         EVP_MAC_set_ctx_params(hctx, params);
+         EVP_MAC_CTX_set_params(hctx, params);
 
          return 1;
 
@@ -202,7 +202,7 @@ Reference Implementation:
          params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
                                                       "sha256", 0);
          params[2] = OSSL_PARAM_construct_end();
-         EVP_MAC_set_ctx_params(hctx, params);
+         EVP_MAC_CTX_set_params(hctx, params);
 
          EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->aes_key, iv);
 
diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod
index de62827b88..a8bb5dacd9 100644
--- a/doc/man7/EVP_KDF-HKDF.pod
+++ b/doc/man7/EVP_KDF-HKDF.pod
@@ -87,7 +87,7 @@ an error will occur.
 A context for HKDF can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The output length of an HKDF expand operation is specified via the I<keylen>
 parameter to the L<EVP_KDF_derive(3)> function.  When using
@@ -107,7 +107,7 @@ salt value "salt" and info value "label":
  OSSL_PARAM params[5], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "HKDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@@ -119,14 +119,14 @@ salt value "salt" and info value "label":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
                                           "salt", (size_t)4);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0) {
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
      error("EVP_KDF_derive");
  }
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 =head1 CONFORMING TO
 
@@ -135,10 +135,10 @@ RFC 5869
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_new_ctx(3)>,
-L<EVP_KDF_free_ctx(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
 L<EVP_KDF_size(3)>,
-L<EVP_KDF_set_ctx_params(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
 
diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod
index e5a2af67f9..0a84e925d9 100644
--- a/doc/man7/EVP_KDF-KB.pod
+++ b/doc/man7/EVP_KDF-KB.pod
@@ -57,7 +57,7 @@ Depending on whether mac is CMAC or HMAC, either digest or cipher is required
 A context for KBKDF can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The output length of an KBKDF is specified via the C<keylen>
 parameter to the L<EVP_KDF_derive(3)> function.
@@ -76,7 +76,7 @@ Label "label", and Context "context".
  OSSL_PARAM params[6], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@@ -90,12 +90,12 @@ Label "label", and Context "context".
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
                                           "context", strlen("context"));
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0)
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
  else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
      error("EVP_KDF_derive");
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 This example derives 10 bytes using FEEDBACK-CMAC-AES256, with KI "secret",
 Label "label", and IV "sixteen bytes iv".
@@ -107,7 +107,7 @@ Label "label", and IV "sixteen bytes iv".
  unsigned char *iv = "sixteen bytes iv";
 
  kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0);
@@ -122,12 +122,12 @@ Label "label", and IV "sixteen bytes iv".
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
                                           iv, strlen(iv));
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0)
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
  else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
      error("EVP_KDF_derive");
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 =head1 CONFORMING TO
 
@@ -136,7 +136,7 @@ NIST SP800-108, IETF RFC 6803, IETF RFC 8009.
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_free_ctx(3)>,
+L<EVP_KDF_CTX_free(3)>,
 L<EVP_KDF_size(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
diff --git a/doc/man7/EVP_KDF-KRB5KDF.pod b/doc/man7/EVP_KDF-KRB5KDF.pod
index 29a8c0f7b8..62f941c3ca 100644
--- a/doc/man7/EVP_KDF-KRB5KDF.pod
+++ b/doc/man7/EVP_KDF-KRB5KDF.pod
@@ -44,7 +44,7 @@ If a value is already set, the contents are replaced.
 A context for KRB5KDF can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The output length of the KRB5KDF derivation is specified via the I<keylen>
 parameter to the L<EVP_KDF_derive(3)> function, and MUST match the key
@@ -70,7 +70,7 @@ This example derives a key using the AES-128-CBC cipher:
  OSSL_PARAM params[4], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
@@ -87,7 +87,7 @@ This example derives a key using the AES-128-CBC cipher:
  if (EVP_KDF_derive(kctx, out, outlen) <= 0)
      /* Error */
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 =head1 CONFORMING TO
 
@@ -96,7 +96,7 @@ RFC 3961
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_free_ctx(3)>,
+L<EVP_KDF_CTX_free(3)>,
 L<EVP_KDF_ctrl(3)>,
 L<EVP_KDF_size(3)>,
 L<EVP_KDF_derive(3)>,
diff --git a/doc/man7/EVP_KDF-PBKDF2.pod b/doc/man7/EVP_KDF-PBKDF2.pod
index 2be2db75b5..b0b7ac1d65 100644
--- a/doc/man7/EVP_KDF-PBKDF2.pod
+++ b/doc/man7/EVP_KDF-PBKDF2.pod
@@ -82,9 +82,9 @@ SP800-132
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_new_ctx(3)>,
-L<EVP_KDF_free_ctx(3)>,
-L<EVP_KDF_set_ctx_params(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
 
diff --git a/doc/man7/EVP_KDF-SCRYPT.pod b/doc/man7/EVP_KDF-SCRYPT.pod
index 7782f4fa87..8650a8b39a 100644
--- a/doc/man7/EVP_KDF-SCRYPT.pod
+++ b/doc/man7/EVP_KDF-SCRYPT.pod
@@ -66,7 +66,7 @@ Both r and p are parameters of type B<uint32_t>.
 A context for scrypt can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The output length of an scrypt key derivation is specified via the
 "keylen" parameter to the L<EVP_KDF_derive(3)> function.
@@ -82,7 +82,7 @@ This example derives a 64-byte long test vector using scrypt with the password
  OSSL_PARAM params[6], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
@@ -93,8 +93,8 @@ This example derives a 64-byte long test vector using scrypt with the password
  *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8);
  *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0) {
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
      error("EVP_KDF_derive");
@@ -115,7 +115,7 @@ This example derives a 64-byte long test vector using scrypt with the password
      assert(!memcmp(out, expected, sizeof(out)));
  }
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 =head1 CONFORMING TO
 
@@ -124,9 +124,9 @@ RFC 7914
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_new_ctx(3)>,
-L<EVP_KDF_free_ctx(3)>,
-L<EVP_KDF_set_ctx_params(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
 
diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod
index 65b15a4d59..e64417388f 100644
--- a/doc/man7/EVP_KDF-SS.pod
+++ b/doc/man7/EVP_KDF-SS.pod
@@ -66,7 +66,7 @@ This parameter sets an optional value for fixedinfo, also known as otherinfo.
 A context for SSKDF can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The output length of an SSKDF is specified via the I<keylen>
 parameter to the L<EVP_KDF_derive(3)> function.
@@ -82,7 +82,7 @@ and fixedinfo value "label":
  OSSL_PARAM params[4], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@@ -92,14 +92,14 @@ and fixedinfo value "label":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
                                           "label", (size_t)5);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0) {
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
      error("EVP_KDF_derive");
  }
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret",
 fixedinfo value "label" and salt "salt":
@@ -110,7 +110,7 @@ fixedinfo value "label" and salt "salt":
  OSSL_PARAM params[6], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
@@ -124,14 +124,14 @@ fixedinfo value "label" and salt "salt":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
                                           "salt", (size_t)4);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0) {
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
      error("EVP_KDF_derive");
  }
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret"
 fixedinfo value "label", salt of "salt" and KMAC outlen of 20:
@@ -142,7 +142,7 @@ fixedinfo value "label", salt of "salt" and KMAC outlen of 20:
  OSSL_PARAM params[7], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
@@ -157,14 +157,14 @@ fixedinfo value "label", salt of "salt" and KMAC outlen of 20:
                                           "salt", (size_t)4);
  *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0) {
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
      error("EVP_KDF_derive");
  }
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 =head1 CONFORMING TO
 
@@ -173,9 +173,9 @@ NIST SP800-56Cr1.
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_new_ctx(3)>,
-L<EVP_KDF_free_ctx(3)>,
-L<EVP_KDF_set_ctx_params(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_size(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod
index f71457211a..e91858c051 100644
--- a/doc/man7/EVP_KDF-SSHKDF.pod
+++ b/doc/man7/EVP_KDF-SSHKDF.pod
@@ -87,7 +87,7 @@ A single char of value 70 (ASCII char 'F').
 A context for SSHKDF can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The output length of the SSHKDF derivation is specified via the I<keylen>
 parameter to the L<EVP_KDF_derive(3)> function.
@@ -111,7 +111,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate
  OSSL_PARAM params[6], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@@ -125,7 +125,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate
  *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE,
                                  EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0)
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
      /* Error */
 
  if (EVP_KDF_derive(kctx, out, &outlen) <= 0)
@@ -139,9 +139,9 @@ RFC 4253
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_new_ctx(3)>,
-L<EVP_KDF_free_ctx(3)>,
-L<EVP_KDF_set_ctx_params(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_size(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod
index de7d1c5ba6..74ddb657f7 100644
--- a/doc/man7/EVP_KDF-TLS1_PRF.pod
+++ b/doc/man7/EVP_KDF-TLS1_PRF.pod
@@ -51,7 +51,7 @@ this should be more than enough for any normal use of the TLS PRF.
 A context for the TLS PRF can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The digest, secret value and seed must be set before a key is derived otherwise
 an error will occur.
@@ -70,7 +70,7 @@ and seed value "seed":
  OSSL_PARAM params[4], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@@ -80,13 +80,13 @@ and seed value "seed":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
                                           "seed", (size_t)4);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0) {
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
      error("EVP_KDF_derive");
  }
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 =head1 CONFORMING TO
 
@@ -95,9 +95,9 @@ RFC 2246, RFC 5246 and NIST SP 800-135 r1
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_new_ctx(3)>,
-L<EVP_KDF_free_ctx(3)>,
-L<EVP_KDF_set_ctx_params(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
 
diff --git a/doc/man7/EVP_KDF-X942.pod b/doc/man7/EVP_KDF-X942.pod
index a4222163e1..e607212b28 100644
--- a/doc/man7/EVP_KDF-X942.pod
+++ b/doc/man7/EVP_KDF-X942.pod
@@ -49,7 +49,7 @@ This parameter sets the CEK wrapping algorithm name.
 A context for X942KDF can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The output length of an X942KDF is specified via the I<keylen>
 parameter to the L<EVP_KDF_derive(3)> function.
@@ -71,9 +71,9 @@ keying material:
  kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
  if (kctx == NULL)
      error("EVP_KDF_fetch");
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  if (kctx == NULL)
-     error("EVP_KDF_new_ctx");
+     error("EVP_KDF_CTX_new");
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@@ -85,12 +85,12 @@ keying material:
                                          SN_id_smime_alg_CMS3DESwrap,
                                          strlen(SN_id_smime_alg_CMS3DESwrap));
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0)
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+     error("EVP_KDF_CTX_set_params");
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
      error("EVP_KDF_derive");
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 =head1 CONFORMING TO
 
@@ -99,9 +99,9 @@ RFC 2631
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_new_ctx(3)>,
-L<EVP_KDF_free_ctx(3)>,
-L<EVP_KDF_set_ctx_params(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_size(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod
index 685f687023..93ec14c837 100644
--- a/doc/man7/EVP_KDF-X963.pod
+++ b/doc/man7/EVP_KDF-X963.pod
@@ -46,7 +46,7 @@ X963KDF appends the counter to the secret, whereas SSKDF prepends the counter.
 A context for X963KDF can be obtained by calling:
 
  EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL);
- EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
 The output length of an X963KDF is specified via the I<keylen>
 parameter to the L<EVP_KDF_derive(3)> function.
@@ -62,7 +62,7 @@ value "label":
  OSSL_PARAM params[4], *p = params;
 
  kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL);
- kctx = EVP_KDF_new_ctx(kdf);
+ kctx = EVP_KDF_CTX_new(kdf);
  EVP_KDF_free(kdf);
 
  *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
@@ -72,14 +72,14 @@ value "label":
  *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
                                           "label", (size_t)5);
  *p = OSSL_PARAM_construct_end();
- if (EVP_KDF_set_ctx_params(kctx, params) <= 0) {
-     error("EVP_KDF_set_ctx_params");
+ if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
+     error("EVP_KDF_CTX_set_params");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
      error("EVP_KDF_derive");
  }
 
- EVP_KDF_free_ctx(kctx);
+ EVP_KDF_CTX_free(kctx);
 
 =head1 CONFORMING TO
 
@@ -88,9 +88,9 @@ value "label":
 =head1 SEE ALSO
 
 L<EVP_KDF(3)>,
-L<EVP_KDF_new_ctx(3)>,
-L<EVP_KDF_free_ctx(3)>,
-L<EVP_KDF_set_ctx_params(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
 L<EVP_KDF_size(3)>,
 L<EVP_KDF_derive(3)>,
 L<EVP_KDF(3)/PARAMETERS>
diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod
index d5673fa8e2..90b065340d 100644
--- a/doc/man7/EVP_MAC-BLAKE2.pod
+++ b/doc/man7/EVP_MAC-BLAKE2.pod
@@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch():
 The general description of these parameters can be found in
 L<EVP_MAC(3)/PARAMETERS>.
 
-All these parameters can be set with EVP_MAC_set_ctx_params().
+All these parameters can be set with EVP_MAC_CTX_set_params().
 Furthermore, the "size" parameter can be retrieved with
-EVP_MAC_get_ctx_params(), or with EVP_MAC_size().
+EVP_MAC_CTX_get_params(), or with EVP_MAC_size().
 The length of the "size" parameter should not exceed that of a B<size_t>.
 
 =over 4
@@ -61,7 +61,7 @@ It is 32 and 64 respectively by default.
 
 =head1 SEE ALSO
 
-L<EVP_MAC_get_ctx_params(3)>, L<EVP_MAC_set_ctx_params(3)>,
+L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
 L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>
 
 =head1 HISTORY
diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod
index 699a50824b..c210d693ce 100644
--- a/doc/man7/EVP_MAC-CMAC.pod
+++ b/doc/man7/EVP_MAC-CMAC.pod
@@ -24,7 +24,7 @@ used with EVP_MAC_fetch():
 The general description of these parameters can be found in
 L<EVP_MAC(3)/PARAMETERS>.
 
-The following parameter can be set with EVP_MAC_set_ctx_params():
+The following parameter can be set with EVP_MAC_CTX_set_params():
 
 =over 4
 
@@ -37,7 +37,7 @@ The following parameter can be set with EVP_MAC_set_ctx_params():
 =back
 
 The following parameters can be retrieved with
-EVP_MAC_get_ctx_params():
+EVP_MAC_CTX_get_params():
 
 =over 4
 
@@ -50,7 +50,7 @@ The length of the "size" parameter is equal to that of an B<unsigned int>.
 
 =head1 SEE ALSO
 
-L<EVP_MAC_get_ctx_params(3)>, L<EVP_MAC_set_ctx_params(3)>,
+L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
 L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>
 
 =head1 COPYRIGHT
diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod
index 8e4d28e7b1..7c9477c215 100644
--- a/doc/man7/EVP_MAC-GMAC.pod
+++ b/doc/man7/EVP_MAC-GMAC.pod
@@ -24,7 +24,7 @@ used with EVP_MAC_fetch():
 The general description of these parameters can be found in
 L<EVP_MAC(3)/PARAMETERS>.
 
-The following parameter can be set with EVP_MAC_set_ctx_params():
+The following parameter can be set with EVP_MAC_CTX_set_params():
 
 =over 4
 
@@ -39,7 +39,7 @@ The following parameter can be set with EVP_MAC_set_ctx_params():
 =back
 
 The following parameters can be retrieved with
-EVP_MAC_get_ctx_params():
+EVP_MAC_CTX_get_params():
 
 =over 4
 
@@ -52,7 +52,7 @@ The length of the "size" parameter is equal to that of an B<unsigned int>.
 
 =head1 SEE ALSO
 
-L<EVP_MAC_get_ctx_params(3)>, L<EVP_MAC_set_ctx_params(3)>,
+L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
 L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>
 
 =head1 COPYRIGHT
diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod
index 31ff102ae6..7f0ec35b43 100644
--- a/doc/man7/EVP_MAC-HMAC.pod
+++ b/doc/man7/EVP_MAC-HMAC.pod
@@ -24,7 +24,7 @@ used with EVP_MAC_fetch():
 The general description of these parameters can be found in
 L<EVP_MAC(3)/PARAMETERS>.
 
-The following parameter can be set with EVP_MAC_set_ctx_params():
+The following parameter can be set with EVP_MAC_CTX_set_params():
 
 =over 4
 
@@ -41,7 +41,7 @@ The following parameter can be set with EVP_MAC_set_ctx_params():
 The "flags" parameter is passed directly to HMAC_CTX_set_flags().
 
 The following parameter can be retrieved with
-EVP_MAC_get_ctx_params():
+EVP_MAC_CTX_get_params():
 
 =over 4
 
@@ -54,7 +54,7 @@ The length of the "size" parameter is equal to that of an B<unsigned int>.
 
 =head1 SEE ALSO
 
-L<EVP_MAC_get_ctx_params(3)>, L<EVP_MAC_set_ctx_params(3)>,
+L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
 L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>, L<HMAC(3)>
 
 =head1 COPYRIGHT
diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod
index 88044540c5..df7ac1ddf6 100644
--- a/doc/man7/EVP_MAC-KMAC.pod
+++ b/doc/man7/EVP_MAC-KMAC.pod
@@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch():
 The general description of these parameters can be found in
 L<EVP_MAC(3)/PARAMETERS>.
 
-All these parameters can be set with EVP_MAC_set_ctx_params().
+All these parameters can be set with EVP_MAC_CTX_set_params().
 Furthermore, the "size" parameter can be retrieved with
-EVP_MAC_get_ctx_params(), or with EVP_MAC_size().
+EVP_MAC_CTX_get_params(), or with EVP_MAC_size().
 The length of the "size" parameter should not exceed that of a B<size_t>.
 
 =over 4
@@ -50,7 +50,7 @@ the input stream is set to zero.
 
 =head1 SEE ALSO
 
-L<EVP_MAC_get_ctx_params(3)>, L<EVP_MAC_set_ctx_params(3)>,
+L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
 L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>
 
 =head1 COPYRIGHT
diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod
index 8e288172a1..da9953a1d5 100644
--- a/doc/man7/EVP_MAC-Poly1305.pod
+++ b/doc/man7/EVP_MAC-Poly1305.pod
@@ -24,7 +24,7 @@ used with EVP_MAC_fetch():
 The general description of these parameters can be found in
 L<EVP_MAC(3)/PARAMETERS>.
 
-The following parameter can be set with EVP_MAC_set_ctx_params():
+The following parameter can be set with EVP_MAC_CTX_set_params():
 
 =over 4
 
@@ -33,7 +33,7 @@ The following parameter can be set with EVP_MAC_set_ctx_params():
 =back
 
 The following parameters can be retrieved with
-EVP_MAC_get_ctx_params():
+EVP_MAC_CTX_get_params():
 
 =over 4
 
@@ -46,7 +46,7 @@ The length of the "size" parameter should not exceed that of an B<unsigned int>.
 
 =head1 SEE ALSO
 
-L<EVP_MAC_get_ctx_params(3)>, L<EVP_MAC_set_ctx_params(3)>,
+L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
 L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>
 
 =head1 COPYRIGHT
diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod
index a65e5919aa..d8013b3369 100644
--- a/doc/man7/EVP_MAC-Siphash.pod
+++ b/doc/man7/EVP_MAC-Siphash.pod
@@ -25,9 +25,9 @@ used with EVP_MAC_fetch():
 The general description of these parameters can be found in
 L<EVP_MAC(3)/PARAMETERS>.
 
-All these parameters can be set with EVP_MAC_set_ctx_params().
+All these parameters can be set with EVP_MAC_CTX_set_params().
 Furthermore, the "size" parameter can be retrieved with
-EVP_MAC_get_ctx_params(), or with EVP_MAC_size().
+EVP_MAC_CTX_get_params(), or with EVP_MAC_size().
 The length of the "size" parameter should not exceed that of a B<size_t>.
 
 =over 4
@@ -40,7 +40,7 @@ The length of the "size" parameter should not exceed that of a B<size_t>.
 
 =head1 SEE ALSO
 
-L<EVP_MAC_get_ctx_params(3)>, L<EVP_MAC_set_ctx_params(3)>,
+L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
 L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>
 
 =head1 COPYRIGHT
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 85a939b5c3..923550e9db 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -26,8 +26,6 @@
 # include <openssl/evperr.h>
 # include <openssl/params.h>
 
-# include <openssl/mac.h>
-
 # define EVP_MAX_MD_SIZE                 64/* longest known is SHA512 */
 # define EVP_MAX_KEY_LENGTH              64
 # define EVP_MAX_IV_LENGTH               16
@@ -1073,6 +1071,40 @@ void EVP_MD_do_all_provided(OPENSSL_CTX *libctx,
                             void (*fn)(EVP_MD *md, void *arg),
                             void *arg);
 
+/* MAC stuff */
+
+EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm,
+                       const char *properties);
+int EVP_MAC_up_ref(EVP_MAC *mac);
+void EVP_MAC_free(EVP_MAC *mac);
+int EVP_MAC_number(const EVP_MAC *mac);
+int EVP_MAC_is_a(const EVP_MAC *mac, const char *name);
+const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac);
+int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
+
+EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
+void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
+EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
+EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
+int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
+int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
+
+size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
+int EVP_MAC_init(EVP_MAC_CTX *ctx);
+int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
+int EVP_MAC_final(EVP_MAC_CTX *ctx,
+                  unsigned char *out, size_t *outl, size_t outsize);
+const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac);
+const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac);
+const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac);
+
+void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx,
+                             void (*fn)(EVP_MAC *mac, void *arg),
+                             void *arg);
+void EVP_MAC_names_do_all(const EVP_MAC *mac,
+                          void (*fn)(const char *name, void *data),
+                          void *data);
+
 /* RAND stuff */
 EVP_RAND *EVP_RAND_fetch(OPENSSL_CTX *libctx, const char *algorithm,
                          const char *properties);
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
index 2bd457cd9a..b3dee525dc 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -30,20 +30,20 @@ void EVP_KDF_free(EVP_KDF *kdf);
 EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm,
                        const char *properties);
 
-EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf);
-void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx);
-EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src);
+EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf);
+void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
+EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
 int EVP_KDF_number(const EVP_KDF *kdf);
 int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name);
 const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
-const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx);
+const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
 
 void EVP_KDF_reset(EVP_KDF_CTX *ctx);
 size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
 int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
 int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]);
-int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
-int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]);
+int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]);
 const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf);
 const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf);
 const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf);
diff --git a/include/openssl/mac.h b/include/openssl/mac.h
deleted file mode 100644
index 8411669bc9..0000000000
--- a/include/openssl/mac.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright 2019-2020=-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-/* MAC stuff */
-
-#ifndef OPENSSL_EVP_MAC_H
-# define OPENSSL_EVP_MAC_H
-# pragma once
-
-# include <openssl/opensslconf.h>
-# include <openssl/types.h>
-# include <openssl/core.h>
-
-# ifdef __cplusplus
-extern "C" {
-# endif
-
-EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm,
-                       const char *properties);
-int EVP_MAC_up_ref(EVP_MAC *mac);
-void EVP_MAC_free(EVP_MAC *mac);
-int EVP_MAC_number(const EVP_MAC *mac);
-int EVP_MAC_is_a(const EVP_MAC *mac, const char *name);
-const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac);
-int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
-
-EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac);
-void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx);
-EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src);
-EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx);
-int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
-int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
-
-size_t EVP_MAC_size(EVP_MAC_CTX *ctx);
-int EVP_MAC_init(EVP_MAC_CTX *ctx);
-int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
-int EVP_MAC_final(EVP_MAC_CTX *ctx,
-                  unsigned char *out, size_t *outl, size_t outsize);
-const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac);
-const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac);
-const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac);
-
-void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx,
-                             void (*fn)(EVP_MAC *mac, void *arg),
-                             void *arg);
-void EVP_MAC_names_do_all(const EVP_MAC *mac,
-                          void (*fn)(const char *name, void *data),
-                          void *data);
-
-# ifdef __cplusplus
-}
-# endif
-#endif /* OPENSSL_EVP_MAC_H */
diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c
index a0787a67e5..f6155e7dce 100644
--- a/providers/common/provider_util.c
+++ b/providers/common/provider_util.c
@@ -192,8 +192,8 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx,
     if (macname != NULL) {
         EVP_MAC *mac = EVP_MAC_fetch(libctx, macname, properties);
 
-        EVP_MAC_free_ctx(*macctx);
-        *macctx = mac == NULL ? NULL : EVP_MAC_new_ctx(mac);
+        EVP_MAC_CTX_free(*macctx);
+        *macctx = mac == NULL ? NULL : EVP_MAC_CTX_new(mac);
         /* The context holds on to the MAC */
         EVP_MAC_free(mac);
         if (*macctx == NULL)
@@ -244,10 +244,10 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx,
 #endif
     *mp = OSSL_PARAM_construct_end();
 
-    if (EVP_MAC_set_ctx_params(*macctx, mac_params))
+    if (EVP_MAC_CTX_set_params(*macctx, mac_params))
         return 1;
 
-    EVP_MAC_free_ctx(*macctx);
+    EVP_MAC_CTX_free(*macctx);
     *macctx = NULL;
     return 0;
 }
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index a4a3cb5c89..58aa42eed8 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -147,7 +147,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
     OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
 
     mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
-    ctx = EVP_MAC_new_ctx(mac);
+    ctx = EVP_MAC_CTX_new(mac);
     if (mac == NULL || ctx == NULL)
         goto err;
 
@@ -157,7 +157,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
                                              sizeof(fixed_key));
     *p = OSSL_PARAM_construct_end();
 
-    if (EVP_MAC_set_ctx_params(ctx, params) <= 0
+    if (EVP_MAC_CTX_set_params(ctx, params) <= 0
         || !EVP_MAC_init(ctx))
         goto err;
 
@@ -178,7 +178,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
     ret = 1;
 err:
     OSSL_SELF_TEST_onend(ev, ret);
-    EVP_MAC_free_ctx(ctx);
+    EVP_MAC_CTX_free(ctx);
     EVP_MAC_free(mac);
     return ret;
 }
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 6dc9dbc17f..8c88f8be5d 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -199,7 +199,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
     if (kdf == NULL)
         goto err;
 
-    ctx = EVP_KDF_new_ctx(kdf);
+    ctx = EVP_KDF_CTX_new(kdf);
     if (ctx == NULL)
         goto err;
 
@@ -211,7 +211,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
     params = OSSL_PARAM_BLD_to_param(bld);
     if (params == NULL)
         goto err;
-    if (!EVP_KDF_set_ctx_params(ctx, params))
+    if (!EVP_KDF_CTX_set_params(ctx, params))
         goto err;
 
     if (t->expected_len > sizeof(out))
@@ -227,7 +227,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st,
     ret = 1;
 err:
     EVP_KDF_free(kdf);
-    EVP_KDF_free_ctx(ctx);
+    EVP_KDF_CTX_free(ctx);
     BN_CTX_free(bnctx);
     OSSL_PARAM_BLD_free_params(params);
     OSSL_PARAM_BLD_free(bld);
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index 9cf18d84a2..d25da76d17 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -122,7 +122,7 @@ static void kbkdf_reset(void *vctx)
     KBKDF *ctx = (KBKDF *)vctx;
     void *provctx = ctx->provctx;
 
-    EVP_MAC_free_ctx(ctx->ctx_init);
+    EVP_MAC_CTX_free(ctx->ctx_init);
     OPENSSL_clear_free(ctx->context, ctx->context_len);
     OPENSSL_clear_free(ctx->label, ctx->label_len);
     OPENSSL_clear_free(ctx->ki, ctx->ki_len);
@@ -151,7 +151,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv,
     for (counter = 1; written < ko_len; counter++) {
         i = be32(counter);
 
-        ctx = EVP_MAC_dup_ctx(ctx_init);
+        ctx = EVP_MAC_CTX_dup(ctx_init);
         if (ctx == NULL)
             goto done;
 
@@ -172,13 +172,13 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv,
         written += h;
 
         k_i_len = h;
-        EVP_MAC_free_ctx(ctx);
+        EVP_MAC_CTX_free(ctx);
         ctx = NULL;
     }
 
     ret = 1;
 done:
-    EVP_MAC_free_ctx(ctx);
+    EVP_MAC_CTX_free(ctx);
     return ret;
 }
 
@@ -247,9 +247,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
                                            NULL, NULL, libctx))
         return 0;
     else if (ctx->ctx_init != NULL
-             && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init),
+             && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init),
                               OSSL_MAC_NAME_HMAC)
-             && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init),
+             && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init),
                               OSSL_MAC_NAME_CMAC)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC);
         return 0;
@@ -288,7 +288,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
                                                        ctx->ki, ctx->ki_len);
         mparams[1] = OSSL_PARAM_construct_end();
 
-        if (!EVP_MAC_set_ctx_params(ctx->ctx_init, mparams)
+        if (!EVP_MAC_CTX_set_params(ctx->ctx_init, mparams)
             || !EVP_MAC_init(ctx->ctx_init))
             return 0;
     }
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
index 6d6e3295c8..5ef73644f0 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -168,7 +168,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom,
                                                   (void *)custom, custom_len);
     params[1] = OSSL_PARAM_construct_end();
 
-    if (!EVP_MAC_set_ctx_params(ctx, params))
+    if (!EVP_MAC_CTX_set_params(ctx, params))
         return 0;
 
     /* By default only do one iteration if kmac_out_len is not specified */
@@ -186,7 +186,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom,
     params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE,
                                             &kmac_out_len);
 
-    if (EVP_MAC_set_ctx_params(ctx, params) <= 0)
+    if (EVP_MAC_CTX_set_params(ctx, params) <= 0)
         return 0;
 
     /*
@@ -233,7 +233,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
                                              (void *)salt, salt_len);
     *p = OSSL_PARAM_construct_end();
 
-    if (!EVP_MAC_set_ctx_params(ctx_init, params))
+    if (!EVP_MAC_CTX_set_params(ctx_init, params))
         goto end;
 
     if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len,
@@ -256,7 +256,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
         c[2] = (unsigned char)((counter >> 8) & 0xff);
         c[3] = (unsigned char)(counter & 0xff);
 
-        ctx = EVP_MAC_dup_ctx(ctx_init);
+        ctx = EVP_MAC_CTX_dup(ctx_init);
         if (!(ctx != NULL
                 && EVP_MAC_update(ctx, c, sizeof(c))
                 && EVP_MAC_update(ctx, z, z_len)
@@ -275,7 +275,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
             memcpy(out, mac, len);
             break;
         }
-        EVP_MAC_free_ctx(ctx);
+        EVP_MAC_CTX_free(ctx);
         ctx = NULL;
     }
     ret = 1;
@@ -285,7 +285,7 @@ end:
     else
         OPENSSL_cleanse(mac_buf, sizeof(mac_buf));
 
-    EVP_MAC_free_ctx(ctx);
+    EVP_MAC_CTX_free(ctx);
     return ret;
 }
 
@@ -304,7 +304,7 @@ static void sskdf_reset(void *vctx)
     KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
     void *provctx = ctx->provctx;
 
-    EVP_MAC_free_ctx(ctx->macctx);
+    EVP_MAC_CTX_free(ctx->macctx);
     ossl_prov_digest_reset(&ctx->digest);
     OPENSSL_clear_free(ctx->secret, ctx->secret_len);
     OPENSSL_clear_free(ctx->info, ctx->info_len);
@@ -362,7 +362,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen)
         const unsigned char *custom = NULL;
         size_t custom_len = 0;
         int default_salt_len;
-        EVP_MAC *mac = EVP_MAC_get_ctx_mac(ctx->macctx);
+        EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx);
 
         /*
          * TODO(3.0) investigate the necessity to have all these controls.
diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index d90a1bd072..73437531f6 100644
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -117,8 +117,8 @@ static void kdf_tls1_prf_reset(void *vctx)
     TLS1_PRF *ctx = (TLS1_PRF *)vctx;
     void *provctx = ctx->provctx;
 
-    EVP_MAC_free_ctx(ctx->P_hash);
-    EVP_MAC_free_ctx(ctx->P_sha1);
+    EVP_MAC_CTX_free(ctx->P_hash);
+    EVP_MAC_CTX_free(ctx->P_sha1);
     OPENSSL_clear_free(ctx->sec, ctx->seclen);
     OPENSSL_cleanse(ctx->seed, ctx->seedlen);
     memset(ctx, 0, sizeof(*ctx));
@@ -165,7 +165,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
                                                       NULL, SN_sha1, libctx))
                 return 0;
         } else {
-            EVP_MAC_free_ctx(ctx->P_sha1);
+            EVP_MAC_CTX_free(ctx->P_sha1);
             if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params,
                                                    OSSL_MAC_NAME_HMAC,
                                                    NULL, NULL, libctx))
@@ -282,7 +282,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init,
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
                                              (void *)sec, sec_len);
     *p = OSSL_PARAM_construct_end();
-    if (!EVP_MAC_set_ctx_params(ctx_init, params))
+    if (!EVP_MAC_CTX_set_params(ctx_init, params))
         goto err;
     if (!EVP_MAC_init(ctx_init))
         goto err;
@@ -290,7 +290,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init,
     if (chunk == 0)
         goto err;
     /* A(0) = seed */
-    ctx_Ai = EVP_MAC_dup_ctx(ctx_init);
+    ctx_Ai = EVP_MAC_CTX_dup(ctx_init);
     if (ctx_Ai == NULL)
         goto err;
     if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len))
@@ -300,18 +300,18 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init,
         /* calc: A(i) = HMAC_<hash>(secret, A(i-1)) */
         if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len, sizeof(Ai)))
             goto err;
-        EVP_MAC_free_ctx(ctx_Ai);
+        EVP_MAC_CTX_free(ctx_Ai);
         ctx_Ai = NULL;
 
         /* calc next chunk: HMAC_<hash>(secret, A(i) + seed) */
-        ctx = EVP_MAC_dup_ctx(ctx_init);
+        ctx = EVP_MAC_CTX_dup(ctx_init);
         if (ctx == NULL)
             goto err;
         if (!EVP_MAC_update(ctx, Ai, Ai_len))
             goto err;
         /* save state for calculating next A(i) value */
         if (olen > chunk) {
-            ctx_Ai = EVP_MAC_dup_ctx(ctx);
+            ctx_Ai = EVP_MAC_CTX_dup(ctx);
             if (ctx_Ai == NULL)
                 goto err;
         }
@@ -326,15 +326,15 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init,
         }
         if (!EVP_MAC_final(ctx, out, NULL, olen))
             goto err;
-        EVP_MAC_free_ctx(ctx);
+        EVP_MAC_CTX_free(ctx);
         ctx = NULL;
         out += chunk;
         olen -= chunk;
     }
     ret = 1;
  err:
-    EVP_MAC_free_ctx(ctx);
-    EVP_MAC_free_ctx(ctx_Ai);
+    EVP_MAC_CTX_free(ctx);
+    EVP_MAC_CTX_free(ctx_Ai);
     OPENSSL_cleanse(Ai, sizeof(Ai));
     return ret;
 }
diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
index b73fe958b0..7ddfae1568 100644
--- a/providers/implementations/rands/drbg_hmac.c
+++ b/providers/implementations/rands/drbg_hmac.c
@@ -64,7 +64,7 @@ static int do_hmac(PROV_DRBG_HMAC *hmac, unsigned char inbyte,
 
     *params = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, hmac->K,
                                                 hmac->blocklen);
-    if (!EVP_MAC_set_ctx_params(ctx, params)
+    if (!EVP_MAC_CTX_set_params(ctx, params)
             || !EVP_MAC_init(ctx)
             /* K = HMAC(K, V || inbyte || [in1] || [in2] || [in3]) */
             || !EVP_MAC_update(ctx, hmac->V, hmac->blocklen)
@@ -78,7 +78,7 @@ static int do_hmac(PROV_DRBG_HMAC *hmac, unsigned char inbyte,
    /* V = HMAC(K, V) */
     *params = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, hmac->K,
                                                 hmac->blocklen);
-    return EVP_MAC_set_ctx_params(ctx, params)
+    return EVP_MAC_CTX_set_params(ctx, params)
            && EVP_MAC_init(ctx)
            && EVP_MAC_update(ctx, hmac->V, hmac->blocklen)
            && EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V));
@@ -220,7 +220,7 @@ static int drbg_hmac_generate(PROV_DRBG *drbg,
     for (;;) {
         *params = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
                                                     hmac->K, hmac->blocklen);
-        if (!EVP_MAC_set_ctx_params(ctx, params)
+        if (!EVP_MAC_CTX_set_params(ctx, params)
             || !EVP_MAC_init(ctx)
             || !EVP_MAC_update(ctx, temp, hmac->blocklen))
             return 0;
@@ -315,7 +315,7 @@ static void drbg_hmac_free(void *vdrbg)
     PROV_DRBG_HMAC *hmac;
 
     if (drbg != NULL && (hmac = (PROV_DRBG_HMAC *)drbg->data) != NULL) {
-        EVP_MAC_free_ctx(hmac->ctx);
+        EVP_MAC_CTX_free(hmac->ctx);
         ossl_prov_digest_reset(&hmac->digest);
         OPENSSL_secure_clear_free(hmac, sizeof(*hmac));
     }
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 7c0b3e9d65..11eea82fff 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -49,7 +49,7 @@ static int tls1_PRF(SSL *s,
     kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq);
     if (kdf == NULL)
         goto err;
-    kctx = EVP_KDF_new_ctx(kdf);
+    kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL)
         goto err;
@@ -70,9 +70,9 @@ static int tls1_PRF(SSL *s,
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
                                              (void *)seed5, (size_t)seed5_len);
     *p = OSSL_PARAM_construct_end();
-    if (EVP_KDF_set_ctx_params(kctx, params)
+    if (EVP_KDF_CTX_set_params(kctx, params)
             && EVP_KDF_derive(kctx, out, olen)) {
-        EVP_KDF_free_ctx(kctx);
+        EVP_KDF_CTX_free(kctx);
         return 1;
     }
 
@@ -82,7 +82,7 @@ static int tls1_PRF(SSL *s,
                  ERR_R_INTERNAL_ERROR);
     else
         SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return 0;
 }
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 41228d58e9..bf955bf3ec 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3390,12 +3390,12 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx)
     }
 #endif
     mac = EVP_MAC_fetch(ctx->libctx, "HMAC", NULL);
-    if (mac == NULL || (ret->ctx = EVP_MAC_new_ctx(mac)) == NULL)
+    if (mac == NULL || (ret->ctx = EVP_MAC_CTX_new(mac)) == NULL)
         goto err;
     EVP_MAC_free(mac);
     return ret;
  err:
-    EVP_MAC_free_ctx(ret->ctx);
+    EVP_MAC_CTX_free(ret->ctx);
     EVP_MAC_free(mac);
     OPENSSL_free(ret);
     return NULL;
@@ -3404,7 +3404,7 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx)
 void ssl_hmac_free(SSL_HMAC *ctx)
 {
     if (ctx != NULL) {
-        EVP_MAC_free_ctx(ctx->ctx);
+        EVP_MAC_CTX_free(ctx->ctx);
 #ifndef OPENSSL_NO_DEPRECATED_3_0
         HMAC_CTX_free(ctx->old_ctx);
 #endif
@@ -3432,7 +3432,7 @@ int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md)
         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, md, 0);
         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, len);
         *p = OSSL_PARAM_construct_end();
-        if (EVP_MAC_set_ctx_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx))
+        if (EVP_MAC_CTX_set_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx))
             return 1;
     }
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 95e28d6d54..ba385f6ea2 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -57,7 +57,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
                             + 1 + EVP_MAX_MD_SIZE];
     WPACKET pkt;
 
-    kctx = EVP_KDF_new_ctx(kdf);
+    kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL)
         return 0;
@@ -73,7 +73,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
              */
             SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
         }
-        EVP_KDF_free_ctx(kctx);
+        EVP_KDF_CTX_free(kctx);
         return 0;
     }
 
@@ -88,7 +88,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
             || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen)
             || !WPACKET_get_total_written(&pkt, &hkdflabellen)
             || !WPACKET_finish(&pkt)) {
-        EVP_KDF_free_ctx(kctx);
+        EVP_KDF_CTX_free(kctx);
         WPACKET_cleanup(&pkt);
         if (fatal)
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
@@ -107,10 +107,10 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
                                              hkdflabel, hkdflabellen);
     *p++ = OSSL_PARAM_construct_end();
 
-    ret = EVP_KDF_set_ctx_params(kctx, params) <= 0
+    ret = EVP_KDF_CTX_set_params(kctx, params) <= 0
         || EVP_KDF_derive(kctx, out, outlen) <= 0;
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
 
     if (ret != 0) {
         if (fatal)
@@ -198,7 +198,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
     unsigned char preextractsec[EVP_MAX_MD_SIZE];
 
     kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF, s->ctx->propq);
-    kctx = EVP_KDF_new_ctx(kdf);
+    kctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kctx == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
@@ -211,7 +211,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
     if (!ossl_assert(mdleni >= 0)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
                  ERR_R_INTERNAL_ERROR);
-        EVP_KDF_free_ctx(kctx);
+        EVP_KDF_CTX_free(kctx);
         return 0;
     }
     mdlen = (size_t)mdleni;
@@ -234,7 +234,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
                      ERR_R_INTERNAL_ERROR);
             EVP_MD_CTX_free(mctx);
-            EVP_KDF_free_ctx(kctx);
+            EVP_KDF_CTX_free(kctx);
             return 0;
         }
         EVP_MD_CTX_free(mctx);
@@ -245,7 +245,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
                                sizeof(derived_secret_label) - 1, hash, mdlen,
                                preextractsec, mdlen, 1)) {
             /* SSLfatal() already called */
-            EVP_KDF_free_ctx(kctx);
+            EVP_KDF_CTX_free(kctx);
             return 0;
         }
 
@@ -264,14 +264,14 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
                                              prevsecretlen);
     *p++ = OSSL_PARAM_construct_end();
 
-    ret = EVP_KDF_set_ctx_params(kctx, params) <= 0
+    ret = EVP_KDF_CTX_set_params(kctx, params) <= 0
         || EVP_KDF_derive(kctx, outsecret, mdlen) <= 0;
 
     if (ret != 0)
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
                  ERR_R_INTERNAL_ERROR);
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     if (prevsecret == preextractsec)
         OPENSSL_cleanse(preextractsec, mdlen);
     return ret == 0;
@@ -360,9 +360,9 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
     }
     *p++ = OSSL_PARAM_construct_end();
 
-    ctx = EVP_MAC_new_ctx(hmac);
+    ctx = EVP_MAC_CTX_new(hmac);
     if (ctx == NULL
-            || !EVP_MAC_set_ctx_params(ctx, params)
+            || !EVP_MAC_CTX_set_params(ctx, params)
             || !EVP_MAC_init(ctx)
             || !EVP_MAC_update(ctx, hash, hashlen)
                /* outsize as per sizeof(peer_finish_md) */
@@ -375,7 +375,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
     ret = hashlen;
  err:
     OPENSSL_cleanse(finsecret, sizeof(finsecret));
-    EVP_MAC_free_ctx(ctx);
+    EVP_MAC_CTX_free(ctx);
     EVP_MAC_free(hmac);
     return ret;
 }
diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c
index d2d6a6b426..bfbaa7953a 100644
--- a/test/bad_dtls_test.c
+++ b/test/bad_dtls_test.c
@@ -305,14 +305,14 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr,
 
     /* Append HMAC to data */
     hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
-    ctx = EVP_MAC_new_ctx(hmac);
+    ctx = EVP_MAC_CTX_new(hmac);
     EVP_MAC_free(hmac);
     params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
                                                  "SHA1", 0);
     params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
                                                   mac_key, 20);
     params[2] = OSSL_PARAM_construct_end();
-    EVP_MAC_set_ctx_params(ctx, params);
+    EVP_MAC_CTX_set_params(ctx, params);
     EVP_MAC_init(ctx);
     EVP_MAC_update(ctx, epoch, 2);
     EVP_MAC_update(ctx, seq, 6);
@@ -323,7 +323,7 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr,
     EVP_MAC_update(ctx, lenbytes, 2); /* Length */
     EVP_MAC_update(ctx, enc, len); /* Finally the data itself */
     EVP_MAC_final(ctx, enc + len, NULL, SHA_DIGEST_LENGTH);
-    EVP_MAC_free_ctx(ctx);
+    EVP_MAC_CTX_free(ctx);
 
     /* Append padding bytes */
     len += SHA_DIGEST_LENGTH;
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index ef6f6fe656..21b999fb1d 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -21,7 +21,7 @@
 static EVP_KDF_CTX *get_kdfbyname(const char *name)
 {
     EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
-    EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf);
+    EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 
     EVP_KDF_free(kdf);
     return kctx;
@@ -50,11 +50,11 @@ static int test_kdf_tls1_prf(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -80,11 +80,11 @@ static int test_kdf_hkdf(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -121,10 +121,10 @@ static int test_kdf_pbkdf2(void)
     *p = OSSL_PARAM_construct_end();
 
     if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
-        || !TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
-        || !TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         /* A key length that is too small should fail */
         || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
         /* A key length that is too large should fail */
@@ -156,7 +156,7 @@ static int test_kdf_pbkdf2(void)
 #endif
     ret = 1;
 err:
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -191,15 +191,15 @@ static int test_kdf_scrypt(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         /* failure test *//*
         && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
         && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, p - 1))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 #endif /* OPENSSL_NO_SCRYPT */
@@ -235,11 +235,11 @@ static int test_kdf_ss_hash(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -289,11 +289,11 @@ static int test_kdf_x963(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -345,11 +345,11 @@ static int test_kdf_kbkdf_6803_128(void)
 
         kctx = get_kdfbyname("KBKDF");
         ret = TEST_ptr(kctx)
-            && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+            && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
             && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
             && TEST_mem_eq(result, sizeof(result), outputs[i],
                            sizeof(outputs[i]));
-        EVP_KDF_free_ctx(kctx);
+        EVP_KDF_CTX_free(kctx);
         if (ret != 1)
             return ret;
     }
@@ -411,11 +411,11 @@ static int test_kdf_kbkdf_6803_256(void)
 
         kctx = get_kdfbyname("KBKDF");
         ret = TEST_ptr(kctx)
-            && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+            && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
             && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
             && TEST_mem_eq(result, sizeof(result), outputs[i],
                            sizeof(outputs[i]));
-        EVP_KDF_free_ctx(kctx);
+        EVP_KDF_CTX_free(kctx);
         if (ret != 1)
             return ret;
     }
@@ -459,11 +459,11 @@ static int test_kdf_kbkdf_8009_prf1(void)
 
     kctx = get_kdfbyname("KBKDF");
     ret = TEST_ptr(kctx)
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
         && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -504,11 +504,11 @@ static int test_kdf_kbkdf_8009_prf2(void)
 
     kctx = get_kdfbyname("KBKDF");
     ret = TEST_ptr(kctx)
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
         && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -547,11 +547,11 @@ static int test_kdf_ss_hmac(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -593,11 +593,11 @@ static int test_kdf_ss_kmac(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -651,11 +651,11 @@ static int test_kdf_sshkdf(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
@@ -725,11 +725,11 @@ static int test_kdf_x942_asn1(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 #endif /* OPENSSL_NO_CMS */
@@ -763,11 +763,11 @@ static int test_kdf_krb5kdf(void)
 
     ret =
         TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
-        && TEST_true(EVP_KDF_set_ctx_params(kctx, params))
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
 
-    EVP_KDF_free_ctx(kctx);
+    EVP_KDF_CTX_free(kctx);
     return ret;
 }
 
diff --git a/test/evp_test.c b/test/evp_test.c
index 7e93b41f32..a1e205b20b 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1341,12 +1341,12 @@ static int mac_test_run_mac(EVP_TEST *t)
     }
     params[params_n] = OSSL_PARAM_construct_end();
 
-    if ((ctx = EVP_MAC_new_ctx(expected->mac)) == NULL) {
+    if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
         t->err = "MAC_CREATE_ERROR";
         goto err;
     }
 
-    if (!EVP_MAC_set_ctx_params(ctx, params)) {
+    if (!EVP_MAC_CTX_set_params(ctx, params)) {
         t->err = "MAC_BAD_PARAMS";
         goto err;
     }
@@ -1378,7 +1378,7 @@ static int mac_test_run_mac(EVP_TEST *t)
     while (params_n-- > params_n_allocstart) {
         OPENSSL_free(params[params_n].data);
     }
-    EVP_MAC_free_ctx(ctx);
+    EVP_MAC_CTX_free(ctx);
     OPENSSL_free(got);
     return 1;
 }
@@ -2398,7 +2398,7 @@ static int kdf_test_init(EVP_TEST *t, const char *name)
         OPENSSL_free(kdata);
         return 0;
     }
-    kdata->ctx = EVP_KDF_new_ctx(kdf);
+    kdata->ctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kdata->ctx == NULL) {
         OPENSSL_free(kdata);
@@ -2416,7 +2416,7 @@ static void kdf_test_cleanup(EVP_TEST *t)
     for (p = kdata->params; p->key != NULL; p++)
         OPENSSL_free(p->data);
     OPENSSL_free(kdata->output);
-    EVP_KDF_free_ctx(kdata->ctx);
+    EVP_KDF_CTX_free(kdata->ctx);
 }
 
 static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
@@ -2425,8 +2425,7 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
     KDF_DATA *kdata = t->data;
     int rv;
     char *p, *name;
-    const OSSL_PARAM *defs =
-        EVP_KDF_settable_ctx_params(EVP_KDF_get_ctx_kdf(kctx));
+    const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx));
 
     if (!TEST_ptr(name = OPENSSL_strdup(value)))
         return 0;
@@ -2482,7 +2481,7 @@ static int kdf_test_run(EVP_TEST *t)
     unsigned char *got = NULL;
     size_t got_len = expected->output_len;
 
-    if (!EVP_KDF_set_ctx_params(expected->ctx, expected->params)) {
+    if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) {
         t->err = "KDF_CTRL_ERROR";
         return 1;
     }
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 1a91f96fb9..ccee736592 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -7044,7 +7044,7 @@ static int tick_key_evp_cb(SSL *s, unsigned char key_name[16],
     params[2] = OSSL_PARAM_construct_end();
     if (aes128cbc == NULL
             || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc)
-            || !EVP_MAC_set_ctx_params(hctx, params)
+            || !EVP_MAC_CTX_set_params(hctx, params)
             || !EVP_MAC_init(hctx))
         ret = -1;
     else
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 2627608f55..ff2bf030d3 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4424,10 +4424,10 @@ OCSP_resp_get0_respdata                 4530	3_0_0	EXIST::FUNCTION:OCSP
 EVP_MD_CTX_set_pkey_ctx                 4531	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_meth_set_digest_custom         4532	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_meth_get_digest_custom         4533	3_0_0	EXIST::FUNCTION:
-EVP_MAC_new_ctx                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_free_ctx                        ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_dup_ctx                         ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_get_ctx_mac                     ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_new                         ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_free                        ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_dup                         ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_mac                         ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_size                            ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_init                            ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_update                          ?	3_0_0	EXIST::FUNCTION:
@@ -4466,7 +4466,7 @@ ASYNC_WAIT_CTX_set_callback             ?	3_0_0	EXIST::FUNCTION:
 ASYNC_WAIT_CTX_set_status               ?	3_0_0	EXIST::FUNCTION:
 ASYNC_WAIT_CTX_get_status               ?	3_0_0	EXIST::FUNCTION:
 ERR_load_ESS_strings                    ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_free_ctx                        ?	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_free                        ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_reset                           ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_size                            ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_derive                          ?	3_0_0	EXIST::FUNCTION:
@@ -4616,8 +4616,8 @@ EVP_CIPHER_up_ref                       ?	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_fetch                        ?	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_mode                         ?	3_0_0	EXIST::FUNCTION:
 OPENSSL_info                            ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_new_ctx                         ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_get_ctx_kdf                     ?	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_new                         ?	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_kdf                         ?	3_0_0	EXIST::FUNCTION:
 i2d_KeyParams                           ?	3_0_0	EXIST::FUNCTION:
 d2i_KeyParams                           ?	3_0_0	EXIST::FUNCTION:
 i2d_KeyParams_bio                       ?	3_0_0	EXIST::FUNCTION:
@@ -4700,8 +4700,8 @@ EVP_CIPHER_gettable_ctx_params          ?	3_0_0	EXIST::FUNCTION:
 EVP_MD_get_params                       ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_fetch                           ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_settable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_set_ctx_params                  ?	3_0_0	EXIST::FUNCTION:
-EVP_MAC_get_ctx_params                  ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_set_params                  ?	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_get_params                  ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_gettable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_free                            ?	3_0_0	EXIST::FUNCTION:
 EVP_MAC_up_ref                          ?	3_0_0	EXIST::FUNCTION:
@@ -4714,11 +4714,11 @@ EVP_CIPHER_free                         ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_up_ref                          ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_free                            ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_fetch                           ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_dup_ctx                         ?	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_dup                         ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_provider                        ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_get_params                      ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_get_ctx_params                  ?	3_0_0	EXIST::FUNCTION:
-EVP_KDF_set_ctx_params                  ?	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_get_params                  ?	3_0_0	EXIST::FUNCTION:
+EVP_KDF_CTX_set_params                  ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_gettable_params                 ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_gettable_ctx_params             ?	3_0_0	EXIST::FUNCTION:
 EVP_KDF_settable_ctx_params             ?	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list