[openssl] master update

Matt Caswell matt at openssl.org
Thu Oct 1 09:28:06 UTC 2020


The branch master has been updated
       via  746f3674896845460946ace7e963e52b547fbf35 (commit)
       via  d8652be06e2778e8898453a391deb7253e1a35a2 (commit)
       via  aedac96c1172ca9a9efe72e027e935504b599e2f (commit)
      from  012903063900340b972a6a8d20c0a18c37a89428 (commit)


- Log -----------------------------------------------------------------
commit 746f3674896845460946ace7e963e52b547fbf35
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 24 10:56:03 2020 +0100

    Fix some things the rename script didn't quite get right
    
    The previous commit ran an automated rename throughout the codebase.
    There are a small number of things it didn't quite get right so we fix
    those in this commit.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12970)

commit d8652be06e2778e8898453a391deb7253e1a35a2
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 24 10:42:23 2020 +0100

    Run the withlibctx.pl script
    
    Automatically rename all instances of _with_libctx() to _ex() as per
    our coding style.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12970)

commit aedac96c1172ca9a9efe72e027e935504b599e2f
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Sep 22 08:16:44 2020 +0100

    Perl util to do with_libctx renaming
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12970)

-----------------------------------------------------------------------

Summary of changes:
 apps/ca.c                                          |   2 +-
 apps/cms.c                                         |  19 ++-
 apps/lib/apps.c                                    |  18 ++-
 apps/pkcs12.c                                      |   3 +-
 apps/pkcs7.c                                       |   2 +-
 apps/req.c                                         |   3 +-
 apps/smime.c                                       |   7 +-
 apps/storeutl.c                                    |   4 +-
 apps/ts.c                                          |   7 +-
 apps/x509.c                                        |   6 +-
 crypto/asn1/a_digest.c                             |   9 +-
 crypto/asn1/a_sign.c                               |  16 +--
 crypto/asn1/a_verify.c                             |  14 +-
 crypto/asn1/asn_mime.c                             |  13 +-
 crypto/asn1/d2i_pr.c                               |   6 +-
 crypto/cmp/cmp_protect.c                           |   6 +-
 crypto/cmp/cmp_util.c                              |   2 +-
 crypto/cmp/cmp_vfy.c                               |  14 +-
 crypto/cms/cms_cd.c                                |   2 +-
 crypto/cms/cms_dd.c                                |   2 +-
 crypto/cms/cms_env.c                               |  19 ++-
 crypto/cms/cms_ess.c                               |  13 +-
 crypto/cms/cms_io.c                                |  10 +-
 crypto/cms/cms_lib.c                               |   7 +-
 crypto/cms/cms_sd.c                                |  20 ++-
 crypto/cms/cms_smime.c                             |  65 +++++-----
 crypto/conf/conf_lib.c                             |   4 +-
 crypto/conf/conf_mod.c                             |   9 +-
 crypto/context.c                                   |   2 +-
 crypto/crmf/crmf_lib.c                             |  16 +--
 crypto/ct/ct_b64.c                                 |  11 +-
 crypto/ct/ct_log.c                                 |  14 +-
 crypto/ct/ct_policy.c                              |   6 +-
 crypto/ct/ct_vfy.c                                 |   5 +-
 crypto/dh/dh_ameth.c                               |   2 +-
 crypto/dh/dh_gen.c                                 |   2 +-
 crypto/dh/dh_group_params.c                        |   6 +-
 crypto/dh/dh_lib.c                                 |   2 +-
 crypto/ec/ec_ameth.c                               |  15 +--
 crypto/ec/ec_curve.c                               |  12 +-
 crypto/ec/ec_cvt.c                                 |   4 +-
 crypto/ec/ec_key.c                                 |  15 +--
 crypto/ec/ec_lib.c                                 |  13 +-
 crypto/ec/ec_local.h                               |   4 +-
 crypto/ec/ecx_meth.c                               |  13 +-
 crypto/evp/digest.c                                |   9 +-
 crypto/evp/evp_pkey.c                              |  10 +-
 crypto/evp/m_sigver.c                              |  14 +-
 crypto/evp/p5_crpt2.c                              |  13 +-
 crypto/evp/p_lib.c                                 |  25 ++--
 crypto/evp/p_sign.c                                |   8 +-
 crypto/evp/p_verify.c                              |   8 +-
 crypto/pem/pem_info.c                              |  21 ++-
 crypto/pkcs7/pk7_asn1.c                            |   2 +-
 crypto/pkcs7/pk7_doit.c                            |  13 +-
 crypto/pkcs7/pk7_mime.c                            |   9 +-
 crypto/pkcs7/pk7_smime.c                           |  22 ++--
 crypto/rsa/rsa_local.h                             |  12 +-
 crypto/rsa/rsa_oaep.c                              |  22 ++--
 crypto/rsa/rsa_ossl.c                              |  11 +-
 crypto/rsa/rsa_pk1.c                               |   9 +-
 crypto/rsa/rsa_ssl.c                               |   7 +-
 crypto/store/store_lib.c                           |  19 ++-
 crypto/store/store_local.h                         |   2 +-
 crypto/store/store_register.c                      |   8 +-
 crypto/store/store_result.c                        |   2 +-
 crypto/trace.c                                     |   0
 crypto/x509/by_dir.c                               |  28 ++--
 crypto/x509/by_file.c                              |  53 ++++----
 crypto/x509/by_store.c                             |  24 ++--
 crypto/x509/x509_d2.c                              |  41 +++---
 crypto/x509/x509_local.h                           |  11 +-
 crypto/x509/x509_lu.c                              |  32 +++--
 crypto/x509/x509_vfy.c                             |   5 +-
 crypto/x509/x_all.c                                |  23 ++--
 crypto/x509/x_x509.c                               |   4 +-
 doc/man3/CMS_EncryptedData_encrypt.pod             |  20 +--
 doc/man3/CMS_EnvelopedData_create.pod              |  24 ++--
 doc/man3/CMS_data_create.pod                       |  15 +--
 doc/man3/CMS_digest_create.pod                     |  16 +--
 doc/man3/CMS_encrypt.pod                           |  18 ++-
 doc/man3/CMS_get1_ReceiptRequest.pod               |  12 +-
 doc/man3/CMS_sign.pod                              |  18 +--
 doc/man3/CONF_modules_free.pod                     |   2 +-
 doc/man3/CONF_modules_load_file.pod                |  29 ++---
 doc/man3/CTLOG_STORE_new.pod                       |  11 +-
 doc/man3/CTLOG_new.pod                             |  24 ++--
 doc/man3/CT_POLICY_EVAL_CTX_new.pod                |  14 +-
 doc/man3/EC_GROUP_new.pod                          |  12 +-
 doc/man3/EC_KEY_new.pod                            |  18 +--
 doc/man3/EVP_DigestSignInit.pod                    |  23 ++--
 doc/man3/EVP_DigestVerifyInit.pod                  |  23 ++--
 doc/man3/EVP_PKEY_new.pod                          |  54 ++++----
 doc/man3/EVP_SignInit.pod                          |  15 +--
 doc/man3/EVP_VerifyInit.pod                        |  16 +--
 ...{NCONF_new_with_libctx.pod => NCONF_new_ex.pod} |  12 +-
 doc/man3/OSSL_STORE_LOADER.pod                     |  34 ++---
 doc/man3/OSSL_STORE_open.pod                       |  21 ++-
 doc/man3/PEM_X509_INFO_read_bio_ex.pod             |  62 +++++++++
 doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod    |  65 ----------
 doc/man3/PEM_read_bio_PrivateKey.pod               |   2 +-
 doc/man3/PKCS7_encrypt.pod                         |  16 +--
 doc/man3/PKCS7_sign.pod                            |  16 +--
 doc/man3/SMIME_read_ASN1.pod                       |   2 +-
 doc/man3/SMIME_read_CMS.pod                        |   2 +-
 doc/man3/SMIME_read_PKCS7.pod                      |   2 +-
 doc/man3/SMIME_write_ASN1.pod                      |  14 +-
 doc/man3/SSL_CTX_new.pod                           |  12 +-
 doc/man3/SSL_load_client_CA_file.pod               |  14 +-
 doc/man3/X509_LOOKUP.pod                           |  77 ++++++-----
 doc/man3/X509_LOOKUP_hash_dir.pod                  |  18 ++-
 doc/man3/X509_STORE_CTX_new.pod                    |  11 +-
 doc/man3/X509_STORE_add_cert.pod                   |  60 +++++----
 doc/man3/X509_dup.pod                              |   8 +-
 doc/man3/X509_new.pod                              |  10 +-
 doc/man3/X509_sign.pod                             |   2 +-
 doc/man3/X509_verify.pod                           |  12 +-
 engines/e_loader_attic.c                           |  11 +-
 include/crypto/asn1.h                              |   2 +-
 include/crypto/dh.h                                |   4 +-
 include/crypto/evp.h                               |  14 +-
 include/crypto/rsa.h                               |  12 +-
 include/crypto/x509.h                              |   7 +-
 include/openssl/asn1.h.in                          |  28 ++--
 include/openssl/cms.h.in                           |  55 ++++----
 include/openssl/conf.h.in                          |   6 +-
 include/openssl/ct.h.in                            |  24 ++--
 include/openssl/ec.h                               |  14 +-
 include/openssl/evp.h                              |  52 ++++----
 include/openssl/pem.h                              |  11 +-
 include/openssl/pkcs7.h.in                         |  14 +-
 include/openssl/ssl.h.in                           |   8 +-
 include/openssl/store.h                            |  15 +--
 include/openssl/x509.h.in                          |  10 +-
 include/openssl/x509_vfy.h.in                      |  64 +++++-----
 providers/implementations/asymciphers/rsa_enc.c    |  11 +-
 providers/implementations/kdfs/scrypt.c            |   8 +-
 providers/implementations/keymgmt/dh_kmgmt.c       |   8 +-
 providers/implementations/keymgmt/ec_kmgmt.c       |   6 +-
 ssl/ssl_cert.c                                     |  14 +-
 ssl/ssl_conf.c                                     |   7 +-
 ssl/ssl_lib.c                                      |  28 ++--
 ssl/ssl_rsa.c                                      |  12 +-
 ssl/statem/extensions.c                            |  12 +-
 ssl/statem/extensions_srvr.c                       |  27 ++--
 ssl/statem/statem_clnt.c                           |   9 +-
 ssl/statem/statem_lib.c                            |  17 +--
 ssl/statem/statem_srvr.c                           |   9 +-
 ssl/t1_enc.c                                       |  13 +-
 test/acvp_test.c                                   |  16 +--
 test/asynctest.c                                   |  18 +--
 test/cmp_msg_test.c                                |  10 +-
 test/cmp_testlib.c                                 |   2 +-
 test/cmp_testlib.h                                 |   2 +-
 test/evp_extra_test.c                              |   9 +-
 test/evp_libctx_test.c                             |   2 +-
 test/evp_test.c                                    |  31 ++---
 test/ossl_store_test.c                             |   5 +-
 test/ssl_test.c                                    |  30 ++---
 test/ssl_test_ctx.c                                |   2 +-
 test/sslapitest.c                                  |  24 ++--
 test/ssltest_old.c                                 |   6 +-
 test/ssltestlib.c                                  |   4 +-
 util/libcrypto.num                                 |  94 +++++++-------
 util/libssl.num                                    |   4 +-
 util/missingcrypto.txt                             |   6 +-
 util/other.syms                                    |   8 +-
 util/withlibctx.pl                                 | 141 +++++++++++++++++++++
 168 files changed, 1342 insertions(+), 1351 deletions(-)
 mode change 100755 => 100644 crypto/trace.c
 rename doc/man3/{NCONF_new_with_libctx.pod => NCONF_new_ex.pod} (75%)
 create mode 100644 doc/man3/PEM_X509_INFO_read_bio_ex.pod
 delete mode 100644 doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod
 create mode 100755 util/withlibctx.pl

diff --git a/apps/ca.c b/apps/ca.c
index 58126b95a0..4a67d61477 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1652,7 +1652,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         BIO_printf(bio_err,
                    "Everything appears to be ok, creating and signing the certificate\n");
 
-    if ((ret = X509_new_with_libctx(app_get0_libctx(), app_get0_propq())) == NULL)
+    if ((ret = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
         goto end;
 
 #ifdef X509_V3
diff --git a/apps/cms.c b/apps/cms.c
index ad8f64fcaa..9312c37fc2 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -237,7 +237,7 @@ static CMS_ContentInfo *load_content_info(int informat, BIO *in, BIO **indata,
 {
     CMS_ContentInfo *ret, *ci;
 
-    ret = CMS_ContentInfo_new_with_libctx(libctx, propq);
+    ret = CMS_ContentInfo_new_ex(libctx, propq);
     if (ret == NULL) {
         BIO_printf(bio_err, "Error allocating CMS_contentinfo\n");
         return NULL;
@@ -926,15 +926,15 @@ int cms_main(int argc, char **argv)
     ret = 3;
 
     if (operation == SMIME_DATA_CREATE) {
-        cms = CMS_data_create_with_libctx(in, flags, libctx, propq);
+        cms = CMS_data_create_ex(in, flags, libctx, propq);
     } else if (operation == SMIME_DIGEST_CREATE) {
-        cms = CMS_digest_create_with_libctx(in, sign_md, flags, libctx, propq);
+        cms = CMS_digest_create_ex(in, sign_md, flags, libctx, propq);
     } else if (operation == SMIME_COMPRESS) {
         cms = CMS_compress(in, -1, flags);
     } else if (operation == SMIME_ENCRYPT) {
         int i;
         flags |= CMS_PARTIAL;
-        cms = CMS_encrypt_with_libctx(NULL, in, cipher, flags, libctx, propq);
+        cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, propq);
         if (cms == NULL)
             goto end;
         for (i = 0; i < sk_X509_num(encerts); i++) {
@@ -999,9 +999,8 @@ int cms_main(int argc, char **argv)
                 goto end;
         }
     } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
-        cms = CMS_EncryptedData_encrypt_with_libctx(in, cipher, secret_key,
-                                                    secret_keylen, flags,
-                                                    libctx, propq);
+        cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
+                                           secret_keylen, flags, libctx, propq);
 
     } else if (operation == SMIME_SIGN_RECEIPT) {
         CMS_ContentInfo *srcms = NULL;
@@ -1029,7 +1028,7 @@ int cms_main(int argc, char **argv)
                     flags |= CMS_STREAM;
             }
             flags |= CMS_PARTIAL;
-            cms = CMS_sign_with_libctx(NULL, NULL, other, in, flags, libctx, propq);
+            cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, propq);
             if (cms == NULL)
                 goto end;
             if (econtent_type != NULL)
@@ -1416,8 +1415,8 @@ static CMS_ReceiptRequest *make_receipt_request(
     } else {
         rct_from = NULL;
     }
-    rr = CMS_ReceiptRequest_create0_with_libctx(NULL, -1, rr_allorfirst,
-                                                rct_from, rct_to, libctx, propq);
+    rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
+                                       rct_to, libctx, propq);
     return rr;
  err:
     sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index fa015aa4ea..decd5df7f7 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -364,7 +364,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename)
     CONF *conf;
     int i;
 
-    conf = NCONF_new_with_libctx(app_libctx, NULL);
+    conf = NCONF_new_ex(app_libctx, NULL);
     i = NCONF_load_bio(conf, in, &errorline);
     if (i > 0)
         return conf;
@@ -756,8 +756,8 @@ int load_key_certs_crls(const char *uri, int maybe_stdin,
             ctx = OSSL_STORE_attach(bio, "file", libctx, propq,
                                     get_ui_method(), &uidata, NULL, NULL);
     } else {
-        ctx = OSSL_STORE_open_with_libctx(uri, libctx, propq, get_ui_method(),
-                                          &uidata, NULL, NULL);
+        ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
+                                 NULL, NULL);
     }
     if (ctx == NULL) {
         BIO_printf(bio_err, "Could not open file or uri for loading");
@@ -1116,16 +1116,14 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile,
         if (lookup == NULL)
             goto end;
         if (CAfile != NULL) {
-            if (!X509_LOOKUP_load_file_with_libctx(lookup, CAfile,
-                                                   X509_FILETYPE_PEM,
-                                                   libctx, propq)) {
+            if (!X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM,
+                                          libctx, propq)) {
                 BIO_printf(bio_err, "Error loading file %s\n", CAfile);
                 goto end;
             }
         } else {
-            X509_LOOKUP_load_file_with_libctx(lookup, NULL,
-                                              X509_FILETYPE_DEFAULT,
-                                              libctx, propq);
+            X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT,
+                                     libctx, propq);
         }
     }
 
@@ -1147,7 +1145,7 @@ X509_STORE *setup_verify(const char *CAfile, int noCAfile,
         lookup = X509_STORE_add_lookup(store, X509_LOOKUP_store());
         if (lookup == NULL)
             goto end;
-        if (!X509_LOOKUP_add_store_with_libctx(lookup, CAstore, libctx, propq)) {
+        if (!X509_LOOKUP_add_store_ex(lookup, CAstore, libctx, propq)) {
             if (CAstore != NULL)
                 BIO_printf(bio_err, "Error loading store URI %s\n", CAstore);
             goto end;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index b0f03232a7..1432d2b930 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -897,8 +897,7 @@ static int get_cert_chain(X509 *cert, X509_STORE *store,
     STACK_OF(X509) *chn = NULL;
     int i = 0;
 
-    store_ctx = X509_STORE_CTX_new_with_libctx(app_get0_libctx(),
-                                               app_get0_propq());
+    store_ctx = X509_STORE_CTX_new_ex(app_get0_libctx(), app_get0_propq());
     if (store_ctx == NULL) {
         i =  X509_V_ERR_UNSPECIFIED;
         goto end;
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index e6ac26e6f9..9efe3aa108 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -118,7 +118,7 @@ int pkcs7_main(int argc, char **argv)
     if (in == NULL)
         goto end;
 
-    p7 = PKCS7_new_with_libctx(libctx, propq);
+    p7 = PKCS7_new_ex(libctx, propq);
     if (p7 == NULL) {
         BIO_printf(bio_err, "unable to allocate PKCS7 object\n");
         ERR_print_errors(bio_err);
diff --git a/apps/req.c b/apps/req.c
index 62abf226ac..a3abc0b7b7 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -741,8 +741,7 @@ int req_main(int argc, char **argv)
         if (x509) {
             EVP_PKEY *tmppkey;
             X509V3_CTX ext_ctx;
-            if ((x509ss = X509_new_with_libctx(app_get0_libctx(),
-                                               app_get0_propq())) == NULL)
+            if ((x509ss = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
                 goto end;
 
             /* Set version to V3 */
diff --git a/apps/smime.c b/apps/smime.c
index e6d539457e..57b323cfa2 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -491,7 +491,7 @@ int smime_main(int argc, char **argv)
     if (operation & SMIME_IP) {
         PKCS7 *p7_in = NULL;
 
-        p7 = PKCS7_new_with_libctx(libctx, propq);
+        p7 = PKCS7_new_ex(libctx, propq);
         if (p7 == NULL) {
             BIO_printf(bio_err, "Error allocating PKCS7 object\n");
             goto end;
@@ -538,7 +538,7 @@ int smime_main(int argc, char **argv)
     if (operation == SMIME_ENCRYPT) {
         if (indef)
             flags |= PKCS7_STREAM;
-        p7 = PKCS7_encrypt_with_libctx(encerts, in, cipher, flags, libctx, propq);
+        p7 = PKCS7_encrypt_ex(encerts, in, cipher, flags, libctx, propq);
     } else if (operation & SMIME_SIGNERS) {
         int i;
         /*
@@ -553,8 +553,7 @@ int smime_main(int argc, char **argv)
                 flags |= PKCS7_STREAM;
             }
             flags |= PKCS7_PARTIAL;
-            p7 = PKCS7_sign_with_libctx(NULL, NULL, other, in, flags, libctx,
-                                        propq);
+            p7 = PKCS7_sign_ex(NULL, NULL, other, in, flags, libctx, propq);
             if (p7 == NULL)
                 goto end;
             if (flags & PKCS7_NOCERTS) {
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 3d9498dc46..b28c345fd3 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -356,8 +356,8 @@ static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
     OSSL_STORE_CTX *store_ctx = NULL;
     int ret = 1, items = 0;
 
-    if ((store_ctx = OSSL_STORE_open_with_libctx(uri, libctx, propq,
-                                                 uimeth, uidata, NULL, NULL))
+    if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, propq, uimeth, uidata,
+                                        NULL, NULL))
         == NULL) {
         BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
         ERR_print_errors(bio_err);
diff --git a/apps/ts.c b/apps/ts.c
index 09c586b44f..50dd263399 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -980,9 +980,8 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
             BIO_printf(bio_err, "memory allocation failure\n");
             goto err;
         }
-        if (!X509_LOOKUP_load_file_with_libctx(lookup, CAfile,
-                                               X509_FILETYPE_PEM,
-                                               libctx, propq)) {
+        if (!X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, libctx,
+                                      propq)) {
             BIO_printf(bio_err, "Error loading file %s\n", CAfile);
             goto err;
         }
@@ -994,7 +993,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
             BIO_printf(bio_err, "memory allocation failure\n");
             goto err;
         }
-        if (!X509_LOOKUP_load_store_with_libctx(lookup, CAstore, libctx, propq)) {
+        if (!X509_LOOKUP_load_store_ex(lookup, CAstore, libctx, propq)) {
             BIO_printf(bio_err, "Error loading store URI %s\n", CAstore);
             goto err;
         }
diff --git a/apps/x509.c b/apps/x509.c
index 367cbf45f1..509d6e8741 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -506,8 +506,8 @@ int x509_main(int argc, char **argv)
         goto end;
     }
 
-    if (!X509_STORE_set_default_paths_with_libctx(ctx, app_get0_libctx(),
-                                                  app_get0_propq())) {
+    if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(),
+                                         app_get0_propq())) {
         ERR_print_errors(bio_err);
         goto end;
     }
@@ -605,7 +605,7 @@ int x509_main(int argc, char **argv)
                        "We need a private key to sign with, use -signkey or -CAkey or -CA <file> with private key\n");
             goto end;
         }
-        if ((x = X509_new_with_libctx(app_get0_libctx(), app_get0_propq())) == NULL)
+        if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
             goto end;
 
         if (sno == NULL) {
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index 9211d7a968..66c99862e5 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -53,10 +53,9 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
 
 #endif
 
-int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *md,
-                                 void *asn, unsigned char *data,
-                                 unsigned int *len, OPENSSL_CTX *libctx,
-                                 const char *propq)
+int asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *md, void *asn,
+                        unsigned char *data, unsigned int *len,
+                        OPENSSL_CTX *libctx, const char *propq)
 {
     int i, ret = 0;
     unsigned char *str = NULL;
@@ -90,6 +89,6 @@ err:
 int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *md, void *asn,
                      unsigned char *data, unsigned int *len)
 {
-    return asn1_item_digest_with_libctx(it, md, asn, data, len, NULL, NULL);
+    return asn1_item_digest_ex(it, md, asn, data, len, NULL, NULL);
 }
 
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 04edd1b28c..4242e9a70e 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -119,18 +119,18 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                    ASN1_BIT_STRING *signature, const void *data,
                    EVP_PKEY *pkey, const EVP_MD *md)
 {
-    return ASN1_item_sign_with_libctx(it, algor1, algor2, signature, data, NULL,
-                                      pkey, md, NULL, NULL);
+    return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey,
+                             md, NULL, NULL);
 }
 
-int ASN1_item_sign_with_libctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
-                               X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
-                               const void *data, const ASN1_OCTET_STRING *id,
-                               EVP_PKEY *pkey, const EVP_MD *md,
-                               OPENSSL_CTX *libctx, const char *propq)
+int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+                      const void *data, const ASN1_OCTET_STRING *id,
+                      EVP_PKEY *pkey, const EVP_MD *md, OPENSSL_CTX *libctx,
+                      const char *propq)
 {
     int rv = 0;
-    EVP_MD_CTX *ctx = evp_md_ctx_new_with_libctx(pkey, id, libctx, propq);
+    EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq);
 
     if (ctx == NULL) {
         ASN1err(0, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index e3471c8141..d8cea688d5 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -89,20 +89,18 @@ int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg,
                      const ASN1_BIT_STRING *signature, const void *data,
                      EVP_PKEY *pkey)
 {
-    return ASN1_item_verify_with_libctx(it, alg, signature, data, NULL, pkey,
-                                        NULL, NULL);
+    return ASN1_item_verify_ex(it, alg, signature, data, NULL, pkey, NULL, NULL);
 }
 
-int ASN1_item_verify_with_libctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
-                                 const ASN1_BIT_STRING *signature,
-                                 const void *data,
-                                 const ASN1_OCTET_STRING *id, EVP_PKEY *pkey,
-                                 OPENSSL_CTX *libctx, const char *propq)
+int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg,
+                        const ASN1_BIT_STRING *signature, const void *data,
+                        const ASN1_OCTET_STRING *id, EVP_PKEY *pkey,
+                        OPENSSL_CTX *libctx, const char *propq)
 {
     EVP_MD_CTX *ctx;
     int rv = -1;
 
-    if ((ctx = evp_md_ctx_new_with_libctx(pkey, id, libctx, propq)) != NULL) {
+    if ((ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq)) != NULL) {
         rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx);
         EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx));
         EVP_MD_CTX_free(ctx);
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 596b32a57e..adf368f72f 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -229,11 +229,10 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
 
 /* SMIME sender */
 
-int SMIME_write_ASN1_with_libctx(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-                                 int ctype_nid, int econt_nid,
-                                 STACK_OF(X509_ALGOR) *mdalgs,
-                                 const ASN1_ITEM *it,
-                                 OPENSSL_CTX *libctx, const char *propq)
+int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                        int ctype_nid, int econt_nid,
+                        STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it,
+                        OPENSSL_CTX *libctx, const char *propq)
 {
     char bound[33], c;
     int i;
@@ -326,8 +325,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                      int ctype_nid, int econt_nid,
                      STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it)
 {
-    return SMIME_write_ASN1_with_libctx(bio, val, data, flags, ctype_nid,
-                                        econt_nid, mdalgs, it, NULL, NULL);
+    return SMIME_write_ASN1_ex(bio, val, data, flags, ctype_nid, econt_nid,
+                               mdalgs, it, NULL, NULL);
 }
 
 /* Handle output of ASN1 data */
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index fcf8d2f8d0..838ce25b90 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -48,13 +48,13 @@ EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
     if (!ret->ameth->old_priv_decode ||
         !ret->ameth->old_priv_decode(ret, &p, length)) {
         if (ret->ameth->priv_decode != NULL
-                || ret->ameth->priv_decode_with_libctx != NULL) {
+                || ret->ameth->priv_decode_ex != NULL) {
             EVP_PKEY *tmp;
             PKCS8_PRIV_KEY_INFO *p8 = NULL;
             p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
             if (p8 == NULL)
                 goto err;
-            tmp = EVP_PKCS82PKEY_with_libctx(p8, libctx, propq);
+            tmp = EVP_PKCS82PKEY_ex(p8, libctx, propq);
             PKCS8_PRIV_KEY_INFO_free(p8);
             if (tmp == NULL)
                 goto err;
@@ -121,7 +121,7 @@ EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp,
             ASN1err(0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
             return NULL;
         }
-        ret = EVP_PKCS82PKEY_with_libctx(p8, libctx, propq);
+        ret = EVP_PKCS82PKEY_ex(p8, libctx, propq);
         PKCS8_PRIV_KEY_INFO_free(p8);
         if (ret == NULL)
             return NULL;
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index eb162e382d..9b28f1b09b 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -119,9 +119,9 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
 
         if ((prot = ASN1_BIT_STRING_new()) == NULL)
             return NULL;
-        if (ASN1_item_sign_with_libctx(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART),
-                                       NULL, NULL, prot, &prot_part, NULL,
-                                       ctx->pkey, md, ctx->libctx, ctx->propq))
+        if (ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), NULL,
+                              NULL, prot, &prot_part, NULL, ctx->pkey, md,
+                              ctx->libctx, ctx->propq))
             return prot;
         ASN1_BIT_STRING_free(prot);
         return NULL;
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index 12afe57028..2eb58da21c 100644
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -230,7 +230,7 @@ STACK_OF(X509)
         goto err;
     }
 
-    if ((csc = X509_STORE_CTX_new_with_libctx(libctx, propq)) == NULL)
+    if ((csc = X509_STORE_CTX_new_ex(libctx, propq)) == NULL)
         goto err;
     if (store == NULL && certs != NULL
             && !ossl_cmp_X509_STORE_add1_certs(ts, certs, 0))
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 00757c11ae..f9981c2330 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -50,10 +50,10 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
     prot_part.header = msg->header;
     prot_part.body = msg->body;
 
-    if (ASN1_item_verify_with_libctx(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART),
-                                     msg->header->protectionAlg,
-                                     msg->protection, &prot_part, NULL, pubkey,
-                                     cmp_ctx->libctx, cmp_ctx->propq) > 0) {
+    if (ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART),
+                            msg->header->protectionAlg, msg->protection,
+                            &prot_part, NULL, pubkey, cmp_ctx->libctx,
+                            cmp_ctx->propq) > 0) {
         res = 1;
         goto end;
     }
@@ -118,7 +118,7 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
         return 0;
     }
 
-    if ((csc = X509_STORE_CTX_new_with_libctx(ctx->libctx, ctx->propq)) == NULL
+    if ((csc = X509_STORE_CTX_new_ex(ctx->libctx, ctx->propq)) == NULL
             || !X509_STORE_CTX_init(csc, trusted_store,
                                     cert, ctx->untrusted))
         goto err;
@@ -825,8 +825,8 @@ int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx,
         {
             X509_REQ *req = msg->body->value.p10cr;
 
-            if (X509_REQ_verify_with_libctx(req, X509_REQ_get0_pubkey(req),
-                                            ctx->libctx, ctx->propq) <= 0) {
+            if (X509_REQ_verify_ex(req, X509_REQ_get0_pubkey(req), ctx->libctx,
+                                   ctx->propq) <= 0) {
 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
                 CMPerr(0, CMP_R_REQUEST_NOT_ACCEPTED);
                 return 0;
diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c
index c596eab2c2..2abc867a59 100644
--- a/crypto/cms/cms_cd.c
+++ b/crypto/cms/cms_cd.c
@@ -36,7 +36,7 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid, OPENSSL_CTX *libctx,
                CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
         return NULL;
     }
-    cms = CMS_ContentInfo_new_with_libctx(libctx, propq);
+    cms = CMS_ContentInfo_new_ex(libctx, propq);
     if (cms == NULL)
         return NULL;
 
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
index 2b2d970acd..6b3796e7c0 100644
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
@@ -23,7 +23,7 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md,
     CMS_ContentInfo *cms;
     CMS_DigestedData *dd;
 
-    cms = CMS_ContentInfo_new_with_libctx(libctx, propq);
+    cms = CMS_ContentInfo_new_ex(libctx, propq);
     if (cms == NULL)
         return NULL;
 
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 068696586e..b1bba4c2d6 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -203,14 +203,14 @@ EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
     return NULL;
 }
 
-CMS_ContentInfo *CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
-                                                      OPENSSL_CTX *libctx,
-                                                      const char *propq)
+CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
+                                             OPENSSL_CTX *libctx,
+                                             const char *propq)
 {
     CMS_ContentInfo *cms;
     CMS_EnvelopedData *env;
 
-    cms = CMS_ContentInfo_new_with_libctx(libctx, propq);
+    cms = CMS_ContentInfo_new_ex(libctx, propq);
     if (cms == NULL)
         goto merr;
     env = cms_enveloped_data_init(cms);
@@ -229,18 +229,17 @@ CMS_ContentInfo *CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
 
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
 {
-    return CMS_EnvelopedData_create_with_libctx(cipher, NULL, NULL);
+    return CMS_EnvelopedData_create_ex(cipher, NULL, NULL);
 }
 
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
-                                         OPENSSL_CTX *libctx,
-                                         const char *propq)
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OPENSSL_CTX *libctx,
+                                const char *propq)
 {
     CMS_ContentInfo *cms;
     CMS_AuthEnvelopedData *aenv;
 
-    cms = CMS_ContentInfo_new_with_libctx(libctx, propq);
+    cms = CMS_ContentInfo_new_ex(libctx, propq);
     if (cms == NULL)
         goto merr;
     aenv = cms_auth_enveloped_data_init(cms);
@@ -259,7 +258,7 @@ CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
 
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher)
 {
-    return CMS_AuthEnvelopedData_create_with_libctx(cipher, NULL, NULL);
+    return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL);
 }
 
 /* Key Transport Recipient Info (KTRI) routines */
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index fa81b65c7b..7a617c3419 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -114,7 +114,7 @@ int ess_check_signing_certs(CMS_SignerInfo *si, STACK_OF(X509) *chain)
     return ret;
 }
 
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0_with_libctx(
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo,
     OPENSSL_CTX *libctx, const char *propq)
@@ -159,9 +159,8 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo)
 {
-    return CMS_ReceiptRequest_create0_with_libctx(id, idlen, allorfirst,
-                                                  receiptList, receiptsTo,
-                                                  NULL, NULL);
+    return CMS_ReceiptRequest_create0_ex(id, idlen, allorfirst, receiptList,
+                                         receiptsTo, NULL, NULL);
 }
 
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
@@ -221,9 +220,9 @@ static int cms_msgSigDigest(CMS_SignerInfo *si,
 
     if (md == NULL)
         return 0;
-    if (!asn1_item_digest_with_libctx(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
-                                      si->signedAttrs, dig, diglen,
-                                      si->cms_ctx->libctx, si->cms_ctx->propq))
+    if (!asn1_item_digest_ex(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+                             si->signedAttrs, dig, diglen, si->cms_ctx->libctx,
+                             si->cms_ctx->propq))
         return 0;
     return 1;
 }
diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
index 70a7c652e9..55a2510ad6 100644
--- a/crypto/cms/cms_io.c
+++ b/crypto/cms/cms_io.c
@@ -83,11 +83,11 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
     else
         mdalgs = NULL;
 
-    return SMIME_write_ASN1_with_libctx(bio, (ASN1_VALUE *)cms, data, flags,
-                                        ctype_nid, econt_nid, mdalgs,
-                                        ASN1_ITEM_rptr(CMS_ContentInfo),
-                                        cms_ctx_get0_libctx(ctx),
-                                        cms_ctx_get0_propq(ctx));
+    return SMIME_write_ASN1_ex(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid,
+                               econt_nid, mdalgs,
+                               ASN1_ITEM_rptr(CMS_ContentInfo),
+                               cms_ctx_get0_libctx(ctx),
+                               cms_ctx_get0_propq(ctx));
 }
 
 CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, BIO **bcont, CMS_ContentInfo **cms)
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index bc7da7ff94..f35e503308 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -40,8 +40,7 @@ int i2d_CMS_ContentInfo(const CMS_ContentInfo *a, unsigned char **out)
     return ASN1_item_i2d((const ASN1_VALUE *)a, out, (CMS_ContentInfo_it()));
 }
 
-CMS_ContentInfo *CMS_ContentInfo_new_with_libctx(OPENSSL_CTX *libctx,
-                                                 const char *propq)
+CMS_ContentInfo *CMS_ContentInfo_new_ex(OPENSSL_CTX *libctx, const char *propq)
 {
     CMS_ContentInfo *ci;
 
@@ -63,7 +62,7 @@ CMS_ContentInfo *CMS_ContentInfo_new_with_libctx(OPENSSL_CTX *libctx,
 
 CMS_ContentInfo *CMS_ContentInfo_new(void)
 {
-    return CMS_ContentInfo_new_with_libctx(NULL, NULL);
+    return CMS_ContentInfo_new_ex(NULL, NULL);
 }
 
 void CMS_ContentInfo_free(CMS_ContentInfo *cms)
@@ -120,7 +119,7 @@ const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
 
 CMS_ContentInfo *cms_Data_create(OPENSSL_CTX *libctx, const char *propq)
 {
-    CMS_ContentInfo *cms = CMS_ContentInfo_new_with_libctx(libctx, propq);
+    CMS_ContentInfo *cms = CMS_ContentInfo_new_ex(libctx, propq);
 
     if (cms != NULL) {
         cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 121390a8d5..1338211072 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -411,10 +411,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
                 goto err;
             if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
                 goto err;
-        } else if (EVP_DigestSignInit_with_libctx(si->mctx, &si->pctx,
-                                                  EVP_MD_name(md),
-                                                  ctx->libctx, ctx->propq,
-                                                  pk) <= 0) {
+        } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, EVP_MD_name(md),
+                                         ctx->libctx, ctx->propq, pk) <= 0) {
             goto err;
         }
     }
@@ -676,8 +674,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
             CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        if (!EVP_SignFinal_with_libctx(mctx, sig, &siglen, si->pkey,
-                                       ctx->libctx, ctx->propq)) {
+        if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, ctx->libctx,
+                              ctx->propq)) {
             CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
             OPENSSL_free(sig);
             goto err;
@@ -735,9 +733,8 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
         pctx = si->pctx;
     else {
         EVP_MD_CTX_reset(mctx);
-        if (EVP_DigestSignInit_with_libctx(mctx, &pctx,
-                                           md_name, ctx->libctx, ctx->propq,
-                                           si->pkey) <= 0)
+        if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, ctx->libctx, ctx->propq,
+                                  si->pkey) <= 0)
             goto err;
         si->pctx = pctx;
     }
@@ -844,9 +841,8 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
         goto err;
     }
     mctx = si->mctx;
-    if (EVP_DigestVerifyInit_with_libctx(mctx, &si->pctx,
-                                         EVP_MD_name(md), ctx->libctx, NULL,
-                                         si->pkey) <= 0)
+    if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_name(md), ctx->libctx,
+                                NULL, si->pkey) <= 0)
         goto err;
 
     if (!cms_sd_asn1_ctrl(si, 1))
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index a50eee9fa9..f9a851950f 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -118,9 +118,8 @@ int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
     return r;
 }
 
-CMS_ContentInfo *CMS_data_create_with_libctx(BIO *in, unsigned int flags,
-                                             OPENSSL_CTX *libctx,
-                                             const char *propq)
+CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
+                                    OPENSSL_CTX *libctx, const char *propq)
 {
     CMS_ContentInfo *cms = cms_Data_create(libctx, propq);
 
@@ -136,7 +135,7 @@ CMS_ContentInfo *CMS_data_create_with_libctx(BIO *in, unsigned int flags,
 
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
 {
-    return CMS_data_create_with_libctx(in, flags, NULL, NULL);
+    return CMS_data_create_ex(in, flags, NULL, NULL);
 }
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
@@ -164,11 +163,9 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
     return r;
 }
 
-CMS_ContentInfo *CMS_digest_create_with_libctx(BIO *in,
-                                               const EVP_MD *md,
-                                               unsigned int flags,
-                                               OPENSSL_CTX *ctx,
-                                               const char *propq)
+CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
+                                      unsigned int flags, OPENSSL_CTX *ctx,
+                                      const char *propq)
 {
     CMS_ContentInfo *cms;
 
@@ -191,7 +188,7 @@ CMS_ContentInfo *CMS_digest_create_with_libctx(BIO *in,
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags)
 {
-    return CMS_digest_create_with_libctx(in, md, flags, NULL, NULL);
+    return CMS_digest_create_ex(in, md, flags, NULL, NULL);
 }
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
@@ -220,13 +217,11 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
     return r;
 }
 
-CMS_ContentInfo *CMS_EncryptedData_encrypt_with_libctx(BIO *in,
-                                                       const EVP_CIPHER *cipher,
-                                                       const unsigned char *key,
-                                                       size_t keylen,
-                                                       unsigned int flags,
-                                                       OPENSSL_CTX *libctx,
-                                                       const char *propq)
+CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
+                                              const unsigned char *key,
+                                              size_t keylen, unsigned int flags,
+                                              OPENSSL_CTX *libctx,
+                                              const char *propq)
 {
     CMS_ContentInfo *cms;
 
@@ -234,7 +229,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt_with_libctx(BIO *in,
         CMSerr(0, CMS_R_NO_CIPHER);
         return NULL;
     }
-    cms = CMS_ContentInfo_new_with_libctx(libctx, propq);
+    cms = CMS_ContentInfo_new_ex(libctx, propq);
     if (cms == NULL)
         return NULL;
     if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
@@ -255,8 +250,8 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags)
 {
-    return CMS_EncryptedData_encrypt_with_libctx(in, cipher, key, keylen, flags,
-                                                 NULL, NULL);
+    return CMS_EncryptedData_encrypt_ex(in, cipher, key, keylen, flags, NULL,
+                                        NULL);
 }
 
 static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
@@ -270,7 +265,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
     X509 *signer;
     int i, j, r = 0;
 
-    ctx = X509_STORE_CTX_new_with_libctx(cms_ctx->libctx, cms_ctx->propq);
+    ctx = X509_STORE_CTX_new_ex(cms_ctx->libctx, cms_ctx->propq);
     if (ctx == NULL) {
         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -503,15 +498,15 @@ int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
     return cms_Receipt_verify(rcms, ocms);
 }
 
-CMS_ContentInfo *CMS_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey,
-                                      STACK_OF(X509) *certs, BIO *data,
-                                      unsigned int flags,
-                                      OPENSSL_CTX *libctx, const char *propq)
+CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
+                             STACK_OF(X509) *certs, BIO *data,
+                             unsigned int flags, OPENSSL_CTX *libctx,
+                             const char *propq)
 {
     CMS_ContentInfo *cms;
     int i;
 
-    cms = CMS_ContentInfo_new_with_libctx(libctx, propq);
+    cms = CMS_ContentInfo_new_ex(libctx, propq);
     if (cms == NULL || !CMS_SignedData_init(cms))
         goto merr;
     if (flags & CMS_ASCIICRLF
@@ -551,7 +546,7 @@ CMS_ContentInfo *CMS_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey,
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                           BIO *data, unsigned int flags)
 {
-    return CMS_sign_with_libctx(signcert, pkey, certs, data, flags, NULL, NULL);
+    return CMS_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL);
 }
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
@@ -575,8 +570,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 
     /* Initialize signed data */
 
-    cms = CMS_sign_with_libctx(NULL, NULL, certs, NULL, flags,
-                               ctx->libctx, ctx->propq);
+    cms = CMS_sign_ex(NULL, NULL, certs, NULL, flags, ctx->libctx, ctx->propq);
     if (cms == NULL)
         goto err;
 
@@ -623,10 +617,9 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 
 }
 
-CMS_ContentInfo *CMS_encrypt_with_libctx(STACK_OF(X509) *certs,
-                                         BIO *data, const EVP_CIPHER *cipher,
-                                         unsigned int flags,
-                                         OPENSSL_CTX *libctx, const char *propq)
+CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *data,
+                                const EVP_CIPHER *cipher, unsigned int flags,
+                                OPENSSL_CTX *libctx, const char *propq)
 {
     CMS_ContentInfo *cms;
     int i;
@@ -634,8 +627,8 @@ CMS_ContentInfo *CMS_encrypt_with_libctx(STACK_OF(X509) *certs,
 
 
     cms = (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
-          ? CMS_AuthEnvelopedData_create_with_libctx(cipher, libctx, propq)
-          : CMS_EnvelopedData_create_with_libctx(cipher, libctx, propq);
+          ? CMS_AuthEnvelopedData_create_ex(cipher, libctx, propq)
+          : CMS_EnvelopedData_create_ex(cipher, libctx, propq);
     if (cms == NULL)
         goto merr;
     for (i = 0; i < sk_X509_num(certs); i++) {
@@ -665,7 +658,7 @@ CMS_ContentInfo *CMS_encrypt_with_libctx(STACK_OF(X509) *certs,
 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
                              const EVP_CIPHER *cipher, unsigned int flags)
 {
-    return CMS_encrypt_with_libctx(certs, data, cipher, flags, NULL, NULL);
+    return CMS_encrypt_ex(certs, data, cipher, flags, NULL, NULL);
 }
 
 static int cms_kari_set1_pkey_and_peer(CMS_ContentInfo *cms,
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index a9d960b721..4cc698400c 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -174,7 +174,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
  * the "CONF classic" functions, for consistency.
  */
 
-CONF *NCONF_new_with_libctx(OPENSSL_CTX *libctx, CONF_METHOD *meth)
+CONF *NCONF_new_ex(OPENSSL_CTX *libctx, CONF_METHOD *meth)
 {
     CONF *ret;
 
@@ -193,7 +193,7 @@ CONF *NCONF_new_with_libctx(OPENSSL_CTX *libctx, CONF_METHOD *meth)
 
 CONF *NCONF_new(CONF_METHOD *meth)
 {
-    return NCONF_new_with_libctx(NULL, meth);
+    return NCONF_new_ex(NULL, meth);
 }
 
 void NCONF_free(CONF *conf)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index fa7f6b9d9f..5359a7e06d 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -145,15 +145,14 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
 
 }
 
-int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
-                                       const char *filename,
-                                       const char *appname, unsigned long flags)
+int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename,
+                              const char *appname, unsigned long flags)
 {
     char *file = NULL;
     CONF *conf = NULL;
     int ret = 0, diagnostics = 0;
 
-    conf = NCONF_new_with_libctx(libctx, NULL);
+    conf = NCONF_new_ex(libctx, NULL);
     if (conf == NULL)
         goto err;
 
@@ -191,7 +190,7 @@ int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
 int CONF_modules_load_file(const char *filename,
                            const char *appname, unsigned long flags)
 {
-    return CONF_modules_load_file_with_libctx(NULL, filename, appname, flags);
+    return CONF_modules_load_file_ex(NULL, filename, appname, flags);
 }
 
 DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules)
diff --git a/crypto/context.c b/crypto/context.c
index de289fcb68..1bc4bee290 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -170,7 +170,7 @@ OPENSSL_CTX *OPENSSL_CTX_new(void)
 #ifndef FIPS_MODULE
 int OPENSSL_CTX_load_config(OPENSSL_CTX *ctx, const char *config_file)
 {
-    return CONF_modules_load_file_with_libctx(ctx, config_file, NULL, 0) > 0;
+    return CONF_modules_load_file_ex(ctx, config_file, NULL, 0) > 0;
 }
 #endif
 
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index 5a6cdb7e82..3e971c7769 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -365,10 +365,9 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
         return 0;
     }
 
-    return ASN1_item_sign_with_libctx(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
-                                      ps->algorithmIdentifier, NULL,
-                                      ps->signature, cr, NULL, pkey, digest,
-                                      libctx, propq);
+    return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
+                             ps->algorithmIdentifier, NULL, ps->signature, cr,
+                             NULL, pkey, digest, libctx, propq);
 }
 
 
@@ -502,10 +501,9 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
             it = ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST);
             asn = req->certReq;
         }
-        if (ASN1_item_verify_with_libctx(it, sig->algorithmIdentifier,
-                                         sig->signature, asn, NULL,
-                                         X509_PUBKEY_get0(pubkey),
-                                         libctx, propq) < 1)
+        if (ASN1_item_verify_ex(it, sig->algorithmIdentifier, sig->signature,
+                                asn, NULL, X509_PUBKEY_get0(pubkey), libctx,
+                                propq) < 1)
             return 0;
         break;
     case OSSL_CRMF_POPO_KEYENC:
@@ -680,7 +678,7 @@ X509
     outlen += n;
 
     /* convert decrypted certificate from DER to internal ASN.1 structure */
-    if ((cert = X509_new_with_libctx(libctx, propq)) == NULL)
+    if ((cert = X509_new_ex(libctx, propq)) == NULL)
         goto end;
     if (d2i_X509(&cert, &p, outlen) == NULL)
         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c
index ab4aaf82c1..575524e1db 100644
--- a/crypto/ct/ct_b64.c
+++ b/crypto/ct/ct_b64.c
@@ -132,9 +132,9 @@ SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
  * 0 on decoding failure, or invalid parameter if any
  * -1 on internal (malloc) failure
  */
-int CTLOG_new_from_base64_with_libctx(CTLOG **ct_log, const char *pkey_base64,
-                                      const char *name, OPENSSL_CTX *libctx,
-                                      const char *propq)
+int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64,
+                             const char *name, OPENSSL_CTX *libctx,
+                             const char *propq)
 {
     unsigned char *pkey_der = NULL;
     int pkey_der_len;
@@ -160,7 +160,7 @@ int CTLOG_new_from_base64_with_libctx(CTLOG **ct_log, const char *pkey_base64,
         return 0;
     }
 
-    *ct_log = CTLOG_new_with_libctx(pkey, name, libctx, propq);
+    *ct_log = CTLOG_new_ex(pkey, name, libctx, propq);
     if (*ct_log == NULL) {
         EVP_PKEY_free(pkey);
         return 0;
@@ -172,6 +172,5 @@ int CTLOG_new_from_base64_with_libctx(CTLOG **ct_log, const char *pkey_base64,
 int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64,
                           const char *name)
 {
-    return CTLOG_new_from_base64_with_libctx(ct_log, pkey_base64, name, NULL,
-                                             NULL);
+    return CTLOG_new_from_base64_ex(ct_log, pkey_base64, name, NULL, NULL);
 }
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index 32a29ed699..9a32054c41 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -100,7 +100,7 @@ err:
     return ret;
 }
 
-CTLOG_STORE *CTLOG_STORE_new_with_libctx(OPENSSL_CTX *libctx, const char *propq)
+CTLOG_STORE *CTLOG_STORE_new_ex(OPENSSL_CTX *libctx, const char *propq)
 {
     CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
 
@@ -132,7 +132,7 @@ err:
 
 CTLOG_STORE *CTLOG_STORE_new(void)
 {
-    return CTLOG_STORE_new_with_libctx(NULL, NULL);
+    return CTLOG_STORE_new_ex(NULL, NULL);
 }
 
 void CTLOG_STORE_free(CTLOG_STORE *store)
@@ -161,8 +161,8 @@ static int ctlog_new_from_conf(CTLOG_STORE *store, CTLOG **ct_log,
         return 0;
     }
 
-    return CTLOG_new_from_base64_with_libctx(ct_log, pkey_base64, description,
-                                             store->libctx, store->propq);
+    return CTLOG_new_from_base64_ex(ct_log, pkey_base64, description,
+                                    store->libctx, store->propq);
 }
 
 int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
@@ -264,8 +264,8 @@ end:
  * Takes ownership of the public key.
  * Copies the name.
  */
-CTLOG *CTLOG_new_with_libctx(EVP_PKEY *public_key, const char *name,
-                             OPENSSL_CTX *libctx, const char *propq)
+CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, OPENSSL_CTX *libctx,
+                    const char *propq)
 {
     CTLOG *ret = OPENSSL_zalloc(sizeof(*ret));
 
@@ -301,7 +301,7 @@ err:
 
 CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name)
 {
-    return CTLOG_new_with_libctx(public_key, name, NULL, NULL);
+    return CTLOG_new_ex(public_key, name, NULL, NULL);
 }
 
 /* Frees CT log and associated structures */
diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c
index e067fd8ea5..268ef22b58 100644
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@@ -25,8 +25,8 @@
  */
 static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
 
-CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_with_libctx(OPENSSL_CTX *libctx,
-                                                       const char *propq)
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OPENSSL_CTX *libctx,
+                                              const char *propq)
 {
     CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
 
@@ -54,7 +54,7 @@ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_with_libctx(OPENSSL_CTX *libctx,
 
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
 {
-    return CT_POLICY_EVAL_CTX_new_with_libctx(NULL, NULL);
+    return CT_POLICY_EVAL_CTX_new_ex(NULL, NULL);
 }
 
 void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c
index b05e77b8a1..db0a3d83bd 100644
--- a/crypto/ct/ct_vfy.c
+++ b/crypto/ct/ct_vfy.c
@@ -122,9 +122,8 @@ int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
     if (ctx == NULL)
         goto end;
 
-    if (!EVP_DigestVerifyInit_with_libctx(ctx, NULL,
-                                          "SHA2-256", sctx->libctx, sctx->propq,
-                                          sctx->pkey))
+    if (!EVP_DigestVerifyInit_ex(ctx, NULL, "SHA2-256", sctx->libctx,
+                                 sctx->propq, sctx->pkey))
         goto end;
 
     if (!sct_ctx_update(ctx, sctx, sct))
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index f89dd44ffd..cd318654cf 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -560,7 +560,7 @@ static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
 {
     EVP_PKEY_CTX *pctx = vpctx;
     EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-    DH *dh = dh_new_with_libctx(pctx->libctx);
+    DH *dh = dh_new_ex(pctx->libctx);
 
     if (dh == NULL) {
         ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 52f3151bc8..096cf12886 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -100,7 +100,7 @@ static int dh_gen_named_group(OPENSSL_CTX *libctx, DH *ret, int prime_len)
     if (nid == NID_undef)
         return 0;
 
-    dh = dh_new_by_nid_with_libctx(libctx, nid);
+    dh = dh_new_by_nid_ex(libctx, nid);
     if (dh != NULL
         && ffc_params_copy(&ret->params, &dh->params)) {
         ok = 1;
diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index e0daa6ebc4..7a19f71b4d 100644
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -103,7 +103,7 @@ const char *ffc_named_group_from_uid(int uid)
 static DH *dh_param_init(OPENSSL_CTX *libctx, int uid, const BIGNUM *p,
                          const BIGNUM *q, const BIGNUM *g)
 {
-    DH *dh = dh_new_with_libctx(libctx);
+    DH *dh = dh_new_ex(libctx);
 
     if (dh == NULL)
         return NULL;
@@ -136,7 +136,7 @@ static DH *dh_new_by_group_name(OPENSSL_CTX *libctx, const char *name)
     return NULL;
 }
 
-DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid)
+DH *dh_new_by_nid_ex(OPENSSL_CTX *libctx, int nid)
 {
     const char *name = ffc_named_group_from_uid(nid);
 
@@ -145,7 +145,7 @@ DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid)
 
 DH *DH_new_by_nid(int nid)
 {
-    return dh_new_by_nid_with_libctx(NULL, nid);
+    return dh_new_by_nid_ex(NULL, nid);
 }
 
 int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name)
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index a6f4e64137..6c6eda27a2 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -63,7 +63,7 @@ DH *DH_new_method(ENGINE *engine)
 }
 #endif /* !FIPS_MODULE */
 
-DH *dh_new_with_libctx(OPENSSL_CTX *libctx)
+DH *dh_new_ex(OPENSSL_CTX *libctx)
 {
     return dh_new_intern(NULL, libctx);
 }
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 3312faa336..4bbbabff07 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -112,7 +112,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval,
     EC_KEY *eckey = NULL;
     EC_GROUP *group = NULL;
 
-    if ((eckey = EC_KEY_new_with_libctx(libctx, propq)) == NULL) {
+    if ((eckey = EC_KEY_new_ex(libctx, propq)) == NULL) {
         ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
         goto ecerr;
     }
@@ -134,8 +134,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval,
          * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
          */
 
-        group = EC_GROUP_new_by_curve_name_with_libctx(libctx, propq,
-                                                       OBJ_obj2nid(poid));
+        group = EC_GROUP_new_by_curve_name_ex(libctx, propq, OBJ_obj2nid(poid));
         if (group == NULL)
             goto ecerr;
         EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
@@ -206,10 +205,8 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
     return -2;
 }
 
-static int eckey_priv_decode_with_libctx(EVP_PKEY *pkey,
-                                         const PKCS8_PRIV_KEY_INFO *p8,
-                                         OPENSSL_CTX *libctx,
-                                         const char *propq)
+static int eckey_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8,
+                                OPENSSL_CTX *libctx, const char *propq)
 {
     const unsigned char *p = NULL;
     const void *pval;
@@ -744,7 +741,7 @@ static int ec_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
 {
     EVP_PKEY_CTX *pctx = vpctx;
     EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-    EC_KEY *ec = EC_KEY_new_with_libctx(pctx->libctx, pctx->propquery);
+    EC_KEY *ec = EC_KEY_new_ex(pctx->libctx, pctx->propquery);
 
     if (ec == NULL) {
         ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
@@ -808,7 +805,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
     ec_pkey_dirty_cnt,
     ec_pkey_export_to,
     ec_pkey_import_from,
-    eckey_priv_decode_with_libctx
+    eckey_priv_decode_ex
 };
 
 #if !defined(OPENSSL_NO_SM2)
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index a63a8535c3..d8f46f4849 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -3197,8 +3197,8 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx,
 
     /* If no curve data curve method must handle everything */
     if (curve.data == NULL)
-        return ec_group_new_with_libctx(libctx, propq,
-                                        curve.meth != NULL ? curve.meth() : NULL);
+        return ec_group_new_ex(libctx, propq,
+                               curve.meth != NULL ? curve.meth() : NULL);
 
     if ((ctx = BN_CTX_new_ex(libctx)) == NULL) {
         ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
@@ -3220,7 +3220,7 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx,
 
     if (curve.meth != 0) {
         meth = curve.meth();
-        if (((group = ec_group_new_with_libctx(libctx, propq, meth)) == NULL) ||
+        if (((group = ec_group_new_ex(libctx, propq, meth)) == NULL) ||
             (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
             ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
             goto err;
@@ -3290,8 +3290,8 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx,
     return group;
 }
 
-EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx,
-                                                 const char *propq, int nid)
+EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, const char *propq,
+                                        int nid)
 {
     EC_GROUP *ret = NULL;
     const ec_list_element *curve;
@@ -3311,7 +3311,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx,
 #ifndef FIPS_MODULE
 EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
 {
-    return EC_GROUP_new_by_curve_name_with_libctx(NULL, NULL, nid);
+    return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid);
 }
 #endif
 
diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c
index e5e6f10ce4..57e53d752e 100644
--- a/crypto/ec/ec_cvt.c
+++ b/crypto/ec/ec_cvt.c
@@ -54,7 +54,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
         meth = EC_GFp_mont_method();
 #endif
 
-    ret = ec_group_new_with_libctx(bn_get_lib_ctx(ctx), NULL, meth);
+    ret = ec_group_new_ex(bn_get_lib_ctx(ctx), NULL, meth);
     if (ret == NULL)
         return NULL;
 
@@ -75,7 +75,7 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
 
     meth = EC_GF2m_simple_method();
 
-    ret = ec_group_new_with_libctx(bn_get_lib_ctx(ctx), NULL, meth);
+    ret = ec_group_new_ex(bn_get_lib_ctx(ctx), NULL, meth);
     if (ret == NULL)
         return NULL;
 
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 89a28622bb..807b5e670a 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -34,18 +34,18 @@ EC_KEY *EC_KEY_new(void)
 }
 #endif
 
-EC_KEY *EC_KEY_new_with_libctx(OPENSSL_CTX *ctx, const char *propq)
+EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx, const char *propq)
 {
     return ec_key_new_method_int(ctx, propq, NULL);
 }
 
-EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx,
-                                             const char *propq, int nid)
+EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, const char *propq,
+                                    int nid)
 {
-    EC_KEY *ret = EC_KEY_new_with_libctx(ctx, propq);
+    EC_KEY *ret = EC_KEY_new_ex(ctx, propq);
     if (ret == NULL)
         return NULL;
-    ret->group = EC_GROUP_new_by_curve_name_with_libctx(ctx, propq, nid);
+    ret->group = EC_GROUP_new_by_curve_name_ex(ctx, propq, nid);
     if (ret->group == NULL) {
         EC_KEY_free(ret);
         return NULL;
@@ -61,7 +61,7 @@ EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx,
 #ifndef FIPS_MODULE
 EC_KEY *EC_KEY_new_by_curve_name(int nid)
 {
-    return EC_KEY_new_by_curve_name_with_libctx(NULL, NULL, nid);
+    return EC_KEY_new_by_curve_name_ex(NULL, NULL, nid);
 }
 #endif
 
@@ -122,8 +122,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
     if (src->group != NULL) {
         /* clear the old group */
         EC_GROUP_free(dest->group);
-        dest->group = ec_group_new_with_libctx(src->libctx, src->propq,
-                                               src->group->meth);
+        dest->group = ec_group_new_ex(src->libctx, src->propq, src->group->meth);
         if (dest->group == NULL)
             return NULL;
         if (!EC_GROUP_copy(dest->group, src->group))
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 222df55632..72ada1f723 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -26,8 +26,8 @@
 
 /* functions for EC_GROUP objects */
 
-EC_GROUP *ec_group_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
-                                   const EC_METHOD *meth)
+EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const char *propq,
+                          const EC_METHOD *meth)
 {
     EC_GROUP *ret;
 
@@ -81,7 +81,7 @@ EC_GROUP *ec_group_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
 # ifndef FIPS_MODULE
 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
 {
-    return ec_group_new_with_libctx(NULL, NULL, meth);
+    return ec_group_new_ex(NULL, NULL, meth);
 }
 # endif
 #endif
@@ -271,7 +271,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
     if (a == NULL)
         return NULL;
 
-    if ((t = ec_group_new_with_libctx(a->libctx, a->propq, a->meth)) == NULL)
+    if ((t = ec_group_new_ex(a->libctx, a->propq, a->meth)) == NULL)
         return NULL;
     if (!EC_GROUP_copy(t, a))
         goto err;
@@ -1438,8 +1438,7 @@ static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group,
             curve_name_nid = NID_secp224r1;
 #endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
 
-        ret_group = EC_GROUP_new_by_curve_name_with_libctx(libctx, propq,
-                                                           curve_name_nid);
+        ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid);
         if (ret_group == NULL)
             goto err;
 
@@ -1522,7 +1521,7 @@ static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
             ECerr(0, EC_R_INVALID_CURVE);
             return NULL;
         } else {
-            return EC_GROUP_new_by_curve_name_with_libctx(libctx, propq, nid);
+            return EC_GROUP_new_by_curve_name_ex(libctx, propq, nid);
         }
     }
     return NULL;
diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h
index 11fab6b985..33f40167aa 100644
--- a/crypto/ec/ec_local.h
+++ b/crypto/ec/ec_local.h
@@ -601,8 +601,8 @@ int ec_group_simple_order_bits(const EC_GROUP *group);
  *  \param   meth   EC_METHOD to use
  *  \return  newly created EC_GROUP object or NULL in case of an error.
  */
-EC_GROUP *ec_group_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
-                                   const EC_METHOD *meth);
+EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const char *propq,
+                          const EC_METHOD *meth);
 
 #ifdef ECP_NISTZ256_ASM
 /** Returns GFp methods using montgomery multiplication, with x86-64 optimized
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 99f1e480c1..9aab96a050 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -149,9 +149,8 @@ static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
     return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, KEYLEN(a)) == 0;
 }
 
-static int ecx_priv_decode_with_libctx(EVP_PKEY *pkey,
-                                       const PKCS8_PRIV_KEY_INFO *p8,
-                                       OPENSSL_CTX *libctx, const char *propq)
+static int ecx_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8,
+                              OPENSSL_CTX *libctx, const char *propq)
 {
     const unsigned char *p;
     int plen;
@@ -505,7 +504,7 @@ const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
     ecx_pkey_export_to,
     x25519_import_from,
 
-    ecx_priv_decode_with_libctx
+    ecx_priv_decode_ex
 };
 
 static int x448_import_from(const OSSL_PARAM params[], void *vpctx)
@@ -558,7 +557,7 @@ const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = {
     ecx_pkey_export_to,
     x448_import_from,
 
-    ecx_priv_decode_with_libctx
+    ecx_priv_decode_ex
 };
 
 static int ecd_size25519(const EVP_PKEY *pkey)
@@ -684,7 +683,7 @@ const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
     ecx_pkey_export_to,
     ed25519_import_from,
 
-    ecx_priv_decode_with_libctx
+    ecx_priv_decode_ex
 };
 
 static int ed448_import_from(const OSSL_PARAM params[], void *vpctx)
@@ -736,7 +735,7 @@ const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = {
     ecx_pkey_export_to,
     ed448_import_from,
 
-    ecx_priv_decode_with_libctx
+    ecx_priv_decode_ex
 };
 
 static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index fb29ab5f08..524d3ede8d 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -82,9 +82,8 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
 }
 
 #ifndef FIPS_MODULE
-EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey,
-                                       const ASN1_OCTET_STRING *id,
-                                       OPENSSL_CTX *libctx, const char *propq)
+EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
+                              OPENSSL_CTX *libctx, const char *propq)
 {
     EVP_MD_CTX *ctx;
     EVP_PKEY_CTX *pctx = NULL;
@@ -351,8 +350,8 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
          * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and
          * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate().
          * Some code calls EVP_DigestUpdate() directly even when initialised
-         * with EVP_DigestSignInit_with_libctx() or
-         * EVP_DigestVerifyInit_with_libctx(), so we detect that and redirect to
+         * with EVP_DigestSignInit_ex() or
+         * EVP_DigestVerifyInit_ex(), so we detect that and redirect to
          * the correct EVP_Digest*Update() function
          */
         if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX)
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 45666a2c42..b9fabf29f0 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -18,8 +18,8 @@
 
 /* Extract a private key from a PKCS8 structure */
 
-EVP_PKEY *EVP_PKCS82PKEY_with_libctx(const PKCS8_PRIV_KEY_INFO *p8,
-                                     OPENSSL_CTX *libctx, const char *propq)
+EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
+                            const char *propq)
 {
     EVP_PKEY *pkey = NULL;
     const ASN1_OBJECT *algoid;
@@ -40,8 +40,8 @@ EVP_PKEY *EVP_PKCS82PKEY_with_libctx(const PKCS8_PRIV_KEY_INFO *p8,
         goto error;
     }
 
-    if (pkey->ameth->priv_decode_with_libctx != NULL) {
-        if (!pkey->ameth->priv_decode_with_libctx(pkey, p8, libctx, propq))
+    if (pkey->ameth->priv_decode_ex != NULL) {
+        if (!pkey->ameth->priv_decode_ex(pkey, p8, libctx, propq))
             goto error;
     } else if (pkey->ameth->priv_decode != NULL) {
         if (!pkey->ameth->priv_decode(pkey, p8)) {
@@ -62,7 +62,7 @@ EVP_PKEY *EVP_PKCS82PKEY_with_libctx(const PKCS8_PRIV_KEY_INFO *p8,
 
 EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
 {
-    return EVP_PKCS82PKEY_with_libctx(p8, NULL, NULL);
+    return EVP_PKCS82PKEY_ex(p8, NULL, NULL);
 }
 
 /* Turn a private key into a PKCS8 structure */
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index e83a7e654a..faf5191234 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -310,10 +310,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     return ret > 0 ? 1 : 0;
 }
 
-int EVP_DigestSignInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-                                   const char *mdname,
-                                   OPENSSL_CTX *libctx, const char *props,
-                                   EVP_PKEY *pkey)
+int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const char *mdname, OPENSSL_CTX *libctx,
+                          const char *props, EVP_PKEY *pkey)
 {
     return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0);
 }
@@ -324,10 +323,9 @@ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0);
 }
 
-int EVP_DigestVerifyInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-                                     const char *mdname,
-                                     OPENSSL_CTX *libctx, const char *props,
-                                     EVP_PKEY *pkey)
+int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                            const char *mdname, OPENSSL_CTX *libctx,
+                            const char *props, EVP_PKEY *pkey)
 {
     return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1);
 }
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 7b8f99d511..b827899445 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -19,11 +19,10 @@
 #include "crypto/evp.h"
 #include "evp_local.h"
 
-int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen,
-                                  const unsigned char *salt, int saltlen,
-                                  int iter, const EVP_MD *digest, int keylen,
-                                  unsigned char *out,
-                                  OPENSSL_CTX *libctx, const char *propq)
+int pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
+                         const unsigned char *salt, int saltlen, int iter,
+                         const EVP_MD *digest, int keylen, unsigned char *out,
+                         OPENSSL_CTX *libctx, const char *propq)
 {
     const char *empty = "";
     int rv = 1, mode = 1;
@@ -84,8 +83,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
                       int saltlen, int iter, const EVP_MD *digest, int keylen,
                       unsigned char *out)
 {
-    return pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, salt, saltlen, iter,
-                                         digest, keylen, out, NULL, NULL);
+    return pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, digest,
+                                keylen, out, NULL, NULL);
 }
 
 
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index f3ada343fc..e3a885cd7a 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -450,11 +450,10 @@ static EVP_PKEY *new_raw_key_int(OPENSSL_CTX *libctx,
     return pkey;
 }
 
-EVP_PKEY *EVP_PKEY_new_raw_private_key_with_libctx(OPENSSL_CTX *libctx,
-                                                   const char *keytype,
-                                                   const char *propq,
-                                                   const unsigned char *priv,
-                                                   size_t len)
+EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OPENSSL_CTX *libctx,
+                                          const char *keytype,
+                                          const char *propq,
+                                          const unsigned char *priv, size_t len)
 {
     return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, priv,
                            len, 1);
@@ -467,11 +466,9 @@ EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
     return new_raw_key_int(NULL, NULL, NULL, type, e, priv, len, 1);
 }
 
-EVP_PKEY *EVP_PKEY_new_raw_public_key_with_libctx(OPENSSL_CTX *libctx,
-                                                  const char *keytype,
-                                                  const char *propq,
-                                                  const unsigned char *pub,
-                                                  size_t len)
+EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OPENSSL_CTX *libctx,
+                                         const char *keytype, const char *propq,
+                                         const unsigned char *pub, size_t len)
 {
     return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, pub,
                            len, 0);
@@ -636,11 +633,9 @@ static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len,
 # endif
 }
 
-EVP_PKEY *EVP_PKEY_new_CMAC_key_with_libctx(const unsigned char *priv,
-                                            size_t len,
-                                            const char *cipher_name,
-                                            OPENSSL_CTX *libctx,
-                                            const char *propq)
+EVP_PKEY *EVP_PKEY_new_CMAC_key_ex(const unsigned char *priv, size_t len,
+                                   const char *cipher_name, OPENSSL_CTX *libctx,
+                                   const char *propq)
 {
     return new_cmac_key_int(priv, len, cipher_name, NULL, libctx, propq, NULL);
 }
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index 2c4f49a528..f530091a3e 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -14,9 +14,9 @@
 #include <openssl/x509.h>
 #include "crypto/evp.h"
 
-int EVP_SignFinal_with_libctx(EVP_MD_CTX *ctx, unsigned char *sigret,
-                              unsigned int *siglen, EVP_PKEY *pkey,
-                              OPENSSL_CTX *libctx, const char *propq)
+int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *sigret,
+                     unsigned int *siglen, EVP_PKEY *pkey, OPENSSL_CTX *libctx,
+                     const char *propq)
 {
     unsigned char m[EVP_MAX_MD_SIZE];
     unsigned int m_len = 0;
@@ -65,5 +65,5 @@ int EVP_SignFinal_with_libctx(EVP_MD_CTX *ctx, unsigned char *sigret,
 int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                   unsigned int *siglen, EVP_PKEY *pkey)
 {
-    return EVP_SignFinal_with_libctx(ctx, sigret, siglen, pkey, NULL, NULL);
+    return EVP_SignFinal_ex(ctx, sigret, siglen, pkey, NULL, NULL);
 }
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index db14866af0..dc1ee84c15 100644
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -14,9 +14,9 @@
 #include <openssl/x509.h>
 #include "crypto/evp.h"
 
-int EVP_VerifyFinal_with_libctx(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
-                                unsigned int siglen, EVP_PKEY *pkey,
-                                OPENSSL_CTX *libctx, const char *propq)
+int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                       unsigned int siglen, EVP_PKEY *pkey, OPENSSL_CTX *libctx,
+                       const char *propq)
 {
     unsigned char m[EVP_MAX_MD_SIZE];
     unsigned int m_len = 0;
@@ -59,5 +59,5 @@ int EVP_VerifyFinal_with_libctx(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
 int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
                     unsigned int siglen, EVP_PKEY *pkey)
 {
-    return EVP_VerifyFinal_with_libctx(ctx, sigbuf, siglen, pkey, NULL, NULL);
+    return EVP_VerifyFinal_ex(ctx, sigbuf, siglen, pkey, NULL, NULL);
 }
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index ef023205c0..57e02e9db3 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -25,9 +25,8 @@
 
 #ifndef OPENSSL_NO_STDIO
 STACK_OF(X509_INFO)
-*PEM_X509_INFO_read_with_libctx(FILE *fp, STACK_OF(X509_INFO) *sk,
-                                pem_password_cb *cb, void *u,
-                                OPENSSL_CTX *libctx, const char *propq)
+*PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
+                       void *u, OPENSSL_CTX *libctx, const char *propq)
 {
     BIO *b;
     STACK_OF(X509_INFO) *ret;
@@ -37,7 +36,7 @@ STACK_OF(X509_INFO)
         return 0;
     }
     BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = PEM_X509_INFO_read_bio_with_libctx(b, sk, cb, u, libctx, propq);
+    ret = PEM_X509_INFO_read_bio_ex(b, sk, cb, u, libctx, propq);
     BIO_free(b);
     return ret;
 }
@@ -45,14 +44,14 @@ STACK_OF(X509_INFO)
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                         pem_password_cb *cb, void *u)
 {
-    return PEM_X509_INFO_read_with_libctx(fp, sk, cb, u, NULL, NULL);
+    return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL);
 }
 #endif
 
 STACK_OF(X509_INFO)
-*PEM_X509_INFO_read_bio_with_libctx(BIO *bp, STACK_OF(X509_INFO) *sk,
-                                    pem_password_cb *cb, void *u,
-                                    OPENSSL_CTX *libctx, const char *propq)
+*PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk,
+                           pem_password_cb *cb, void *u, OPENSSL_CTX *libctx,
+                           const char *propq)
 {
     X509_INFO *xi = NULL;
     char *name = NULL, *header = NULL;
@@ -98,7 +97,7 @@ STACK_OF(X509_INFO)
                     goto err;
                 goto start;
             }
-            xi->x509 = X509_new_with_libctx(libctx, propq);
+            xi->x509 = X509_new_ex(libctx, propq);
             if (xi->x509 == NULL)
                 goto err;
             pp = &(xi->x509);
@@ -111,7 +110,7 @@ STACK_OF(X509_INFO)
                     goto err;
                 goto start;
             }
-            xi->x509 = X509_new_with_libctx(libctx, propq);
+            xi->x509 = X509_new_ex(libctx, propq);
             if (xi->x509 == NULL)
                 goto err;
             pp = &(xi->x509);
@@ -268,7 +267,7 @@ STACK_OF(X509_INFO)
 STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
                                             pem_password_cb *cb, void *u)
 {
-    return PEM_X509_INFO_read_bio_with_libctx(bp, sk, cb, u, NULL, NULL);
+    return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL);
 }
 
 /* A TJH addition */
diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c
index f04e4b34ce..b0027cec2d 100644
--- a/crypto/pkcs7/pk7_asn1.c
+++ b/crypto/pkcs7/pk7_asn1.c
@@ -83,7 +83,7 @@ PKCS7 *PKCS7_new(void)
     return (PKCS7 *)ASN1_item_new(ASN1_ITEM_rptr(PKCS7));
 }
 
-PKCS7 *PKCS7_new_with_libctx(OPENSSL_CTX *libctx, const char *propq)
+PKCS7 *PKCS7_new_ex(OPENSSL_CTX *libctx, const char *propq)
 {
     PKCS7 *pkcs7 = PKCS7_new();
 
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index bc9bfd8589..cde158d56a 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -847,8 +847,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                 if (abuf == NULL)
                     goto err;
 
-                if (!EVP_SignFinal_with_libctx(ctx_tmp, abuf, &abuflen, si->pkey,
-                                               p7_ctx->libctx, p7_ctx->propq)) {
+                if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey,
+                                      p7_ctx->libctx, p7_ctx->propq)) {
                     OPENSSL_free(abuf);
                     PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
                     goto err;
@@ -919,9 +919,8 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
         goto err;
     }
 
-    if (EVP_DigestSignInit_with_libctx(mctx, &pctx,
-                                       EVP_MD_name(md), ctx->libctx, ctx->propq,
-                                       si->pkey) <= 0)
+    if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md), ctx->libctx,
+                              ctx->propq, si->pkey) <= 0)
         goto err;
 
     /*
@@ -1171,8 +1170,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
         goto err;
     }
 
-    i = EVP_VerifyFinal_with_libctx(mdc_tmp, os->data, os->length, pkey,
-                                    ctx->libctx, ctx->propq);
+    i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, ctx->libctx,
+                           ctx->propq);
     if (i <= 0) {
         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
         ret = -1;
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index 2099e8d9ef..c505b23648 100644
--- a/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
@@ -40,11 +40,10 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
 
     flags ^= SMIME_OLDMIME;
 
-    return SMIME_write_ASN1_with_libctx(bio, (ASN1_VALUE *)p7, data, flags,
-                                        ctype_nid, NID_undef, mdalgs,
-                                        ASN1_ITEM_rptr(PKCS7),
-                                        pkcs7_ctx_get0_libctx(ctx),
-                                        pkcs7_ctx_get0_propq(ctx));
+    return SMIME_write_ASN1_ex(bio, (ASN1_VALUE *)p7, data, flags, ctype_nid,
+                               NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7),
+                               pkcs7_ctx_get0_libctx(ctx),
+                               pkcs7_ctx_get0_propq(ctx));
 }
 
 PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7)
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 3347544bb8..5cbc18c63e 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -20,14 +20,14 @@
 
 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 
-PKCS7 *PKCS7_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey,
-                              STACK_OF(X509) *certs, BIO *data, int flags,
-                              OPENSSL_CTX *libctx, const char *propq)
+PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                     BIO *data, int flags, OPENSSL_CTX *libctx,
+                     const char *propq)
 {
     PKCS7 *p7;
     int i;
 
-    if ((p7 = PKCS7_new_with_libctx(libctx, propq)) == NULL) {
+    if ((p7 = PKCS7_new_ex(libctx, propq)) == NULL) {
         PKCS7err(0, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -67,7 +67,7 @@ PKCS7 *PKCS7_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey,
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                   BIO *data, int flags)
 {
-    return PKCS7_sign_with_libctx(signcert, pkey, certs, data, flags, NULL, NULL);
+    return PKCS7_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL);
 }
 
 
@@ -268,7 +268,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 
     /* Now verify the certificates */
     p7_ctx = pkcs7_get0_ctx(p7);
-    cert_ctx = X509_STORE_CTX_new_with_libctx(p7_ctx->libctx, p7_ctx->propq);
+    cert_ctx = X509_STORE_CTX_new_ex(p7_ctx->libctx, p7_ctx->propq);
     if (cert_ctx == NULL)
         goto err;
     if (!(flags & PKCS7_NOVERIFY))
@@ -443,16 +443,16 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
 
 /* Build a complete PKCS#7 enveloped data */
 
-PKCS7 *PKCS7_encrypt_with_libctx(STACK_OF(X509) *certs, BIO *in,
-                                 const EVP_CIPHER *cipher, int flags,
-                                 OPENSSL_CTX *libctx, const char *propq)
+PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+                        const EVP_CIPHER *cipher, int flags,
+                        OPENSSL_CTX *libctx, const char *propq)
 {
     PKCS7 *p7;
     BIO *p7bio = NULL;
     int i;
     X509 *x509;
 
-    if ((p7 = PKCS7_new_with_libctx(libctx, propq)) == NULL) {
+    if ((p7 = PKCS7_new_ex(libctx, propq)) == NULL) {
         PKCS7err(0, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
@@ -489,7 +489,7 @@ PKCS7 *PKCS7_encrypt_with_libctx(STACK_OF(X509) *certs, BIO *in,
 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                      int flags)
 {
-    return PKCS7_encrypt_with_libctx(certs, in, cipher, flags, NULL, NULL);
+    return PKCS7_encrypt_ex(certs, in, cipher, flags, NULL, NULL);
 }
 
 
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index 666e18ec65..cc03132d17 100644
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@@ -196,12 +196,10 @@ int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
                                   int nbits, const BIGNUM *e, BN_CTX *ctx,
                                   BN_GENCB *cb);
 
-int rsa_padding_add_SSLv23_with_libctx(OPENSSL_CTX *libctx, unsigned char *to,
-                                       int tlen, const unsigned char *from,
-                                       int flen);
-int rsa_padding_add_PKCS1_type_2_with_libctx(OPENSSL_CTX *libctx,
-                                             unsigned char *to, int tlen,
-                                             const unsigned char *from,
-                                             int flen);
+int rsa_padding_add_SSLv23_ex(OPENSSL_CTX *libctx, unsigned char *to, int tlen,
+                              const unsigned char *from, int flen);
+int rsa_padding_add_PKCS1_type_2_ex(OPENSSL_CTX *libctx, unsigned char *to,
+                                    int tlen, const unsigned char *from,
+                                    int flen);
 
 #endif /* OSSL_CRYPTO_RSA_LOCAL_H */
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index ce98802070..ea9ce0dee4 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -40,9 +40,8 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
                                const unsigned char *from, int flen,
                                const unsigned char *param, int plen)
 {
-    return rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(NULL, to, tlen, from,
-                                                       flen, param, plen, NULL,
-                                                       NULL);
+    return rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen, param,
+                                              plen, NULL, NULL);
 }
 
 /*
@@ -52,13 +51,11 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
  * Step numbers are included here but not in the constant time inverse below
  * to avoid complicating an already difficult enough function.
  */
-int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
-                                                unsigned char *to, int tlen,
-                                                const unsigned char *from,
-                                                int flen,
-                                                const unsigned char *param,
-                                                int plen, const EVP_MD *md,
-                                                const EVP_MD *mgf1md)
+int rsa_padding_add_PKCS1_OAEP_mgf1_ex(OPENSSL_CTX *libctx, unsigned char *to,
+                                       int tlen, const unsigned char *from,
+                                       int flen, const unsigned char *param,
+                                       int plen, const EVP_MD *md,
+                                       const EVP_MD *mgf1md)
 {
     int rv = 0;
     int i, emlen = tlen - 1;
@@ -141,9 +138,8 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
                                     const unsigned char *param, int plen,
                                     const EVP_MD *md, const EVP_MD *mgf1md)
 {
-    return rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(NULL, to, tlen, from,
-                                                       flen, param, plen, md,
-                                                       mgf1md);
+    return rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen, param,
+                                              plen, md, mgf1md);
 }
 
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index b996e4d05e..d1e8535226 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -111,18 +111,15 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
 
     switch (padding) {
     case RSA_PKCS1_PADDING:
-        i = rsa_padding_add_PKCS1_type_2_with_libctx(rsa->libctx, buf, num,
-                                                     from, flen);
+        i = rsa_padding_add_PKCS1_type_2_ex(rsa->libctx, buf, num, from, flen);
         break;
     case RSA_PKCS1_OAEP_PADDING:
-        i = rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(rsa->libctx, buf, num,
-                                                        from, flen, NULL, 0,
-                                                        NULL, NULL);
+        i = rsa_padding_add_PKCS1_OAEP_mgf1_ex(rsa->libctx, buf, num, from,
+                                               flen, NULL, 0, NULL, NULL);
         break;
 #ifndef FIPS_MODULE
     case RSA_SSLV23_PADDING:
-        i = rsa_padding_add_SSLv23_with_libctx(rsa->libctx, buf, num, from,
-                                               flen);
+        i = rsa_padding_add_SSLv23_ex(rsa->libctx, buf, num, from, flen);
         break;
 #endif
     case RSA_NO_PADDING:
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index b594534563..05c2933407 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -124,10 +124,9 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
     return j;
 }
 
-int rsa_padding_add_PKCS1_type_2_with_libctx(OPENSSL_CTX *libctx,
-                                             unsigned char *to, int tlen,
-                                             const unsigned char *from,
-                                             int flen)
+int rsa_padding_add_PKCS1_type_2_ex(OPENSSL_CTX *libctx, unsigned char *to,
+                                    int tlen, const unsigned char *from,
+                                    int flen)
 {
     int i, j;
     unsigned char *p;
@@ -165,7 +164,7 @@ int rsa_padding_add_PKCS1_type_2_with_libctx(OPENSSL_CTX *libctx,
 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
                                  const unsigned char *from, int flen)
 {
-    return rsa_padding_add_PKCS1_type_2_with_libctx(NULL, to, tlen, from, flen);
+    return rsa_padding_add_PKCS1_type_2_ex(NULL, to, tlen, from, flen);
 }
 
 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index 1cca8d0b09..3565b8c8d6 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -21,9 +21,8 @@
 #include "internal/constant_time.h"
 #include "rsa_local.h"
 
-int rsa_padding_add_SSLv23_with_libctx(OPENSSL_CTX *libctx, unsigned char *to,
-                                       int tlen, const unsigned char *from,
-                                       int flen)
+int rsa_padding_add_SSLv23_ex(OPENSSL_CTX *libctx, unsigned char *to, int tlen,
+                              const unsigned char *from, int flen)
 {
     int i, j;
     unsigned char *p;
@@ -63,7 +62,7 @@ int rsa_padding_add_SSLv23_with_libctx(OPENSSL_CTX *libctx, unsigned char *to,
 int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
                            const unsigned char *from, int flen)
 {
-    return rsa_padding_add_SSLv23_with_libctx(NULL, to, tlen, from, flen);
+    return rsa_padding_add_SSLv23_ex(NULL, to, tlen, from, flen);
 }
 
 /*
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 0f686fb119..94f47d0394 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -32,11 +32,10 @@
 static int ossl_store_close_it(OSSL_STORE_CTX *ctx);
 
 OSSL_STORE_CTX *
-OSSL_STORE_open_with_libctx(const char *uri,
-                            OPENSSL_CTX *libctx, const char *propq,
-                            const UI_METHOD *ui_method, void *ui_data,
-                            OSSL_STORE_post_process_info_fn post_process,
-                            void *post_process_data)
+OSSL_STORE_open_ex(const char *uri, OPENSSL_CTX *libctx, const char *propq,
+                   const UI_METHOD *ui_method, void *ui_data,
+                   OSSL_STORE_post_process_info_fn post_process,
+                   void *post_process_data)
 {
     const OSSL_STORE_LOADER *loader = NULL;
     OSSL_STORE_LOADER *fetched_loader = NULL;
@@ -85,9 +84,9 @@ OSSL_STORE_open_with_libctx(const char *uri,
         OSSL_TRACE1(STORE, "Looking up scheme %s\n", schemes[i]);
 #ifndef OPENSSL_NO_DEPRECATED_3_0
         if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL) {
-            if (loader->open_with_libctx != NULL)
-                loader_ctx = loader->open_with_libctx(loader, uri, libctx, propq,
-                                                      ui_method, ui_data);
+            if (loader->open_ex != NULL)
+                loader_ctx = loader->open_ex(loader, uri, libctx, propq,
+                                             ui_method, ui_data);
             else
                 loader_ctx = loader->open(loader, uri, ui_method, ui_data);
         }
@@ -187,8 +186,8 @@ OSSL_STORE_CTX *OSSL_STORE_open(const char *uri,
                                 OSSL_STORE_post_process_info_fn post_process,
                                 void *post_process_data)
 {
-    return OSSL_STORE_open_with_libctx(uri, NULL, NULL, ui_method, ui_data,
-                                       post_process, post_process_data);
+    return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, post_process,
+                              post_process_data);
 }
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h
index ef9815fa69..e5488606e4 100644
--- a/crypto/store/store_local.h
+++ b/crypto/store/store_local.h
@@ -93,7 +93,7 @@ struct ossl_store_loader_st {
     OSSL_STORE_eof_fn eof;
     OSSL_STORE_error_fn error;
     OSSL_STORE_close_fn close;
-    OSSL_STORE_open_with_libctx_fn open_with_libctx;
+    OSSL_STORE_open_ex_fn open_ex;
 #endif
 
     /* Provider stuff */
diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c
index 7bc233ca9d..f426a82ecc 100644
--- a/crypto/store/store_register.c
+++ b/crypto/store/store_register.c
@@ -70,11 +70,11 @@ int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
     return 1;
 }
 
-int OSSL_STORE_LOADER_set_open_with_libctx
+int OSSL_STORE_LOADER_set_open_ex
     (OSSL_STORE_LOADER *loader,
-     OSSL_STORE_open_with_libctx_fn open_with_libctx_function)
+     OSSL_STORE_open_ex_fn open_ex_function)
 {
-    loader->open_with_libctx = open_with_libctx_function;
+    loader->open_ex = open_ex_function;
     return 1;
 }
 
@@ -222,7 +222,7 @@ const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme)
     template.load = NULL;
     template.eof = NULL;
     template.close = NULL;
-    template.open_with_libctx = NULL;
+    template.open_ex = NULL;
 
     if (!ossl_store_init_once())
         return NULL;
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 363d25adbf..a591ef23ec 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -335,7 +335,7 @@ static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data,
             p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, der_len);
             RESET_ERR_MARK();
             if (p8info != NULL) {
-                pk = EVP_PKCS82PKEY_with_libctx(p8info, libctx, propq);
+                pk = EVP_PKCS82PKEY_ex(p8info, libctx, propq);
                 PKCS8_PRIV_KEY_INFO_free(p8info);
             }
         }
diff --git a/crypto/trace.c b/crypto/trace.c
old mode 100755
new mode 100644
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index da04daf902..3f44d541cf 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -47,12 +47,9 @@ static void free_dir(X509_LOOKUP *lu);
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
 static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
                                const X509_NAME *name, X509_OBJECT *ret);
-static int get_cert_by_subject_with_libctx(X509_LOOKUP *xl,
-                                           X509_LOOKUP_TYPE type,
-                                           const X509_NAME *name,
-                                           X509_OBJECT *ret,
-                                           OPENSSL_CTX *libctx,
-                                           const char *propq);
+static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                                  const X509_NAME *name, X509_OBJECT *ret,
+                                  OPENSSL_CTX *libctx, const char *propq);
 static X509_LOOKUP_METHOD x509_dir_lookup = {
     "Load certs from files in a directory",
     new_dir,                         /* new_item */
@@ -64,8 +61,8 @@ static X509_LOOKUP_METHOD x509_dir_lookup = {
     NULL,                            /* get_by_issuer_serial */
     NULL,                            /* get_by_fingerprint */
     NULL,                            /* get_by_alias */
-    get_cert_by_subject_with_libctx, /* get_by_subject_with_libctx */
-    NULL,                            /* ctrl_with_libctx */
+    get_cert_by_subject_ex,          /* get_by_subject_ex */
+    NULL,                            /* ctrl_ex */
 };
 
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
@@ -217,12 +214,9 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
     return 1;
 }
 
-static int get_cert_by_subject_with_libctx(X509_LOOKUP *xl,
-                                           X509_LOOKUP_TYPE type,
-                                           const X509_NAME *name,
-                                           X509_OBJECT *ret,
-                                           OPENSSL_CTX *libctx,
-                                           const char *propq)
+static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                                  const X509_NAME *name, X509_OBJECT *ret,
+                                  OPENSSL_CTX *libctx, const char *propq)
 {
     BY_DIR *ctx;
     union {
@@ -327,8 +321,8 @@ static int get_cert_by_subject_with_libctx(X509_LOOKUP *xl,
 #endif
             /* found one. */
             if (type == X509_LU_X509) {
-                if ((X509_load_cert_file_with_libctx(xl, b->data, ent->dir_type,
-                                                     libctx, propq)) == 0)
+                if ((X509_load_cert_file_ex(xl, b->data, ent->dir_type, libctx,
+                                            propq)) == 0)
                     break;
             } else if (type == X509_LU_CRL) {
                 if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0)
@@ -406,5 +400,5 @@ static int get_cert_by_subject_with_libctx(X509_LOOKUP *xl,
 static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
                                const X509_NAME *name, X509_OBJECT *ret)
 {
-    return get_cert_by_subject_with_libctx(xl, type, name, ret, NULL, NULL);
+    return get_cert_by_subject_ex(xl, type, name, ret, NULL, NULL);
 }
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index a4ec328312..c5010c4e7e 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -19,9 +19,9 @@
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                         long argl, char **ret);
-static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
-                                    const char *argc, long argl, char **ret,
-                                    OPENSSL_CTX *libctx, const char *propq);
+static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc,
+                           long argl, char **ret, OPENSSL_CTX *libctx,
+                           const char *propq);
 
 
 static X509_LOOKUP_METHOD x509_file_lookup = {
@@ -35,8 +35,8 @@ static X509_LOOKUP_METHOD x509_file_lookup = {
     NULL,                       /* get_by_issuer_serial */
     NULL,                       /* get_by_fingerprint */
     NULL,                       /* get_by_alias */
-    NULL,                       /* get_by_subject_with_libctx */
-    by_file_ctrl_with_libctx,   /* ctrl_with_libctx */
+    NULL,                       /* get_by_subject_ex */
+    by_file_ctrl_ex,            /* ctrl_ex */
 };
 
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
@@ -44,9 +44,9 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
     return &x509_file_lookup;
 }
 
-static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
-                                    const char *argp, long argl, char **ret,
-                                    OPENSSL_CTX *libctx, const char *propq)
+static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
+                           long argl, char **ret, OPENSSL_CTX *libctx,
+                           const char *propq)
 {
     int ok = 0;
     const char *file;
@@ -56,12 +56,11 @@ static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
         if (argl == X509_FILETYPE_DEFAULT) {
             file = ossl_safe_getenv(X509_get_default_cert_file_env());
             if (file)
-                ok = (X509_load_cert_crl_file_with_libctx(ctx, file,
-                                                          X509_FILETYPE_PEM,
-                                                          libctx, propq) != 0);
+                ok = (X509_load_cert_crl_file_ex(ctx, file, X509_FILETYPE_PEM,
+                                                 libctx, propq) != 0);
 
             else
-                ok = (X509_load_cert_crl_file_with_libctx(
+                ok = (X509_load_cert_crl_file_ex(
                          ctx, X509_get_default_cert_file(),
                          X509_FILETYPE_PEM, libctx, propq) != 0);
 
@@ -70,12 +69,11 @@ static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
             }
         } else {
             if (argl == X509_FILETYPE_PEM)
-                ok = (X509_load_cert_crl_file_with_libctx(ctx, argp,
-                                                          X509_FILETYPE_PEM,
-                                                          libctx, propq) != 0);
+                ok = (X509_load_cert_crl_file_ex(ctx, argp, X509_FILETYPE_PEM,
+                                                 libctx, propq) != 0);
             else
-                ok = (X509_load_cert_file_with_libctx(ctx, argp, (int)argl,
-                                                      libctx, propq) != 0);
+                ok = (X509_load_cert_file_ex(ctx, argp, (int)argl, libctx,
+                                             propq) != 0);
         }
         break;
     }
@@ -85,11 +83,11 @@ static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd,
                         const char *argp, long argl, char **ret)
 {
-    return by_file_ctrl_with_libctx(ctx, cmd, argp, argl, ret, NULL, NULL);
+    return by_file_ctrl_ex(ctx, cmd, argp, argl, ret, NULL, NULL);
 }
 
-int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file, int type,
-                                    OPENSSL_CTX *libctx, const char *propq)
+int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+                           OPENSSL_CTX *libctx, const char *propq)
 {
     int ret = 0;
     BIO *in = NULL;
@@ -107,7 +105,7 @@ int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file, int type
         X509err(0, X509_R_BAD_X509_FILETYPE);
         goto err;
     }
-    x = X509_new_with_libctx(libctx, propq);
+    x = X509_new_ex(libctx, propq);
     if (x == NULL) {
         X509err(0, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -153,7 +151,7 @@ int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file, int type
 
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
 {
-    return X509_load_cert_file_with_libctx(ctx, file, type, NULL, NULL);
+    return X509_load_cert_file_ex(ctx, file, type, NULL, NULL);
 }
 
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
@@ -213,9 +211,8 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
     return ret;
 }
 
-int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file,
-                                        int type, OPENSSL_CTX *libctx,
-                                        const char *propq)
+int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+                               OPENSSL_CTX *libctx, const char *propq)
 {
     STACK_OF(X509_INFO) *inf;
     X509_INFO *itmp;
@@ -223,13 +220,13 @@ int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file,
     int i, count = 0;
 
     if (type != X509_FILETYPE_PEM)
-        return X509_load_cert_file_with_libctx(ctx, file, type, libctx, propq);
+        return X509_load_cert_file_ex(ctx, file, type, libctx, propq);
     in = BIO_new_file(file, "r");
     if (!in) {
         X509err(0, ERR_R_SYS_LIB);
         return 0;
     }
-    inf = PEM_X509_INFO_read_bio_with_libctx(in, NULL, NULL, "", libctx, propq);
+    inf = PEM_X509_INFO_read_bio_ex(in, NULL, NULL, "", libctx, propq);
     BIO_free(in);
     if (!inf) {
         X509err(0, ERR_R_PEM_LIB);
@@ -257,6 +254,6 @@ int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file,
 
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
 {
-    return X509_load_cert_crl_file_with_libctx(ctx, file, type, NULL, NULL);
+    return X509_load_cert_crl_file_ex(ctx, file, type, NULL, NULL);
 }
 
diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c
index 7822da8cd5..e29e74f917 100644
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -21,8 +21,7 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
     OSSL_STORE_CTX *ctx = NULL;
     X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
 
-    if ((ctx = OSSL_STORE_open_with_libctx(uri, libctx, propq,
-                                           NULL, NULL, NULL, NULL)) == NULL)
+    if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL, NULL)) == NULL)
         return 0;
 
     /*
@@ -105,10 +104,9 @@ static void by_store_free(X509_LOOKUP *ctx)
     sk_OPENSSL_STRING_pop_free(uris, free_uri);
 }
 
-static int by_store_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
-                                     const char *argp, long argl,
-                                     char **retp,
-                                     OPENSSL_CTX *libctx, const char *propq)
+static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
+                            long argl, char **retp, OPENSSL_CTX *libctx,
+                            const char *propq)
 {
     switch (cmd) {
     case X509_L_ADD_STORE:
@@ -138,7 +136,7 @@ static int by_store_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
 static int by_store_ctrl(X509_LOOKUP *ctx, int cmd,
                          const char *argp, long argl, char **retp)
 {
-    return by_store_ctrl_with_libctx(ctx, cmd, argp, argl, retp, NULL, NULL);
+    return by_store_ctrl_ex(ctx, cmd, argp, argl, retp, NULL, NULL);
 }
 
 static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
@@ -159,9 +157,9 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
-static int by_store_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                                        const X509_NAME *name, X509_OBJECT *ret,
-                                        OPENSSL_CTX *libctx, const char *propq)
+static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const X509_NAME *name, X509_OBJECT *ret,
+                               OPENSSL_CTX *libctx, const char *propq)
 {
     OSSL_STORE_SEARCH *criterion =
         OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */
@@ -216,7 +214,7 @@ static int by_store_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
 static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
                             const X509_NAME *name, X509_OBJECT *ret)
 {
-    return by_store_subject_with_libctx(ctx, type, name, ret, NULL, NULL);
+    return by_store_subject_ex(ctx, type, name, ret, NULL, NULL);
 }
 
 /*
@@ -236,8 +234,8 @@ static X509_LOOKUP_METHOD x509_store_lookup = {
     NULL,                        /* get_by_issuer_serial */
     NULL,                        /* get_by_fingerprint */
     NULL,                        /* get_by_alias */
-    by_store_subject_with_libctx,
-    by_store_ctrl_with_libctx
+    by_store_subject_ex,
+    by_store_ctrl_ex
 };
 
 X509_LOOKUP_METHOD *X509_LOOKUP_store(void)
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index 512c7ae13e..40f751cde6 100644
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -12,17 +12,15 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 
-int X509_STORE_set_default_paths_with_libctx(X509_STORE *ctx,
-                                             OPENSSL_CTX *libctx,
-                                             const char *propq)
+int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OPENSSL_CTX *libctx,
+                                    const char *propq)
 {
     X509_LOOKUP *lookup;
 
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
     if (lookup == NULL)
         return 0;
-    X509_LOOKUP_load_file_with_libctx(lookup, NULL, X509_FILETYPE_DEFAULT,
-                                      libctx, propq);
+    X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, libctx, propq);
 
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
     if (lookup == NULL)
@@ -32,7 +30,7 @@ int X509_STORE_set_default_paths_with_libctx(X509_STORE *ctx,
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store());
     if (lookup == NULL)
         return 0;
-    X509_LOOKUP_add_store_with_libctx(lookup, NULL, libctx, propq);
+    X509_LOOKUP_add_store_ex(lookup, NULL, libctx, propq);
 
     /* clear any errors */
     ERR_clear_error();
@@ -41,18 +39,18 @@ int X509_STORE_set_default_paths_with_libctx(X509_STORE *ctx,
 }
 int X509_STORE_set_default_paths(X509_STORE *ctx)
 {
-    return X509_STORE_set_default_paths_with_libctx(ctx, NULL, NULL);
+    return X509_STORE_set_default_paths_ex(ctx, NULL, NULL);
 }
 
-int X509_STORE_load_file_with_libctx(X509_STORE *ctx, const char *file,
-                                     OPENSSL_CTX *libctx, const char *propq)
+int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+                            OPENSSL_CTX *libctx, const char *propq)
 {
     X509_LOOKUP *lookup;
 
     if (file == NULL
         || (lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file())) == NULL
-        || X509_LOOKUP_load_file_with_libctx(lookup, file, X509_FILETYPE_PEM,
-                                             libctx, propq) == 0)
+        || X509_LOOKUP_load_file_ex(lookup, file, X509_FILETYPE_PEM, libctx,
+                                    propq) == 0)
         return 0;
 
     return 1;
@@ -60,7 +58,7 @@ int X509_STORE_load_file_with_libctx(X509_STORE *ctx, const char *file,
 
 int X509_STORE_load_file(X509_STORE *ctx, const char *file)
 {
-    return X509_STORE_load_file_with_libctx(ctx, file, NULL, NULL);
+    return X509_STORE_load_file_ex(ctx, file, NULL, NULL);
 }
 
 int X509_STORE_load_path(X509_STORE *ctx, const char *path)
@@ -75,14 +73,14 @@ int X509_STORE_load_path(X509_STORE *ctx, const char *path)
     return 1;
 }
 
-int X509_STORE_load_store_with_libctx(X509_STORE *ctx, const char *uri,
-                                      OPENSSL_CTX *libctx, const char *propq)
+int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri,
+                             OPENSSL_CTX *libctx, const char *propq)
 {
     X509_LOOKUP *lookup;
 
     if (uri == NULL
         || (lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store())) == NULL
-        || X509_LOOKUP_add_store_with_libctx(lookup, uri, libctx, propq) == 0)
+        || X509_LOOKUP_add_store_ex(lookup, uri, libctx, propq) == 0)
         return 0;
 
     return 1;
@@ -90,17 +88,16 @@ int X509_STORE_load_store_with_libctx(X509_STORE *ctx, const char *uri,
 
 int X509_STORE_load_store(X509_STORE *ctx, const char *uri)
 {
-    return X509_STORE_load_store_with_libctx(ctx, uri, NULL, NULL);
+    return X509_STORE_load_store_ex(ctx, uri, NULL, NULL);
 }
 
-int X509_STORE_load_locations_with_libctx(X509_STORE *ctx, const char *file,
-                                          const char *path,
-                                          OPENSSL_CTX *libctx, const char *propq)
+int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
+                                 const char *path, OPENSSL_CTX *libctx,
+                                 const char *propq)
 {
     if (file == NULL && path == NULL)
         return 0;
-    if (file != NULL && !X509_STORE_load_file_with_libctx(ctx, file,
-                                                          libctx, propq))
+    if (file != NULL && !X509_STORE_load_file_ex(ctx, file, libctx, propq))
         return 0;
     if (path != NULL && !X509_STORE_load_path(ctx, path))
         return 0;
@@ -110,5 +107,5 @@ int X509_STORE_load_locations_with_libctx(X509_STORE *ctx, const char *file,
 int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
                               const char *path)
 {
-    return X509_STORE_load_locations_with_libctx(ctx, file, path, NULL, NULL);
+    return X509_STORE_load_locations_ex(ctx, file, path, NULL, NULL);
 }
diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h
index 6a2137129c..5d1f984aea 100644
--- a/crypto/x509/x509_local.h
+++ b/crypto/x509/x509_local.h
@@ -90,12 +90,11 @@ struct x509_lookup_method_st {
                                X509_OBJECT *ret);
     int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
                          const char *str, int len, X509_OBJECT *ret);
-    int (*get_by_subject_with_libctx) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                                       const X509_NAME *name, X509_OBJECT *ret,
-                                       OPENSSL_CTX *libctx, const char *propq);
-    int (*ctrl_with_libctx) (X509_LOOKUP *ctx, int cmd,
-                             const char *argc, long argl, char **ret,
-                             OPENSSL_CTX *libctx, const char *propq);
+    int (*get_by_subject_ex) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                              const X509_NAME *name, X509_OBJECT *ret,
+                              OPENSSL_CTX *libctx, const char *propq);
+    int (*ctrl_ex) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                    char **ret, OPENSSL_CTX *libctx, const char *propq);
 };
 
 /* This is the functions plus an instance of the local variables. */
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index de81fad513..69517e0b5e 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -71,15 +71,13 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
         return 1;
 }
 
-int X509_LOOKUP_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, const char *argc,
-                                 long argl, char **ret,
-                                 OPENSSL_CTX *libctx, const char *propq)
+int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                        char **ret, OPENSSL_CTX *libctx, const char *propq)
 {
     if (ctx->method == NULL)
         return -1;
-    if (ctx->method->ctrl_with_libctx != NULL)
-        return ctx->method->ctrl_with_libctx(ctx, cmd, argc, argl, ret,
-                                             libctx, propq);
+    if (ctx->method->ctrl_ex != NULL)
+        return ctx->method->ctrl_ex(ctx, cmd, argc, argl, ret, libctx, propq);
     if (ctx->method->ctrl != NULL)
         return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
     return 1;
@@ -88,21 +86,21 @@ int X509_LOOKUP_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, const char *argc,
 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
                      char **ret)
 {
-    return X509_LOOKUP_ctrl_with_libctx(ctx, cmd, argc, argl, ret, NULL, NULL);
+    return X509_LOOKUP_ctrl_ex(ctx, cmd, argc, argl, ret, NULL, NULL);
 }
 
-int X509_LOOKUP_by_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                                       const X509_NAME *name, X509_OBJECT *ret,
-                                       OPENSSL_CTX *libctx, const char *propq)
+int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                              const X509_NAME *name, X509_OBJECT *ret,
+                              OPENSSL_CTX *libctx, const char *propq)
 {
     if (ctx->skip
         || ctx->method == NULL
         || (ctx->method->get_by_subject == NULL
-            && ctx->method->get_by_subject_with_libctx == NULL))
+            && ctx->method->get_by_subject_ex == NULL))
         return 0;
-    if (ctx->method->get_by_subject_with_libctx != NULL)
-        return ctx->method->get_by_subject_with_libctx(ctx, type, name, ret,
-                                                       libctx, propq);
+    if (ctx->method->get_by_subject_ex != NULL)
+        return ctx->method->get_by_subject_ex(ctx, type, name, ret, libctx,
+                                              propq);
     else
         return ctx->method->get_by_subject(ctx, type, name, ret);
 }
@@ -110,7 +108,7 @@ int X509_LOOKUP_by_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
 int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
                            const X509_NAME *name, X509_OBJECT *ret)
 {
-    return X509_LOOKUP_by_subject_with_libctx(ctx, type, name, ret, NULL, NULL);
+    return X509_LOOKUP_by_subject_ex(ctx, type, name, ret, NULL, NULL);
 }
 
 int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
@@ -330,8 +328,8 @@ int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
     if (tmp == NULL || type == X509_LU_CRL) {
         for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) {
             lu = sk_X509_LOOKUP_value(store->get_cert_methods, i);
-            j = X509_LOOKUP_by_subject_with_libctx(lu, type, name, &stmp,
-                                                   vs->libctx, vs->propq);
+            j = X509_LOOKUP_by_subject_ex(lu, type, name, &stmp, vs->libctx,
+                                          vs->propq);
             if (j) {
                 tmp = &stmp;
                 break;
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 3d6c665aed..cf89179dfd 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2316,8 +2316,7 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
     return 1;
 }
 
-X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
-                                               const char *propq)
+X509_STORE_CTX *X509_STORE_CTX_new_ex(OPENSSL_CTX *libctx, const char *propq)
 {
     X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
@@ -2341,7 +2340,7 @@ X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
 
 X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
-    return X509_STORE_CTX_new_with_libctx(NULL, NULL);
+    return X509_STORE_CTX_new_ex(NULL, NULL);
 }
 
 
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 3e7dc42ef1..a7cf13f7b8 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -32,23 +32,22 @@ int X509_verify(X509 *a, EVP_PKEY *r)
     if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
         return 0;
 
-    return ASN1_item_verify_with_libctx(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
-                                        &a->signature, &a->cert_info,
-                                        a->distinguishing_id, r,
-                                        a->libctx, a->propq);
+    return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
+                               &a->signature, &a->cert_info,
+                               a->distinguishing_id, r, a->libctx, a->propq);
 }
 
-int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx,
-                                const char *propq)
+int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx,
+                       const char *propq)
 {
-    return ASN1_item_verify_with_libctx(ASN1_ITEM_rptr(X509_REQ_INFO),
-                                        &a->sig_alg, a->signature, &a->req_info,
-                                        a->distinguishing_id, r, libctx, propq);
+    return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg,
+                               a->signature, &a->req_info, a->distinguishing_id,
+                               r, libctx, propq);
 }
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
 {
-    return X509_REQ_verify_with_libctx(a, r, NULL, NULL);
+    return X509_REQ_verify_ex(a, r, NULL, NULL);
 }
 
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
@@ -403,8 +402,8 @@ int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data,
         memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash));
         return 1;
     }
-    return (asn1_item_digest_with_libctx(ASN1_ITEM_rptr(X509), md, (char *)cert,
-                                         data, len, cert->libctx, cert->propq));
+    return (asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert, data,
+                                len, cert->libctx, cert->propq));
 }
 
 /* calculate cert digest using the same hash algorithm as in its signature */
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 315787a5aa..e556eebdae 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -132,7 +132,7 @@ int i2d_X509(const X509 *a, unsigned char **out)
 /*
  * This should only be used if the X509 object was embedded inside another
  * asn1 object and it needs a libctx to operate.
- * Use X509_new_with_libctx() instead if possible.
+ * Use X509_new_ex() instead if possible.
  */
 int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq)
 {
@@ -143,7 +143,7 @@ int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq)
     return 1;
 }
 
-X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq)
+X509 *X509_new_ex(OPENSSL_CTX *libctx, const char *propq)
 {
     X509 *cert = NULL;
 
diff --git a/doc/man3/CMS_EncryptedData_encrypt.pod b/doc/man3/CMS_EncryptedData_encrypt.pod
index cb2672f629..63d5d2a1ff 100644
--- a/doc/man3/CMS_EncryptedData_encrypt.pod
+++ b/doc/man3/CMS_EncryptedData_encrypt.pod
@@ -2,16 +2,20 @@
 
 =head1 NAME
 
-CMS_EncryptedData_encrypt_with_libctx, CMS_EncryptedData_encrypt
+CMS_EncryptedData_encrypt_ex, CMS_EncryptedData_encrypt
 - Create CMS EncryptedData
 
 =head1 SYNOPSIS
 
  #include <openssl/cms.h>
 
- CMS_ContentInfo *CMS_EncryptedData_encrypt_with_libctx(BIO *in,
-     const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen,
-     unsigned int flags, OPENSSL_CTX *ctx, const char *propq);
+ CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in,
+                                               const EVP_CIPHER *cipher,
+                                               const unsigned char *key,
+                                               size_t keylen,
+                                               unsigned int flags,
+                                               OPENSSL_CTX *ctx,
+                                               const char *propq);
 
  CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in,
      const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen,
@@ -19,7 +23,7 @@ CMS_EncryptedData_encrypt_with_libctx, CMS_EncryptedData_encrypt
 
 =head1 DESCRIPTION
 
-CMS_EncryptedData_encrypt_with_libctx() creates a B<CMS_ContentInfo> structure
+CMS_EncryptedData_encrypt_ex() creates a B<CMS_ContentInfo> structure
 with a type B<NID_pkcs7_encrypted>. I<in> is a BIO containing the data to
 encrypt using I<cipher> and the encryption key I<key> of size I<keylen> bytes.
 The library context I<libctx> and the property query I<propq> are used when
@@ -34,13 +38,13 @@ its parameters.
 
 The B<CMS_ContentInfo> structure can be freed using L<CMS_ContentInfo_free(3)>.
 
-CMS_EncryptedData_encrypt() is similar to CMS_EncryptedData_encrypt_with_libctx()
+CMS_EncryptedData_encrypt() is similar to CMS_EncryptedData_encrypt_ex()
 but uses default values of NULL for the library context I<libctx> and the
 property query I<propq>.
 
 =head1 RETURN VALUES
 
-If the allocation fails, CMS_EncryptedData_encrypt_with_libctx() and
+If the allocation fails, CMS_EncryptedData_encrypt_ex() and
 CMS_EncryptedData_encrypt() return NULL and set an error code that can be
 obtained by L<ERR_get_error(3)>. Otherwise they return a pointer to the newly
 allocated structure.
@@ -51,7 +55,7 @@ L<ERR_get_error(3)>, L<CMS_final(3)>, L<CMS_EncryptedData_decrypt(3)>
 
 head1 HISTORY
 
-The CMS_EncryptedData_encrypt_with_libctx() method was added in OpenSSL 3.0.
+The CMS_EncryptedData_encrypt_ex() method was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/CMS_EnvelopedData_create.pod b/doc/man3/CMS_EnvelopedData_create.pod
index 6978aaabcb..97ece28f54 100644
--- a/doc/man3/CMS_EnvelopedData_create.pod
+++ b/doc/man3/CMS_EnvelopedData_create.pod
@@ -2,8 +2,8 @@
 
 =head1 NAME
 
-CMS_EnvelopedData_create_with_libctx, CMS_EnvelopedData_create,
-CMS_AuthEnvelopedData_create, CMS_AuthEnvelopedData_create_with_libctx
+CMS_EnvelopedData_create_ex, CMS_EnvelopedData_create,
+CMS_AuthEnvelopedData_create, CMS_AuthEnvelopedData_create_ex
 - Create CMS envelope
 
 =head1 SYNOPSIS
@@ -11,25 +11,23 @@ CMS_AuthEnvelopedData_create, CMS_AuthEnvelopedData_create_with_libctx
  #include <openssl/cms.h>
 
  CMS_ContentInfo *
- CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
-                                      OPENSSL_CTX *libctx,
-                                      const char *propq);
+ CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, OPENSSL_CTX *libctx,
+                             const char *propq);
  CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
 
  CMS_ContentInfo *
- CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
-                                          OPENSSL_CTX *libctx,
-                                          const char *propq);
+ CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OPENSSL_CTX *libctx,
+                                 const char *propq);
  CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 
 =head1 DESCRIPTION
 
-CMS_EnvelopedData_create_with_libctx() creates a B<CMS_ContentInfo> structure
+CMS_EnvelopedData_create_ex() creates a B<CMS_ContentInfo> structure
 with a type B<NID_pkcs7_enveloped>. I<cipher> is the symmetric cipher to use.
 The library context I<libctx> and the property query I<propq> are used when
 retrieving algorithms from providers.
 
-CMS_AuthEnvelopedData_create_with_libctx() creates a B<CMS_ContentInfo>
+CMS_AuthEnvelopedData_create_ex() creates a B<CMS_ContentInfo>
 structure with a type B<NID_id_smime_ct_authEnvelopedData>. B<cipher> is the
 symmetric AEAD cipher to use. Currently only AES variants with GCM mode are
 supported. The library context I<libctx> and the property query I<propq> are
@@ -45,8 +43,8 @@ The B<CMS_ContentInfo> structure needs to be finalized using L<CMS_final(3)>
 and then freed using L<CMS_ContentInfo_free(3)>.
 
 CMS_EnvelopedData_create() and  CMS_AuthEnvelopedData_create are similar to
-CMS_EnvelopedData_create_with_libctx() and
-CMS_AuthEnvelopedData_create_with_libctx() but use default values of NULL for
+CMS_EnvelopedData_create_ex() and
+CMS_AuthEnvelopedData_create_ex() but use default values of NULL for
 the library context I<libctx> and the property query I<propq>.
 
 =head1 NOTES
@@ -68,7 +66,7 @@ L<ERR_get_error(3)>, L<CMS_encrypt(3)>, L<CMS_decrypt(3)>, L<CMS_final(3)>
 
 head1 HISTORY
 
-The CMS_EnvelopedData_create_with_libctx() method was added in OpenSSL 3.0.
+The CMS_EnvelopedData_create_ex() method was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/CMS_data_create.pod b/doc/man3/CMS_data_create.pod
index b64a7a1d46..2d361af6cc 100644
--- a/doc/man3/CMS_data_create.pod
+++ b/doc/man3/CMS_data_create.pod
@@ -2,21 +2,20 @@
 
 =head1 NAME
 
-CMS_data_create_with_libctx, CMS_data_create
+CMS_data_create_ex, CMS_data_create
 - Create CMS Data object
 
 =head1 SYNOPSIS
 
  #include <openssl/cms.h>
 
- CMS_ContentInfo *CMS_data_create_with_libctx(BIO *in, unsigned int flags,
-                                              OPENSSL_CTX *libctx,
-                                              const char *propq);
+ CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
+                                     OPENSSL_CTX *libctx, const char *propq);
  CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 
 =head1 DESCRIPTION
 
-CMS_data_create_with_libctx() creates a B<CMS_ContentInfo> structure
+CMS_data_create_ex() creates a B<CMS_ContentInfo> structure
 with a type B<NID_pkcs7_data>. The data is supplied via the I<in> BIO.
 The library context I<libctx> and the property query I<propq> are used when
 retrieving algorithms from providers. The I<flags> field supports the
@@ -25,13 +24,13 @@ specified.
 
 The B<CMS_ContentInfo> structure can be freed using L<CMS_ContentInfo_free(3)>.
 
-CMS_data_create() is similar to CMS_data_create_with_libctx()
+CMS_data_create() is similar to CMS_data_create_ex()
 but uses default values of NULL for the library context I<libctx> and the
 property query I<propq>.
 
 =head1 RETURN VALUES
 
-If the allocation fails, CMS_data_create_with_libctx() and CMS_data_create()
+If the allocation fails, CMS_data_create_ex() and CMS_data_create()
 return NULL and set an error code that can be obtained by L<ERR_get_error(3)>.
 Otherwise they return a pointer to the newly allocated structure.
 
@@ -41,7 +40,7 @@ L<ERR_get_error(3)>, L<CMS_final(3)>
 
 head1 HISTORY
 
-The CMS_data_create_with_libctx() method was added in OpenSSL 3.0.
+The CMS_data_create_ex() method was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/CMS_digest_create.pod b/doc/man3/CMS_digest_create.pod
index 0eba22cfe6..74bd1fdea2 100644
--- a/doc/man3/CMS_digest_create.pod
+++ b/doc/man3/CMS_digest_create.pod
@@ -2,23 +2,23 @@
 
 =head1 NAME
 
-CMS_digest_create_with_libctx, CMS_digest_create
+CMS_digest_create_ex, CMS_digest_create
 - Create CMS DigestedData object
 
 =head1 SYNOPSIS
 
  #include <openssl/cms.h>
 
- CMS_ContentInfo *CMS_digest_create_with_libctx(BIO *in,
-     const EVP_MD *md, unsigned int flags,
-     OPENSSL_CTX *ctx, const char *propq);
+ CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
+                                       unsigned int flags, OPENSSL_CTX *ctx,
+                                       const char *propq);
 
  CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                     unsigned int flags);
 
 =head1 DESCRIPTION
 
-CMS_digest_create_with_libctx() creates a B<CMS_ContentInfo> structure
+CMS_digest_create_ex() creates a B<CMS_ContentInfo> structure
 with a type B<NID_pkcs7_digest>. The data supplied via the I<in> BIO is digested
 using I<md>. The library context I<libctx> and the property query I<propq> are
 used when retrieving algorithms from providers.
@@ -27,14 +27,14 @@ Internally CMS_final() is called unless B<CMS_STREAM> is specified.
 
 The B<CMS_ContentInfo> structure can be freed using L<CMS_ContentInfo_free(3)>.
 
-CMS_digest_create() is similar to CMS_digest_create_with_libctx()
+CMS_digest_create() is similar to CMS_digest_create_ex()
 but uses default values of NULL for the library context I<libctx> and the
 property query I<propq>.
 
 
 =head1 RETURN VALUES
 
-If the allocation fails, CMS_digest_create_with_libctx() and CMS_digest_create()
+If the allocation fails, CMS_digest_create_ex() and CMS_digest_create()
 return NULL and set an error code that can be obtained by L<ERR_get_error(3)>.
 Otherwise they return a pointer to the newly allocated structure.
 
@@ -44,7 +44,7 @@ L<ERR_get_error(3)>, L<CMS_final(3)>>
 
 head1 HISTORY
 
-The CMS_digest_create_with_libctx() method was added in OpenSSL 3.0.
+The CMS_digest_create_ex() method was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/CMS_encrypt.pod b/doc/man3/CMS_encrypt.pod
index 9fe92e3ee6..e78c096c78 100644
--- a/doc/man3/CMS_encrypt.pod
+++ b/doc/man3/CMS_encrypt.pod
@@ -2,23 +2,21 @@
 
 =head1 NAME
 
-CMS_encrypt_with_libctx, CMS_encrypt - create a CMS envelopedData structure
+CMS_encrypt_ex, CMS_encrypt - create a CMS envelopedData structure
 
 =head1 SYNOPSIS
 
  #include <openssl/cms.h>
 
- CMS_ContentInfo *CMS_encrypt_with_libctx(STACK_OF(X509) *certs,
-                                          BIO *in, const EVP_CIPHER *cipher,
-                                          unsigned int flags,
-                                          OPENSSL_CTX *libctx,
-                                          const char *propq);
+ CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+                                 const EVP_CIPHER *cipher, unsigned int flags,
+                                 OPENSSL_CTX *libctx, const char *propq);
  CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                               const EVP_CIPHER *cipher, unsigned int flags);
 
 =head1 DESCRIPTION
 
-CMS_encrypt_with_libctx() creates and returns a CMS EnvelopedData or
+CMS_encrypt_ex() creates and returns a CMS EnvelopedData or
 AuthEnvelopedData structure. I<certs> is a list of recipient certificates.
 I<in> is the content to be encrypted. I<cipher> is the symmetric cipher to use.
 I<flags> is an optional set of flags. The library context I<libctx> and the
@@ -85,12 +83,12 @@ and CMS_add0_recipient_key().
 The parameter B<certs> may be NULL if B<CMS_PARTIAL> is set and recipients
 added later using CMS_add1_recipient_cert() or CMS_add0_recipient_key().
 
-CMS_encrypt() is similar to CMS_encrypt_with_libctx() but uses default values
+CMS_encrypt() is similar to CMS_encrypt_ex() but uses default values
 of NULL for the library context I<libctx> and the property query I<propq>.
 
 =head1 RETURN VALUES
 
-CMS_encrypt_with_libctx() and CMS_encrypt() return either a CMS_ContentInfo
+CMS_encrypt_ex() and CMS_encrypt() return either a CMS_ContentInfo
 structure or NULL if an error occurred. The error can be obtained from
 ERR_get_error(3).
 
@@ -100,7 +98,7 @@ L<ERR_get_error(3)>, L<CMS_decrypt(3)>
 
 =head1 HISTORY
 
-The function CMS_encrypt_with_libctx() was added in OpenSSL 3.0.
+The function CMS_encrypt_ex() was added in OpenSSL 3.0.
 
 The B<CMS_STREAM> flag was first supported in OpenSSL 1.0.0.
 
diff --git a/doc/man3/CMS_get1_ReceiptRequest.pod b/doc/man3/CMS_get1_ReceiptRequest.pod
index 704d4bac01..6e1d1c1fd2 100644
--- a/doc/man3/CMS_get1_ReceiptRequest.pod
+++ b/doc/man3/CMS_get1_ReceiptRequest.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-CMS_ReceiptRequest_create0_with_libctx, CMS_ReceiptRequest_create0,
+CMS_ReceiptRequest_create0_ex, CMS_ReceiptRequest_create0,
 CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values
 - CMS signed receipt request functions
 
@@ -10,7 +10,7 @@ CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values
 
  #include <openssl/cms.h>
 
- CMS_ReceiptRequest *CMS_ReceiptRequest_create0_with_libctx(
+ CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
      unsigned char *id, int idlen, int allorfirst,
      STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo,
      OPENSSL_CTX *libctx, const char *propq);
@@ -26,7 +26,7 @@ CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values
 
 =head1 DESCRIPTION
 
-CMS_ReceiptRequest_create0_with_libctx() creates a signed receipt request
+CMS_ReceiptRequest_create0_ex() creates a signed receipt request
 structure. The B<signedContentIdentifier> field is set using I<id> and I<idlen>,
 or it is set to 32 bytes of pseudo random data if I<id> is NULL.
 If I<receiptList> is NULL the allOrFirstTier option in I<receiptsFrom> is used
@@ -36,7 +36,7 @@ parameter specifies the I<receiptsTo> field value. The library context I<libctx>
 and the property query I<propq> are used when retrieving algorithms from providers.
 
 CMS_ReceiptRequest_create0() is similar to
-CMS_ReceiptRequest_create0_with_libctx() but uses default values of NULL for the
+CMS_ReceiptRequest_create0_ex() but uses default values of NULL for the
 library context I<libctx> and the property query I<propq>.
 
 The CMS_add1_ReceiptRequest() function adds a signed receipt request B<rr>
@@ -61,7 +61,7 @@ CMS_verify().
 
 =head1 RETURN VALUES
 
-CMS_ReceiptRequest_create0_with_libctx() and CMS_ReceiptRequest_create0() return
+CMS_ReceiptRequest_create0_ex() and CMS_ReceiptRequest_create0() return
 a signed receipt request structure or NULL if an error occurred.
 
 CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred.
@@ -78,7 +78,7 @@ L<CMS_verify_receipt(3)>
 
 =head1 HISTORY
 
-The function CMS_ReceiptRequest_create0_with_libctx() was added in OpenSSL 3.0.
+The function CMS_ReceiptRequest_create0_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/CMS_sign.pod b/doc/man3/CMS_sign.pod
index cf92d35303..b5af7e0448 100644
--- a/doc/man3/CMS_sign.pod
+++ b/doc/man3/CMS_sign.pod
@@ -2,22 +2,22 @@
 
 =head1 NAME
 
-CMS_sign, CMS_sign_with_libctx - create a CMS SignedData structure
+CMS_sign, CMS_sign_ex - create a CMS SignedData structure
 
 =head1 SYNOPSIS
 
  #include <openssl/cms.h>
 
- CMS_ContentInfo *CMS_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey,
-                                       STACK_OF(X509) *certs, BIO *data,
-                                       unsigned int flags,
-                                       OPENSSL_CTX *ctx, const char *propq);
+ CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
+                              STACK_OF(X509) *certs, BIO *data,
+                              unsigned int flags, OPENSSL_CTX *ctx,
+                              const char *propq);
  CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                            BIO *data, unsigned int flags);
 
 =head1 DESCRIPTION
 
-CMS_sign_with_libctx() creates and returns a CMS SignedData structure.
+CMS_sign_ex() creates and returns a CMS SignedData structure.
 I<signcert> is the certificate to sign with, I<pkey> is the corresponding
 private key. I<certs> is an optional additional set of certificates to include
 in the CMS structure (for example any intermediate CAs in the chain). The
@@ -29,7 +29,7 @@ The data to be signed is read from BIO B<data>.
 
 B<flags> is an optional set of flags.
 
-CMS_sign() is similar to CMS_sign_with_libctx() but uses default values of NULL
+CMS_sign() is similar to CMS_sign_ex() but uses default values of NULL
 for the library context I<libctx> and the property query I<propq>.
 
 =head1 NOTES
@@ -115,7 +115,7 @@ Some attributes such as counter signatures are not supported.
 
 =head1 RETURN VALUES
 
-CMS_sign_with_libctx() and CMS_sign() return either a valid CMS_ContentInfo
+CMS_sign_ex() and CMS_sign() return either a valid CMS_ContentInfo
 structure or NULL if an error occurred. The error can be obtained from
 ERR_get_error(3).
 
@@ -128,7 +128,7 @@ L<ERR_get_error(3)>, L<CMS_verify(3)>
 The B<CMS_STREAM> flag is only supported for detached data in OpenSSL 0.9.8,
 it is supported for embedded data in OpenSSL 1.0.0 and later.
 
-The CMS_sign_with_libctx() method was added in OpenSSL 3.0.
+The CMS_sign_ex() method was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/CONF_modules_free.pod b/doc/man3/CONF_modules_free.pod
index e7ad3dac29..f47637f62b 100644
--- a/doc/man3/CONF_modules_free.pod
+++ b/doc/man3/CONF_modules_free.pod
@@ -39,7 +39,7 @@ None of the functions return a value.
 =head1 SEE ALSO
 
 L<config(5)>, L<OPENSSL_config(3)>,
-L<CONF_modules_load_file_with_libctx(3)>
+L<CONF_modules_load_file_ex(3)>
 
 =head1 HISTORY
 
diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod
index 7e99bb9d5a..07834a6ba5 100644
--- a/doc/man3/CONF_modules_load_file.pod
+++ b/doc/man3/CONF_modules_load_file.pod
@@ -2,16 +2,15 @@
 
 =head1 NAME
 
-CONF_modules_load_file_with_libctx, CONF_modules_load_file, CONF_modules_load
+CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
 - OpenSSL configuration functions
 
 =head1 SYNOPSIS
 
  #include <openssl/conf.h>
 
- int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
-                                        const char *filename,
-                                        const char *appname, unsigned long flags);
+ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename,
+                               const char *appname, unsigned long flags);
  int CONF_modules_load_file(const char *filename, const char *appname,
                             unsigned long flags);
  int CONF_modules_load(const CONF *cnf, const char *appname,
@@ -19,7 +18,7 @@ CONF_modules_load_file_with_libctx, CONF_modules_load_file, CONF_modules_load
 
 =head1 DESCRIPTION
 
-The function CONF_modules_load_file_with_libctx() configures OpenSSL using
+The function CONF_modules_load_file_ex() configures OpenSSL using
 library context B<libctx> file B<filename> and application name B<appname>.
 If B<filename> is NULL the standard OpenSSL configuration file is used.
 If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
@@ -27,7 +26,7 @@ used.
 The behaviour can be customized using B<flags>. Note that, the error suppressing
 can be overriden by B<config_diagnostics> as described in L<config(5)>.
 
-CONF_modules_load_file() is the same as CONF_modules_load_file_with_libctx() but
+CONF_modules_load_file() is the same as CONF_modules_load_file_ex() but
 has a NULL library context.
 
 CONF_modules_load() is identical to CONF_modules_load_file() except it
@@ -49,7 +48,7 @@ returns success.
 This is used by default in L<OPENSSL_init_crypto(3)> to ignore any errors in
 the default system-wide configuration file, as having all OpenSSL applications
 fail to start when there are potentially minor issues in the file is too risky.
-Applications calling B<CONF_modules_load_file_with_libctx> explicitly should not
+Applications calling B<CONF_modules_load_file_ex> explicitly should not
 generally set this flag.
 
 If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
@@ -62,7 +61,7 @@ return an error.
 B<CONF_MFLAGS_DEFAULT_SECTION> if set and B<appname> is not NULL will use the
 default section pointed to by B<openssl_conf> if B<appname> does not exist.
 
-By using CONF_modules_load_file_with_libctx() with appropriate flags an
+By using CONF_modules_load_file_ex() with appropriate flags an
 application can customise application configuration to best suit its needs.
 In some cases the use of a configuration file is optional and its absence is not
 an error: in this case B<CONF_MFLAGS_IGNORE_MISSING_FILE> would be set.
@@ -87,7 +86,7 @@ return value of the failing module (this will always be zero or negative).
 Load a configuration file and print out any errors and exit (missing file
 considered fatal):
 
- if (CONF_modules_load_file_with_libctx(libctx, NULL, NULL, 0) <= 0) {
+ if (CONF_modules_load_file_ex(libctx, NULL, NULL, 0) <= 0) {
      fprintf(stderr, "FATAL: error loading configuration file\n");
      ERR_print_errors_fp(stderr);
      exit(1);
@@ -96,8 +95,8 @@ considered fatal):
 Load default configuration file using the section indicated by "myapp",
 tolerate missing files, but exit on other errors:
 
- if (CONF_modules_load_file_with_libctx(NULL, NULL, "myapp",
-                                        CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+ if (CONF_modules_load_file_ex(NULL, NULL, "myapp",
+                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
      fprintf(stderr, "FATAL: error loading configuration file\n");
      ERR_print_errors_fp(stderr);
      exit(1);
@@ -106,8 +105,8 @@ tolerate missing files, but exit on other errors:
 Load custom configuration file and section, only print warnings on error,
 missing configuration file ignored:
 
- if (CONF_modules_load_file_with_libctx(NULL, "/something/app.cnf", "myapp",
-                                        CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+ if (CONF_modules_load_file_ex(NULL, "/something/app.cnf", "myapp",
+                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
      fprintf(stderr, "WARNING: error loading configuration file\n");
      ERR_print_errors_fp(stderr);
  }
@@ -123,7 +122,7 @@ Load and parse configuration file manually, custom error handling:
      fprintf(stderr, "Error opening configuration file\n");
      /* Other missing configuration file behaviour */
  } else {
-     cnf = NCONF_new_with_libctx(libctx, NULL);
+     cnf = NCONF_new_ex(libctx, NULL);
      if (NCONF_load_fp(cnf, fp, &eline) == 0) {
          fprintf(stderr, "Error on line %ld of configuration file\n", eline);
          ERR_print_errors_fp(stderr);
@@ -141,7 +140,7 @@ Load and parse configuration file manually, custom error handling:
 
 L<config(5)>,
 L<OPENSSL_config(3)>,
-L<NCONF_new_with_libctx(3)>
+L<NCONF_new_ex(3)>
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/CTLOG_STORE_new.pod b/doc/man3/CTLOG_STORE_new.pod
index 50d79a8bf6..25f3952be3 100644
--- a/doc/man3/CTLOG_STORE_new.pod
+++ b/doc/man3/CTLOG_STORE_new.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-CTLOG_STORE_new_with_libctx,
+CTLOG_STORE_new_ex,
 CTLOG_STORE_new, CTLOG_STORE_free,
 CTLOG_STORE_load_default_file, CTLOG_STORE_load_file -
 Create and populate a Certificate Transparency log list
@@ -11,8 +11,7 @@ Create and populate a Certificate Transparency log list
 
  #include <openssl/ct.h>
 
- CTLOG_STORE *CTLOG_STORE_new_with_libctx(OPENSSL_CTX *libctx,
-                                          const char *propq);
+ CTLOG_STORE *CTLOG_STORE_new_ex(OPENSSL_CTX *libctx, const char *propq);
  CTLOG_STORE *CTLOG_STORE_new(void);
  void CTLOG_STORE_free(CTLOG_STORE *store);
 
@@ -25,10 +24,10 @@ A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency
 logs). The list can be loaded from one or more files and then searched by LogID
 (see RFC 6962, Section 3.2, for the definition of a LogID).
 
-CTLOG_STORE_new_with_libctx() creates an empty list of CT logs associated with
+CTLOG_STORE_new_ex() creates an empty list of CT logs associated with
 the library context I<libctx> and the property query string I<propq>.
 
-CTLOG_STORE_new() does the same thing as CTLOG_STORE_new_with_libctx() but with
+CTLOG_STORE_new() does the same thing as CTLOG_STORE_new_ex() but with
 the default library context and property query string.
 
 The CTLOG_STORE is then populated by CTLOG_STORE_load_default_file() or
@@ -74,7 +73,7 @@ L<SSL_CTX_set_ctlog_list_file(3)>
 
 =head1 HISTORY
 
-CTLOG_STORE_new_with_libctx was added in OpenSSL 3.0. All other functions were
+CTLOG_STORE_new_ex was added in OpenSSL 3.0. All other functions were
 added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man3/CTLOG_new.pod b/doc/man3/CTLOG_new.pod
index 4bb1a1b646..edc4f7d6c3 100644
--- a/doc/man3/CTLOG_new.pod
+++ b/doc/man3/CTLOG_new.pod
@@ -2,8 +2,8 @@
 
 =head1 NAME
 
-CTLOG_new_with_libctx, CTLOG_new, CTLOG_new_from_base64,
-CTLOG_new_from_base64_with_libctx, CTLOG_free,
+CTLOG_new_ex, CTLOG_new, CTLOG_new_from_base64,
+CTLOG_new_from_base64_ex, CTLOG_free,
 CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key -
 encapsulates information about a Certificate Transparency log
 
@@ -11,13 +11,13 @@ encapsulates information about a Certificate Transparency log
 
  #include <openssl/ct.h>
 
- CTLOG *CTLOG_new_with_libctx(EVP_PKEY *public_key, const char *name,
-                              OPENSSL_CTX *libctx, const char *propq);
+ CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name,
+                     OPENSSL_CTX *libctx, const char *propq);
  CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
 
- int CTLOG_new_from_base64_with_libctx(CTLOG **ct_log, const char *pkey_base64,
-                                       const char *name, OPENSSL_CTX *libctx,
-                                       const char *propq);
+ int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64,
+                              const char *name, OPENSSL_CTX *libctx,
+                              const char *propq);
  int CTLOG_new_from_base64(CTLOG ** ct_log,
                            const char *pkey_base64, const char *name);
  void CTLOG_free(CTLOG *log);
@@ -28,23 +28,23 @@ encapsulates information about a Certificate Transparency log
 
 =head1 DESCRIPTION
 
-CTLOG_new_with_libctx() returns a new CTLOG that represents the Certificate
+CTLOG_new_ex() returns a new CTLOG that represents the Certificate
 Transparency (CT) log with the given public key and associates it with the
 library context I<libctx> and property query string I<propq>. A name must also
 be provided that can be used to help users identify this log. Ownership of the
 public key is transferred.
 
-CTLOG_new() does the same thing as CTLOG_new_with_libctx() but with the default
+CTLOG_new() does the same thing as CTLOG_new_ex() but with the default
 library context and the default property query string.
 
-CTLOG_new_from_base64_with_libctx() also creates a new CTLOG, but takes the
+CTLOG_new_from_base64_ex() also creates a new CTLOG, but takes the
 public key in base64-encoded DER form and sets the ct_log pointer to point to
 the new CTLOG. The base64 will be decoded and the public key parsed. The CTLOG
 will be associated with the given library context I<libctx> and property query
 string I<propq>.
 
 CTLOG_new_from_base64() does the same thing as
-CTLOG_new_from_base64_with_libctx() except that the default library context and
+CTLOG_new_from_base64_ex() except that the default library context and
 property query string are used.
 
 Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the
@@ -75,7 +75,7 @@ L<ct(7)>
 
 =head1 HISTORY
 
-The functions CTLOG_new_with_libctx() and CTLOG_new_from_base64_with_libctx()
+The functions CTLOG_new_ex() and CTLOG_new_from_base64_ex()
 were added in OpenSSL 3.0. All other functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
index 1266076097..7b20e5f770 100644
--- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod
+++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-CT_POLICY_EVAL_CTX_new_with_libctx,
+CT_POLICY_EVAL_CTX_new_ex,
 CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free,
 CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert,
 CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer,
@@ -14,8 +14,8 @@ Encapsulates the data required to evaluate whether SCTs meet a Certificate Trans
 
  #include <openssl/ct.h>
 
- CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_with_libctx(OPENSSL_CTX *libctx,
-                                                        const char *propq);
+ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OPENSSL_CTX *libctx,
+                                               const char *propq);
  CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
  void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
  X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
@@ -58,12 +58,12 @@ the current time
 
 The above requirements are met using the setters described below.
 
-CT_POLICY_EVAL_CTX_new_with_libctx() creates an empty policy evaluation context
+CT_POLICY_EVAL_CTX_new_ex() creates an empty policy evaluation context
 and associates it with the given library context I<libctx> and property query
 string I<propq>.
 
 CT_POLICY_EVAL_CTX_new() does the same thing as
-CT_POLICY_EVAL_CTX_new_with_libctx() except that it uses the default library
+CT_POLICY_EVAL_CTX_new_ex() except that it uses the default library
 context and property query string.
 
 The CT_POLICY_EVAL_CTX should then be populated using:
@@ -116,7 +116,7 @@ found in the TLS SCT extension or OCSP response.
 
 =head1 RETURN VALUES
 
-CT_POLICY_EVAL_CTX_new_with_libctx() and CT_POLICY_EVAL_CTX_new() will return
+CT_POLICY_EVAL_CTX_new_ex() and CT_POLICY_EVAL_CTX_new() will return
 NULL if malloc fails.
 
 =head1 SEE ALSO
@@ -125,7 +125,7 @@ L<ct(7)>
 
 =head1 HISTORY
 
-CT_POLICY_EVAL_CTX_new_with_libctx was added in OpenSSL 3.0. All other
+CT_POLICY_EVAL_CTX_new_ex was added in OpenSSL 3.0. All other
 functions were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod
index 918e504ce8..775a27936a 100644
--- a/doc/man3/EC_GROUP_new.pod
+++ b/doc/man3/EC_GROUP_new.pod
@@ -12,7 +12,7 @@ EC_GROUP_free,
 EC_GROUP_clear_free,
 EC_GROUP_new_curve_GFp,
 EC_GROUP_new_curve_GF2m,
-EC_GROUP_new_by_curve_name_with_libctx,
+EC_GROUP_new_by_curve_name_ex,
 EC_GROUP_new_by_curve_name,
 EC_GROUP_set_curve,
 EC_GROUP_get_curve,
@@ -37,8 +37,8 @@ objects
                                   const BIGNUM *b, BN_CTX *ctx);
  EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
                                    const BIGNUM *b, BN_CTX *ctx);
- EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx,
-                                                  const char *propq, int nid);
+ EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, const char *propq,
+                                         int nid);
  EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
 
  int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
@@ -153,14 +153,14 @@ Each EC_builtin_curve item has a unique integer id (I<nid>), and a human
 readable comment string describing the curve.
 
 In order to construct a built-in curve use the function
-EC_GROUP_new_by_curve_name_with_libctx() and provide the I<nid> of the curve to
+EC_GROUP_new_by_curve_name_ex() and provide the I<nid> of the curve to
 be constructed, the associated library context to be used in I<ctx> (see
 L<OPENSSL_CTX(3)>) and any property query string in I<propq>. The I<ctx> value
 may be NULL in which case the default library context is used. The I<propq>
 value may also be NULL.
 
 EC_GROUP_new_by_curve_name() is the same as
-EC_GROUP_new_by_curve_name_with_libctx() except that the default library context
+EC_GROUP_new_by_curve_name_ex() except that the default library context
 is always used along with a NULL property query string.
 
 EC_GROUP_free() frees the memory associated with the EC_GROUP.
@@ -198,7 +198,7 @@ L<OPENSSL_CTX(3)>, L<EVP_PKEY-EC(7)>
 
 EC_GROUP_new() was deprecated in OpenSSL 3.0.
 
-EC_GROUP_new_by_curve_name_with_libctx() and EC_GROUP_new_from_params() were
+EC_GROUP_new_by_curve_name_ex() and EC_GROUP_new_from_params() were
 added in OpenSSL 3.0.
 
 =item *
diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod
index c3e90a2474..2af07227ea 100644
--- a/doc/man3/EC_KEY_new.pod
+++ b/doc/man3/EC_KEY_new.pod
@@ -2,9 +2,9 @@
 
 =head1 NAME
 
-EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_with_libctx,
+EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex,
 EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags,
-EC_KEY_new_by_curve_name_with_libctx, EC_KEY_new_by_curve_name, EC_KEY_free,
+EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
 EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine,
 EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
 EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
@@ -20,13 +20,13 @@ EC_KEY objects
 
  #include <openssl/ec.h>
 
- EC_KEY *EC_KEY_new_with_libctx(OPENSSL_CTX *ctx, const char *propq);
+ EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx, const char *propq);
  EC_KEY *EC_KEY_new(void);
  int EC_KEY_get_flags(const EC_KEY *key);
  void EC_KEY_set_flags(EC_KEY *key, int flags);
  void EC_KEY_clear_flags(EC_KEY *key, int flags);
- EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx,
-                                              const char *propq, int nid);
+ EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, const char *propq,
+                                     int nid);
  EC_KEY *EC_KEY_new_by_curve_name(int nid);
  void EC_KEY_free(EC_KEY *key);
  EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
@@ -80,16 +80,16 @@ EC_KEY_new() is the same as EC_KEY_new_ex() except that the default library
 context is always used.
 
 Alternatively a new EC_KEY can be constructed by calling
-EC_KEY_new_by_curve_name_with_libctx() and supplying the nid of the associated
+EC_KEY_new_by_curve_name_ex() and supplying the nid of the associated
 curve, the library context to be used I<ctx> (see L<OPENSSL_CTX(3)>) and any
 property query string I<propq>.
 The I<ctx> parameter may be NULL in which case the default library context is
 used. The I<propq> value may also be NULL.
 See L<EC_GROUP_new(3)> for a description of curve names.
 This function simply wraps calls to EC_KEY_new_ex() and
-EC_GROUP_new_by_curve_name_with_libctx().
+EC_GROUP_new_by_curve_name_ex().
 
-EC_KEY_new_by_curve_name() is the same as EC_KEY_new_by_curve_name_with_libctx()
+EC_KEY_new_by_curve_name() is the same as EC_KEY_new_by_curve_name_ex()
 except that the default library context is always used and a NULL property query
 string.
 
@@ -177,7 +177,7 @@ EC_KEY_priv2buf() converts an EC_KEY private key into an allocated buffer.
 
 =head1 RETURN VALUES
 
-EC_KEY_new_with_libctx(), EC_KEY_new(), EC_KEY_new_by_curve_name_with_libctx(),
+EC_KEY_new_ex(), EC_KEY_new(), EC_KEY_new_by_curve_name_ex(),
 EC_KEY_new_by_curve_name() and EC_KEY_dup() return a pointer to the newly
 created EC_KEY object, or NULL on error.
 
diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod
index 923de31a31..26f516fb35 100644
--- a/doc/man3/EVP_DigestSignInit.pod
+++ b/doc/man3/EVP_DigestSignInit.pod
@@ -2,17 +2,16 @@
 
 =head1 NAME
 
-EVP_DigestSignInit_with_libctx, EVP_DigestSignInit, EVP_DigestSignUpdate,
+EVP_DigestSignInit_ex, EVP_DigestSignInit, EVP_DigestSignUpdate,
 EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions
 
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
 
- int EVP_DigestSignInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-                                    const char *mdname,
-                                    OPENSSL_CTX *libctx, const char *props,
-                                    EVP_PKEY *pkey);
+ int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                           const char *mdname, OPENSSL_CTX *libctx,
+                           const char *props, EVP_PKEY *pkey);
  int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
  int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
@@ -27,7 +26,7 @@ EVP_DigestSignFinal, EVP_DigestSign - EVP signing functions
 The EVP signature routines are a high-level interface to digital signatures.
 Input data is digested first before the signing takes place.
 
-EVP_DigestSignInit_with_libctx() sets up signing context I<ctx> to use a digest
+EVP_DigestSignInit_ex() sets up signing context I<ctx> to use a digest
 with the name I<mdname> and private key I<pkey>. The name of the digest to be
 used is passed to the provider of the signature algorithm in use. How that
 provider interprets the digest name is provider specific. The provider may
@@ -50,17 +49,17 @@ I<pctx> is not NULL, the EVP_PKEY_CTX of the signing operation will be written
 to I<*pctx>: this can be used to set alternative signing options. Note that any
 existing value in I<*pctx> is overwritten. The EVP_PKEY_CTX value returned must
 not be freed directly by the application if I<ctx> is not assigned an
-EVP_PKEY_CTX value before being passed to EVP_DigestSignInit_with_libctx()
-(which means the EVP_PKEY_CTX is created inside EVP_DigestSignInit_with_libctx()
+EVP_PKEY_CTX value before being passed to EVP_DigestSignInit_ex()
+(which means the EVP_PKEY_CTX is created inside EVP_DigestSignInit_ex()
 and it will be freed automatically when the EVP_MD_CTX is freed). If the
-EVP_PKEY_CTX to be used is created by EVP_DigestSignInit_with_libctx then it
+EVP_PKEY_CTX to be used is created by EVP_DigestSignInit_ex then it
 will use the B<OPENSSL_CTX> specified in I<libctx> and the property query string
 specified in I<props>.
 
 The digest I<mdname> may be NULL if the signing algorithm supports it. The
 I<props> argument can always be NULL.
 
-No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_with_libctx() if the
+No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_ex() if the
 passed I<ctx> has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>.
 See also L<SM2(7)>.
 
@@ -110,7 +109,7 @@ Will ignore any digest provided.
 
 If RSA-PSS is used and restrictions apply then the digest must match.
 
-EVP_DigestSignInit() works in the same way as EVP_DigestSignInit_with_libctx()
+EVP_DigestSignInit() works in the same way as EVP_DigestSignInit_ex()
 except that the I<mdname> parameter will be inferred from the supplied
 digest I<type>, and I<props> will be NULL. Where supplied the ENGINE I<e> will
 be used for the signing and digest algorithm implementations. I<e> may be NULL.
@@ -184,7 +183,7 @@ L<RAND(7)>
 EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal()
 were added in OpenSSL 1.0.0.
 
-EVP_DigestSignInit_with_libctx() was added in OpenSSL 3.0.
+EVP_DigestSignInit_ex() was added in OpenSSL 3.0.
 
 EVP_DigestSignUpdate() was converted from a macro to a function in OpenSSL 3.0.
 
diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod
index f90fb2754f..b48f98e0db 100644
--- a/doc/man3/EVP_DigestVerifyInit.pod
+++ b/doc/man3/EVP_DigestVerifyInit.pod
@@ -2,17 +2,16 @@
 
 =head1 NAME
 
-EVP_DigestVerifyInit_with_libctx, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate,
+EVP_DigestVerifyInit_ex, EVP_DigestVerifyInit, EVP_DigestVerifyUpdate,
 EVP_DigestVerifyFinal, EVP_DigestVerify - EVP signature verification functions
 
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
 
- int EVP_DigestVerifyInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-                                      const char *mdname,
-                                      OPENSSL_CTX *libctx, const char *props,
-                                      EVP_PKEY *pkey);
+ int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                             const char *mdname, OPENSSL_CTX *libctx,
+                             const char *props, EVP_PKEY *pkey);
  int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                           const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
  int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
@@ -26,7 +25,7 @@ EVP_DigestVerifyFinal, EVP_DigestVerify - EVP signature verification functions
 The EVP signature routines are a high-level interface to digital signatures.
 Input data is digested first before the signature verification takes place.
 
-EVP_DigestVerifyInit_with_libctx() sets up verification context B<ctx> to use a
+EVP_DigestVerifyInit_ex() sets up verification context B<ctx> to use a
 digest with the name B<mdname> and public key B<pkey>. The name of the digest to
 be used is passed to the provider of the signature algorithm in use. How that
 provider interprets the digest name is provider specific. The provider may
@@ -49,14 +48,14 @@ B<pctx> is not NULL, the EVP_PKEY_CTX of the verification operation will be
 written to B<*pctx>: this can be used to set alternative verification options.
 Note that any existing value in B<*pctx> is overwritten. The EVP_PKEY_CTX value
 returned must not be freed directly by the application if B<ctx> is not assigned
-an EVP_PKEY_CTX value before being passed to EVP_DigestVerifyInit_with_libctx()
+an EVP_PKEY_CTX value before being passed to EVP_DigestVerifyInit_ex()
 (which means the EVP_PKEY_CTX is created inside
-EVP_DigestVerifyInit_with_libctx() and it will be freed automatically when the
+EVP_DigestVerifyInit_ex() and it will be freed automatically when the
 EVP_MD_CTX is freed). If the EVP_PKEY_CTX to be used is created by
-EVP_DigestVerifyInit_with_libctx then it will use the B<OPENSSL_CTX> specified
+EVP_DigestVerifyInit_ex then it will use the B<OPENSSL_CTX> specified
 in I<libctx> and the property query string specified in I<props>.
 
-No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_with_libctx() if the
+No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_ex() if the
 passed B<ctx> has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>.
 See also L<SM2(7)>.
 
@@ -102,7 +101,7 @@ Will ignore any digest provided.
 If RSA-PSS is used and restrictions apply then the digest must match.
 
 EVP_DigestVerifyInit() works in the same way as
-EVP_DigestVerifyInit_with_libctx() except that the B<mdname> parameter will be
+EVP_DigestVerifyInit_ex() except that the B<mdname> parameter will be
 inferred from the supplied digest B<type>, and B<props> will be NULL. Where
 supplied the ENGINE B<e> will be used for the signature verification and digest
 algorithm implementations. B<e> may be NULL.
@@ -173,7 +172,7 @@ L<RAND(7)>
 EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal()
 were added in OpenSSL 1.0.0.
 
-EVP_DigestVerifyInit_with_libctx() was added in OpenSSL 3.0.
+EVP_DigestVerifyInit_ex() was added in OpenSSL 3.0.
 
 EVP_DigestVerifyUpdate() was converted from a macro to a function in OpenSSL
 3.0.
diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod
index 0543600704..0c941a6006 100644
--- a/doc/man3/EVP_PKEY_new.pod
+++ b/doc/man3/EVP_PKEY_new.pod
@@ -5,11 +5,11 @@
 EVP_PKEY_new,
 EVP_PKEY_up_ref,
 EVP_PKEY_free,
-EVP_PKEY_new_raw_private_key_with_libctx,
+EVP_PKEY_new_raw_private_key_ex,
 EVP_PKEY_new_raw_private_key,
-EVP_PKEY_new_raw_public_key_with_libctx,
+EVP_PKEY_new_raw_public_key_ex,
 EVP_PKEY_new_raw_public_key,
-EVP_PKEY_new_CMAC_key_with_libctx,
+EVP_PKEY_new_CMAC_key_ex,
 EVP_PKEY_new_CMAC_key,
 EVP_PKEY_new_mac_key,
 EVP_PKEY_get_raw_private_key,
@@ -24,25 +24,23 @@ EVP_PKEY_get_raw_public_key
  int EVP_PKEY_up_ref(EVP_PKEY *key);
  void EVP_PKEY_free(EVP_PKEY *key);
 
- EVP_PKEY *EVP_PKEY_new_raw_private_key_with_libctx(OPENSSL_CTX *libctx,
-                                                    const char *keytype,
-                                                    const char *propq,
-                                                    const unsigned char *key,
-                                                    size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OPENSSL_CTX *libctx,
+                                           const char *keytype,
+                                           const char *propq,
+                                           const unsigned char *key,
+                                           size_t keylen);
  EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
                                         const unsigned char *key, size_t keylen);
- EVP_PKEY *EVP_PKEY_new_raw_public_key_with_libctx(OPENSSL_CTX *libctx,
-                                                   const char *keytype,
-                                                   const char *propq,
-                                                   const unsigned char *key,
-                                                   size_t keylen);
+ EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OPENSSL_CTX *libctx,
+                                          const char *keytype,
+                                          const char *propq,
+                                          const unsigned char *key,
+                                          size_t keylen);
  EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
                                        const unsigned char *key, size_t keylen);
- EVP_PKEY *EVP_PKEY_new_CMAC_key_with_libctx(const unsigned char *priv,
-                                             size_t len,
-                                             const char *cipher_name,
-                                             OPENSSL_CTX *libctx,
-                                             const char *propq);
+ EVP_PKEY *EVP_PKEY_new_CMAC_key_ex(const unsigned char *priv, size_t len,
+                                    const char *cipher_name,
+                                    OPENSSL_CTX *libctx, const char *propq);
  EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
                                  size_t len, const EVP_CIPHER *cipher);
  EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
@@ -64,7 +62,7 @@ EVP_PKEY_up_ref() increments the reference count of I<key>.
 EVP_PKEY_free() decrements the reference count of I<key> and, if the reference
 count is zero, frees it up. If I<key> is NULL, nothing is done.
 
-EVP_PKEY_new_raw_private_key_with_libctx() allocates a new B<EVP_PKEY>. Unless
+EVP_PKEY_new_raw_private_key_ex() allocates a new B<EVP_PKEY>. Unless
 an engine should be used for the key type, a provider for the key is found using
 the library context I<libctx> and the property query string I<propq>. The
 I<keytype> argument indicates what kind of key this is. The value should be a
@@ -78,17 +76,17 @@ appropriate for the type of the key. The public key data will be automatically
 derived from the given private key data (if appropriate for the algorithm type).
 
 EVP_PKEY_new_raw_private_key() does the same as
-EVP_PKEY_new_raw_private_key_with_libctx() except that the default library
+EVP_PKEY_new_raw_private_key_ex() except that the default library
 context and default property query are used instead. If I<e> is non-NULL then
 the new B<EVP_PKEY> structure is associated with the engine I<e>. The I<type>
 argument indicates what kind of key this is. The value should be a NID for a
 public key algorithm that supports raw private keys, i.e. one of
 B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>, B<EVP_PKEY_X25519>,
 B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. As for
-EVP_PKEY_new_raw_private_key_with_libctx() you may also use B<EVP_PKEY_HMAC>.
+EVP_PKEY_new_raw_private_key_ex() you may also use B<EVP_PKEY_HMAC>.
 
-EVP_PKEY_new_raw_public_key_with_libctx() works in the same way as
-EVP_PKEY_new_raw_private_key_with_libctx() except that I<key> points to the raw
+EVP_PKEY_new_raw_public_key_ex() works in the same way as
+EVP_PKEY_new_raw_private_key_ex() except that I<key> points to the raw
 public key data. The B<EVP_PKEY> structure will be initialised without any
 private key information. Algorithm types that support raw public keys are
 "X25519", "ED25519", "X448" or "ED448".
@@ -99,7 +97,7 @@ data. The B<EVP_PKEY> structure will be initialised without any private key
 information. Algorithm types that support raw public keys are
 B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
 
-EVP_PKEY_new_CMAC_key_with_libctx() works in the same way as
+EVP_PKEY_new_CMAC_key_ex() works in the same way as
 EVP_PKEY_new_raw_private_key() except it is only for the B<EVP_PKEY_CMAC>
 algorithm type. In addition to the raw private key data, it also takes a cipher
 algorithm to be used during creation of a CMAC in the I<cipher> argument. The
@@ -108,7 +106,7 @@ ciphers should not be used. Finally it also takes a library context I<libctx>
 and property query I<propq> which are used when fetching any cryptographic
 algorithms which may be NULL to use the default values.
 
-EVP_PKEY_new_CMAC_key() is the same as EVP_PKEY_new_CMAC_key_with_libctx()
+EVP_PKEY_new_CMAC_key() is the same as EVP_PKEY_new_CMAC_key_ex()
 except that the default values are used for I<libctx> and I<propq>.
 
 EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key().
@@ -170,9 +168,9 @@ EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(),
 EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and
 EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.
 
-The EVP_PKEY_new_raw_private_key_with_libctx(),
-EVP_PKEY_new_raw_public_key_with_libctx() and
-EVP_PKEY_new_CMAC_key_with_libctx() functions were added in OpenSSL 3.0.
+The EVP_PKEY_new_raw_private_key_ex(),
+EVP_PKEY_new_raw_public_key_ex() and
+EVP_PKEY_new_CMAC_key_ex() functions were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod
index f6165f0468..d2959fabac 100644
--- a/doc/man3/EVP_SignInit.pod
+++ b/doc/man3/EVP_SignInit.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate,
-EVP_SignFinal_with_libctx, EVP_SignFinal
+EVP_SignFinal_ex, EVP_SignFinal
 - EVP signing functions
 
 =head1 SYNOPSIS
@@ -12,9 +12,8 @@ EVP_SignFinal_with_libctx, EVP_SignFinal
 
  int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
  int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_SignFinal_with_libctx(EVP_MD_CTX *ctx, unsigned char *md,
-                               unsigned int *s, EVP_PKEY *pkey,
-                               OPENSSL_CTX *libctx, const char *propq);
+ int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+                      EVP_PKEY *pkey, OPENSSL_CTX *libctx, const char *propq);
  int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s,
                    EVP_PKEY *pkey);
 
@@ -33,7 +32,7 @@ EVP_SignUpdate() hashes I<cnt> bytes of data at I<d> into the
 signature context I<ctx>. This function can be called several times on the
 same I<ctx> to include additional data.
 
-EVP_SignFinal_with_libctx() signs the data in I<ctx> using the private key
+EVP_SignFinal_ex() signs the data in I<ctx> using the private key
 I<pkey> and places the signature in I<sig>. The library context I<libctx> and
 property query I<propq> are used when creating a context to use with the key
 I<pkey>. I<sig> must be at least C<EVP_PKEY_size(pkey)> bytes in size. I<s> is
@@ -42,7 +41,7 @@ The number of bytes of data written (i.e. the length of the signature)
 will be written to the integer at I<s>, at most C<EVP_PKEY_size(pkey)> bytes
 will be written.
 
-EVP_SignFinal() is similar to EVP_SignFinal_with_libctx() but uses default
+EVP_SignFinal() is similar to EVP_SignFinal_ex() but uses default
 values of NULL for the library context I<libctx> and the property query I<propq>.
 
 EVP_SignInit() initializes a signing context I<ctx> to use the default
@@ -50,7 +49,7 @@ implementation of digest I<type>.
 
 =head1 RETURN VALUES
 
-EVP_SignInit_ex(), EVP_SignUpdate(), EVP_SignFinal_with_libctx() and
+EVP_SignInit_ex(), EVP_SignUpdate(), EVP_SignFinal_ex() and
 EVP_SignFinal() return 1 for success and 0 for failure.
 
 The error codes can be obtained by L<ERR_get_error(3)>.
@@ -99,7 +98,7 @@ L<SHA1(3)>, L<openssl-dgst(1)>
 
 =head1 HISTORY
 
-The function EVP_SignFinal_with_libctx() was added in OpenSSL 3.0.
+The function EVP_SignFinal_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/EVP_VerifyInit.pod b/doc/man3/EVP_VerifyInit.pod
index be5332a55d..d98054bedb 100644
--- a/doc/man3/EVP_VerifyInit.pod
+++ b/doc/man3/EVP_VerifyInit.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 EVP_VerifyInit_ex,
-EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal_with_libctx, EVP_VerifyFinal
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal_ex, EVP_VerifyFinal
 - EVP signature verification functions
 
 =head1 SYNOPSIS
@@ -12,9 +12,9 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal_with_libctx, EVP_VerifyFinal
 
  int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
  int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_VerifyFinal_with_libctx(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
-                                 unsigned int siglen, EVP_PKEY *pkey,
-                                 OPENSSL_CTX *libctx, const char *propq);
+ int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                        unsigned int siglen, EVP_PKEY *pkey,
+                        OPENSSL_CTX *libctx, const char *propq);
  int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen,
                      EVP_PKEY *pkey);
 
@@ -33,12 +33,12 @@ EVP_VerifyUpdate() hashes I<cnt> bytes of data at I<d> into the
 verification context I<ctx>. This function can be called several times on the
 same I<ctx> to include additional data.
 
-EVP_VerifyFinal_with_libctx() verifies the data in I<ctx> using the public key
+EVP_VerifyFinal_ex() verifies the data in I<ctx> using the public key
 I<pkey> and I<siglen> bytes in I<sigbuf>.
 The library context I<libctx> and property query I<propq> are used when creating
 a context to use with the key I<pkey>.
 
-EVP_VerifyFinal() is similar to EVP_VerifyFinal_with_libctx() but uses default
+EVP_VerifyFinal() is similar to EVP_VerifyFinal_ex() but uses default
 values of NULL for the library context I<libctx> and the property query I<propq>.
 
 EVP_VerifyInit() initializes verification context I<ctx> to use the default
@@ -49,7 +49,7 @@ implementation of digest I<type>.
 EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
 failure.
 
-EVP_VerifyFinal()_with_libctx() and EVP_VerifyFinal() return 1 for a correct
+EVP_VerifyFinal_ex() and EVP_VerifyFinal() return 1 for a correct
 signature, 0 for failure and -1 if some other error occurred.
 
 The error codes can be obtained by L<ERR_get_error(3)>.
@@ -93,7 +93,7 @@ L<SHA1(3)>, L<openssl-dgst(1)>
 
 head1 HISTORY
 
-The function EVP_VerifyFinal_with_libctx() was added in OpenSSL 3.0.
+The function EVP_VerifyFinal_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/NCONF_new_with_libctx.pod b/doc/man3/NCONF_new_ex.pod
similarity index 75%
rename from doc/man3/NCONF_new_with_libctx.pod
rename to doc/man3/NCONF_new_ex.pod
index b976d7f74c..2de14b4f4e 100644
--- a/doc/man3/NCONF_new_with_libctx.pod
+++ b/doc/man3/NCONF_new_ex.pod
@@ -2,14 +2,14 @@
 
 =head1 NAME
 
-NCONF_new_with_libctx, NCONF_new, NCONF_free, NCONF_default, NCONF_load
+NCONF_new_ex, NCONF_new, NCONF_free, NCONF_default, NCONF_load
 - functionality to Load and parse configuration files manually
 
 =head1 SYNOPSIS
 
  #include <openssl/conf.h>
 
- CONF *NCONF_new_with_libctx(OPENSSL_CTX *libctx, CONF_METHOD *meth);
+ CONF *NCONF_new_ex(OPENSSL_CTX *libctx, CONF_METHOD *meth);
  CONF *NCONF_new(CONF_METHOD *meth);
  void NCONF_free(CONF *conf);
  CONF_METHOD *NCONF_default(void);
@@ -17,11 +17,11 @@ NCONF_new_with_libctx, NCONF_new, NCONF_free, NCONF_default, NCONF_load
 
 =head1 DESCRIPTION
 
-NCONF_new_with_libctx() creates a new CONF object in heap memory and assigns to
+NCONF_new_ex() creates a new CONF object in heap memory and assigns to
 it a context I<libctx> that can be used during loading. If the method table
 I<meth> is set to NULL then the default value of NCONF_default() is used.
 
-NCONF_new() is similar to NCONF_new_with_libctx() but sets the I<libctx> to NULL.
+NCONF_new() is similar to NCONF_new_ex() but sets the I<libctx> to NULL.
 
 NCONF_free() frees the data associated with I<conf> and then frees the I<conf>
 object.
@@ -36,7 +36,7 @@ NCONF_default() gets the default method table for processing a configuration fil
 
 NCONF_load() returns 1 on success or 0 on error.
 
-NCONF_new_with_libctx() and NCONF_new() return a newly created I<CONF> object
+NCONF_new_ex() and NCONF_new() return a newly created I<CONF> object
 or NULL if an error occurs.
 
 =head1 SEE ALSO
@@ -45,7 +45,7 @@ L<CONF_modules_load_file(3)>,
 
 =head1 HISTORY
 
-NCONF_new_with_libctx() was added in OpenSSL 3.0.
+NCONF_new_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod
index 12e3748c47..e8da59392e 100644
--- a/doc/man3/OSSL_STORE_LOADER.pod
+++ b/doc/man3/OSSL_STORE_LOADER.pod
@@ -14,13 +14,13 @@ OSSL_STORE_LOADER_do_all_provided,
 OSSL_STORE_LOADER_names_do_all,
 OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new,
 OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme,
-OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_open_with_libctx,
+OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_open_ex,
 OSSL_STORE_LOADER_set_attach, OSSL_STORE_LOADER_set_ctrl,
 OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find,
 OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof,
 OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close,
 OSSL_STORE_register_loader, OSSL_STORE_unregister_loader,
-OSSL_STORE_open_fn, OSSL_STORE_open_with_libctx_fn,
+OSSL_STORE_open_fn, OSSL_STORE_open_ex_fn,
 OSSL_STORE_attach_fn, OSSL_STORE_ctrl_fn,
 OSSL_STORE_expect_fn, OSSL_STORE_find_fn,
 OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn,
@@ -69,11 +69,11 @@ L<openssl_user_macros(7)>:
      const char *uri, const UI_METHOD *ui_method, void *ui_data);
  int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader,
                                 OSSL_STORE_open_fn store_open_function);
- typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_with_libctx_fn)(
+ typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_ex_fn)(
      const char *uri, const UI_METHOD *ui_method, void *ui_data);
- int OSSL_STORE_LOADER_set_open_with_libctx
+ int OSSL_STORE_LOADER_set_open_ex
      (OSSL_STORE_LOADER *store_loader,
-      OSSL_STORE_open_with_libctx_fn store_open_with_libctx_function);
+      OSSL_STORE_open_ex_fn store_open_ex_function);
  typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn)
      (const OSSL_STORE_LOADER *loader, BIO *bio,
       OPENSSL_CTX *libctx, const char *propq,
@@ -113,7 +113,7 @@ L<openssl_user_macros(7)>:
 =head1 DESCRIPTION
 
 B<OSSL_STORE_LOADER> is a method for OSSL_STORE loaders, which implement
-OSSL_STORE_open(), OSSL_STORE_open_with_libctx(), OSSL_STORE_load(),
+OSSL_STORE_open(), OSSL_STORE_open_ex(), OSSL_STORE_load(),
 OSSL_STORE_eof(), OSSL_STORE_error() and OSSL_STORE_close() for specific
 storage schemes.
 
@@ -156,7 +156,7 @@ provider implementations, see L<provider-storemgmt(7)>.
 B<OSSL_STORE_LOADER_CTX> is a type template, to be defined by each loader
 using C<struct ossl_store_loader_ctx_st { ... }>.
 
-B<OSSL_STORE_open_fn>, B<OSSL_STORE_open_with_libctx_fn>,
+B<OSSL_STORE_open_fn>, B<OSSL_STORE_open_ex_fn>,
 B<OSSL_STORE_ctrl_fn>, B<OSSL_STORE_expect_fn>, B<OSSL_STORE_find_fn>,
 B<OSSL_STORE_load_fn>, B<OSSL_STORE_eof_fn>, and B<OSSL_STORE_close_fn>
 are the function pointer types used within a STORE loader.
@@ -164,9 +164,9 @@ The functions pointed at define the functionality of the given loader.
 
 =over 4
 
-=item B<OSSL_STORE_open_fn> and B<OSSL_STORE_open_with_libctx_fn>
+=item B<OSSL_STORE_open_fn> and B<OSSL_STORE_open_ex_fn>
 
-B<OSSL_STORE_open_with_libctx_fn> takes a URI and is expected to
+B<OSSL_STORE_open_ex_fn> takes a URI and is expected to
 interpret it in the best manner possible according to the scheme the
 loader implements.  It also takes a B<UI_METHOD> and associated data,
 to be used any time something needs to be prompted for, as well as a
@@ -178,13 +178,13 @@ see above), and to return it.
 If something goes wrong, this function is expected to return NULL.
 
 B<OSSL_STORE_open_fn> does the same thing as
-B<OSSL_STORE_open_with_libctx_fn> but uses NULL for the library
+B<OSSL_STORE_open_ex_fn> but uses NULL for the library
 context I<libctx> and property query I<propq>.
 
 =item B<OSSL_STORE_attach_fn>
 
 This function takes a B<BIO>, otherwise works like
-B<OSSL_STORE_open_with_libctx_fn>.
+B<OSSL_STORE_open_ex_fn>.
 
 =item B<OSSL_STORE_ctrl_fn>
 
@@ -274,7 +274,7 @@ OSSL_STORE_LOADER_get0_scheme() returns the scheme of the I<store_loader>.
 OSSL_STORE_LOADER_set_open() sets the opener function for the
 I<store_loader>.
 
-OSSL_STORE_LOADER_set_open_with_libctx() sets the opener with library context
+OSSL_STORE_LOADER_set_open_ex() sets the opener with library context
 function for the I<store_loader>.
 
 OSSL_STORE_LOADER_set_attach() sets the attacher function for the
@@ -299,7 +299,7 @@ OSSL_STORE_LOADER_free() frees the given I<store_loader>.
 
 OSSL_STORE_register_loader() register the given I<store_loader> and
 thereby makes it available for use with OSSL_STORE_open(),
-OSSL_STORE_open_with_libctx(), OSSL_STORE_load(), OSSL_STORE_eof()
+OSSL_STORE_open_ex(), OSSL_STORE_load(), OSSL_STORE_eof()
 and OSSL_STORE_close().
 
 OSSL_STORE_unregister_loader() unregister the store loader for the given
@@ -326,16 +326,16 @@ otherwise 0.
 OSSL_STORE_LOADER_number() returns an integer.
 
 The functions with the types B<OSSL_STORE_open_fn>,
-B<OSSL_STORE_open_with_libctx_fn>, B<OSSL_STORE_ctrl_fn>,
+B<OSSL_STORE_open_ex_fn>, B<OSSL_STORE_ctrl_fn>,
 B<OSSL_STORE_expect_fn>, B<OSSL_STORE_load_fn>, B<OSSL_STORE_eof_fn>
 and B<OSSL_STORE_close_fn> have the same return values as OSSL_STORE_open(),
-OSSL_STORE_open_with_libctx(), OSSL_STORE_ctrl(), OSSL_STORE_expect(),
+OSSL_STORE_open_ex(), OSSL_STORE_ctrl(), OSSL_STORE_expect(),
 OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close(), respectively.
 
 OSSL_STORE_LOADER_new() returns a pointer to a B<OSSL_STORE_LOADER> on success,
 or NULL on failure.
 
-OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_open_with_libctx(),
+OSSL_STORE_LOADER_set_open(), OSSL_STORE_LOADER_set_open_ex(),
 OSSL_STORE_LOADER_set_ctrl(), OSSL_STORE_LOADER_set_load(),
 OSSL_STORE_LOADER_set_eof() and OSSL_STORE_LOADER_set_close() return 1
 on success, or 0 on failure.
@@ -358,7 +358,7 @@ OSSL_STORE_LOADER_properties(), OSSL_STORE_LOADER_is_a(),
 OSSL_STORE_LOADER_number(), OSSL_STORE_LOADER_do_all_provided() and
 OSSL_STORE_LOADER_names_do_all() were added in OpenSSL 3.0.
 
-OSSL_STORE_open_with_libctx_fn() was added in OpenSSL 3.0.
+OSSL_STORE_open_ex_fn() was added in OpenSSL 3.0.
 
 B<OSSL_STORE_LOADER>, B<OSSL_STORE_LOADER_CTX>, OSSL_STORE_LOADER_new(),
 OSSL_STORE_LOADER_set0_scheme(), OSSL_STORE_LOADER_set_open(),
diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod
index 4269dea20a..cd6f7cac74 100644
--- a/doc/man3/OSSL_STORE_open.pod
+++ b/doc/man3/OSSL_STORE_open.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn,
-OSSL_STORE_open, OSSL_STORE_open_with_libctx,
+OSSL_STORE_open, OSSL_STORE_open_ex,
 OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof,
 OSSL_STORE_error, OSSL_STORE_close
 - Types and functions to read objects from a URI
@@ -22,11 +22,10 @@ OSSL_STORE_error, OSSL_STORE_close
                                  OSSL_STORE_post_process_info_fn post_process,
                                  void *post_process_data);
  OSSL_STORE_CTX *
- OSSL_STORE_open_with_libctx(const char *uri,
-                             OPENSSL_CTX *libctx, const char *propq,
-                             const UI_METHOD *ui_method, void *ui_data,
-                             OSSL_STORE_post_process_info_fn post_process,
-                             void *post_process_data);
+ OSSL_STORE_open_ex(const char *uri, OPENSSL_CTX *libctx, const char *propq,
+                    const UI_METHOD *ui_method, void *ui_data,
+                    OSSL_STORE_post_process_info_fn post_process,
+                    void *post_process_data);
 
  OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
  int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
@@ -54,13 +53,13 @@ described in L<OSSL_STORE_INFO(3)>.
 =head2 Types
 
 B<OSSL_STORE_CTX> is a context variable that holds all the internal
-information for OSSL_STORE_open(), OSSL_STORE_open_with_libctx(),
+information for OSSL_STORE_open(), OSSL_STORE_open_ex(),
 OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() to work
 together.
 
 =head2 Functions
 
-OSSL_STORE_open_with_libctx() takes a uri or path I<uri>, password UI method
+OSSL_STORE_open_ex() takes a uri or path I<uri>, password UI method
 I<ui_method> with associated data I<ui_data>, and post processing
 callback I<post_process> with associated data I<post_process_data>,
 a library context I<libctx> with an associated property query I<propq>,
@@ -76,7 +75,7 @@ will cause OSSL_STORE_load() to start its process over with loading
 the next object, until I<post_process> returns something other than
 NULL, or the end of data is reached as indicated by OSSL_STORE_eof().
 
-OSSL_STORE_open() is similar to OSSL_STORE_open_with_libctx() but uses NULL for
+OSSL_STORE_open() is similar to OSSL_STORE_open_ex() but uses NULL for
 the library context I<libctx> and property query I<propq>.
 
 OSSL_STORE_ctrl() takes a B<OSSL_STORE_CTX>, and command number I<cmd> and
@@ -159,7 +158,7 @@ L<passphrase-encoding(7)>
 
 =head1 HISTORY
 
-OSSL_STORE_open_with_libctx() was added in OpenSSL 3.0.
+OSSL_STORE_open_ex() was added in OpenSSL 3.0.
 
 B<OSSL_STORE_CTX>, OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(),
 OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close()
@@ -168,7 +167,7 @@ were added in OpenSSL 1.1.1.
 Handling of NULL I<ctx> argument for OSSL_STORE_close()
 was introduced in OpenSSL 1.1.1h.
 
-OSSL_STORE_open_with_libctx() was added in OpenSSL 3.0.
+OSSL_STORE_open_ex() was added in OpenSSL 3.0.
 
 OSSL_STORE_ctrl() and OSSL_STORE_vctrl() were deprecated in OpenSSL 3.0.
 
diff --git a/doc/man3/PEM_X509_INFO_read_bio_ex.pod b/doc/man3/PEM_X509_INFO_read_bio_ex.pod
new file mode 100644
index 0000000000..e8eb00aad0
--- /dev/null
+++ b/doc/man3/PEM_X509_INFO_read_bio_ex.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+PEM_X509_INFO_read_bio_ex, PEM_X509_INFO_read_ex
+- read a PEM-encoded data structure from a bio into one or more B<X509_INFO>
+object's
+
+=head1 SYNOPSIS
+
+ #include <openssl/pem.h>
+
+ STACK_OF(X509_INFO) *PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u,
+                                            OPENSSL_CTX *libctx,
+                                            const char *propq);
+
+ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_ex(BIO *bio,
+                                                STACK_OF(X509_INFO) *sk,
+                                                pem_password_cb *cb, void *u,
+                                                OPENSSL_CTX *libctx,
+                                                const char *propq);
+
+=head1 DESCRIPTION
+
+The loaded B<X509_INFO> object's can contain a CRL, a certificate and a
+corresponding private key.
+
+PEM_X509_INFO_read_ex() loads the B<X509_INFO> objects from a file I<fp>.
+The library context I<libctx> and property query <propq> are used for fetching
+algorithms from providers.
+
+PEM_X509_INFO_read_bio_ex loads the B<X509_INFO> objects using a bio
+I<bp>. The library context I<libctx> and property query <propq> are used for
+fetching algorithms from providers.
+
+
+=head1 RETURN VALUES
+
+PEM_X509_INFO_read_ex() and PEM_X509_INFO_read_bio_ex() return
+a stack of B<X509_INFO> objects or NULL on failure.
+
+=head1 SEE ALSO
+
+L<PEM_read_bio_ex(3)>,
+L<passphrase-encoding(7)>
+
+=head1 HISTORY
+
+The functions PEM_X509_INFO_read_ex() and
+PEM_X509_INFO_read_bio_ex() were added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod b/doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod
deleted file mode 100644
index 6c729109e3..0000000000
--- a/doc/man3/PEM_X509_INFO_read_bio_with_libctx.pod
+++ /dev/null
@@ -1,65 +0,0 @@
-=pod
-
-=head1 NAME
-
-PEM_X509_INFO_read_bio_with_libctx, PEM_X509_INFO_read_with_libctx
-- read a PEM-encoded data structure from a bio into one or more B<X509_INFO>
-object's
-
-=head1 SYNOPSIS
-
- #include <openssl/pem.h>
-
- STACK_OF(X509_INFO) *PEM_X509_INFO_read_with_libctx(FILE *fp,
-                                                     STACK_OF(X509_INFO) *sk,
-                                                     pem_password_cb *cb,
-                                                     void *u,
-                                                     OPENSSL_CTX *libctx,
-                                                     const char *propq);
-
- STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_with_libctx(BIO *bio,
-                                                         STACK_OF(X509_INFO) *sk,
-                                                         pem_password_cb *cb,
-                                                         void *u,
-                                                         OPENSSL_CTX *libctx,
-                                                         const char *propq);
-
-=head1 DESCRIPTION
-
-The loaded B<X509_INFO> object's can contain a CRL, a certificate and a
-corresponding private key.
-
-PEM_X509_INFO_read_with_libctx() loads the B<X509_INFO> objects from a file I<fp>.
-The library context I<libctx> and property query <propq> are used for fetching
-algorithms from providers.
-
-PEM_X509_INFO_read_bio_with_libctx loads the B<X509_INFO> objects using a bio
-I<bp>. The library context I<libctx> and property query <propq> are used for
-fetching algorithms from providers.
-
-
-=head1 RETURN VALUES
-
-PEM_X509_INFO_read_with_libctx() and PEM_X509_INFO_read_bio_with_libctx() return
-a stack of B<X509_INFO> objects or NULL on failure.
-
-=head1 SEE ALSO
-
-L<PEM_read_bio_ex(3)>,
-L<passphrase-encoding(7)>
-
-=head1 HISTORY
-
-The functions PEM_X509_INFO_read_with_libctx() and
-PEM_X509_INFO_read_bio_with_libctx() were added in OpenSSL 3.0.
-
-=head1 COPYRIGHT
-
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License").  You may not use
-this file except in compliance with the License.  You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod
index 26f03b5b0d..ddfde85988 100644
--- a/doc/man3/PEM_read_bio_PrivateKey.pod
+++ b/doc/man3/PEM_read_bio_PrivateKey.pod
@@ -436,7 +436,7 @@ most of them are set to 0 or NULL.
 
 To read a certificate with a library context in PEM format from a BIO:
 
- X509 *x = X509_new_with_libctx(libctx, NULL);
+ X509 *x = X509_new_ex(libctx, NULL);
 
  if (x == NULL)
      /* Error */
diff --git a/doc/man3/PKCS7_encrypt.pod b/doc/man3/PKCS7_encrypt.pod
index 36d638c8c6..ff23d1b554 100644
--- a/doc/man3/PKCS7_encrypt.pod
+++ b/doc/man3/PKCS7_encrypt.pod
@@ -2,22 +2,22 @@
 
 =head1 NAME
 
-PKCS7_encrypt_with_libctx, PKCS7_encrypt
+PKCS7_encrypt_ex, PKCS7_encrypt
 - create a PKCS#7 envelopedData structure
 
 =head1 SYNOPSIS
 
  #include <openssl/pkcs7.h>
 
- PKCS7 *PKCS7_encrypt_with_libctx(STACK_OF(X509) *certs, BIO *in,
-                                  const EVP_CIPHER *cipher, int flags,
-                                  OPENSSL_CTX *libctx, const char *propq);
+ PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+                         const EVP_CIPHER *cipher, int flags,
+                         OPENSSL_CTX *libctx, const char *propq);
  PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                       int flags);
 
 =head1 DESCRIPTION
 
-PKCS7_encrypt_with_libctx() creates and returns a PKCS#7 envelopedData structure.
+PKCS7_encrypt_ex() creates and returns a PKCS#7 envelopedData structure.
 I<certs> is a list of recipient certificates. I<in> is the content to be
 encrypted. I<cipher> is the symmetric cipher to use. I<flags> is an optional set
 of flags. The library context I<libctx> and the property query I<propq> are used
@@ -66,12 +66,12 @@ PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization
 can be performed by obtaining the streaming ASN1 B<BIO> directly using
 BIO_new_PKCS7().
 
-PKCS7_encrypt() is similar to PKCS7_encrypt_with_libctx() but uses default
+PKCS7_encrypt() is similar to PKCS7_encrypt_ex() but uses default
 values of NULL for the library context I<libctx> and the property query I<propq>.
 
 =head1 RETURN VALUES
 
-PKCS7_encrypt_with_libctx() and PKCS7_encrypt() return either a PKCS7 structure
+PKCS7_encrypt_ex() and PKCS7_encrypt() return either a PKCS7 structure
 or NULL if an error occurred. The error can be obtained from ERR_get_error(3).
 
 =head1 SEE ALSO
@@ -80,7 +80,7 @@ L<ERR_get_error(3)>, L<PKCS7_decrypt(3)>
 
 =head1 HISTORY
 
-The function PKCS7_encrypt_with_libctx() was added in OpenSSL 3.0.
+The function PKCS7_encrypt_ex() was added in OpenSSL 3.0.
 
 The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0.
 
diff --git a/doc/man3/PKCS7_sign.pod b/doc/man3/PKCS7_sign.pod
index c5d6fd73c3..43a76e7e59 100644
--- a/doc/man3/PKCS7_sign.pod
+++ b/doc/man3/PKCS7_sign.pod
@@ -2,22 +2,22 @@
 
 =head1 NAME
 
-PKCS7_sign_with_libctx, PKCS7_sign
+PKCS7_sign_ex, PKCS7_sign
 - create a PKCS#7 signedData structure
 
 =head1 SYNOPSIS
 
  #include <openssl/pkcs7.h>
 
- PKCS7 *PKCS7_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey,
-                               STACK_OF(X509) *certs, BIO *data, int flags,
-                               OPENSSL_CTX *libctx, const char *propq);
+ PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                      BIO *data, int flags, OPENSSL_CTX *libctx,
+                      const char *propq);
  PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                    BIO *data, int flags);
 
 =head1 DESCRIPTION
 
-PKCS7_sign_with_libctx() creates and returns a PKCS#7 signedData structure.
+PKCS7_sign_ex() creates and returns a PKCS#7 signedData structure.
 I<igncert> is the certificate to sign with, Ipkey> is the corresponding
 private key. I<certs> is an optional additional set of certificates to include
 in the PKCS#7 structure (for example any intermediate CAs in the chain). The
@@ -94,7 +94,7 @@ PKCS#7 structure is output.
 In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must
 B<NOT> be NULL.
 
-PKCS7_sign() is similar to PKCS7_sign_with_libctx() but uses default values of
+PKCS7_sign() is similar to PKCS7_sign_ex() but uses default values of
 NULL for the library context I<libctx> and the property query I<propq>.
 
 =head1 BUGS
@@ -103,7 +103,7 @@ Some advanced attributes such as counter signatures are not supported.
 
 =head1 RETURN VALUES
 
-PKCS7_sign_with_libctx() and PKCS7_sign() return either a valid PKCS7 structure
+PKCS7_sign_ex() and PKCS7_sign() return either a valid PKCS7 structure
 or NULL if an error occurred.  The error can be obtained from ERR_get_error(3).
 
 =head1 SEE ALSO
@@ -112,7 +112,7 @@ L<ERR_get_error(3)>, L<PKCS7_verify(3)>
 
 =head1 HISTORY
 
-The function PKCS7_sign_with_libctx() was added in OpenSSL 3.0.
+The function PKCS7_sign_ex() was added in OpenSSL 3.0.
 
 The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>,
 and B<pkey> parameters to be B<NULL> were added in OpenSSL 1.0.0.
diff --git a/doc/man3/SMIME_read_ASN1.pod b/doc/man3/SMIME_read_ASN1.pod
index 5b995f1aee..189c1ef5e4 100644
--- a/doc/man3/SMIME_read_ASN1.pod
+++ b/doc/man3/SMIME_read_ASN1.pod
@@ -59,7 +59,7 @@ L<ERR_get_error(3)>,
 L<SMIME_read_CMS_ex(3)>,
 L<SMIME_read_PKCS7_ex(3)>,
 L<SMIME_write_ASN1(3)>,
-L<SMIME_write_ASN1_with_libctx(3)>
+L<SMIME_write_ASN1_ex(3)>
 
 =head1 HISTORY
 
diff --git a/doc/man3/SMIME_read_CMS.pod b/doc/man3/SMIME_read_CMS.pod
index c7ca845eee..36ef6dc846 100644
--- a/doc/man3/SMIME_read_CMS.pod
+++ b/doc/man3/SMIME_read_CMS.pod
@@ -27,7 +27,7 @@ error occurred.
 SMIME_read_CMS_ex() is similar to SMIME_read_CMS() but can optionally supply a
 previously created I<cms> CMS_ContentInfo object. If I<cms> is NULL then it is
 identical to SMIME_read_CMS().
-To create a I<cms> object use L<CMS_ContentInfo_new_with_libctx(3)>.
+To create a I<cms> object use L<CMS_ContentInfo_new_ex(3)>.
 
 =head1 NOTES
 
diff --git a/doc/man3/SMIME_read_PKCS7.pod b/doc/man3/SMIME_read_PKCS7.pod
index 791c49ff75..c2d422c512 100644
--- a/doc/man3/SMIME_read_PKCS7.pod
+++ b/doc/man3/SMIME_read_PKCS7.pod
@@ -27,7 +27,7 @@ error occurred.
 SMIME_read_PKCS7_ex() is similar to SMIME_read_PKCS7() but can optionally supply
 a previously created I<p7> PKCS#7 object. If I<p7> is NULL then it is identical
 to SMIME_read_PKCS7().
-To create a I<p7> object use L<PKCS7_new_with_libctx(3)>.
+To create a I<p7> object use L<PKCS7_new_ex(3)>.
 
 =head1 NOTES
 
diff --git a/doc/man3/SMIME_write_ASN1.pod b/doc/man3/SMIME_write_ASN1.pod
index 5f46ce1b45..41e2e557b6 100644
--- a/doc/man3/SMIME_write_ASN1.pod
+++ b/doc/man3/SMIME_write_ASN1.pod
@@ -2,17 +2,17 @@
 
 =head1 NAME
 
-SMIME_write_ASN1_with_libctx, SMIME_write_ASN1
+SMIME_write_ASN1_ex, SMIME_write_ASN1
 - convert structure to S/MIME format
 
 =head1 SYNOPSIS
 
  #include <openssl/asn1.h>
 
- int SMIME_write_ASN1_with_libctx(BIO *out,
-     ASN1_VALUE *val, BIO *data, int flags, int ctype_nid, int econt_nid,
-     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it,
-     OPENSSL_CTX *libctx, const char *propq);
+ int SMIME_write_ASN1_ex(BIO *out, ASN1_VALUE *val, BIO *data, int flags,
+                         int ctype_nid, int econt_nid,
+                         STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it,
+                         OPENSSL_CTX *libctx, const char *propq);
 
  int SMIME_write_ASN1(BIO *out,
      ASN1_VALUE *val, BIO *data, int flags, int ctype_nid, int econt_nid,
@@ -20,7 +20,7 @@ SMIME_write_ASN1_with_libctx, SMIME_write_ASN1
 
 =head1 DESCRIPTION
 
-SMIME_write_ASN1_with_libctx() adds the appropriate MIME headers to an object
+SMIME_write_ASN1_ex() adds the appropriate MIME headers to an object
 structure to produce an S/MIME message.
 
 I<out> is the BIO to write the data to. I<value> is the appropriate ASN1_VALUE
@@ -61,7 +61,7 @@ content where the content is absent and DER format is used.
 
 =head1 RETURN VALUES
 
-SMIME_write_ASN1_with_libctx() and SMIME_write_ASN1() return 1 for success or
+SMIME_write_ASN1_ex() and SMIME_write_ASN1() return 1 for success or
 0 for failure.
 
 =head1 SEE ALSO
diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod
index 5e50f1b449..e15f3e1da2 100644
--- a/doc/man3/SSL_CTX_new.pod
+++ b/doc/man3/SSL_CTX_new.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
-SSL_CTX_new, SSL_CTX_new_with_libctx, SSL_CTX_up_ref, SSLv3_method,
+SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_up_ref, SSLv3_method,
 SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method,
 TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method,
 TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method,
@@ -18,8 +18,8 @@ functions
 
  #include <openssl/ssl.h>
 
- SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
-                                  const SSL_METHOD *method);
+ SSL_CTX *SSL_CTX_new_ex(OPENSSL_CTX *libctx, const char *propq,
+                         const SSL_METHOD *method);
  SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
  int SSL_CTX_up_ref(SSL_CTX *ctx);
 
@@ -73,7 +73,7 @@ functions
 
 =head1 DESCRIPTION
 
-SSL_CTX_new_with_libctx() creates a new B<SSL_CTX> object as a framework to
+SSL_CTX_new_ex() creates a new B<SSL_CTX> object as a framework to
 establish TLS/SSL or DTLS enabled connections using the library context
 I<libctx> (see L<OPENSSL_CTX(3)>). Any cryptographic algorithms that are used
 by any B<SSL> objects created from this B<SSL_CTX> will be fetched from the
@@ -81,7 +81,7 @@ I<libctx> using the property query string I<propq> (see
 L<provider(7)/Fetching algorithms>. Either or both the I<libctx> or I<propq>
 parameters may be NULL.
 
-SSL_CTX_new() does the same as SSL_CTX_new_with_libctx() except that the default
+SSL_CTX_new() does the same as SSL_CTX_new_ex() except that the default
 library context is used and no property query string is specified.
 
 An B<SSL_CTX> object is reference counted. Creating an B<SSL_CTX> object for the
@@ -224,7 +224,7 @@ and TLS_client_method() functions were added in OpenSSL 1.1.0.
 
 All version-specific methods were deprecated in OpenSSL 1.1.0.
 
-SSL_CTX_new_with_libctx() was added in OpenSSL 3.0.
+SSL_CTX_new_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/SSL_load_client_CA_file.pod b/doc/man3/SSL_load_client_CA_file.pod
index c3f0cd80f9..c3b20d9b6b 100644
--- a/doc/man3/SSL_load_client_CA_file.pod
+++ b/doc/man3/SSL_load_client_CA_file.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-SSL_load_client_CA_file_with_libctx, SSL_load_client_CA_file,
+SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
 SSL_add_file_cert_subjects_to_stack,
 SSL_add_dir_cert_subjects_to_stack,
 SSL_add_store_cert_subjects_to_stack
@@ -12,9 +12,9 @@ SSL_add_store_cert_subjects_to_stack
 
  #include <openssl/ssl.h>
 
- STACK_OF(X509_NAME) *SSL_load_client_CA_file_with_libctx(const char *file,
-                                                          OPENSSL_CTX *libctx,
-                                                          const char *propq);
+ STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
+                                                 OPENSSL_CTX *libctx,
+                                                 const char *propq);
  STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 
  int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
@@ -26,11 +26,11 @@ SSL_add_store_cert_subjects_to_stack
 
 =head1 DESCRIPTION
 
-SSL_load_client_CA_file_with_libctx() reads certificates from I<file> and returns
+SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
 a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
 and property query <propq> are used when fetching algorithms from providers.
 
-SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_with_libctx()
+SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
 but uses NULL for the library context I<libctx> and property query <propq>.
 
 SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
@@ -91,7 +91,7 @@ L<SSL_CTX_set_client_CA_list(3)>
 
 =head1 HISTORY
 
-SSL_load_client_CA_file_with_libctx() and SSL_add_store_cert_subjects_to_stack()
+SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
 were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man3/X509_LOOKUP.pod b/doc/man3/X509_LOOKUP.pod
index a89b94aa48..69d6315ffe 100644
--- a/doc/man3/X509_LOOKUP.pod
+++ b/doc/man3/X509_LOOKUP.pod
@@ -6,13 +6,13 @@ X509_LOOKUP, X509_LOOKUP_TYPE,
 X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init,
 X509_LOOKUP_shutdown,
 X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data,
-X509_LOOKUP_ctrl_with_libctx, X509_LOOKUP_ctrl,
-X509_LOOKUP_load_file_with_libctx, X509_LOOKUP_load_file,
+X509_LOOKUP_ctrl_ex, X509_LOOKUP_ctrl,
+X509_LOOKUP_load_file_ex, X509_LOOKUP_load_file,
 X509_LOOKUP_add_dir,
-X509_LOOKUP_add_store_with_libctx, X509_LOOKUP_add_store,
-X509_LOOKUP_load_store_with_libctx, X509_LOOKUP_load_store,
+X509_LOOKUP_add_store_ex, X509_LOOKUP_add_store,
+X509_LOOKUP_load_store_ex, X509_LOOKUP_load_store,
 X509_LOOKUP_get_store,
-X509_LOOKUP_by_subject_with_libctx, X509_LOOKUP_by_subject,
+X509_LOOKUP_by_subject_ex, X509_LOOKUP_by_subject,
 X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint,
 X509_LOOKUP_by_alias
 - OpenSSL certificate lookup mechanisms
@@ -33,29 +33,28 @@ X509_LOOKUP_by_alias
  int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
  void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
 
- int X509_LOOKUP_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, const char *argc,
-                                  long argl, char **ret, OPENSSL_CTX *libctx,
-                                  const char *propq);
+ int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                         char **ret, OPENSSL_CTX *libctx, const char *propq);
  int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                       long argl, char **ret);
- int X509_LOOKUP_load_file_with_libctx(X509_LOOKUP *ctx, char *name, long type,
-                                       OPENSSL_CTX *libctx, const char *propq);
+ int X509_LOOKUP_load_file_ex(X509_LOOKUP *ctx, char *name, long type,
+                              OPENSSL_CTX *libctx, const char *propq);
  int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type);
- int X509_LOOKUP_load_file_with_libctx(X509_LOOKUP *ctx, char *name, long type,
-                                       OPENSSL_CTX *libctx, const char *propq);
+ int X509_LOOKUP_load_file_ex(X509_LOOKUP *ctx, char *name, long type,
+                              OPENSSL_CTX *libctx, const char *propq);
  int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type);
- int X509_LOOKUP_add_store_with_libctx(X509_LOOKUP *ctx, char *uri,
-                                       OPENSSL_CTX *libctx, const char *propq);
+ int X509_LOOKUP_add_store_ex(X509_LOOKUP *ctx, char *uri, OPENSSL_CTX *libctx,
+                              const char *propq);
  int X509_LOOKUP_add_store(X509_LOOKUP *ctx, char *uri);
- int X509_LOOKUP_load_store_with_libctx(X509_LOOKUP *ctx, char *uri,
-                                        OPENSSL_CTX *libctx, const char *propq);
+ int X509_LOOKUP_load_store_ex(X509_LOOKUP *ctx, char *uri, OPENSSL_CTX *libctx,
+                               const char *propq);
  int X509_LOOKUP_load_store(X509_LOOKUP *ctx, char *uri);
 
  X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
 
- int X509_LOOKUP_by_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                                        const X509_NAME *name, X509_OBJECT *ret,
-                                        OPENSSL_CTX *libctx, const char *propq);
+ int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const X509_NAME *name, X509_OBJECT *ret,
+                               OPENSSL_CTX *libctx, const char *propq);
  int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
                             const X509_NAME *name, X509_OBJECT *ret);
  int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
@@ -91,7 +90,7 @@ X509_LOOKUP_set_method_data() and X509_LOOKUP_get_method_data()
 associates and retrieves a pointer to application data to and from the
 given B<X509_LOOKUP>, respectively.
 
-X509_LOOKUP_ctrl_with_libctx() is used to set or get additional data to or from
+X509_LOOKUP_ctrl_ex() is used to set or get additional data to or from
 a B<X509_LOOKUP> structure or its associated L<X509_LOOKUP_METHOD(3)>.
 The arguments of the control command are passed via I<argc> and I<argl>,
 its return value via I<*ret>. The library context I<libctx> and property
@@ -102,17 +101,17 @@ wrapped by a macro call, see below.
 The control I<cmd>s known to OpenSSL are discussed in more depth
 in L</Control Commands>.
 
-X509_LOOKUP_ctrl() is similar to X509_LOOKUP_ctrl_with_libctx() but
+X509_LOOKUP_ctrl() is similar to X509_LOOKUP_ctrl_ex() but
 uses NULL for the library context I<libctx> and property query <propq>.
 
-X509_LOOKUP_load_file_with_libctx() passes a filename to be loaded immediately
+X509_LOOKUP_load_file_ex() passes a filename to be loaded immediately
 into the associated B<X509_STORE>. The library context I<libctx> and property
 query <propq> are used when fetching algorithms from providers.
 I<type> indicates what type of object is expected.
 This can only be used with a lookup using the implementation
 L<X509_LOOKUP_file(3)>.
 
-X509_LOOKUP_load_file() is similar to X509_LOOKUP_load_file_with_libctx() but
+X509_LOOKUP_load_file() is similar to X509_LOOKUP_load_file_ex() but
 uses NULL for the library context I<libctx> and property query <propq>.
 
 X509_LOOKUP_add_dir() passes a directory specification from which
@@ -122,31 +121,31 @@ I<type> indicates what type of object is expected.
 This can only be used with a lookup using the implementation
 L<X509_LOOKUP_hash_dir(3)>.
 
-X509_LOOKUP_add_store_with_libctx() passes a URI for a directory-like structure
+X509_LOOKUP_add_store_ex() passes a URI for a directory-like structure
 from which containers with certificates and CRLs are loaded on demand
 into the associated B<X509_STORE>. The library context I<libctx> and property
 query <propq> are used when fetching algorithms from providers.
 
-X509_LOOKUP_add_store() is similar to X509_LOOKUP_add_store_with_libctx() but
+X509_LOOKUP_add_store() is similar to X509_LOOKUP_add_store_ex() but
 uses NULL for the library context I<libctx> and property query <propq>.
 
-X509_LOOKUP_load_store_with_libctx() passes a URI for a single container from
+X509_LOOKUP_load_store_ex() passes a URI for a single container from
 which certificates and CRLs are immediately loaded into the associated
 B<X509_STORE>. The library context I<libctx> and property query <propq> are used
 when fetching algorithms from providers.
 These functions can only be used with a lookup using the
 implementation L<X509_LOOKUP_store(3)>.
 
-X509_LOOKUP_load_store() is similar to X509_LOOKUP_load_store_with_libctx() but
+X509_LOOKUP_load_store() is similar to X509_LOOKUP_load_store_ex() but
 uses NULL for the library context I<libctx> and property query <propq>.
 
-X509_LOOKUP_load_file_with_libctx(), X509_LOOKUP_load_file(),
+X509_LOOKUP_load_file_ex(), X509_LOOKUP_load_file(),
 X509_LOOKUP_add_dir(),
-X509_LOOKUP_add_store_with_libctx() X509_LOOKUP_add_store(),
-X509_LOOKUP_load_store_with_libctx() and X509_LOOKUP_load_store() are
+X509_LOOKUP_add_store_ex() X509_LOOKUP_add_store(),
+X509_LOOKUP_load_store_ex() and X509_LOOKUP_load_store() are
 implemented as macros that use X509_LOOKUP_ctrl().
 
-X509_LOOKUP_by_subject_with_libctx(), X509_LOOKUP_by_subject(),
+X509_LOOKUP_by_subject_ex(), X509_LOOKUP_by_subject(),
 X509_LOOKUP_by_issuer_serial(), X509_LOOKUP_by_fingerprint(), and
 X509_LOOKUP_by_alias() look up certificates and CRLs in the L<X509_STORE(3)>
 associated with the B<X509_LOOKUP> using different criteria, where the looked up
@@ -164,7 +163,7 @@ X509_LOOKUP_ctrl() I<cmd>s:
 
 =item B<X509_L_FILE_LOAD>
 
-This is the command that X509_LOOKUP_load_file_with_libctx() and
+This is the command that X509_LOOKUP_load_file_ex() and
 X509_LOOKUP_load_file() use.
 The filename is passed in I<argc>, and the type in I<argl>.
 
@@ -176,13 +175,13 @@ I<argl>.
 
 =item B<X509_L_ADD_STORE>
 
-This is the command that X509_LOOKUP_add_store_with_libctx() and
+This is the command that X509_LOOKUP_add_store_ex() and
 X509_LOOKUP_add_store() use.
 The URI is passed in I<argc>.
 
 =item B<X509_L_LOAD_STORE>
 
-This is the command that X509_LOOKUP_load_store_with_libctx() and
+This is the command that X509_LOOKUP_load_store_ex() and
 X509_LOOKUP_load_store() use.
 The URI is passed in I<argc>.
 
@@ -206,7 +205,7 @@ error.
 X509_LOOKUP_get_store() returns a B<X509_STORE> pointer if there is
 one, otherwise NULL.
 
-X509_LOOKUP_by_subject_with_libctx(), X509_LOOKUP_by_subject(),
+X509_LOOKUP_by_subject_ex(), X509_LOOKUP_by_subject(),
 X509_LOOKUP_by_issuer_serial(), X509_LOOKUP_by_fingerprint(), and
 X509_LOOKUP_by_alias() all return 0 if there is no B<X509_LOOKUP_METHOD> or that
 method doesn't implement the corresponding function.
@@ -220,11 +219,11 @@ L<X509_LOOKUP_METHOD(3)>, L<X509_STORE(3)>
 
 =head1 HISTORY
 
-The functions X509_LOOKUP_by_subject_with_libctx() and
-X509_LOOKUP_ctrl_with_libctx() were added in OpenSSL 3.0.
+The functions X509_LOOKUP_by_subject_ex() and
+X509_LOOKUP_ctrl_ex() were added in OpenSSL 3.0.
 
-The macros X509_LOOKUP_load_file_with_libctx(),
-X509_LOOKUP_load_store_with_libctx() and 509_LOOKUP_add_store_with_libctx() were
+The macros X509_LOOKUP_load_file_ex(),
+X509_LOOKUP_load_store_ex() and 509_LOOKUP_add_store_ex() were
 added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man3/X509_LOOKUP_hash_dir.pod b/doc/man3/X509_LOOKUP_hash_dir.pod
index 7077b9b59e..788045fb4b 100644
--- a/doc/man3/X509_LOOKUP_hash_dir.pod
+++ b/doc/man3/X509_LOOKUP_hash_dir.pod
@@ -3,9 +3,9 @@
 =head1 NAME
 
 X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store,
-X509_load_cert_file_with_libctx, X509_load_cert_file,
+X509_load_cert_file_ex, X509_load_cert_file,
 X509_load_crl_file,
-X509_load_cert_crl_file_with_libctx, X509_load_cert_crl_file
+X509_load_cert_crl_file_ex, X509_load_cert_crl_file
 - Default OpenSSL certificate lookup methods
 
 =head1 SYNOPSIS
@@ -16,14 +16,12 @@ X509_load_cert_crl_file_with_libctx, X509_load_cert_crl_file
  X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
  X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
 
- int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file,
-                                     int type, OPENSSL_CTX *libctx,
-                                     const char *propq);
+ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+                            OPENSSL_CTX *libctx, const char *propq);
  int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
  int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
- int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file,
-                                         int type, OPENSSL_CTX *libctx,
-                                         const char *propq);
+ int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+                                OPENSSL_CTX *libctx, const char *propq);
  int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 
 =head1 DESCRIPTION
@@ -151,8 +149,8 @@ L<ossl_store(7)>
 
 =head1 HISTORY
 
-The functions X509_load_cert_file_with_libctx(),
-X509_load_cert_crl_file_with_libctx() and X509_LOOKUP_store() were added in
+The functions X509_load_cert_file_ex(),
+X509_load_cert_crl_file_ex() and X509_LOOKUP_store() were added in
 OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod
index e34be08b89..96060fcc7e 100644
--- a/doc/man3/X509_STORE_CTX_new.pod
+++ b/doc/man3/X509_STORE_CTX_new.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-X509_STORE_CTX_new_with_libctx, X509_STORE_CTX_new, X509_STORE_CTX_cleanup,
+X509_STORE_CTX_new_ex, X509_STORE_CTX_new, X509_STORE_CTX_cleanup,
 X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack,
 X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls,
 X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain,
@@ -18,8 +18,7 @@ X509_STORE_CTX_verify_fn
 
  #include <openssl/x509_vfy.h>
 
- X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
-                                                const char *propq);
+ X509_STORE_CTX *X509_STORE_CTX_new_ex(OPENSSL_CTX *libctx, const char *propq);
  X509_STORE_CTX *X509_STORE_CTX_new(void);
  void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
  void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
@@ -51,13 +50,13 @@ X509_STORE_CTX_verify_fn
 These functions initialise an B<X509_STORE_CTX> structure for subsequent use
 by X509_verify_cert().
 
-X509_STORE_CTX_new_with_libctx() returns a newly initialised B<X509_STORE_CTX>
+X509_STORE_CTX_new_ex() returns a newly initialised B<X509_STORE_CTX>
 structure associated with the specified library context I<libctx> and property
 query string I<propq>. Any cryptographic algorithms fetched while performing
 processing with the X509_STORE_CTX will use that library context and property
 query string.
 
-X509_STORE_CTX_new() is the same as X509_STORE_CTX_new_with_libctx() except that
+X509_STORE_CTX_new() is the same as X509_STORE_CTX_new_ex() except that
 the default library context and a NULL property query string are used.
 
 X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure.
@@ -170,7 +169,7 @@ L<X509_VERIFY_PARAM_set_flags(3)>
 
 The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0.
 The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0.
-The X509_STORE_CTX_new_with_libctx() function was added in OpenSSL 3.0.
+The X509_STORE_CTX_new_ex() function was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod
index 011cd94711..5f16ee09b9 100644
--- a/doc/man3/X509_STORE_add_cert.pod
+++ b/doc/man3/X509_STORE_add_cert.pod
@@ -6,10 +6,10 @@ X509_STORE,
 X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth,
 X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust,
 X509_STORE_add_lookup,
-X509_STORE_load_file_with_libctx, X509_STORE_load_file, X509_STORE_load_path,
-X509_STORE_load_store_with_libctx, X509_STORE_load_store,
-X509_STORE_set_default_paths_with_libctx, X509_STORE_set_default_paths,
-X509_STORE_load_locations_with_libctx, X509_STORE_load_locations
+X509_STORE_load_file_ex, X509_STORE_load_file, X509_STORE_load_path,
+X509_STORE_load_store_ex, X509_STORE_load_store,
+X509_STORE_set_default_paths_ex, X509_STORE_set_default_paths,
+X509_STORE_load_locations_ex, X509_STORE_load_locations
 - X509_STORE manipulation
 
 =head1 SYNOPSIS
@@ -28,21 +28,19 @@ X509_STORE_load_locations_with_libctx, X509_STORE_load_locations
  X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store,
                                     X509_LOOKUP_METHOD *meth);
 
- int X509_STORE_set_default_paths_with_libctx(X509_STORE *ctx,
-                                              OPENSSL_CTX *libctx,
-                                              const char *propq);
+ int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OPENSSL_CTX *libctx,
+                                     const char *propq);
  int X509_STORE_set_default_paths(X509_STORE *ctx);
- int X509_STORE_load_file_with_libctx(X509_STORE *ctx, const char *file,
-                                     OPENSSL_CTX *libctx, const char *propq);
+ int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+                             OPENSSL_CTX *libctx, const char *propq);
  int X509_STORE_load_file(X509_STORE *ctx, const char *file);
  int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
- int X509_STORE_load_store_with_libctx(X509_STORE *ctx, const char *uri,
-                                       OPENSSL_CTX *libctx, const char *propq);
+ int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri,
+                              OPENSSL_CTX *libctx, const char *propq);
  int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
- int X509_STORE_load_locations_with_libctx(X509_STORE *ctx,
-                                           const char *file, const char *dir,
-                                           OPENSSL_CTX *libctx,
-                                           const char *propq);
+ int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
+                                  const char *dir, OPENSSL_CTX *libctx,
+                                  const char *propq);
  int X509_STORE_load_locations(X509_STORE *ctx,
                                const char *file, const char *dir);
 
@@ -93,11 +91,11 @@ L<X509_LOOKUP_METHOD(3)> I<meth> and adds it to the B<X509_STORE>
 I<store>.  This also associates the B<X509_STORE> with the lookup, so
 B<X509_LOOKUP> functions can look up objects in that store.
 
-X509_STORE_load_file_with_libctx() loads trusted certificate(s) into an
+X509_STORE_load_file_ex() loads trusted certificate(s) into an
 B<X509_STORE> from a given file. The library context I<libctx> and property
 query <propq> are used when fetching algorithms from providers.
 
-X509_STORE_load_file() is similar to X509_STORE_load_file_with_libctx() but
+X509_STORE_load_file() is similar to X509_STORE_load_file_ex() but
 uses NULL for the library context I<libctx> and property query <propq>.
 
 X509_STORE_load_path() loads trusted certificate(s) into an
@@ -105,41 +103,41 @@ B<X509_STORE> from a given directory path.
 The certificates in the directory must be in hashed form, as
 documented in L<X509_LOOKUP_hash_dir(3)>.
 
-X509_STORE_load_store_with_libctx() loads trusted certificate(s) into an
+X509_STORE_load_store_ex() loads trusted certificate(s) into an
 B<X509_STORE> from a store at a given URI. The library context I<libctx> and
 property query <propq> are used when fetching algorithms from providers.
 
-X509_STORE_load_store() is similar to X509_STORE_load_store_with_libctx() but
+X509_STORE_load_store() is similar to X509_STORE_load_store_ex() but
 uses NULL for the library context I<libctx> and property query <propq>.
 
-X509_STORE_load_locations_with_libctx() combines
-X509_STORE_load_file_with_libctx() and X509_STORE_load_dir() for a given file
+X509_STORE_load_locations_ex() combines
+X509_STORE_load_file_ex() and X509_STORE_load_dir() for a given file
 and/or directory path.
 It is permitted to specify just a file, just a directory, or both
 paths.
 
-X509_STORE_load_locations() is similar to X509_STORE_load_locations_with_libctx()
+X509_STORE_load_locations() is similar to X509_STORE_load_locations_ex()
 but uses NULL for the library context I<libctx> and property query <propq>.
 
-X509_STORE_set_default_paths_with_libctx() is somewhat misnamed, in that it does
+X509_STORE_set_default_paths_ex() is somewhat misnamed, in that it does
 not set what default paths should be used for loading certificates.  Instead,
 it loads certificates into the B<X509_STORE> from the hardcoded default
 paths. The library context I<libctx> and property query <propq> are used when
 fetching algorithms from providers.
 
 X509_STORE_set_default_paths() is similar to
-X509_STORE_set_default_paths_with_libctx() but uses NULL for the library
+X509_STORE_set_default_paths_ex() but uses NULL for the library
 context I<libctx> and property query <propq>.
 
 =head1 RETURN VALUES
 
 X509_STORE_add_cert(), X509_STORE_add_crl(), X509_STORE_set_depth(),
 X509_STORE_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(),
-X509_STORE_load_file_with_libctx(), X509_STORE_load_file(),
+X509_STORE_load_file_ex(), X509_STORE_load_file(),
 X509_STORE_load_path(),
-X509_STORE_load_store_with_libctx(), X509_STORE_load_store(),
-X509_STORE_load_locations_with_libctx(), X509_STORE_load_locations(),
-X509_STORE_set_default_paths_with_libctx() and X509_STORE_set_default_paths()
+X509_STORE_load_store_ex(), X509_STORE_load_store(),
+X509_STORE_load_locations_ex(), X509_STORE_load_locations(),
+X509_STORE_set_default_paths_ex() and X509_STORE_set_default_paths()
 return 1 on success or 0 on failure.
 
 X509_STORE_add_lookup() returns the found or created
@@ -154,9 +152,9 @@ L<X509_STORE_get0_param(3)>
 
 =head1 HISTORY
 
-The functions X509_STORE_set_default_paths_with_libctx(),
-X509_STORE_load_file_with_libctx(), X509_STORE_load_store_with_libctx() and
-X509_STORE_load_locations_with_libctx() were added in OpenSSL 3.0.
+The functions X509_STORE_set_default_paths_ex(),
+X509_STORE_load_file_ex(), X509_STORE_load_store_ex() and
+X509_STORE_load_locations_ex() were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
index 76b77c1195..d3e164a6e0 100644
--- a/doc/man3/X509_dup.pod
+++ b/doc/man3/X509_dup.pod
@@ -29,7 +29,7 @@ CERTIFICATEPOLICIES_free,
 CERTIFICATEPOLICIES_new,
 CMS_ContentInfo_free,
 CMS_ContentInfo_new,
-CMS_ContentInfo_new_with_libctx,
+CMS_ContentInfo_new_ex,
 CMS_ContentInfo_print_ctx,
 CMS_ReceiptRequest_free,
 CMS_ReceiptRequest_new,
@@ -202,7 +202,7 @@ PKCS7_SIGN_ENVELOPE_free,
 PKCS7_SIGN_ENVELOPE_new,
 PKCS7_dup,
 PKCS7_free,
-PKCS7_new_with_libctx,
+PKCS7_new_ex,
 PKCS7_new,
 PKCS7_print_ctx,
 PKCS8_PRIV_KEY_INFO_free,
@@ -337,7 +337,7 @@ to generate the function bodies.
 B<I<TYPE>_new>() allocates an empty object of the indicated type.
 The object returned must be released by calling B<I<TYPE>_free>().
 
-B<I<TYPE>_new_with_libctx>() is similiar to B<I<TYPE>_new>() but also passes the
+B<I<TYPE>_new_ex>() is similiar to B<I<TYPE>_new>() but also passes the
 library context I<libctx> and the property query I<propq> to use when retrieving
 algorithms from providers.
 
@@ -361,7 +361,7 @@ B<I<TYPE>_print_ctx>() returns 1 on success or zero on failure.
 
 =head1 HISTORY
 
-The functions PKCS7_new_with_libctx() and CMS_ContentInfo_new_with_libctx() were
+The functions PKCS7_new_ex() and CMS_ContentInfo_new_ex() were
 added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
diff --git a/doc/man3/X509_new.pod b/doc/man3/X509_new.pod
index 29baef570d..38a101a5bc 100644
--- a/doc/man3/X509_new.pod
+++ b/doc/man3/X509_new.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 X509_chain_up_ref,
-X509_new, X509_new_with_libctx,
+X509_new, X509_new_ex,
 X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
 
 =head1 SYNOPSIS
@@ -11,7 +11,7 @@ X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
  #include <openssl/x509.h>
 
  X509 *X509_new(void);
- X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq);
+ X509 *X509_new_ex(OPENSSL_CTX *libctx, const char *propq);
  void X509_free(X509 *a);
  int X509_up_ref(X509 *a);
  STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x);
@@ -21,13 +21,13 @@ X509_free, X509_up_ref - X509 certificate ASN1 allocation functions
 The X509 ASN1 allocation routines, allocate and free an
 X509 structure, which represents an X509 certificate.
 
-X509_new_with_libctx() allocates and initializes a X509 structure with a
+X509_new_ex() allocates and initializes a X509 structure with a
 library context of I<libctx>, property query of <propq> and a reference
 count of B<1>. Many X509 functions such as X509_check_purpose(), and
 X509_verify() use this library context to select which providers supply the
 fetched algorithms (SHA1 is used internally).
 
-X509_new() is similar to X509_new_with_libctx() but sets the library context
+X509_new() is similar to X509_new_ex() but sets the library context
 and property query to NULL. This results in the default (NULL) library context
 being used for any X509 operations requiring algorithm fetches.
 
@@ -82,7 +82,7 @@ L<X509_verify_cert(3)>
 
 =head1 HISTORY
 
-The function X509_new_with_libctx() was added in OpenSSL 3.0.
+The function X509_new_ex() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/doc/man3/X509_sign.pod b/doc/man3/X509_sign.pod
index a97cbebbef..df66e3e5b7 100644
--- a/doc/man3/X509_sign.pod
+++ b/doc/man3/X509_sign.pod
@@ -55,7 +55,7 @@ L<X509_NAME_add_entry_by_txt(3)>,
 L<X509_new(3)>,
 L<X509_verify_cert(3)>,
 L<X509_verify(3)>,
-L<X509_REQ_verify_with_libctx(3)>, L<X509_REQ_verify(3)>,
+L<X509_REQ_verify_ex(3)>, L<X509_REQ_verify(3)>,
 L<X509_CRL_verify(3)>
 
 =head1 HISTORY
diff --git a/doc/man3/X509_verify.pod b/doc/man3/X509_verify.pod
index 2c8fb0059e..15719090bb 100644
--- a/doc/man3/X509_verify.pod
+++ b/doc/man3/X509_verify.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 X509_verify, X509_self_signed,
-X509_REQ_verify_with_libctx, X509_REQ_verify,
+X509_REQ_verify_ex, X509_REQ_verify,
 X509_CRL_verify -
 verify certificate, certificate request, or CRL signature
 
@@ -14,8 +14,8 @@ verify certificate, certificate request, or CRL signature
  int X509_verify(X509 *x, EVP_PKEY *pkey);
  int X509_self_signed(X509 *cert, int verify_signature);
 
- int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *pkey,
-                                 OPENSSL_CTX *libctx, const char *propq);
+ int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *pkey, OPENSSL_CTX *libctx,
+                        const char *propq);
  int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
  int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
 
@@ -31,13 +31,13 @@ authority key identifier (if present) must match the subject key identifier etc.
 The signature itself is actually verified only if B<verify_signature> is 1, as
 for explicitly trusted certificates this verification is not worth the effort.
 
-X509_REQ_verify_with_libctx(), X509_REQ_verify() and X509_CRL_verify()
+X509_REQ_verify_ex(), X509_REQ_verify() and X509_CRL_verify()
 verify the signatures of certificate requests and CRLs, respectively.
 
 =head1 RETURN VALUES
 
 X509_verify(),
-X509_REQ_verify_with_libctx(), X509_REQ_verify() and X509_CRL_verify()
+X509_REQ_verify_ex(), X509_REQ_verify() and X509_CRL_verify()
 return 1 if the signature is valid and 0 if the signature check fails.
 If the signature could not be checked at all because it was ill-formed
 or some other error occurred then -1 is returned.
@@ -68,7 +68,7 @@ L<OPENSSL_CTX(3)>
 The X509_verify(), X509_REQ_verify(), and X509_CRL_verify()
 functions are available in all versions of OpenSSL.
 
-X509_REQ_verify_with_libctx(), and X509_self_signed() were added in OpenSSL 3.0.
+X509_REQ_verify_ex(), and X509_self_signed() were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 47afe3f790..97789f7293 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -523,7 +523,7 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
 
             *matchcount = 1;
             if (p8inf != NULL)
-                pkey = EVP_PKCS82PKEY_with_libctx(p8inf, libctx, propq);
+                pkey = EVP_PKCS82PKEY_ex(p8inf, libctx, propq);
             PKCS8_PRIV_KEY_INFO_free(p8inf);
         } else {
             int slen;
@@ -777,7 +777,7 @@ static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name,
         *matchcount = 1;
     }
 
-    cert = X509_new_with_libctx(libctx, propq);
+    cert = X509_new_ex(libctx, propq);
     if (cert == NULL)
         return NULL;
 
@@ -940,7 +940,7 @@ static int file_find_type(OSSL_STORE_LOADER_CTX *ctx)
     return 1;
 }
 
-static OSSL_STORE_LOADER_CTX *file_open_with_libctx
+static OSSL_STORE_LOADER_CTX *file_open_ex
     (const OSSL_STORE_LOADER *loader, const char *uri,
      OPENSSL_CTX *libctx, const char *propq,
      const UI_METHOD *ui_method, void *ui_data)
@@ -1069,7 +1069,7 @@ static OSSL_STORE_LOADER_CTX *file_open
     (const OSSL_STORE_LOADER *loader, const char *uri,
      const UI_METHOD *ui_method, void *ui_data)
 {
-    return file_open_with_libctx(loader, uri, NULL, NULL, ui_method, ui_data);
+    return file_open_ex(loader, uri, NULL, NULL, ui_method, ui_data);
 }
 
 static OSSL_STORE_LOADER_CTX *file_attach
@@ -1744,8 +1744,7 @@ static int bind_loader_attic(ENGINE *e)
 
     if (/* Create the OSSL_STORE_LOADER */
         (loader_attic = OSSL_STORE_LOADER_new(e, "file")) == NULL
-        || !OSSL_STORE_LOADER_set_open_with_libctx(loader_attic,
-                                                   file_open_with_libctx)
+        || !OSSL_STORE_LOADER_set_open_ex(loader_attic, file_open_ex)
         || !OSSL_STORE_LOADER_set_open(loader_attic, file_open)
         || !OSSL_STORE_LOADER_set_attach(loader_attic, file_attach)
         || !OSSL_STORE_LOADER_set_ctrl(loader_attic, file_ctrl)
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index 6e1d396851..5f6987e066 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -80,7 +80,7 @@ struct evp_pkey_asn1_method_st {
                       const char *propq);
     OSSL_CALLBACK *import_from;
 
-    int (*priv_decode_with_libctx) (EVP_PKEY *pk,
+    int (*priv_decode_ex) (EVP_PKEY *pk,
                                     const PKCS8_PRIV_KEY_INFO *p8inf,
                                     OPENSSL_CTX *libctx,
                                     const char *propq);
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index fa0d70dbd4..e419993cfe 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -11,8 +11,8 @@
 #include <openssl/dh.h>
 #include "internal/ffc.h"
 
-DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid);
-DH *dh_new_with_libctx(OPENSSL_CTX *libctx);
+DH *dh_new_by_nid_ex(OPENSSL_CTX *libctx, int nid);
+DH *dh_new_ex(OPENSSL_CTX *libctx);
 
 int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
                                BN_GENCB *cb);
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 23990f651c..986e11705b 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -788,11 +788,10 @@ void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
 const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name);
 const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name);
 
-int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen,
-                                  const unsigned char *salt, int saltlen,
-                                  int iter, const EVP_MD *digest, int keylen,
-                                  unsigned char *out,
-                                  OPENSSL_CTX *libctx, const char *propq);
+int pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
+                         const unsigned char *salt, int saltlen, int iter,
+                         const EVP_MD *digest, int keylen, unsigned char *out,
+                         OPENSSL_CTX *libctx, const char *propq);
 
 #ifndef FIPS_MODULE
 /*
@@ -810,9 +809,8 @@ int pkcs5_pbkdf2_hmac_with_libctx(const char *pass, int passlen,
 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
 
-EVP_MD_CTX *evp_md_ctx_new_with_libctx(EVP_PKEY *pkey,
-                                       const ASN1_OCTET_STRING *id,
-                                       OPENSSL_CTX *libctx, const char *propq);
+EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
+                              OPENSSL_CTX *libctx, const char *propq);
 int evp_pkey_name2type(const char *name);
 
 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len);
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 278e215062..e663681e6e 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -69,13 +69,11 @@ int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to,
                                        size_t tlen, const unsigned char *from,
                                        size_t flen, int client_version,
                                        int alt_version);
-int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
-                                                unsigned char *to, int tlen,
-                                                const unsigned char *from,
-                                                int flen,
-                                                const unsigned char *param,
-                                                int plen, const EVP_MD *md,
-                                                const EVP_MD *mgf1md);
+int rsa_padding_add_PKCS1_OAEP_mgf1_ex(OPENSSL_CTX *libctx, unsigned char *to,
+                                       int tlen, const unsigned char *from,
+                                       int flen, const unsigned char *param,
+                                       int plen, const EVP_MD *md,
+                                       const EVP_MD *mgf1md);
 
 int rsa_validate_public(const RSA *key);
 int rsa_validate_private(const RSA *key);
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index 8c9a288cbc..3457d69609 100644
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -311,10 +311,9 @@ int x509_check_issued_int(X509 *issuer, X509 *subject, OPENSSL_CTX *libctx,
 int x509_set0_libctx(X509 *x, OPENSSL_CTX *libctx, const char *propq);
 int x509_crl_set0_libctx(X509_CRL *x, OPENSSL_CTX *libctx, const char *propq);
 int x509_init_sig_info(X509 *x);
-int asn1_item_digest_with_libctx(const ASN1_ITEM *it, const EVP_MD *type,
-                                 void *data, unsigned char *md,
-                                 unsigned int *len, OPENSSL_CTX *libctx,
-                                 const char *propq);
+int asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type, void *data,
+                        unsigned char *md, unsigned int *len,
+                        OPENSSL_CTX *libctx, const char *propq);
 int X509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags);
 
 int X509_PUBKEY_get0_libctx(OPENSSL_CTX **plibctx, const char **ppropq,
diff --git a/include/openssl/asn1.h.in b/include/openssl/asn1.h.in
index dfb1c9cae5..9b141dba4c 100644
--- a/include/openssl/asn1.h.in
+++ b/include/openssl/asn1.h.in
@@ -700,16 +700,15 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x);
                      CHECKED_PTR_OF(const type, x)))
 
 void *ASN1_item_dup(const ASN1_ITEM *it, const void *x);
-int ASN1_item_sign_with_libctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
-                               X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
-                               const void *data, const ASN1_OCTET_STRING *id,
-                               EVP_PKEY *pkey, const EVP_MD *md,
-                               OPENSSL_CTX *libctx, const char *propq);
-int ASN1_item_verify_with_libctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
-                                 const ASN1_BIT_STRING *signature,
-                                 const void *data,
-                                 const ASN1_OCTET_STRING *id, EVP_PKEY *pkey,
-                                 OPENSSL_CTX *libctx, const char *propq);
+int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+                      const void *data, const ASN1_OCTET_STRING *id,
+                      EVP_PKEY *pkey, const EVP_MD *md, OPENSSL_CTX *libctx,
+                      const char *propq);
+int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg,
+                        const ASN1_BIT_STRING *signature, const void *data,
+                        const ASN1_OCTET_STRING *id, EVP_PKEY *pkey,
+                        OPENSSL_CTX *libctx, const char *propq);
 
 /* ASN1 alloc/free macros for when a type is only used internally */
 
@@ -877,11 +876,10 @@ int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
 int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
                      int ctype_nid, int econt_nid,
                      STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
-int SMIME_write_ASN1_with_libctx(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-                                 int ctype_nid, int econt_nid,
-                                 STACK_OF(X509_ALGOR) *mdalgs,
-                                 const ASN1_ITEM *it,
-                                 OPENSSL_CTX *libctx, const char *propq);
+int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                        int ctype_nid, int econt_nid,
+                        STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it,
+                        OPENSSL_CTX *libctx, const char *propq);
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
 ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, BIO **bcont, const ASN1_ITEM *it,
                                ASN1_VALUE **x);
diff --git a/include/openssl/cms.h.in b/include/openssl/cms.h.in
index f89cbf96e7..1f301aa40f 100644
--- a/include/openssl/cms.h.in
+++ b/include/openssl/cms.h.in
@@ -53,8 +53,7 @@ DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
-CMS_ContentInfo *CMS_ContentInfo_new_with_libctx(OPENSSL_CTX *libctx,
-                                                 const char *propq);
+CMS_ContentInfo *CMS_ContentInfo_new_ex(OPENSSL_CTX *libctx, const char *propq);
 
 # define CMS_SIGNERINFO_ISSUER_SERIAL    0
 # define CMS_SIGNERINFO_KEYIDENTIFIER    1
@@ -124,10 +123,10 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
                           STACK_OF(X509) *certs, BIO *data,
                           unsigned int flags);
-CMS_ContentInfo *CMS_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey,
-                                      STACK_OF(X509) *certs, BIO *data,
-                                      unsigned int flags,
-                                      OPENSSL_CTX *ctx, const char *propq);
+CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
+                             STACK_OF(X509) *certs, BIO *data,
+                             unsigned int flags, OPENSSL_CTX *ctx,
+                             const char *propq);
 
 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
                                   X509 *signcert, EVP_PKEY *pkey,
@@ -135,18 +134,16 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
-CMS_ContentInfo *CMS_data_create_with_libctx(BIO *in, unsigned int flags,
-                                             OPENSSL_CTX *ctx,
-                                             const char *propq);
+CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
+                                    OPENSSL_CTX *ctx, const char *propq);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
                       unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
                                    unsigned int flags);
-CMS_ContentInfo *CMS_digest_create_with_libctx(BIO *in, const EVP_MD *md,
-                                               unsigned int flags,
-                                               OPENSSL_CTX *ctx,
-                                               const char *propq);
+CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
+                                      unsigned int flags, OPENSSL_CTX *ctx,
+                                      const char *propq);
 
 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                               const unsigned char *key, size_t keylen,
@@ -155,13 +152,11 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
                                            const unsigned char *key,
                                            size_t keylen, unsigned int flags);
-CMS_ContentInfo *CMS_EncryptedData_encrypt_with_libctx(BIO *in,
-                                                       const EVP_CIPHER *cipher,
-                                                       const unsigned char *key,
-                                                       size_t keylen,
-                                                       unsigned int flags,
-                                                       OPENSSL_CTX *ctx,
-                                                       const char *propq);
+CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
+                                              const unsigned char *key,
+                                              size_t keylen, unsigned int flags,
+                                              OPENSSL_CTX *ctx,
+                                              const char *propq);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
                                const unsigned char *key, size_t keylen);
@@ -177,10 +172,9 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
 
 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
                              const EVP_CIPHER *cipher, unsigned int flags);
-CMS_ContentInfo *CMS_encrypt_with_libctx(STACK_OF(X509) *certs,
-                                         BIO *in, const EVP_CIPHER *cipher,
-                                         unsigned int flags,
-                                         OPENSSL_CTX *ctx, const char *propq);
+CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+                                const EVP_CIPHER *cipher, unsigned int flags,
+                                OPENSSL_CTX *ctx, const char *propq);
 
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
                 BIO *dcont, BIO *out, unsigned int flags);
@@ -199,13 +193,12 @@ int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher);
 CMS_ContentInfo *
-CMS_AuthEnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
-                                         OPENSSL_CTX *ctx,
-                                         const char *propq);
+CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OPENSSL_CTX *ctx,
+                                const char *propq);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
-CMS_ContentInfo *CMS_EnvelopedData_create_with_libctx(const EVP_CIPHER *cipher,
-                                                      OPENSSL_CTX *ctx,
-                                                      const char *propq);
+CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher,
+                                             OPENSSL_CTX *ctx,
+                                             const char *propq);
 
 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
                                            X509 *recip, unsigned int flags);
@@ -345,7 +338,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo);
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0_with_libctx(
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex(
     unsigned char *id, int idlen, int allorfirst,
     STACK_OF(GENERAL_NAMES) *receiptList,
     STACK_OF(GENERAL_NAMES) *receiptsTo,
diff --git a/include/openssl/conf.h.in b/include/openssl/conf.h.in
index 6e3a10ed55..f436bd834a 100644
--- a/include/openssl/conf.h.in
+++ b/include/openssl/conf.h.in
@@ -122,7 +122,7 @@ struct conf_st {
     OPENSSL_CTX *libctx;
 };
 
-CONF *NCONF_new_with_libctx(OPENSSL_CTX *libctx, CONF_METHOD *meth);
+CONF *NCONF_new_ex(OPENSSL_CTX *libctx, CONF_METHOD *meth);
 CONF *NCONF_new(CONF_METHOD *meth);
 CONF_METHOD *NCONF_default(void);
 DEPRECATEDIN_3_0(CONF_METHOD *NCONF_WIN32(void))
@@ -150,8 +150,8 @@ int NCONF_dump_bio(const CONF *conf, BIO *out);
 
 int CONF_modules_load(const CONF *cnf, const char *appname,
                       unsigned long flags);
-int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx, const char *filename,
-                                       const char *appname, unsigned long flags);
+int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename,
+                              const char *appname, unsigned long flags);
 int CONF_modules_load_file(const char *filename, const char *appname,
                            unsigned long flags);
 void CONF_modules_unload(int all);
diff --git a/include/openssl/ct.h.in b/include/openssl/ct.h.in
index e72fe4b6b7..1b056a880a 100644
--- a/include/openssl/ct.h.in
+++ b/include/openssl/ct.h.in
@@ -83,11 +83,11 @@ typedef enum {
  * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
  * with the CT_POLICY_EVAL_CTX.
  */
-CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_with_libctx(OPENSSL_CTX *libctx,
-                                                       const char *propq);
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OPENSSL_CTX *libctx,
+                                              const char *propq);
                                                        
 /*
- * The same as CT_POLICY_EVAL_CTX_new_with_libctx() but the default library
+ * The same as CT_POLICY_EVAL_CTX_new_ex() but the default library
  * context and property query string is used.
  */
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
@@ -433,11 +433,11 @@ SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
  * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
  * Should be deleted by the caller using CTLOG_free when no longer needed.
  */
-CTLOG *CTLOG_new_with_libctx(EVP_PKEY *public_key, const char *name,
-                             OPENSSL_CTX *libctx, const char *propq);
+CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, OPENSSL_CTX *libctx,
+                    const char *propq);
 
 /*
- * The same as CTLOG_new_with_libctx except that the default library context and
+ * The same as CTLOG_new_ex except that the default library context and
  * property query string are used.
  */
 CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
@@ -450,12 +450,12 @@ CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
  * Returns 1 on success, 0 on failure.
  * Should be deleted by the caller using CTLOG_free when no longer needed.
  */
-int CTLOG_new_from_base64_with_libctx(CTLOG **ct_log, const char *pkey_base64,
-                                      const char *name, OPENSSL_CTX *libctx,
-                                      const char *propq);
+int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64,
+                             const char *name, OPENSSL_CTX *libctx,
+                             const char *propq);
 
 /*
- * The same as CTLOG_new_from_base64_with_libctx() except that the default
+ * The same as CTLOG_new_from_base64_ex() except that the default
  * library context and property query string are used.
  * Returns 1 on success, 0 on failure.
  */
@@ -484,10 +484,10 @@ EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
  * property query string.
  * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
  */
-CTLOG_STORE *CTLOG_STORE_new_with_libctx(OPENSSL_CTX *libctx, const char *propq);
+CTLOG_STORE *CTLOG_STORE_new_ex(OPENSSL_CTX *libctx, const char *propq);
 
 /*
- * Same as CTLOG_STORE_new_with_libctx except that the default libctx and
+ * Same as CTLOG_STORE_new_ex except that the default libctx and
  * property query string are used.
  * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
  */
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 04e648681b..5876b2a31c 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -402,12 +402,12 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
  *  \return newly created EC_GROUP object with specified curve or NULL
  *          if an error occurred
  */
-EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx,
-                                                 const char *propq, int nid);
+EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, const char *propq,
+                                        int nid);
 
 /**
  * Creates a EC_GROUP object with a curve specified by a NID. Same as
- * EC_GROUP_new_by_curve_name_with_libctx but the libctx and propq are always
+ * EC_GROUP_new_by_curve_name_ex but the libctx and propq are always
  * NULL.
  *  \param  nid    NID of the OID of the curve name
  *  \return newly created EC_GROUP object with specified curve or NULL
@@ -882,10 +882,10 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
  *               which case the default library context is used.
  *  \return EC_KEY object or NULL if an error occurred.
  */
-EC_KEY *EC_KEY_new_with_libctx(OPENSSL_CTX *ctx, const char *propq);
+EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx, const char *propq);
 
 /**
- *  Creates a new EC_KEY object. Same as calling EC_KEY_new_with_libctx with a
+ *  Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a
  *  NULL library context
  *  \return EC_KEY object or NULL if an error occurred.
  */
@@ -908,8 +908,8 @@ int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
  *  \param  nid   NID of the named curve.
  *  \return EC_KEY object or NULL if an error occurred.
  */
-EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx, const char *propq,
-                                             int nid);
+EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, const char *propq,
+                                    int nid);
 
 /**
  *  Creates a new EC_KEY object using a named curve as underlying
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index f3936cd527..8c2d00813c 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -691,9 +691,9 @@ __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
 
 __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
                          EVP_PKEY *pkey);
-__owur int EVP_SignFinal_with_libctx(EVP_MD_CTX *ctx, unsigned char *md,
-                                     unsigned int *s, EVP_PKEY *pkey,
-                                     OPENSSL_CTX *libctx, const char *propq);
+__owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+                            EVP_PKEY *pkey, OPENSSL_CTX *libctx,
+                            const char *propq);
 
 __owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
                           size_t *siglen, const unsigned char *tbs,
@@ -701,19 +701,17 @@ __owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
 
 __owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
                            unsigned int siglen, EVP_PKEY *pkey);
-__owur int EVP_VerifyFinal_with_libctx(EVP_MD_CTX *ctx,
-                                       const unsigned char *sigbuf,
-                                       unsigned int siglen, EVP_PKEY *pkey,
-                                       OPENSSL_CTX *libctx, const char *propq);
+__owur int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                              unsigned int siglen, EVP_PKEY *pkey,
+                              OPENSSL_CTX *libctx, const char *propq);
 
 __owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
                             size_t siglen, const unsigned char *tbs,
                             size_t tbslen);
 
-int EVP_DigestSignInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-                                   const char *mdname,
-                                   OPENSSL_CTX *libctx, const char *props,
-                                   EVP_PKEY *pkey);
+int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const char *mdname, OPENSSL_CTX *libctx,
+                          const char *props, EVP_PKEY *pkey);
 /*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                   const EVP_MD *type, ENGINE *e,
                                   EVP_PKEY *pkey);
@@ -721,10 +719,9 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
 __owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                                size_t *siglen);
 
-int EVP_DigestVerifyInit_with_libctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-                                     const char *mdname,
-                                     OPENSSL_CTX *libctx, const char *props,
-                                     EVP_PKEY *pkey);
+int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                            const char *mdname, OPENSSL_CTX *libctx,
+                            const char *props, EVP_PKEY *pkey);
 __owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
                                 const EVP_MD *type, ENGINE *e,
                                 EVP_PKEY *pkey);
@@ -1606,19 +1603,16 @@ void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
 
 EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
                                const unsigned char *key, int keylen);
-EVP_PKEY *EVP_PKEY_new_raw_private_key_with_libctx(OPENSSL_CTX *libctx,
-                                                   const char *keytype,
-                                                   const char *propq,
-                                                   const unsigned char *priv,
-                                                   size_t len);
+EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OPENSSL_CTX *libctx,
+                                          const char *keytype,
+                                          const char *propq,
+                                          const unsigned char *priv, size_t len);
 EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
                                        const unsigned char *priv,
                                        size_t len);
-EVP_PKEY *EVP_PKEY_new_raw_public_key_with_libctx(OPENSSL_CTX *libctx,
-                                                  const char *keytype,
-                                                  const char *propq,
-                                                  const unsigned char *pub,
-                                                  size_t len);
+EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OPENSSL_CTX *libctx,
+                                         const char *keytype, const char *propq,
+                                         const unsigned char *pub, size_t len);
 EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
                                       const unsigned char *pub,
                                       size_t len);
@@ -1627,11 +1621,9 @@ int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
 int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
                                 size_t *len);
 
-EVP_PKEY *EVP_PKEY_new_CMAC_key_with_libctx(const unsigned char *priv,
-                                            size_t len,
-                                            const char *cipher_name,
-                                            OPENSSL_CTX *libctx,
-                                            const char *propq);
+EVP_PKEY *EVP_PKEY_new_CMAC_key_ex(const unsigned char *priv, size_t len,
+                                   const char *cipher_name, OPENSSL_CTX *libctx,
+                                   const char *propq);
 EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
                                 size_t len, const EVP_CIPHER *cipher);
 
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 6fbc28e0d3..9247922574 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -287,9 +287,9 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
 STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
                                             pem_password_cb *cb, void *u);
 STACK_OF(X509_INFO)
-*PEM_X509_INFO_read_bio_with_libctx(BIO *bp, STACK_OF(X509_INFO) *sk,
-                                    pem_password_cb *cb, void *u,
-                                    OPENSSL_CTX *libctx, const char *propq);
+*PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk,
+                           pem_password_cb *cb, void *u, OPENSSL_CTX *libctx,
+                           const char *propq);
 
 int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
                             const unsigned char *kstr, int klen,
@@ -309,9 +309,8 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                         pem_password_cb *cb, void *u);
 STACK_OF(X509_INFO)
-*PEM_X509_INFO_read_with_libctx(FILE *fp, STACK_OF(X509_INFO) *sk,
-                                pem_password_cb *cb, void *u,
-                                OPENSSL_CTX *libctx, const char *propq);
+*PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
+                       void *u, OPENSSL_CTX *libctx, const char *propq);
 #endif
 
 int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
diff --git a/include/openssl/pkcs7.h.in b/include/openssl/pkcs7.h.in
index 93e1f9dbef..e6ee6df100 100644
--- a/include/openssl/pkcs7.h.in
+++ b/include/openssl/pkcs7.h.in
@@ -252,7 +252,7 @@ DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
 DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
 DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
 DECLARE_ASN1_FUNCTIONS(PKCS7)
-PKCS7 *PKCS7_new_with_libctx(OPENSSL_CTX *libctx, const char *propq);
+PKCS7 *PKCS7_new_ex(OPENSSL_CTX *libctx, const char *propq);
 
 DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
 DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
@@ -311,9 +311,9 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
 
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                   BIO *data, int flags);
-PKCS7 *PKCS7_sign_with_libctx(X509 *signcert, EVP_PKEY *pkey,
-                              STACK_OF(X509) *certs, BIO *data, int flags,
-                              OPENSSL_CTX *libctx, const char *propq);
+PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                     BIO *data, int flags, OPENSSL_CTX *libctx,
+                     const char *propq);
 
 PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
                                          X509 *signcert, EVP_PKEY *pkey,
@@ -326,9 +326,9 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
                                    int flags);
 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                      int flags);
-PKCS7 *PKCS7_encrypt_with_libctx(STACK_OF(X509) *certs, BIO *in,
-                                 const EVP_CIPHER *cipher, int flags,
-                                 OPENSSL_CTX *libctx, const char *propq);
+PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in,
+                        const EVP_CIPHER *cipher, int flags,
+                        OPENSSL_CTX *libctx, const char *propq);
 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data,
                   int flags);
 
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 1d7996ed61..61042148c2 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1538,8 +1538,8 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
 
 __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
 __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
-__owur SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
-                                        const SSL_METHOD *meth);
+__owur SSL_CTX *SSL_CTX_new_ex(OPENSSL_CTX *libctx, const char *propq,
+                               const SSL_METHOD *meth);
 int SSL_CTX_up_ref(SSL_CTX *ctx);
 void SSL_CTX_free(SSL_CTX *);
 __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
@@ -1640,8 +1640,8 @@ __owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
 __owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
 __owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 __owur STACK_OF(X509_NAME)
-*SSL_load_client_CA_file_with_libctx(const char *file,
-                                     OPENSSL_CTX *libctx, const char *propq);
+*SSL_load_client_CA_file_ex(const char *file, OPENSSL_CTX *libctx,
+                            const char *propq);
 __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
                                                const char *file);
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
diff --git a/include/openssl/store.h b/include/openssl/store.h
index 8fc035c2e3..edbf4a8fbd 100644
--- a/include/openssl/store.h
+++ b/include/openssl/store.h
@@ -57,11 +57,10 @@ OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, void *ui_data,
                 OSSL_STORE_post_process_info_fn post_process,
                 void *post_process_data);
 OSSL_STORE_CTX *
-OSSL_STORE_open_with_libctx(const char *uri,
-                            OPENSSL_CTX *libctx, const char *propq,
-                            const UI_METHOD *ui_method, void *ui_data,
-                            OSSL_STORE_post_process_info_fn post_process,
-                            void *post_process_data);
+OSSL_STORE_open_ex(const char *uri, OPENSSL_CTX *libctx, const char *propq,
+                   const UI_METHOD *ui_method, void *ui_data,
+                   OSSL_STORE_post_process_info_fn post_process,
+                   void *post_process_data);
 
 /*
  * Control / fine tune the OSSL_STORE channel.  |cmd| determines what is to be
@@ -284,7 +283,7 @@ typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
 typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)
     (const OSSL_STORE_LOADER *loader, const char *uri,
      const UI_METHOD *ui_method, void *ui_data);
-typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_with_libctx_fn)
+typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_ex_fn)
     (const OSSL_STORE_LOADER *loader,
      const char *uri, OPENSSL_CTX *libctx, const char *propq,
      const UI_METHOD *ui_method, void *ui_data);
@@ -312,9 +311,9 @@ DEPRECATEDIN_3_0(OSSL_STORE_LOADER *OSSL_STORE_LOADER_new
 DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_open
                  (OSSL_STORE_LOADER *loader,
                   OSSL_STORE_open_fn open_function))
-DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_open_with_libctx
+DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_open_ex
                  (OSSL_STORE_LOADER *loader,
-                  OSSL_STORE_open_with_libctx_fn open_with_libctx_function))
+                  OSSL_STORE_open_ex_fn open_ex_function))
 DEPRECATEDIN_3_0(int OSSL_STORE_LOADER_set_attach
                  (OSSL_STORE_LOADER *loader,
                   OSSL_STORE_attach_fn attach_function))
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index f86d4ee7d1..a88398d5e5 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -365,8 +365,8 @@ const char *X509_verify_cert_error_string(long n);
 int X509_verify(X509 *a, EVP_PKEY *r);
 int X509_self_signed(X509 *cert, int verify_signature);
 
-int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx,
-                                const char *propq);
+int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OPENSSL_CTX *libctx,
+                       const char *propq);
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
@@ -576,7 +576,7 @@ int X509_NAME_set(X509_NAME **xn, const X509_NAME *name);
 
 DECLARE_ASN1_FUNCTIONS(X509_CINF)
 DECLARE_ASN1_FUNCTIONS(X509)
-X509 *X509_new_with_libctx(OPENSSL_CTX *libctx, const char *propq);
+X509 *X509_new_ex(OPENSSL_CTX *libctx, const char *propq);
 DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
 #define X509_get_ex_new_index(l, p, newf, dupf, freef) \
@@ -1054,8 +1054,8 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
 DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
 
 EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
-EVP_PKEY *EVP_PKCS82PKEY_with_libctx(const PKCS8_PRIV_KEY_INFO *p8,
-                                     OPENSSL_CTX *libctx, const char *propq);
+EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx,
+                            const char *propq);
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey);
 
 int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in
index 6266e6007d..b7da1b0c5c 100644
--- a/include/openssl/x509_vfy.h.in
+++ b/include/openssl/x509_vfy.h.in
@@ -120,17 +120,17 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 # define X509_LOOKUP_load_store(x,name) \
                 X509_LOOKUP_ctrl((x),X509_L_LOAD_STORE,(name),0,NULL)
 
-# define X509_LOOKUP_load_file_with_libctx(x, name, type, libctx, propq)       \
-X509_LOOKUP_ctrl_with_libctx((x), X509_L_FILE_LOAD, (name), (long)(type), NULL,\
-                             (libctx), (propq))
+# define X509_LOOKUP_load_file_ex(x, name, type, libctx, propq)       \
+X509_LOOKUP_ctrl_ex((x), X509_L_FILE_LOAD, (name), (long)(type), NULL,\
+                    (libctx), (propq))
 
-# define X509_LOOKUP_load_store_with_libctx(x, name, libctx, propq)            \
-X509_LOOKUP_ctrl_with_libctx((x), X509_L_LOAD_STORE, (name), 0, NULL,          \
-                             (libctx), (propq))
+# define X509_LOOKUP_load_store_ex(x, name, libctx, propq)            \
+X509_LOOKUP_ctrl_ex((x), X509_L_LOAD_STORE, (name), 0, NULL,          \
+                    (libctx), (propq))
 
-# define X509_LOOKUP_add_store_with_libctx(x, name, libctx, propq)             \
-X509_LOOKUP_ctrl_with_libctx((x), X509_L_ADD_STORE, (name), 0, NULL,           \
-                             (libctx), (propq))
+# define X509_LOOKUP_add_store_ex(x, name, libctx, propq)             \
+X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL,           \
+                    (libctx), (propq))
 
 # define X509_V_OK                                       0
 # define X509_V_ERR_UNSPECIFIED                          1
@@ -389,8 +389,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
 int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
 void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
 
-X509_STORE_CTX *X509_STORE_CTX_new_with_libctx(OPENSSL_CTX *libctx,
-                                               const char *propq);
+X509_STORE_CTX *X509_STORE_CTX_new_ex(OPENSSL_CTX *libctx, const char *propq);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
 
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
@@ -440,7 +439,7 @@ X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
 
 typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
                                    long argl, char **ret);
-typedef int (*X509_LOOKUP_ctrl_with_libctx_fn)(
+typedef int (*X509_LOOKUP_ctrl_ex_fn)(
     X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret,
     OPENSSL_CTX *libctx, const char *propq);
 
@@ -448,7 +447,7 @@ typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
                                              X509_LOOKUP_TYPE type,
                                              const X509_NAME *name,
                                              X509_OBJECT *ret);
-typedef int (*X509_LOOKUP_get_by_subject_with_libctx_fn)(X509_LOOKUP *ctx,
+typedef int (*X509_LOOKUP_get_by_subject_ex_fn)(X509_LOOKUP *ctx,
                                                          X509_LOOKUP_TYPE type,
                                                          const X509_NAME *name,
                                                          X509_OBJECT *ret,
@@ -530,27 +529,25 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
 
 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                      long argl, char **ret);
-int X509_LOOKUP_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd, const char *argc,
-                                 long argl, char **ret,
-                                 OPENSSL_CTX *libctx, const char *propq);
+int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                        char **ret, OPENSSL_CTX *libctx, const char *propq);
 
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_cert_file_with_libctx(X509_LOOKUP *ctx, const char *file, int type,
-                                    OPENSSL_CTX *libctx, const char *propq);
+int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+                           OPENSSL_CTX *libctx, const char *propq);
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_cert_crl_file_with_libctx(X509_LOOKUP *ctx, const char *file,
-                                        int type, OPENSSL_CTX *libctx,
-                                        const char *propq);
+int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+                               OPENSSL_CTX *libctx, const char *propq);
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
 void X509_LOOKUP_free(X509_LOOKUP *ctx);
 int X509_LOOKUP_init(X509_LOOKUP *ctx);
 int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
                            const X509_NAME *name, X509_OBJECT *ret);
-int X509_LOOKUP_by_subject_with_libctx(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                                       const X509_NAME *name, X509_OBJECT *ret,
-                                       OPENSSL_CTX *libctx, const char *propq);
+int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                              const X509_NAME *name, X509_OBJECT *ret,
+                              OPENSSL_CTX *libctx, const char *propq);
 int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
                                  const X509_NAME *name,
                                  const ASN1_INTEGER *serial,
@@ -573,16 +570,15 @@ int X509_STORE_load_locations(X509_STORE *ctx,
                                                const char *dir);
 int X509_STORE_set_default_paths(X509_STORE *ctx);
 
-int X509_STORE_load_file_with_libctx(X509_STORE *ctx, const char *file,
-                                     OPENSSL_CTX *libctx, const char *propq);
-int X509_STORE_load_store_with_libctx(X509_STORE *ctx, const char *store,
-                                      OPENSSL_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_with_libctx(X509_STORE *ctx,
-                                          const char *file, const char *dir,
-                                          OPENSSL_CTX *libctx, const char *propq);
-int X509_STORE_set_default_paths_with_libctx(X509_STORE *ctx,
-                                             OPENSSL_CTX *libctx,
-                                             const char *propq);
+int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+                            OPENSSL_CTX *libctx, const char *propq);
+int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+                             OPENSSL_CTX *libctx, const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
+                                 const char *dir, OPENSSL_CTX *libctx,
+                                 const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OPENSSL_CTX *libctx,
+                                    const char *propq);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index cceb131105..0ce2054e7d 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -165,12 +165,11 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
             return 0;
         }
         ret =
-            rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(prsactx->libctx, tbuf,
-                                                        rsasize, in, inlen,
-                                                        prsactx->oaep_label,
-                                                        prsactx->oaep_labellen,
-                                                        prsactx->oaep_md,
-                                                        prsactx->mgf1_md);
+            rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, rsasize,
+                                               in, inlen, prsactx->oaep_label,
+                                               prsactx->oaep_labellen,
+                                               prsactx->oaep_md,
+                                               prsactx->mgf1_md);
 
         if (!ret) {
             OPENSSL_free(tbuf);
diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c
index b4cebd0646..23d6f7b4ad 100644
--- a/providers/implementations/kdfs/scrypt.c
+++ b/providers/implementations/kdfs/scrypt.c
@@ -488,15 +488,15 @@ static int scrypt_alg(const char *pass, size_t passlen,
     X = (uint32_t *)(B + Blen);
     T = X + 32 * r;
     V = T + 32 * r;
-    if (pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, salt, saltlen, 1, sha256,
-                                      (int)Blen, B, libctx, propq) == 0)
+    if (pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, 1, sha256, (int)Blen,
+                             B, libctx, propq) == 0)
         goto err;
 
     for (i = 0; i < p; i++)
         scryptROMix(B + 128 * r * i, r, N, X, T, V);
 
-    if (pkcs5_pbkdf2_hmac_with_libctx(pass, passlen, B, (int)Blen, 1, sha256,
-                                      keylen, key, libctx, propq) == 0)
+    if (pkcs5_pbkdf2_hmac_ex(pass, passlen, B, (int)Blen, 1, sha256, keylen,
+                             key, libctx, propq) == 0)
         goto err;
     rv = 1;
  err:
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 7086df4509..6a1db6a733 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -136,7 +136,7 @@ static void *dh_newdata(void *provctx)
     DH *dh = NULL;
 
     if (ossl_prov_is_running()) {
-        dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
+        dh = dh_new_ex(PROV_LIBRARY_CONTEXT_OF(provctx));
         if (dh != NULL) {
             DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
             DH_set_flags(dh, DH_FLAG_TYPE_DH);
@@ -149,7 +149,7 @@ static void *dhx_newdata(void *provctx)
 {
     DH *dh = NULL;
 
-    dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
+    dh = dh_new_ex(PROV_LIBRARY_CONTEXT_OF(provctx));
     if (dh != NULL) {
         DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
         DH_set_flags(dh, DH_FLAG_TYPE_DHX);
@@ -608,12 +608,12 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
             gctx->group_nid = dh_get_named_group_uid_from_size(gctx->pbits);
         if (gctx->group_nid == NID_undef)
             return NULL;
-        dh = dh_new_by_nid_with_libctx(gctx->libctx, gctx->group_nid);
+        dh = dh_new_by_nid_ex(gctx->libctx, gctx->group_nid);
         if (dh == NULL)
             return NULL;
         ffc = dh_get0_params(dh);
     } else {
-        dh = dh_new_with_libctx(gctx->libctx);
+        dh = dh_new_ex(gctx->libctx);
         if (dh == NULL)
             return NULL;
         ffc = dh_get0_params(dh);
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 7a6e37607d..33d55288dd 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -236,7 +236,7 @@ void *ec_newdata(void *provctx)
 {
     if (!ossl_prov_is_running())
         return NULL;
-    return EC_KEY_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx), NULL);
+    return EC_KEY_new_ex(PROV_LIBRARY_CONTEXT_OF(provctx), NULL);
 }
 
 static
@@ -1050,7 +1050,7 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
 
     if (!ossl_prov_is_running()
         || gctx == NULL
-        || (ec = EC_KEY_new_with_libctx(gctx->libctx, NULL)) == NULL)
+        || (ec = EC_KEY_new_ex(gctx->libctx, NULL)) == NULL)
         return NULL;
 
     if (gctx->gen_group == NULL) {
@@ -1094,7 +1094,7 @@ static void *sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     int ret = 1;
 
     if (gctx == NULL
-        || (ec = EC_KEY_new_with_libctx(gctx->libctx, NULL)) == NULL)
+        || (ec = EC_KEY_new_ex(gctx->libctx, NULL)) == NULL)
         return NULL;
 
     if (gctx->gen_group == NULL) {
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index ace164f673..e6a9f57f11 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -380,7 +380,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
     else
         verify_store = s->ctx->cert_store;
 
-    ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
+    ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, s->ctx->propq);
     if (ctx == NULL) {
         SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -605,9 +605,9 @@ static unsigned long xname_hash(const X509_NAME *a)
     return X509_NAME_hash((X509_NAME *)a);
 }
 
-STACK_OF(X509_NAME) *SSL_load_client_CA_file_with_libctx(const char *file,
-                                                         OPENSSL_CTX *libctx,
-                                                         const char *propq)
+STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
+                                                OPENSSL_CTX *libctx,
+                                                const char *propq)
 {
     BIO *in = BIO_new(BIO_s_file());
     X509 *x = NULL;
@@ -621,7 +621,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file_with_libctx(const char *file,
         goto err;
     }
 
-    x = X509_new_with_libctx(libctx, propq);
+    x = X509_new_ex(libctx, propq);
     if (x == NULL) {
         SSLerr(0, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -676,7 +676,7 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file_with_libctx(const char *file,
 
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 {
-    return SSL_load_client_CA_file_with_libctx(file, NULL, NULL);
+    return SSL_load_client_CA_file_ex(file, NULL, NULL);
 }
 
 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
@@ -881,7 +881,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
             untrusted = cpk->chain;
     }
 
-    xs_ctx = X509_STORE_CTX_new_with_libctx(real_ctx->libctx, ctx->propq);
+    xs_ctx = X509_STORE_CTX_new_ex(real_ctx->libctx, ctx->propq);
     if (xs_ctx == NULL) {
         SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
         goto err;
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index acf9385785..26071cc2a1 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -492,13 +492,12 @@ static int do_store(SSL_CONF_CTX *cctx,
             return 0;
     }
 
-    if (CAfile != NULL && !X509_STORE_load_file_with_libctx(*st, CAfile,
-                                                            libctx, propq))
+    if (CAfile != NULL && !X509_STORE_load_file_ex(*st, CAfile, libctx, propq))
         return 0;
     if (CApath != NULL && !X509_STORE_load_path(*st, CApath))
         return 0;
-    if (CAstore != NULL && !X509_STORE_load_store_with_libctx(*st, CAstore,
-                                                              libctx, propq))
+    if (CAstore != NULL && !X509_STORE_load_store_ex(*st, CAstore, libctx,
+                                                     propq))
         return 0;
     return 1;
 }
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 64ecdccb8f..6f5d2fee28 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3123,8 +3123,8 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
  * via ssl.h.
  */
 
-SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
-                                 const SSL_METHOD *meth)
+SSL_CTX *SSL_CTX_new_ex(OPENSSL_CTX *libctx, const char *propq,
+                        const SSL_METHOD *meth)
 {
     SSL_CTX *ret = NULL;
 
@@ -3178,7 +3178,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
     if (ret->cert_store == NULL)
         goto err;
 #ifndef OPENSSL_NO_CT
-    ret->ctlog_store = CTLOG_STORE_new_with_libctx(libctx, propq);
+    ret->ctlog_store = CTLOG_STORE_new_ex(libctx, propq);
     if (ret->ctlog_store == NULL)
         goto err;
 #endif
@@ -3331,7 +3331,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
 
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
 {
-    return SSL_CTX_new_with_libctx(NULL, NULL, meth);
+    return SSL_CTX_new_ex(NULL, NULL, meth);
 }
 
 int SSL_CTX_up_ref(SSL_CTX *ctx)
@@ -4290,8 +4290,8 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
 
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
 {
-    return X509_STORE_set_default_paths_with_libctx(ctx->cert_store,
-                                                    ctx->libctx, ctx->propq);
+    return X509_STORE_set_default_paths_ex(ctx->cert_store, ctx->libctx,
+                                           ctx->propq);
 }
 
 int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
@@ -4323,8 +4323,8 @@ int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
     /* We ignore errors, in case the directory doesn't exist */
     ERR_set_mark();
 
-    X509_LOOKUP_load_file_with_libctx(lookup, NULL, X509_FILETYPE_DEFAULT,
-                                      ctx->libctx, ctx->propq);
+    X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, ctx->libctx,
+                             ctx->propq);
 
     ERR_pop_to_mark();
 
@@ -4342,7 +4342,7 @@ int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
     /* We ignore errors, in case the directory doesn't exist */
     ERR_set_mark();
 
-    X509_LOOKUP_add_store_with_libctx(lookup, NULL, ctx->libctx, ctx->propq);
+    X509_LOOKUP_add_store_ex(lookup, NULL, ctx->libctx, ctx->propq);
 
     ERR_pop_to_mark();
 
@@ -4351,8 +4351,8 @@ int SSL_CTX_set_default_verify_store(SSL_CTX *ctx)
 
 int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile)
 {
-    return X509_STORE_load_file_with_libctx(ctx->cert_store, CAfile,
-                                            ctx->libctx, ctx->propq);
+    return X509_STORE_load_file_ex(ctx->cert_store, CAfile, ctx->libctx,
+                                   ctx->propq);
 }
 
 int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
@@ -4362,8 +4362,8 @@ int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath)
 
 int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
 {
-    return X509_STORE_load_store_with_libctx(ctx->cert_store, CAstore,
-                                             ctx->libctx, ctx->propq);
+    return X509_STORE_load_store_ex(ctx->cert_store, CAstore, ctx->libctx,
+                                    ctx->propq);
 }
 
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
@@ -5194,7 +5194,7 @@ int ssl_validate_ct(SSL *s)
         }
     }
 
-    ctx = CT_POLICY_EVAL_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
+    ctx = CT_POLICY_EVAL_CTX_new_ex(s->ctx->libctx, s->ctx->propq);
     if (ctx == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
                  ERR_R_MALLOC_FAILURE);
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 76270b677e..51604b8a87 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -64,7 +64,7 @@ int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
         SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
         goto end;
     }
-    x = X509_new_with_libctx(ssl->ctx->libctx, ssl->ctx->propq);
+    x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
     if (x == NULL) {
         SSLerr(0, ERR_R_MALLOC_FAILURE);
         goto end;
@@ -98,7 +98,7 @@ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
     X509 *x;
     int ret;
 
-    x = X509_new_with_libctx(ssl->ctx->libctx, ssl->ctx->propq);
+    x = X509_new_ex(ssl->ctx->libctx, ssl->ctx->propq);
     if (x == NULL) {
         SSLerr(0, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -398,7 +398,7 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
         SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
         goto end;
     }
-    x = X509_new_with_libctx(ctx->libctx, ctx->propq);
+    x = X509_new_ex(ctx->libctx, ctx->propq);
     if (x == NULL) {
         SSLerr(0, ERR_R_MALLOC_FAILURE);
         goto end;
@@ -428,7 +428,7 @@ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
     X509 *x;
     int ret;
 
-    x = X509_new_with_libctx(ctx->libctx, ctx->propq);
+    x = X509_new_ex(ctx->libctx, ctx->propq);
     if (x == NULL) {
         SSLerr(0, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -634,7 +634,7 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
         goto end;
     }
 
-    x = X509_new_with_libctx(real_ctx->libctx, real_ctx->propq);
+    x = X509_new_ex(real_ctx->libctx, real_ctx->propq);
     if (x == NULL) {
         SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_MALLOC_FAILURE);
         goto end;
@@ -673,7 +673,7 @@ static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
         }
 
         while (1) {
-            ca = X509_new_with_libctx(real_ctx->libctx, real_ctx->propq);
+            ca = X509_new_ex(real_ctx->libctx, real_ctx->propq);
             if (ca == NULL) {
                 SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_MALLOC_FAILURE);
                 goto end;
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index ec38b2f6a0..65c6de1373 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1596,10 +1596,9 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
         goto err;
     }
 
-    mackey = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx, "HMAC",
-                                                      s->ctx->propq,
-                                                      finishedkey,
-                                                      hashsize);
+    mackey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
+                                             s->ctx->propq, finishedkey,
+                                             hashsize);
     if (mackey == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
                  ERR_R_INTERNAL_ERROR);
@@ -1610,9 +1609,8 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
         binderout = tmpbinder;
 
     bindersize = hashsize;
-    if (EVP_DigestSignInit_with_libctx(mctx, NULL, EVP_MD_name(md),
-                                       s->ctx->libctx, s->ctx->propq,
-                                       mackey) <= 0
+    if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->libctx,
+                              s->ctx->propq, mackey) <= 0
             || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
             || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
             || bindersize != hashsize) {
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 46a8e44442..9ec48ef56a 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -767,11 +767,10 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
 
     /* Verify the HMAC of the cookie */
     hctx = EVP_MD_CTX_create();
-    pkey = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx, "HMAC",
-                                                    s->ctx->propq,
-                                                    s->session_ctx->ext.cookie_hmac_key,
-                                                    sizeof(s->session_ctx->ext
-                                                           .cookie_hmac_key));
+    pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
+                                           s->ctx->propq,
+                                           s->session_ctx->ext.cookie_hmac_key,
+                                           sizeof(s->session_ctx->ext.cookie_hmac_key));
     if (hctx == NULL || pkey == NULL) {
         EVP_MD_CTX_free(hctx);
         EVP_PKEY_free(pkey);
@@ -781,8 +780,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
     }
 
     hmaclen = SHA256_DIGEST_LENGTH;
-    if (EVP_DigestSignInit_with_libctx(hctx, NULL, "SHA2-256",
-                                       s->ctx->libctx, s->ctx->propq, pkey) <= 0
+    if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx,
+                              s->ctx->propq, pkey) <= 0
             || EVP_DigestSign(hctx, hmac, &hmaclen, data,
                               rawlen - SHA256_DIGEST_LENGTH) <= 0
             || hmaclen != SHA256_DIGEST_LENGTH) {
@@ -1860,20 +1859,18 @@ EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
 
     /* HMAC the cookie */
     hctx = EVP_MD_CTX_create();
-    pkey = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx, "HMAC",
-                                                    s->ctx->propq,
-                                                    s->session_ctx->ext.cookie_hmac_key,
-                                                    sizeof(s->session_ctx->ext
-                                                           .cookie_hmac_key));
+    pkey = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
+                                           s->ctx->propq,
+                                           s->session_ctx->ext.cookie_hmac_key,
+                                           sizeof(s->session_ctx->ext.cookie_hmac_key));
     if (hctx == NULL || pkey == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
                  ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
-    if (EVP_DigestSignInit_with_libctx(hctx, NULL, "SHA2-256",
-                                       s->ctx->libctx, s->ctx->propq,
-                                       pkey) <= 0
+    if (EVP_DigestSignInit_ex(hctx, NULL, "SHA2-256", s->ctx->libctx,
+                              s->ctx->propq, pkey) <= 0
             || EVP_DigestSign(hctx, hmac, &hmaclen, cookie,
                               totcookielen) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a3e7b5ad0a..cb5130c713 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1854,7 +1854,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
         }
 
         certstart = certbytes;
-        x = X509_new_with_libctx(s->ctx->libctx, s->ctx->propq);
+        x = X509_new_ex(s->ctx->libctx, s->ctx->propq);
         if (x == NULL) {
             SSLfatal(s, SSL_AD_DECODE_ERROR,
                      SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
@@ -2373,10 +2373,9 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
             goto err;
         }
 
-        if (EVP_DigestVerifyInit_with_libctx(md_ctx, &pctx,
-                                             md == NULL ? NULL : EVP_MD_name(md),
-                                             s->ctx->libctx, s->ctx->propq,
-                                             pkey) <= 0) {
+        if (EVP_DigestVerifyInit_ex(md_ctx, &pctx,
+                                    md == NULL ? NULL : EVP_MD_name(md),
+                                    s->ctx->libctx, s->ctx->propq, pkey) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
                      ERR_R_EVP_LIB);
             goto err;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 618a58d659..ef4067a749 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -316,10 +316,8 @@ int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
         goto err;
     }
 
-    if (EVP_DigestSignInit_with_libctx(mctx, &pctx,
-                                       md == NULL ? NULL : EVP_MD_name(md),
-                                       s->ctx->libctx, s->ctx->propq,
-                                       pkey) <= 0) {
+    if (EVP_DigestSignInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_name(md),
+                              s->ctx->libctx, s->ctx->propq, pkey) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
                  ERR_R_EVP_LIB);
         goto err;
@@ -512,10 +510,9 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
     OSSL_TRACE1(TLS, "Using client verify alg %s\n",
                 md == NULL ? "n/a" : EVP_MD_name(md));
 
-    if (EVP_DigestVerifyInit_with_libctx(mctx, &pctx,
-                                         md == NULL ? NULL : EVP_MD_name(md),
-                                         s->ctx->libctx, s->ctx->propq,
-                                         pkey) <= 0) {
+    if (EVP_DigestVerifyInit_ex(mctx, &pctx,
+                                md == NULL ? NULL : EVP_MD_name(md),
+                                s->ctx->libctx, s->ctx->propq, pkey) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
                  ERR_R_EVP_LIB);
         goto err;
@@ -1003,8 +1000,8 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
         chain_store = s->ctx->cert_store;
 
     if (chain_store != NULL) {
-        X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx,
-                                                                s->ctx->propq);
+        X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_ex(s->ctx->libctx,
+                                                       s->ctx->propq);
 
         if (xs_ctx == NULL) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index a1a28e905a..2da037a248 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2803,10 +2803,9 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
             goto err;
         }
 
-        if (EVP_DigestSignInit_with_libctx(md_ctx, &pctx,
-                                           md == NULL ? NULL : EVP_MD_name(md),
-                                           s->ctx->libctx, s->ctx->propq,
-                                           pkey) <= 0) {
+        if (EVP_DigestSignInit_ex(md_ctx, &pctx,
+                                  md == NULL ? NULL : EVP_MD_name(md),
+                                  s->ctx->libctx, s->ctx->propq, pkey) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
                      ERR_R_INTERNAL_ERROR);
@@ -3673,7 +3672,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
         }
 
         certstart = certbytes;
-        x = X509_new_with_libctx(s->ctx->libctx, s->ctx->propq);
+        x = X509_new_ex(s->ctx->libctx, s->ctx->propq);
         if (x == NULL) {
             SSLfatal(s, SSL_AD_DECODE_ERROR,
                      SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 52b4ffe132..fbef9c1a86 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -373,11 +373,9 @@ int tls1_change_cipher_state(SSL *s, int which)
 
     if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
         if (mac_type == EVP_PKEY_HMAC) {
-            mac_key = EVP_PKEY_new_raw_private_key_with_libctx(s->ctx->libctx,
-                                                               "HMAC",
-                                                               s->ctx->propq,
-                                                               mac_secret,
-                                                               *mac_secret_size);
+            mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
+                                                      s->ctx->propq, mac_secret,
+                                                      *mac_secret_size);
         } else {
             /*
              * If its not HMAC then the only other types of MAC we support are
@@ -388,9 +386,8 @@ int tls1_change_cipher_state(SSL *s, int which)
                                            (int)*mac_secret_size);
         }
         if (mac_key == NULL
-            || EVP_DigestSignInit_with_libctx(mac_ctx, NULL, EVP_MD_name(m),
-                                              s->ctx->libctx, s->ctx->propq,
-                                              mac_key) <= 0) {
+            || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_name(m),
+                                     s->ctx->libctx, s->ctx->propq, mac_key) <= 0) {
             EVP_PKEY_free(mac_key);
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
                      ERR_R_INTERNAL_ERROR);
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 74e2eace7e..9fa259ec16 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -101,9 +101,8 @@ static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
 
     if (!TEST_ptr(sig = OPENSSL_malloc(sz))
         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
-        || !TEST_int_eq(EVP_DigestSignInit_with_libctx(md_ctx, NULL,
-                                                       digest_name, libctx, NULL,
-                                                       pkey), 1)
+        || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
+                                              NULL, pkey), 1)
         || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0))
         goto err;
     *sig_out = sig;
@@ -311,9 +310,8 @@ static int ecdsa_sigver_test(int id)
 
     ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0)
           && TEST_ptr(md_ctx = EVP_MD_CTX_new())
-          && TEST_true(EVP_DigestVerifyInit_with_libctx(md_ctx, NULL,
-                                                        tst->digest_alg,
-                                                        libctx, NULL, pkey)
+          && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg,
+                                               libctx, NULL, pkey)
           && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len,
                                           tst->msg, tst->msg_len), tst->pass));
 err:
@@ -1254,9 +1252,9 @@ static int rsa_sigver_test(int id)
         || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len,
                                       tst->e, tst->e_len, NULL, 0, bn_ctx))
         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
-        || !TEST_true(EVP_DigestVerifyInit_with_libctx(md_ctx, &pkey_ctx,
-                                                       tst->digest_alg,
-                                                       libctx, NULL, pkey)
+        || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx,
+                                              tst->digest_alg, libctx, NULL,
+                                              pkey)
         || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params))
         || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len,
                                          tst->msg, tst->msg_len), tst->pass)))
diff --git a/test/asynctest.c b/test/asynctest.c
index d59104226b..a7aab8efde 100644
--- a/test/asynctest.c
+++ b/test/asynctest.c
@@ -339,7 +339,7 @@ static int test_ASYNC_block_pause(void)
     return 1;
 }
 
-static int test_ASYNC_start_job_with_libctx(void)
+static int test_ASYNC_start_job_ex(void)
 {
     ASYNC_JOB *job = NULL;
     int funcret;
@@ -350,7 +350,7 @@ static int test_ASYNC_start_job_with_libctx(void)
 
     if (libctx == NULL) {
         fprintf(stderr,
-                "test_ASYNC_start_job_with_libctx() failed to create libctx\n");
+                "test_ASYNC_start_job_ex() failed to create libctx\n");
         goto err;
     }
 
@@ -361,7 +361,7 @@ static int test_ASYNC_start_job_with_libctx(void)
                                NULL, 0)
                != ASYNC_PAUSE) {
         fprintf(stderr,
-                "test_ASYNC_start_job_with_libctx() failed to start job\n");
+                "test_ASYNC_start_job_ex() failed to start job\n");
         goto err;
     }
 
@@ -370,14 +370,14 @@ static int test_ASYNC_start_job_with_libctx(void)
     oldctx = OPENSSL_CTX_set0_default(tmpctx);
     if (tmpctx != libctx) {
         fprintf(stderr,
-                "test_ASYNC_start_job_with_libctx() failed - unexpected libctx\n");
+                "test_ASYNC_start_job_ex() failed - unexpected libctx\n");
         goto err;
     }
 
     if (ASYNC_start_job(&job, waitctx, &funcret, change_deflt_libctx, NULL, 0)
                != ASYNC_PAUSE) {
         fprintf(stderr,
-                "test_ASYNC_start_job_with_libctx() - restarting job failed\n");
+                "test_ASYNC_start_job_ex() - restarting job failed\n");
         goto err;
     }
 
@@ -385,7 +385,7 @@ static int test_ASYNC_start_job_with_libctx(void)
     tmpctx = OPENSSL_CTX_set0_default(oldctx);
     if (tmpctx != libctx) {
         fprintf(stderr,
-                "test_ASYNC_start_job_with_libctx() failed - unexpected libctx\n");
+                "test_ASYNC_start_job_ex() failed - unexpected libctx\n");
         goto err;
     }
 
@@ -393,7 +393,7 @@ static int test_ASYNC_start_job_with_libctx(void)
                != ASYNC_FINISH
                 || funcret != 1) {
         fprintf(stderr,
-                "test_ASYNC_start_job_with_libctx() - finishing job failed\n");
+                "test_ASYNC_start_job_ex() - finishing job failed\n");
         goto err;
     }
 
@@ -402,7 +402,7 @@ static int test_ASYNC_start_job_with_libctx(void)
     OPENSSL_CTX_set0_default(tmpctx);
     if (tmpctx != globalctx) {
         fprintf(stderr,
-                "test_ASYNC_start_job_with_libctx() failed - global libctx check failed\n");
+                "test_ASYNC_start_job_ex() failed - global libctx check failed\n");
         goto err;
     }
 
@@ -425,7 +425,7 @@ int main(int argc, char **argv)
                 || !test_ASYNC_get_current_job()
                 || !test_ASYNC_WAIT_CTX_get_all_fds()
                 || !test_ASYNC_block_pause()
-                || !test_ASYNC_start_job_with_libctx()) {
+                || !test_ASYNC_start_job_ex()) {
             return 1;
         }
     }
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index 3a0db7ece3..6f3b931eaa 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -34,7 +34,7 @@ static OPENSSL_CTX *libctx = NULL;
 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
 
 /* TODO(3.0) Clean this up - See issue #12680 */
-static X509 *X509_dup_with_libctx(const X509 *cert)
+static X509 *X509_dup_ex(const X509 *cert)
 {
     X509 *dup = X509_dup(cert);
 
@@ -296,7 +296,7 @@ static int test_cmp_create_certconf(void)
     fixture->fail_info = 0;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup_with_libctx(cert)))) {
+                                             X509_dup_ex(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -310,7 +310,7 @@ static int test_cmp_create_certconf_badAlg(void)
     fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup_with_libctx(cert)))) {
+                                             X509_dup_ex(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -324,7 +324,7 @@ static int test_cmp_create_certconf_fail_info_max(void)
     fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup_with_libctx(cert)))) {
+                                             X509_dup_ex(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -405,7 +405,7 @@ static int execute_certrep_create(CMP_MSG_TEST_FIXTURE *fixture)
     cresp->certifiedKeyPair->certOrEncCert->type =
         OSSL_CMP_CERTORENCCERT_CERTIFICATE;
     if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate =
-         X509_dup_with_libctx(cert)) == NULL
+         X509_dup_ex(cert)) == NULL
             || !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp))
         goto err;
     cresp = NULL;
diff --git a/test/cmp_testlib.c b/test/cmp_testlib.c
index 7a8570afeb..ee6f91a951 100644
--- a/test/cmp_testlib.c
+++ b/test/cmp_testlib.c
@@ -35,7 +35,7 @@ X509 *load_pem_cert(const char *file, OPENSSL_CTX *libctx)
     if (!TEST_ptr(bio = BIO_new(BIO_s_file())))
         return NULL;
     if (TEST_int_gt(BIO_read_filename(bio, file), 0)
-            && TEST_ptr(cert = X509_new_with_libctx(libctx, NULL)))
+            && TEST_ptr(cert = X509_new_ex(libctx, NULL)))
         (void)TEST_ptr(cert = PEM_read_bio_X509(bio, &cert, NULL, NULL));
 
     BIO_free(bio);
diff --git a/test/cmp_testlib.h b/test/cmp_testlib.h
index e8ae7a1834..e6b37a6e3d 100644
--- a/test/cmp_testlib.h
+++ b/test/cmp_testlib.h
@@ -15,7 +15,7 @@
 # include <openssl/cmp.h>
 # include <openssl/pem.h>
 # include <openssl/rand.h>
-# include "crypto/x509.h" /* for x509_set0_libctx() and x509_dup_with_libctx() */
+# include "crypto/x509.h" /* for x509_set0_libctx() and x509_dup_ex() */
 
 # include "../crypto/cmp/cmp_local.h"
 
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 1cc4f94941..872b9d5313 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1189,7 +1189,7 @@ static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
         inlen = strlen(keys[tst].pub);
         in = (unsigned char *)keys[tst].pub;
         if (uselibctx) {
-            pkey = EVP_PKEY_new_raw_public_key_with_libctx(
+            pkey = EVP_PKEY_new_raw_public_key_ex(
                         testctx,
                         OBJ_nid2sn(keys[tst].type),
                         NULL,
@@ -1205,7 +1205,7 @@ static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
         inlen = strlen(keys[tst].priv);
         in = (unsigned char *)keys[tst].priv;
         if (uselibctx) {
-            pkey = EVP_PKEY_new_raw_private_key_with_libctx(
+            pkey = EVP_PKEY_new_raw_private_key_ex(
                         testctx, OBJ_nid2sn(keys[tst].type),
                         NULL,
                         in,
@@ -1605,9 +1605,8 @@ static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
      */
     mdctx = EVP_MD_CTX_new();
     if (!TEST_ptr(mdctx)
-        || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx, NULL,
-                                                     "SHA1", NULL, NULL,
-                                                     pkey)))
+        || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
+                                            pkey)))
         goto err;
 
     /*
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
index 4325cc272f..50d463680a 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -279,7 +279,7 @@ static int dhx_cert_load(void)
     };
 
     if (!TEST_ptr(bio = BIO_new_mem_buf(dhx_cert, sizeof(dhx_cert)))
-        || !TEST_ptr(cert = X509_new_with_libctx(libctx, NULL))
+        || !TEST_ptr(cert = X509_new_ex(libctx, NULL))
         || !TEST_ptr(d2i_X509_bio(bio, &cert)))
         goto err;
     ret = 1;
diff --git a/test/evp_test.c b/test/evp_test.c
index a146f4726f..d7e40f214e 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1160,15 +1160,12 @@ static int mac_test_run_pkey(EVP_TEST *t)
             t->err = "MAC_KEY_CREATE_ERROR";
             goto err;
         }
-        key = EVP_PKEY_new_CMAC_key_with_libctx(expected->key,
-                                                expected->key_len,
-                                                EVP_CIPHER_name(cipher),
-                                                libctx, NULL);
+        key = EVP_PKEY_new_CMAC_key_ex(expected->key, expected->key_len,
+                                       EVP_CIPHER_name(cipher), libctx, NULL);
     } else {
-        key = EVP_PKEY_new_raw_private_key_with_libctx(libctx,
-                                                       OBJ_nid2sn(expected->type),
-                                                       NULL, expected->key,
-                                                       expected->key_len);
+        key = EVP_PKEY_new_raw_private_key_ex(libctx,
+                                              OBJ_nid2sn(expected->type), NULL,
+                                              expected->key, expected->key_len);
     }
     if (key == NULL) {
         t->err = "MAC_KEY_CREATE_ERROR";
@@ -1188,7 +1185,7 @@ static int mac_test_run_pkey(EVP_TEST *t)
         t->err = "INTERNAL_ERROR";
         goto err;
     }
-    if (!EVP_DigestSignInit_with_libctx(mctx, &pctx, mdname, libctx, NULL, key)) {
+    if (!EVP_DigestSignInit_ex(mctx, &pctx, mdname, libctx, NULL, key)) {
         t->err = "DIGESTSIGNINIT_ERROR";
         goto err;
     }
@@ -2895,13 +2892,13 @@ static int digestsigver_test_parse(EVP_TEST *t,
             return 1;
         }
         if (mdata->is_verify) {
-            if (!EVP_DigestVerifyInit_with_libctx(mdata->ctx, &mdata->pctx,
-                                                  name, libctx, NULL, pkey))
+            if (!EVP_DigestVerifyInit_ex(mdata->ctx, &mdata->pctx, name, libctx,
+                                         NULL, pkey))
                 t->err = "DIGESTVERIFYINIT_ERROR";
             return 1;
         }
-        if (!EVP_DigestSignInit_with_libctx(mdata->ctx, &mdata->pctx,
-                                            name, libctx, NULL, pkey))
+        if (!EVP_DigestSignInit_ex(mdata->ctx, &mdata->pctx, name, libctx, NULL,
+                                   pkey))
             t->err = "DIGESTSIGNINIT_ERROR";
         return 1;
     }
@@ -3415,11 +3412,11 @@ start:
             return 0;
         }
         if (klist == &private_keys)
-            pkey = EVP_PKEY_new_raw_private_key_with_libctx(libctx, strnid, NULL,
-                                                            keybin, keylen);
+            pkey = EVP_PKEY_new_raw_private_key_ex(libctx, strnid, NULL, keybin,
+                                                   keylen);
         else
-            pkey = EVP_PKEY_new_raw_public_key_with_libctx(libctx, strnid, NULL,
-                                                           keybin, keylen);
+            pkey = EVP_PKEY_new_raw_public_key_ex(libctx, strnid, NULL, keybin,
+                                                  keylen);
         if (pkey == NULL && !key_unsupported()) {
             TEST_info("Can't read %s data", pp->key);
             OPENSSL_free(keybin);
diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c
index 2ce7d51877..c00e5fd1fb 100644
--- a/test/ossl_store_test.c
+++ b/test/ossl_store_test.c
@@ -29,9 +29,8 @@ static int test_store_open(void)
 
     ret = TEST_ptr(search = OSSL_STORE_SEARCH_by_alias("nothing"))
           && TEST_ptr(ui_method= UI_create_method("DummyUI"))
-          && TEST_ptr(sctx = OSSL_STORE_open_with_libctx(infile, NULL, NULL,
-                                                         ui_method, NULL,
-                                                         NULL, NULL))
+          && TEST_ptr(sctx = OSSL_STORE_open_ex(infile, NULL, NULL, ui_method,
+                                                NULL, NULL, NULL))
           && TEST_false(OSSL_STORE_find(sctx, NULL))
           && TEST_true(OSSL_STORE_find(sctx, search));
     UI_destroy_method(ui_method);
diff --git a/test/ssl_test.c b/test/ssl_test.c
index 1fbe938309..4b7e26b4c1 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -408,26 +408,25 @@ static int test_handshake(int idx)
 
 #ifndef OPENSSL_NO_DTLS
     if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
-        server_ctx = SSL_CTX_new_with_libctx(libctx, NULL, DTLS_server_method());
+        server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method());
         if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
             goto err;
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
             if (!TEST_ptr(server2_ctx =
-                            SSL_CTX_new_with_libctx(libctx, NULL,
-                                                    DTLS_server_method())))
+                            SSL_CTX_new_ex(libctx, NULL, DTLS_server_method())))
                 goto err;
         }
-        client_ctx = SSL_CTX_new_with_libctx(libctx, NULL, DTLS_client_method());
+        client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method());
         if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
             goto err;
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
-            resume_server_ctx = SSL_CTX_new_with_libctx(libctx, NULL,
-                                                        DTLS_server_method());
+            resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
+                                               DTLS_server_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
                 goto err;
-            resume_client_ctx = SSL_CTX_new_with_libctx(libctx, NULL,
-                                                        DTLS_client_method());
+            resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
+                                               DTLS_client_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
                 goto err;
             if (!TEST_ptr(resume_server_ctx)
@@ -437,30 +436,29 @@ static int test_handshake(int idx)
     }
 #endif
     if (test_ctx->method == SSL_TEST_METHOD_TLS) {
-        server_ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_server_method());
+        server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
         if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
             goto err;
         /* SNI on resumption isn't supported/tested yet. */
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
             if (!TEST_ptr(server2_ctx =
-                            SSL_CTX_new_with_libctx(libctx, NULL,
-                                                    TLS_server_method())))
+                            SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
                 goto err;
             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, 0)))
                 goto err;
         }
-        client_ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_client_method());
+        client_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method());
         if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
             goto err;
 
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
-            resume_server_ctx = SSL_CTX_new_with_libctx(libctx, NULL,
-                                                        TLS_server_method());
+            resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
+                                               TLS_server_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)))
                 goto err;
-            resume_client_ctx = SSL_CTX_new_with_libctx(libctx, NULL,
-                                                        TLS_client_method());
+            resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
+                                               TLS_client_method());
             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
                 goto err;
             if (!TEST_ptr(resume_server_ctx)
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index f440601799..7721b17646 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -613,7 +613,7 @@ __owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames,
     if (!strcmp(value, "empty"))
         *pnames = sk_X509_NAME_new_null();
     else
-        *pnames = SSL_load_client_CA_file_with_libctx(value, libctx, NULL);
+        *pnames = SSL_load_client_CA_file_ex(value, libctx, NULL);
     return *pnames != NULL;
 }
 __owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx,
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 75d3c6fbfc..4331f41549 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -797,7 +797,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
     if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
         goto end;
 
-    if (!TEST_ptr(chaincert = X509_new_with_libctx(libctx, NULL)))
+    if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL)))
         goto end;
 
     if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL)
@@ -1546,7 +1546,7 @@ static int test_tlsext_status_type(void)
     if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
             || !TEST_ptr(id = OCSP_RESPID_new())
             || !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
-            || !TEST_ptr(ocspcert = X509_new_with_libctx(libctx, NULL))
+            || !TEST_ptr(ocspcert = X509_new_ex(libctx, NULL))
             || !TEST_ptr(PEM_read_bio_X509(certbio, &ocspcert, NULL, NULL))
             || !TEST_true(OCSP_RESPID_set_by_key_ex(id, ocspcert, libctx, NULL))
             || !TEST_true(sk_OCSP_RESPID_push(ids, id)))
@@ -2568,7 +2568,7 @@ static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
     SSL *ssl = NULL;
     int testresult = 0;
 
-    if (!TEST_ptr(ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_method()))
+    if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method()))
             || !TEST_ptr(ssl = SSL_new(ctx))
             || !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
             || !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
@@ -5279,7 +5279,7 @@ static int test_serverinfo(int tst)
     int ret, expected, testresult = 0;
     SSL_CTX *ctx;
 
-    ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_method());
+    ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
     if (!TEST_ptr(ctx))
         goto end;
 
@@ -5834,7 +5834,7 @@ static int test_max_fragment_len_ext(int idx_tst)
     int testresult = 0, MFL_mode = 0;
     BIO *rbio, *wbio;
 
-    ctx = SSL_CTX_new_with_libctx(libctx, NULL, TLS_method());
+    ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
     if (!TEST_ptr(ctx))
         goto end;
 
@@ -6578,11 +6578,11 @@ static int int_test_ssl_get_shared_ciphers(int tst, int clnt)
      * having the full set of ciphersuites and once with the server side.
      */
     if (clnt) {
-        cctx = SSL_CTX_new_with_libctx(tmplibctx, NULL, TLS_client_method());
+        cctx = SSL_CTX_new_ex(tmplibctx, NULL, TLS_client_method());
         if (!TEST_ptr(cctx))
             goto end;
     } else {
-        sctx = SSL_CTX_new_with_libctx(tmplibctx, NULL, TLS_server_method());
+        sctx = SSL_CTX_new_ex(tmplibctx, NULL, TLS_server_method());
         if (!TEST_ptr(sctx))
             goto end;
     }
@@ -7188,7 +7188,7 @@ static int cert_cb(SSL *s, void *arg)
             goto out;
         if (!TEST_ptr(in = BIO_new(BIO_s_file()))
                 || !TEST_int_ge(BIO_read_filename(in, rootfile), 0)
-                || !TEST_ptr(rootx = X509_new_with_libctx(libctx, NULL))
+                || !TEST_ptr(rootx = X509_new_ex(libctx, NULL))
                 || !TEST_ptr(PEM_read_bio_X509(in, &rootx, NULL, NULL))
                 || !TEST_true(sk_X509_push(chain, rootx)))
             goto out;
@@ -7196,7 +7196,7 @@ static int cert_cb(SSL *s, void *arg)
         BIO_free(in);
         if (!TEST_ptr(in = BIO_new(BIO_s_file()))
                 || !TEST_int_ge(BIO_read_filename(in, ecdsacert), 0)
-                || !TEST_ptr(x509 = X509_new_with_libctx(libctx, NULL))
+                || !TEST_ptr(x509 = X509_new_ex(libctx, NULL))
                 || !TEST_ptr(PEM_read_bio_X509(in, &x509, NULL, NULL)))
             goto out;
         BIO_free(in);
@@ -7346,7 +7346,7 @@ static int client_cert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
     if (!TEST_ptr(in))
         return 0;
 
-    if (!TEST_ptr(xcert = X509_new_with_libctx(libctx, NULL))
+    if (!TEST_ptr(xcert = X509_new_ex(libctx, NULL))
             || !TEST_ptr(PEM_read_bio_X509(in, &xcert, NULL, NULL))
             || !TEST_ptr(priv_in = BIO_new_file(privkey, "r"))
             || !TEST_ptr(privpkey = PEM_read_bio_PrivateKey_ex(priv_in, NULL,
@@ -7865,8 +7865,8 @@ static int test_sigalgs_available(int idx)
             serverctx = tmpctx;
     }
 
-    cctx = SSL_CTX_new_with_libctx(clientctx, NULL, TLS_client_method());
-    sctx = SSL_CTX_new_with_libctx(serverctx, NULL, TLS_server_method());
+    cctx = SSL_CTX_new_ex(clientctx, NULL, TLS_client_method());
+    sctx = SSL_CTX_new_ex(serverctx, NULL, TLS_server_method());
     if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
         goto end;
 
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index d1733912bc..875e6eac13 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -1380,9 +1380,9 @@ int main(int argc, char *argv[])
             goto end;
     }
 
-    c_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
-    s_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
-    s_ctx2 = SSL_CTX_new_with_libctx(libctx, NULL, meth); /* no SSL_CTX_dup! */
+    c_ctx = SSL_CTX_new_ex(libctx, NULL, meth);
+    s_ctx = SSL_CTX_new_ex(libctx, NULL, meth);
+    s_ctx2 = SSL_CTX_new_ex(libctx, NULL, meth); /* no SSL_CTX_dup! */
     if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
         ERR_print_errors(bio_err);
         goto end;
diff --git a/test/ssltestlib.c b/test/ssltestlib.c
index 96c1a7f2de..b2baa9fa43 100644
--- a/test/ssltestlib.c
+++ b/test/ssltestlib.c
@@ -695,13 +695,13 @@ const SSL_METHOD *cm,
 
     if (*sctx != NULL)
         serverctx = *sctx;
-    else if (!TEST_ptr(serverctx = SSL_CTX_new_with_libctx(libctx, NULL, sm)))
+    else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)))
         goto err;
 
     if (cctx != NULL) {
         if (*cctx != NULL)
             clientctx = *cctx;
-        else if (!TEST_ptr(clientctx = SSL_CTX_new_with_libctx(libctx, NULL, cm)))
+        else if (!TEST_ptr(clientctx = SSL_CTX_new_ex(libctx, NULL, cm)))
             goto err;
     }
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 7a0965ba72..8e21348e3a 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4910,8 +4910,8 @@ PKCS8_pkey_add1_attr_by_OBJ             ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_private_check                  ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_pairwise_check                 ?	3_0_0	EXIST::FUNCTION:
 ASN1_item_verify_ctx                    ?	3_0_0	EXIST::FUNCTION:
-ASN1_item_sign_with_libctx              ?	3_0_0	EXIST::FUNCTION:
-ASN1_item_verify_with_libctx            ?	3_0_0	EXIST::FUNCTION:
+ASN1_item_sign_ex                       ?	3_0_0	EXIST::FUNCTION:
+ASN1_item_verify_ex                     ?	3_0_0	EXIST::FUNCTION:
 BIO_socket_wait                         ?	3_0_0	EXIST::FUNCTION:SOCK
 BIO_wait                                ?	3_0_0	EXIST::FUNCTION:
 BIO_do_connect_retry                    ?	3_0_0	EXIST::FUNCTION:
@@ -4987,8 +4987,8 @@ EVP_PKEY_CTX_set_rsa_keygen_bits        ?	3_0_0	EXIST::FUNCTION:RSA
 EVP_PKEY_CTX_set_rsa_keygen_pubexp      ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA
 EVP_PKEY_CTX_set1_rsa_keygen_pubexp     ?	3_0_0	EXIST::FUNCTION:RSA
 EVP_PKEY_CTX_set_rsa_keygen_primes      ?	3_0_0	EXIST::FUNCTION:RSA
-NCONF_new_with_libctx                   ?	3_0_0	EXIST::FUNCTION:
-CONF_modules_load_file_with_libctx      ?	3_0_0	EXIST::FUNCTION:
+NCONF_new_ex                            ?	3_0_0	EXIST::FUNCTION:
+CONF_modules_load_file_ex               ?	3_0_0	EXIST::FUNCTION:
 OPENSSL_CTX_load_config                 ?	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_BLD_to_param                 ?	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_BLD_free_params              ?	3_0_0	EXIST::FUNCTION:
@@ -5029,11 +5029,11 @@ EVP_PKEY_get_octet_string_param         ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_is_a                           ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_can_sign                       ?	3_0_0	EXIST::FUNCTION:
 evp_pkey_get_EC_KEY_curve_nid           ?	3_0_0	EXIST::FUNCTION:EC
-X509_STORE_CTX_new_with_libctx          ?	3_0_0	EXIST::FUNCTION:
-CT_POLICY_EVAL_CTX_new_with_libctx      ?	3_0_0	EXIST::FUNCTION:CT
-CTLOG_new_with_libctx                   ?	3_0_0	EXIST::FUNCTION:CT
-CTLOG_new_from_base64_with_libctx       ?	3_0_0	EXIST::FUNCTION:CT
-CTLOG_STORE_new_with_libctx             ?	3_0_0	EXIST::FUNCTION:CT
+X509_STORE_CTX_new_ex                   ?	3_0_0	EXIST::FUNCTION:
+CT_POLICY_EVAL_CTX_new_ex               ?	3_0_0	EXIST::FUNCTION:CT
+CTLOG_new_ex                            ?	3_0_0	EXIST::FUNCTION:CT
+CTLOG_new_from_base64_ex                ?	3_0_0	EXIST::FUNCTION:CT
+CTLOG_STORE_new_ex                      ?	3_0_0	EXIST::FUNCTION:CT
 EVP_PKEY_set_ex_data                    ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_ex_data                    ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_group_name             ?	3_0_0	EXIST::FUNCTION:
@@ -5101,8 +5101,8 @@ EVP_RAND_strength                       ?	3_0_0	EXIST::FUNCTION:
 EVP_RAND_state                          ?	3_0_0	EXIST::FUNCTION:
 EVP_default_properties_is_fips_enabled  ?	3_0_0	EXIST::FUNCTION:
 EVP_default_properties_enable_fips      ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_new_raw_private_key_with_libctx ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_new_raw_public_key_with_libctx ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_new_raw_private_key_ex         ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_new_raw_public_key_ex          ?	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_BLD_push_time_t              ?	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_construct_time_t             ?	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_get_time_t                   ?	3_0_0	EXIST::FUNCTION:
@@ -5120,23 +5120,23 @@ EVP_PKEY_parameters_eq                  ?	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_query_operation           ?	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get0_provider_ctx         ?	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get_capabilities          ?	3_0_0	EXIST::FUNCTION:
-EC_GROUP_new_by_curve_name_with_libctx  ?	3_0_0	EXIST::FUNCTION:EC
-EC_KEY_new_with_libctx                  ?	3_0_0	EXIST::FUNCTION:EC
-EC_KEY_new_by_curve_name_with_libctx    ?	3_0_0	EXIST::FUNCTION:EC
+EC_GROUP_new_by_curve_name_ex           ?	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_new_ex                           ?	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_new_by_curve_name_ex             ?	3_0_0	EXIST::FUNCTION:EC
 OPENSSL_CTX_set0_default                ?	3_0_0	EXIST::FUNCTION:
-PEM_X509_INFO_read_bio_with_libctx      ?	3_0_0	EXIST::FUNCTION:
-PEM_X509_INFO_read_with_libctx          ?	3_0_0	EXIST::FUNCTION:STDIO
-X509_REQ_verify_with_libctx             ?	3_0_0	EXIST::FUNCTION:
-X509_new_with_libctx                    ?	3_0_0	EXIST::FUNCTION:
-X509_LOOKUP_ctrl_with_libctx            ?	3_0_0	EXIST::FUNCTION:
-X509_load_cert_file_with_libctx         ?	3_0_0	EXIST::FUNCTION:
-X509_load_cert_crl_file_with_libctx     ?	3_0_0	EXIST::FUNCTION:
-X509_LOOKUP_by_subject_with_libctx      ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_file_with_libctx        ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_store_with_libctx       ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_load_locations_with_libctx   ?	3_0_0	EXIST::FUNCTION:
-X509_STORE_set_default_paths_with_libctx ?	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_open_with_libctx             ?	3_0_0	EXIST::FUNCTION:
+PEM_X509_INFO_read_bio_ex               ?	3_0_0	EXIST::FUNCTION:
+PEM_X509_INFO_read_ex                   ?	3_0_0	EXIST::FUNCTION:STDIO
+X509_REQ_verify_ex                      ?	3_0_0	EXIST::FUNCTION:
+X509_new_ex                             ?	3_0_0	EXIST::FUNCTION:
+X509_LOOKUP_ctrl_ex                     ?	3_0_0	EXIST::FUNCTION:
+X509_load_cert_file_ex                  ?	3_0_0	EXIST::FUNCTION:
+X509_load_cert_crl_file_ex              ?	3_0_0	EXIST::FUNCTION:
+X509_LOOKUP_by_subject_ex               ?	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_file_ex                 ?	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_store_ex                ?	3_0_0	EXIST::FUNCTION:
+X509_STORE_load_locations_ex            ?	3_0_0	EXIST::FUNCTION:
+X509_STORE_set_default_paths_ex         ?	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_open_ex                      ?	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_fetch                      ?	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_up_ref                     ?	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_free                       ?	3_0_0	EXIST::FUNCTION:
@@ -5181,24 +5181,24 @@ PKCS12_SAFEBAG_create_secret            ?	3_0_0	EXIST::FUNCTION:
 PKCS12_add1_attr_by_NID                 ?	3_0_0	EXIST::FUNCTION:
 PKCS12_add1_attr_by_txt                 ?	3_0_0	EXIST::FUNCTION:
 PKCS12_add_secret                       ?	3_0_0	EXIST::FUNCTION:
-SMIME_write_ASN1_with_libctx            ?	3_0_0	EXIST::FUNCTION:
+SMIME_write_ASN1_ex                     ?	3_0_0	EXIST::FUNCTION:
 SMIME_read_ASN1_ex                      ?	3_0_0	EXIST::FUNCTION:
-CMS_ContentInfo_new_with_libctx         ?	3_0_0	EXIST::FUNCTION:CMS
+CMS_ContentInfo_new_ex                  ?	3_0_0	EXIST::FUNCTION:CMS
 SMIME_read_CMS_ex                       ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_sign_with_libctx                    ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_data_create_with_libctx             ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_digest_create_with_libctx           ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_EncryptedData_encrypt_with_libctx   ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_encrypt_with_libctx                 ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_EnvelopedData_create_with_libctx    ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_ReceiptRequest_create0_with_libctx  ?	3_0_0	EXIST::FUNCTION:CMS
-EVP_SignFinal_with_libctx               ?	3_0_0	EXIST::FUNCTION:
-EVP_VerifyFinal_with_libctx             ?	3_0_0	EXIST::FUNCTION:
-EVP_DigestSignInit_with_libctx          ?	3_0_0	EXIST::FUNCTION:
-EVP_DigestVerifyInit_with_libctx        ?	3_0_0	EXIST::FUNCTION:
-PKCS7_new_with_libctx                   ?	3_0_0	EXIST::FUNCTION:
-PKCS7_sign_with_libctx                  ?	3_0_0	EXIST::FUNCTION:
-PKCS7_encrypt_with_libctx               ?	3_0_0	EXIST::FUNCTION:
+CMS_sign_ex                             ?	3_0_0	EXIST::FUNCTION:CMS
+CMS_data_create_ex                      ?	3_0_0	EXIST::FUNCTION:CMS
+CMS_digest_create_ex                    ?	3_0_0	EXIST::FUNCTION:CMS
+CMS_EncryptedData_encrypt_ex            ?	3_0_0	EXIST::FUNCTION:CMS
+CMS_encrypt_ex                          ?	3_0_0	EXIST::FUNCTION:CMS
+CMS_EnvelopedData_create_ex             ?	3_0_0	EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_create0_ex           ?	3_0_0	EXIST::FUNCTION:CMS
+EVP_SignFinal_ex                        ?	3_0_0	EXIST::FUNCTION:
+EVP_VerifyFinal_ex                      ?	3_0_0	EXIST::FUNCTION:
+EVP_DigestSignInit_ex                   ?	3_0_0	EXIST::FUNCTION:
+EVP_DigestVerifyInit_ex                 ?	3_0_0	EXIST::FUNCTION:
+PKCS7_new_ex                            ?	3_0_0	EXIST::FUNCTION:
+PKCS7_sign_ex                           ?	3_0_0	EXIST::FUNCTION:
+PKCS7_encrypt_ex                        ?	3_0_0	EXIST::FUNCTION:
 SMIME_read_PKCS7_ex                     ?	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_self_test                 ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_tls1_prf_md            ?	3_0_0	EXIST::FUNCTION:
@@ -5242,7 +5242,7 @@ PEM_read_bio_PUBKEY_ex                  ?	3_0_0	EXIST::FUNCTION:
 PEM_read_PUBKEY_ex                      ?	3_0_0	EXIST::FUNCTION:STDIO
 PEM_read_bio_Parameters_ex              ?	3_0_0	EXIST::FUNCTION:
 EC_GROUP_new_from_params                ?	3_0_0	EXIST::FUNCTION:EC
-OSSL_STORE_LOADER_set_open_with_libctx  ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+OSSL_STORE_LOADER_set_open_ex           ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 OSSL_STORE_LOADER_fetch                 ?	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_LOADER_up_ref                ?	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_LOADER_provider              ?	3_0_0	EXIST::FUNCTION:
@@ -5255,20 +5255,20 @@ OSSL_PARAM_get_utf8_string_ptr          ?	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_get_octet_string_ptr         ?	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_CTX_set_passphrase_cb      ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_mac_key                ?	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_new_CMAC_key_with_libctx       ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_new_CMAC_key_ex                ?	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_INFO_new                     ?	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_INFO_get0_data               ?	3_0_0	EXIST::FUNCTION:
 ossl_do_blob_header                     ?	3_0_0	EXIST::FUNCTION:DSA
 ossl_do_PVK_header                      ?	3_0_0	EXIST::FUNCTION:DSA,RC4
 asn1_d2i_read_bio                       ?	3_0_0	EXIST::FUNCTION:
-EVP_PKCS82PKEY_with_libctx              ?	3_0_0	EXIST::FUNCTION:
+EVP_PKCS82PKEY_ex                       ?	3_0_0	EXIST::FUNCTION:
 ossl_b2i                                ?	3_0_0	EXIST::FUNCTION:DSA
 ossl_b2i_bio                            ?	3_0_0	EXIST::FUNCTION:DSA
 EVP_PKEY_CTX_set1_id                    ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get1_id                    ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get1_id_len                ?	3_0_0	EXIST::FUNCTION:
 CMS_AuthEnvelopedData_create            ?	3_0_0	EXIST::FUNCTION:CMS
-CMS_AuthEnvelopedData_create_with_libctx ?	3_0_0	EXIST::FUNCTION:CMS
+CMS_AuthEnvelopedData_create_ex         ?	3_0_0	EXIST::FUNCTION:CMS
 EVP_PKEY_CTX_set_ec_param_enc           ?	3_0_0	EXIST::FUNCTION:EC
 EVP_PKEY_get0_first_alg_name            ?	3_0_0	EXIST::FUNCTION:
 EVP_KEYMGMT_get0_first_name             ?	3_0_0	EXIST::FUNCTION:
diff --git a/util/libssl.num b/util/libssl.num
index 45ff6ed00a..193be1b7a1 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -512,8 +512,8 @@ SSL_CTX_load_verify_file                ?	3_0_0	EXIST::FUNCTION:
 SSL_CTX_load_verify_dir                 ?	3_0_0	EXIST::FUNCTION:
 SSL_CTX_load_verify_store               ?	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_tlsext_ticket_key_evp_cb    ?	3_0_0	EXIST::FUNCTION:
-SSL_CTX_new_with_libctx                 ?	3_0_0	EXIST::FUNCTION:
+SSL_CTX_new_ex                          ?	3_0_0	EXIST::FUNCTION:
 SSL_new_session_ticket                  ?	3_0_0	EXIST::FUNCTION:
 SSL_get0_peer_certificate               ?	3_0_0	EXIST::FUNCTION:
 SSL_get1_peer_certificate               ?	3_0_0	EXIST::FUNCTION:
-SSL_load_client_CA_file_with_libctx     ?	3_0_0	EXIST::FUNCTION:
+SSL_load_client_CA_file_ex              ?	3_0_0	EXIST::FUNCTION:
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 783df1203f..481331e261 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -156,11 +156,11 @@ ASN1_item_pack(3)
 ASN1_item_print(3)
 ASN1_item_sign(3)
 ASN1_item_sign_ctx(3)
-ASN1_item_sign_with_libctx(3)
+ASN1_item_sign_ex(3)
 ASN1_item_unpack(3)
 ASN1_item_verify(3)
 ASN1_item_verify_ctx(3)
-ASN1_item_verify_with_libctx(3)
+ASN1_item_verify_ex(3)
 ASN1_mbstring_copy(3)
 ASN1_mbstring_ncopy(3)
 ASN1_object_size(3)
@@ -673,7 +673,7 @@ EVP_PBE_find(3)
 EVP_PBE_get(3)
 EVP_PBE_scrypt(3)
 EVP_PKCS82PKEY(3)
-EVP_PKCS82PKEY_with_libctx(3)
+EVP_PKCS82PKEY_ex(3)
 EVP_PKEY2PKCS8(3)
 EVP_PKEY_CTX_get0_peerkey(3)
 EVP_PKEY_CTX_get0_pkey(3)
diff --git a/util/other.syms b/util/other.syms
index 395b475159..d4c552e298 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -68,7 +68,7 @@ OSSL_STORE_eof_fn                       datatype
 OSSL_STORE_error_fn                     datatype
 OSSL_STORE_load_fn                      datatype
 OSSL_STORE_open_fn                      datatype
-OSSL_STORE_open_with_libctx_fn          datatype
+OSSL_STORE_open_ex_fn                   datatype
 OSSL_STORE_post_process_info_fn         datatype
 OSSL_trace_cb                           datatype
 PROFESSION_INFO                         datatype
@@ -580,11 +580,11 @@ X509_CRL_http_nbio                      define
 X509_http_nbio                          define
 X509_LOOKUP_add_dir                     define
 X509_LOOKUP_add_store                   define
-X509_LOOKUP_add_store_with_libctx       define
+X509_LOOKUP_add_store_ex                define
 X509_LOOKUP_load_file                   define
-X509_LOOKUP_load_file_with_libctx       define
+X509_LOOKUP_load_file_ex                define
 X509_LOOKUP_load_store                  define
-X509_LOOKUP_load_store_with_libctx      define
+X509_LOOKUP_load_store_ex               define
 X509_STORE_set_lookup_crls_cb           define
 X509_STORE_set_verify_func              define
 EVP_PKEY_CTX_set1_id                    define
diff --git a/util/withlibctx.pl b/util/withlibctx.pl
new file mode 100755
index 0000000000..a8fe22d689
--- /dev/null
+++ b/util/withlibctx.pl
@@ -0,0 +1,141 @@
+#! /usr/bin/env perl
+
+use strict;
+use warnings;
+use File::Temp qw/tempfile/;
+
+my $topdir = shift;
+
+processallfiles($topdir);
+print "Success\n";
+
+sub processallfiles {
+    my $dir = shift;
+    my @files = glob "$dir/*.c $dir/*.h $dir/*.h.in $dir/*.pod *dir/*.pod.in";
+
+    open (my $STDOUT_ORIG, '>&', STDOUT);
+
+    foreach my $file (@files) {
+        my ($tmpfh, $tmpfile) = tempfile();
+
+        print "Processing $file\n";
+        open(STDOUT, '>>', $tmpfile);
+        open(INFILE, $file);
+        processfile(\*INFILE);
+        close(STDOUT);
+        rename($tmpfile, $file);
+        unlink($tmpfile);
+        # restore STDOUT
+        open (STDOUT, '>&', $STDOUT_ORIG);
+    }
+
+    #Recurse through subdirs
+    opendir my $dh, $dir or die "Cannot open directory";
+
+    while (defined(my $subdir = readdir $dh)) {
+        next unless -d "$dir/$subdir";
+        next if (rindex $subdir, ".", 0) == 0;
+        processallfiles("$dir/$subdir");
+    }
+    closedir $dh;
+}
+
+sub processfile {
+    my $fh = shift;
+    my $multiline = 0;
+    my @params;
+    my $indent;
+    my $paramstr = "";
+
+    foreach my $line (<$fh>) {
+        chomp($line);
+        if (!$multiline) {
+            if ($line =~ /^(.+)_with_libctx\((.*[^\\])$/) {
+                my $preline = $1;
+                my $postline = $2;
+                #Strip trailing whitespace
+                $postline =~ s/\s+$//;
+                print $preline.'_ex(';
+                my @rets = extracttoclose($postline);
+                if (@rets) {
+                    print "$postline\n";
+                    $multiline = 0;
+                } else {
+                    $multiline = 1;
+                    $paramstr = $postline;
+                    $indent = (length $preline) + (length '_ex(');
+                }
+            } else {
+                #Any other reference to _with_libctx we just replace
+                $line =~ s/_with_libctx/_ex/g;
+                print $line."\n";
+            }
+        } else {
+            #Strip leading whitespace
+            $line =~ s/^\s+//;
+            #Strip trailing whitespace
+            $line =~ s/\s+$//;
+            my @rets = extracttoclose($paramstr.$line);
+            if (@rets) {
+                my $pre = shift @rets;
+                my $post = shift @rets;
+                @params = split(",", $pre);
+                my @params = grep(s/^\s*|\s*$//g, @params);
+                formatparams($indent, @params);
+                print ')'.$post."\n";
+                $multiline = 0;
+            } else {
+                $paramstr .= $line;
+            }
+        }
+    }
+
+    die "End of multiline not found" if $multiline;
+}
+
+sub formatparams {
+    my $indent = shift;
+    my @params = @_;
+
+    if (@params) {
+        my $param = shift @params;
+        my $lensofar += $indent + (length $param) + 1;
+
+        print "$param";
+        print "," if @params;
+
+        while (@params) {
+            my $param = shift @params;
+
+            if (($lensofar + (length $param) + 2) > 80) {
+                print "\n".(" " x $indent);
+                print $param;
+                $lensofar = $indent + (length $param) + 1;
+            } else {
+                print ' '.$param;
+                $lensofar += (length $param) + 2;
+            }
+            print "," if @params;
+        }
+    }
+}
+
+sub extracttoclose {
+    my $inline = shift;
+    my $outline = "";
+
+    while ($inline =~ /^([^\)]*?)\((.*)$/) {
+        my @rets = extracttoclose($2);
+        if (!@rets) {
+            return ();
+        }
+        my $inside = shift @rets;
+        my $post = shift @rets;
+        $outline .= $1.'('.$inside.')';
+        $inline = $post;
+    }
+    if ($inline =~ /^(.*?)\)(.*)$/) {
+        return ($outline.$1, $2);
+    }
+    return ();
+}


More information about the openssl-commits mailing list