[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Tue Jan 26 14:36:50 UTC 2021


The branch master has been updated
       via  7b0f64b121860be91506906a2dc024e352b3d216 (commit)
       via  82a46200911f2bb1af00b6921c0db9738825aa76 (commit)
       via  f468e2f95160defb7ab7461f8217697add762b90 (commit)
       via  59b64259b8392fea1c88dc992eaed9ba8b29fa80 (commit)
       via  adffee9753d5237951e3a7963f948e5d3fd881ef (commit)
       via  36fafb2e80dd178309ff4d271c4c8c9bafb2d87c (commit)
       via  0c8e98e615d3522592a5bde6fcef43e42eb70deb (commit)
       via  f377e58fde1a7e6b29067c48df7d3c04fdaeba38 (commit)
       via  3d34bedfd7fb9120b6eb7b05c25cd0c3de14c562 (commit)
       via  5b5eea4b60b682009d2b15587c9ceeae5e9c73f8 (commit)
       via  98dbf2c1c8143c0cc6dd05be7950d90bc6792064 (commit)
      from  5764c3522c417fc775a78df4529e7a6f93379de8 (commit)


- Log -----------------------------------------------------------------
commit 7b0f64b121860be91506906a2dc024e352b3d216
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Jan 22 15:52:07 2021 +0100

    Check that the ecparam and pkeyparam do not mangle the parameters
    
    Just comparison of the original parameter file with the -out output.
    
    Some test files have non-canonical encoding, so they are moved
    to a different directory.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit 82a46200911f2bb1af00b6921c0db9738825aa76
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Jan 22 13:59:54 2021 +0100

    Add checks for NULL return from EC_KEY_get0_group()
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit f468e2f95160defb7ab7461f8217697add762b90
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Jan 21 14:38:36 2021 +0100

    ec: Document that -conv_form and -no_public are not supported with engine
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit 59b64259b8392fea1c88dc992eaed9ba8b29fa80
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Jan 21 12:37:21 2021 +0100

    ssl_old_test.c: Replace use of deprecated EC functions
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit adffee9753d5237951e3a7963f948e5d3fd881ef
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jan 20 15:37:32 2021 +0100

    EVP_PKEY_get_group_name works with public keys as well
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit 36fafb2e80dd178309ff4d271c4c8c9bafb2d87c
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jan 20 15:35:50 2021 +0100

    Add manpage for EVP_PKEY_get_field_type and EVP_PKEY_get_point_conv_form
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit 0c8e98e615d3522592a5bde6fcef43e42eb70deb
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jan 20 14:01:01 2021 +0100

    Avoid using OSSL_PKEY_PARAM_GROUP_NAME when the key might be legacy
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit f377e58fde1a7e6b29067c48df7d3c04fdaeba38
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jan 20 12:59:53 2021 +0100

    Disable the test-ec completely when building with no-ec
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit 3d34bedfd7fb9120b6eb7b05c25cd0c3de14c562
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Jan 18 16:05:43 2021 +0000

    Add EVP_PKEY functions to get EC conv form and field type
    
    libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order
    to get the conv form and field type. Instead we provide EVP_PKEY level
    functions to do this.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit 5b5eea4b60b682009d2b15587c9ceeae5e9c73f8
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu Oct 15 13:41:59 2020 +1000

    Deprecate EC_KEY + Update ec apps to use EVP_PKEY
    
    Co-author: Richard Levitte <levitte at openssl.org>
    Co-author: Tomas Mraz <tmraz at openssl.org>
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

commit 98dbf2c1c8143c0cc6dd05be7950d90bc6792064
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu Oct 15 13:39:02 2020 +1000

    Add functions to set values into an EVP_PKEY
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13139)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                         |  56 +-
 apps/ec.c                                          | 189 +++---
 apps/ecparam.c                                     | 300 +++++-----
 crypto/threads_lib.c => apps/include/ec_common.h   |  26 +-
 apps/include/opt.h                                 |   1 +
 apps/lib/opt.c                                     |  14 +
 apps/lib/s_cb.c                                    |  16 +-
 apps/pkey.c                                        |  61 +-
 apps/speed.c                                       |   4 +
 crypto/asn1/asn1_item_list.h                       |   2 +
 crypto/ec/ec_backend.c                             | 219 ++++++-
 crypto/ec/ec_key.c                                 |   2 +-
 crypto/ec/ec_lib.c                                 |  86 +--
 crypto/ec/ec_pmeth.c                               |   3 +
 crypto/ec/eck_prn.c                                |   8 +-
 crypto/evp/ec_ctrl.c                               |   4 +-
 crypto/evp/p_legacy.c                              |  36 ++
 crypto/evp/p_lib.c                                 | 224 +++++--
 crypto/pem/pem_all.c                               |  13 +-
 crypto/sm2/sm2_key.c                               |   2 +
 crypto/sm2/sm2_sign.c                              |   2 +
 crypto/x509/x509_cmp.c                             |  15 +-
 crypto/x509/x509_vfy.c                             |   2 +
 doc/man1/openssl-ec.pod.in                         |   3 +
 doc/man3/EVP_PKEY_get_field_type.pod               |  55 ++
 doc/man3/EVP_PKEY_get_group_name.pod               |   2 +-
 doc/man3/EVP_PKEY_settable_params.pod              |  82 +++
 doc/man3/d2i_RSAPrivateKey.pod                     |  18 +-
 doc/man3/d2i_X509.pod                              |  16 -
 doc/man7/EVP_PKEY-EC.pod                           |  20 +
 fuzz/asn1.c                                        |   4 +-
 fuzz/server.c                                      |  16 +-
 include/crypto/ec.h                                |   9 +
 include/crypto/sm2.h                               |   1 +
 include/crypto/types.h                             |   3 +-
 include/openssl/core_names.h                       |  13 +-
 include/openssl/ec.h                               | 641 +++++++++++----------
 include/openssl/evp.h                              |  28 +-
 include/openssl/pem.h                              |  12 +-
 include/openssl/ssl.h.in                           |   6 +-
 include/openssl/types.h                            |   2 +
 include/openssl/x509.h.in                          |  36 +-
 providers/common/der/der_ec.h.in                   |   1 +
 providers/common/der/der_sm2.h.in                  |   1 +
 providers/implementations/asymciphers/sm2_enc.c    |   2 +
 providers/implementations/keymgmt/ec_kmgmt.c       |  89 ++-
 ssl/s3_lib.c                                       |  46 +-
 ssl/ssl_local.h                                    |   2 +
 ssl/t1_lib.c                                       |  23 +-
 ssl/tls_depr.c                                     |  20 +-
 test/build.info                                    |   6 +-
 test/ectest.c                                      | 118 ++--
 test/evp_extra_test.c                              |  74 +--
 test/helpers/handshake.c                           |  15 +-
 test/recipes/15-test_ec.t                          | 132 ++---
 test/recipes/15-test_ecparam.t                     |  98 +++-
 .../{valid => noncanon}/c2pnb163v1-explicit.pem    |   0
 .../{valid => noncanon}/c2pnb208w1-explicit.pem    |   0
 .../{valid => noncanon}/secp160k1-explicit.pem     |   0
 .../{valid => noncanon}/secp192k1-explicit.pem     |   0
 .../{valid => noncanon}/secp224k1-explicit.pem     |   0
 .../{valid => noncanon}/secp256k1-explicit.pem     |   0
 .../{valid => noncanon}/secp521r1-explicit.pem     |   0
 .../{valid => noncanon}/sect113r1-explicit.pem     |   0
 .../{valid => noncanon}/sect113r2-explicit.pem     |   0
 .../{valid => noncanon}/sect163k1-explicit.pem     |   0
 .../{valid => noncanon}/sect163r2-explicit.pem     |   0
 .../{valid => noncanon}/sect193r1-explicit.pem     |   0
 .../{valid => noncanon}/sect193r2-explicit.pem     |   0
 .../{valid => noncanon}/sect233k1-explicit.pem     |   0
 .../{valid => noncanon}/sect233r1-explicit.pem     |   0
 .../{valid => noncanon}/sect239k1-explicit.pem     |   0
 .../{valid => noncanon}/sect283k1-explicit.pem     |   0
 .../{valid => noncanon}/sect283r1-explicit.pem     |   0
 .../{valid => noncanon}/sect409k1-explicit.pem     |   0
 .../{valid => noncanon}/sect409r1-explicit.pem     |   0
 .../{valid => noncanon}/sect571k1-explicit.pem     |   0
 .../{valid => noncanon}/sect571r1-explicit.pem     |   0
 .../wap-wsg-idm-ecid-wtls1-explicit.pem            |   0
 .../wap-wsg-idm-ecid-wtls10-explicit.pem           |   0
 .../wap-wsg-idm-ecid-wtls11-explicit.pem           |   0
 .../wap-wsg-idm-ecid-wtls3-explicit.pem            |   0
 .../wap-wsg-idm-ecid-wtls4-explicit.pem            |   0
 .../wap-wsg-idm-ecid-wtls5-explicit.pem            |   0
 .../wap-wsg-idm-ecid-wtls8-explicit.pem            |   0
 .../wap-wsg-idm-ecid-wtls9-explicit.pem            |   0
 test/ssl_old_test.c                                |  16 +-
 util/libcrypto.num                                 | 165 +++---
 88 files changed, 1913 insertions(+), 1147 deletions(-)
 copy crypto/threads_lib.c => apps/include/ec_common.h (60%)
 create mode 100644 doc/man3/EVP_PKEY_get_field_type.pod
 create mode 100644 doc/man3/EVP_PKEY_settable_params.pod
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/c2pnb163v1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/c2pnb208w1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp160k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp192k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp224k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp256k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/secp521r1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect113r1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect113r2-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect163k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect163r2-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect193r1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect193r2-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect233k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect233r1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect239k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect283k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect283r1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect409k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect409r1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect571k1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/sect571r1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls1-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls10-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls11-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls3-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls4-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls5-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls8-explicit.pem (100%)
 rename test/recipes/15-test_ecparam_data/{valid => noncanon}/wap-wsg-idm-ecid-wtls9-explicit.pem (100%)

diff --git a/CHANGES.md b/CHANGES.md
index fbd80c33c0..e512b080c7 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -69,6 +69,49 @@ OpenSSL 3.0
 
    *Dmitry Belyavskiy*
 
+ * All of the low level EC_KEY functions have been deprecated including:
+
+   EC_KEY_OpenSSL, EC_KEY_get_default_method, EC_KEY_set_default_method,
+   EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_method
+   EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
+   EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
+   EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
+   EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
+   EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign,
+   EC_KEY_METHOD_get_verify,
+   EC_KEY_new_ex, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags,
+   EC_KEY_clear_flags, EC_KEY_decoded_from_explicit_params,
+   EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free,
+   EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine,
+   EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key,
+   EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key,
+   EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form,
+   EC_KEY_set_conv_form, EC_KEY_set_ex_data, EC_KEY_get_ex_data,
+   EC_KEY_set_asn1_flag, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_can_sign,
+   EC_KEY_set_public_key_affine_coordinates, EC_KEY_key2buf, EC_KEY_oct2key,
+   EC_KEY_oct2priv, EC_KEY_priv2oct and EC_KEY_priv2buf.
+   Applications that need to implement an EC_KEY_METHOD need to consider
+   implementation of the functionality in a special provider.
+   For replacement of the functions manipulating the EC_KEY objects
+   see the EVP_PKEY-EC(7) manual page.
+
+   Additionally functions that read and write EC_KEY objects such as
+   o2i_ECPublicKey, i2o_ECPublicKey, ECParameters_print_fp, EC_KEY_print_fp,
+   d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio,
+   d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp,
+   i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio,
+   i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio and i2d_EC_PUBKEY_fp
+   have also been deprecated. Applications should instead use the
+   OSSL_DECODER and OSSL_ENCODER APIs to read and write EC files.
+
+   Finally functions that assign or obtain EC_KEY objects from an EVP_PKEY such as
+   EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_EC_KEY, EVP_PKEY_get1_EC_KEY and
+   EVP_PKEY_set1_EC_KEY are also deprecated. Applications should instead either
+   read or write an EVP_PKEY directly using the OSSL_DECODER and OSSL_ENCODER
+   APIs. Or load an EVP_PKEY directly from EC data using EVP_PKEY_fromdata().
+
+   *Shane Lontis, Paul Dale, Richard Levitte, and Tomas Mraz*
+
  * Deprecated all the libcrypto and libssl error string loading
    functions: ERR_load_ASN1_strings(), ERR_load_ASYNC_strings(),
    ERR_load_BIO_strings(), ERR_load_BN_strings(), ERR_load_BUF_strings(),
@@ -594,19 +637,6 @@ OpenSSL 3.0
 
    *Paul Dale*
 
- * Deprecated the EC_KEY_METHOD functions.  These include:
-
-   EC_KEY_METHOD_new, EC_KEY_METHOD_free, EC_KEY_METHOD_set_init,
-   EC_KEY_METHOD_set_keygen, EC_KEY_METHOD_set_compute_key,
-   EC_KEY_METHOD_set_sign, EC_KEY_METHOD_set_verify,
-   EC_KEY_METHOD_get_init, EC_KEY_METHOD_get_keygen,
-   EC_KEY_METHOD_get_compute_key, EC_KEY_METHOD_get_sign and
-   EC_KEY_METHOD_get_verify.
-
-   Instead applications and extension writers should use the OSSL_PROVIDER APIs.
-
-   *Paul Dale*
-
  * Deprecated EVP_PKEY_decrypt_old(), please use EVP_PKEY_decrypt_init()
    and EVP_PKEY_decrypt() instead.
    Deprecated EVP_PKEY_encrypt_old(), please use EVP_PKEY_encrypt_init()
diff --git a/apps/ec.c b/apps/ec.c
index e1d447de81..109e3eaeeb 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -8,29 +8,17 @@
  */
 
 #include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#include <openssl/encoder.h>
+#include <openssl/decoder.h>
+#include <openssl/core_names.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/params.h>
+#include <openssl/err.h>
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
 #include "apps.h"
 #include "progs.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-
-static OPT_PAIR conv_forms[] = {
-    {"compressed", POINT_CONVERSION_COMPRESSED},
-    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
-    {"hybrid", POINT_CONVERSION_HYBRID},
-    {NULL}
-};
-
-static OPT_PAIR param_enc[] = {
-    {"named_curve", OPENSSL_EC_NAMED_CURVE},
-    {"explicit", 0},
-    {NULL}
-};
+#include "ec_common.h"
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -74,19 +62,22 @@ const OPTIONS ec_options[] = {
 
 int ec_main(int argc, char **argv)
 {
+    OSSL_ENCODER_CTX *ectx = NULL;
+    OSSL_DECODER_CTX *dctx = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *eckey = NULL;
     BIO *in = NULL, *out = NULL;
     ENGINE *e = NULL;
-    EC_KEY *eckey = NULL;
-    const EC_GROUP *group;
     const EVP_CIPHER *enc = NULL;
-    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
     char *infile = NULL, *outfile = NULL, *prog;
     char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
     OPTION_CHOICE o;
-    int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
-    int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
-    int no_public = 0, check = 0;
+    int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0;
+    int check = 0;
+    char *asn1_encoding = NULL;
+    char *point_format = NULL;
+    int no_public = 0;
 
     prog = opt_init(argc, argv, ec_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -143,16 +134,14 @@ int ec_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_CONV_FORM:
-            if (!opt_pair(opt_arg(), conv_forms, &i))
+            point_format = opt_arg();
+            if (!opt_string(point_format, point_format_options))
                 goto opthelp;
-            new_form = 1;
-            form = i;
             break;
         case OPT_PARAM_ENC:
-            if (!opt_pair(opt_arg(), param_enc, &i))
+            asn1_encoding = opt_arg();
+            if (!opt_string(asn1_encoding, asn1_encoding_options))
                 goto opthelp;
-            new_asn1_flag = 1;
-            asn1_flag = i;
             break;
         case OPT_NO_PUBLIC:
             no_public = 1;
@@ -188,30 +177,14 @@ int ec_main(int argc, char **argv)
     }
 
     BIO_printf(bio_err, "read EC key\n");
-    if (informat == FORMAT_ASN1) {
-        if (pubin)
-            eckey = d2i_EC_PUBKEY_bio(in, NULL);
-        else
-            eckey = d2i_ECPrivateKey_bio(in, NULL);
-    } else if (informat == FORMAT_ENGINE) {
-        EVP_PKEY *pkey;
-        if (pubin)
-            pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
-        else
-            pkey = load_key(infile, informat, 1, passin, e, "private key");
-        if (pkey != NULL) {
-            eckey = EVP_PKEY_get1_EC_KEY(pkey);
-            EVP_PKEY_free(pkey);
-        }
-    } else {
-        if (pubin)
-            eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
-        else
-            eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
-    }
+
+    if (pubin)
+        eckey = load_pubkey(infile, informat, 1, passin, e, "public key");
+    else
+        eckey = load_key(infile, informat, 1, passin, e, "private key");
+
     if (eckey == NULL) {
         BIO_printf(bio_err, "unable to load Key\n");
-        ERR_print_errors(bio_err);
         goto end;
     }
 
@@ -219,74 +192,96 @@ int ec_main(int argc, char **argv)
     if (out == NULL)
         goto end;
 
-    group = EC_KEY_get0_group(eckey);
-
-    if (new_form)
-        EC_KEY_set_conv_form(eckey, form);
+    if (point_format
+        && !EVP_PKEY_set_utf8_string_param(
+                eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                point_format)) {
+        BIO_printf(bio_err, "unable to set point conversion format\n");
+        goto end;
+    }
 
-    if (new_asn1_flag)
-        EC_KEY_set_asn1_flag(eckey, asn1_flag);
+    if (asn1_encoding != NULL
+        && !EVP_PKEY_set_utf8_string_param(
+                eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
+        BIO_printf(bio_err, "unable to set asn1 encoding format\n");
+        goto end;
+    }
 
-    if (no_public)
-        EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
+    if (no_public
+        && !EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0)) {
+        BIO_printf(bio_err, "unable to disable public key encoding\n");
+        goto end;
+    }
 
     if (text) {
         assert(pubin || private);
-        if (!EC_KEY_print(out, eckey, 0)) {
-            perror(outfile);
-            ERR_print_errors(bio_err);
+        if ((pubin && EVP_PKEY_print_public(out, eckey, 0, NULL) <= 0)
+            || (!pubin && EVP_PKEY_print_private(out, eckey, 0, NULL) <= 0)) {
+            BIO_printf(bio_err, "unable to print EC key\n");
             goto end;
         }
     }
 
     if (check) {
-        if (EC_KEY_check_key(eckey) == 1) {
-            BIO_printf(bio_err, "EC Key valid.\n");
-        } else {
-            BIO_printf(bio_err, "EC Key Invalid!\n");
-            ERR_print_errors(bio_err);
+        pctx = EVP_PKEY_CTX_new_from_pkey(NULL, eckey, NULL);
+        if (pctx == NULL) {
+            BIO_printf(bio_err, "unable to check EC key\n");
+            goto end;
         }
+        if (!EVP_PKEY_check(pctx))
+            BIO_printf(bio_err, "EC Key Invalid!\n");
+        else
+            BIO_printf(bio_err, "EC Key valid.\n");
+        ERR_print_errors(bio_err);
     }
 
-    if (noout) {
-        ret = 0;
-        goto end;
-    }
+    if (!noout) {
+        int selection;
+        const char *output_type = outformat == FORMAT_ASN1 ? "DER" : "PEM";
+        const char *output_structure = "type-specific";
 
-    BIO_printf(bio_err, "writing EC key\n");
-    if (outformat == FORMAT_ASN1) {
+        BIO_printf(bio_err, "writing EC key\n");
         if (param_out) {
-            i = i2d_ECPKParameters_bio(out, group);
+            selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
         } else if (pubin || pubout) {
-            i = i2d_EC_PUBKEY_bio(out, eckey);
+            selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
+                | OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+            output_structure = "SubjectPublicKeyInfo";
         } else {
+            selection = OSSL_KEYMGMT_SELECT_ALL;
             assert(private);
-            i = i2d_ECPrivateKey_bio(out, eckey);
         }
-    } else {
-        if (param_out) {
-            i = PEM_write_bio_ECPKParameters(out, group);
-        } else if (pubin || pubout) {
-            i = PEM_write_bio_EC_PUBKEY(out, eckey);
-        } else {
-            assert(private);
-            i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
-                                           NULL, 0, NULL, passout);
+
+        ectx = OSSL_ENCODER_CTX_new_by_EVP_PKEY(eckey, selection,
+                                                output_type, output_structure,
+                                                NULL);
+        if (enc != NULL) {
+            OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+            if (passout != NULL)
+                OSSL_ENCODER_CTX_set_passphrase(ectx,
+                                                (const unsigned char *)passout,
+                                                strlen(passout));
+        }
+        if (!OSSL_ENCODER_to_bio(ectx, out)) {
+            BIO_printf(bio_err, "unable to write EC key\n");
+            goto end;
         }
     }
 
-    if (!i) {
-        BIO_printf(bio_err, "unable to write private key\n");
+    ret = 0;
+end:
+    if (ret != 0)
         ERR_print_errors(bio_err);
-    } else {
-        ret = 0;
-    }
- end:
     BIO_free(in);
     BIO_free_all(out);
-    EC_KEY_free(eckey);
+    EVP_PKEY_free(eckey);
+    OSSL_ENCODER_CTX_free(ectx);
+    OSSL_DECODER_CTX_free(dctx);
+    EVP_PKEY_CTX_free(pctx);
     release_engine(e);
-    OPENSSL_free(passin);
-    OPENSSL_free(passout);
+    if (passin != NULL)
+        OPENSSL_clear_free(passin, strlen(passin));
+    if (passout != NULL)
+        OPENSSL_clear_free(passout, strlen(passout));
     return ret;
 }
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 06f017a548..505868eb18 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -9,19 +9,16 @@
  */
 
 #include <openssl/opensslconf.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/encoder.h>
+#include <openssl/decoder.h>
+#include <openssl/core_names.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/params.h>
+#include <openssl/err.h>
 #include "apps.h"
 #include "progs.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
+#include "ec_common.h"
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -67,36 +64,51 @@ const OPTIONS ecparam_options[] = {
     {NULL}
 };
 
-static OPT_PAIR forms[] = {
-    {"compressed", POINT_CONVERSION_COMPRESSED},
-    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
-    {"hybrid", POINT_CONVERSION_HYBRID},
-    {NULL}
-};
+static int list_builtin_curves(BIO *out)
+{
+    int ret = 0;
+    EC_builtin_curve *curves = NULL;
+    size_t n, crv_len = EC_get_builtin_curves(NULL, 0);
 
-static OPT_PAIR encodings[] = {
-    {"named_curve", OPENSSL_EC_NAMED_CURVE},
-    {"explicit", 0},
-    {NULL}
-};
+    curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
+    if (!EC_get_builtin_curves(curves, crv_len))
+        goto end;
+
+    for (n = 0; n < crv_len; n++) {
+        const char *comment = curves[n].comment;
+        const char *sname = OBJ_nid2sn(curves[n].nid);
+
+        if (comment == NULL)
+            comment = "CURVE DESCRIPTION NOT AVAILABLE";
+        if (sname == NULL)
+            sname = "";
+
+        BIO_printf(out, "  %-10s: ", sname);
+        BIO_printf(out, "%s\n", comment);
+    }
+    ret = 1;
+end:
+    OPENSSL_free(curves);
+    return ret;
+}
 
 int ecparam_main(int argc, char **argv)
 {
+    EVP_PKEY_CTX *gctx_params = NULL, *gctx_key = NULL, *pctx = NULL;
+    EVP_PKEY *params_key = NULL, *key = NULL;
+    OSSL_ENCODER_CTX *ectx_key = NULL, *ectx_params = NULL;
+    OSSL_DECODER_CTX *dctx_params = NULL;
     ENGINE *e = NULL;
-    BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
-    BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
     BIO *in = NULL, *out = NULL;
-    EC_GROUP *group = NULL;
-    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
     char *curve_name = NULL;
+    char *asn1_encoding = NULL;
+    char *point_format = NULL;
     char *infile = NULL, *outfile = NULL, *prog;
-    unsigned char *buffer = NULL;
     OPTION_CHOICE o;
-    int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0;
     int ret = 1, private = 0;
-    int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
-    int text = 0, i, genkey = 0, check_named = 0;
+    int no_seed = 0, check = 0, check_named = 0, text = 0, genkey = 0;
+    int list_curves = 0;
 
     prog = opt_init(argc, argv, ecparam_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -146,15 +158,14 @@ int ecparam_main(int argc, char **argv)
             curve_name = opt_arg();
             break;
         case OPT_CONV_FORM:
-            if (!opt_pair(opt_arg(), forms, &new_form))
+            point_format = opt_arg();
+            if (!opt_string(point_format, point_format_options))
                 goto opthelp;
-            form = new_form;
-            new_form = 1;
             break;
         case OPT_PARAM_ENC:
-            if (!opt_pair(opt_arg(), encodings, &asn1_flag))
+            asn1_encoding = opt_arg();
+            if (!opt_string(asn1_encoding, asn1_encoding_options))
                 goto opthelp;
-            new_asn1_flag = 1;
             break;
         case OPT_GENKEY:
             genkey = 1;
@@ -188,111 +199,88 @@ int ecparam_main(int argc, char **argv)
         goto end;
 
     if (list_curves) {
-        EC_builtin_curve *curves = NULL;
-        size_t crv_len = EC_get_builtin_curves(NULL, 0);
-        size_t n;
-
-        curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
-        if (!EC_get_builtin_curves(curves, crv_len)) {
-            OPENSSL_free(curves);
-            goto end;
-        }
-
-        for (n = 0; n < crv_len; n++) {
-            const char *comment;
-            const char *sname;
-            comment = curves[n].comment;
-            sname = OBJ_nid2sn(curves[n].nid);
-            if (comment == NULL)
-                comment = "CURVE DESCRIPTION NOT AVAILABLE";
-            if (sname == NULL)
-                sname = "";
-
-            BIO_printf(out, "  %-10s: ", sname);
-            BIO_printf(out, "%s\n", comment);
-        }
-
-        OPENSSL_free(curves);
-        ret = 0;
+        if (list_builtin_curves(out))
+            ret = 0;
         goto end;
     }
 
     if (curve_name != NULL) {
-        int nid;
+        OSSL_PARAM params[4];
+        OSSL_PARAM *p = params;
 
-        /*
-         * workaround for the SECG curve names secp192r1 and secp256r1 (which
-         * are the same as the curves prime192v1 and prime256v1 defined in
-         * X9.62)
-         */
         if (strcmp(curve_name, "secp192r1") == 0) {
-            BIO_printf(bio_err, "using curve name prime192v1 "
-                       "instead of secp192r1\n");
-            nid = NID_X9_62_prime192v1;
+            BIO_printf(bio_err,
+                       "using curve name prime192v1 instead of secp192r1\n");
+            curve_name = SN_X9_62_prime192v1;
         } else if (strcmp(curve_name, "secp256r1") == 0) {
-            BIO_printf(bio_err, "using curve name prime256v1 "
-                       "instead of secp256r1\n");
-            nid = NID_X9_62_prime256v1;
-        } else {
-            nid = OBJ_sn2nid(curve_name);
+            BIO_printf(bio_err,
+                       "using curve name prime256v1 instead of secp256r1\n");
+            curve_name = SN_X9_62_prime256v1;
         }
-
-        if (nid == 0)
-            nid = EC_curve_nist2nid(curve_name);
-
-        if (nid == 0) {
-            BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
+        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
+                                                curve_name, 0);
+        if (asn1_encoding != NULL)
+            *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
+                                                    asn1_encoding, 0);
+        if (point_format != NULL)
+            *p++ = OSSL_PARAM_construct_utf8_string(
+                       OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                       point_format, 0);
+        *p = OSSL_PARAM_construct_end();
+        gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL);
+        if (gctx_params == NULL
+            || EVP_PKEY_keygen_init(gctx_params) <= 0
+            || EVP_PKEY_CTX_set_params(gctx_params, params) <= 0
+            || EVP_PKEY_keygen(gctx_params, &params_key) <= 0) {
+            BIO_printf(bio_err, "unable to generate key\n");
+            goto end;
+        }
+    } else {
+        params_key = load_keyparams(infile, 1, "EC", "EC parameters");
+        if (!EVP_PKEY_is_a(params_key, "EC"))
+            goto end;
+        if (point_format
+            && !EVP_PKEY_set_utf8_string_param(
+                    params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                    point_format)) {
+            BIO_printf(bio_err, "unable to set point conversion format\n");
             goto end;
         }
 
-        group = EC_GROUP_new_by_curve_name(nid);
-        if (group == NULL) {
-            BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
+        if (asn1_encoding != NULL
+            && !EVP_PKEY_set_utf8_string_param(
+                    params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
+            BIO_printf(bio_err, "unable to set asn1 encoding format\n");
             goto end;
         }
-        EC_GROUP_set_asn1_flag(group, asn1_flag);
-        EC_GROUP_set_point_conversion_form(group, form);
-    } else if (informat == FORMAT_ASN1) {
-        group = d2i_ECPKParameters_bio(in, NULL);
-    } else {
-        group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
     }
-    if (group == NULL) {
-        BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
-        ERR_print_errors(bio_err);
+
+    if (no_seed
+        && !EVP_PKEY_set_octet_string_param(params_key, OSSL_PKEY_PARAM_EC_SEED,
+                                            NULL, 0)) {
+        BIO_printf(bio_err, "unable to clear seed\n");
         goto end;
     }
 
-    if (new_form)
-        EC_GROUP_set_point_conversion_form(group, form);
-
-    if (new_asn1_flag)
-        EC_GROUP_set_asn1_flag(group, asn1_flag);
-
-    if (no_seed) {
-        EC_GROUP_set_seed(group, NULL, 0);
+    if (text
+        && !EVP_PKEY_print_params(out, params_key, 0, NULL)) {
+        BIO_printf(bio_err, "unable to print params\n");
+        goto end;
     }
 
-    if (text) {
-        if (!ECPKParameters_print(out, group, 0))
-            goto end;
-    }
+    if (check || check_named) {
+        BIO_printf(bio_err, "checking elliptic curve parameters: ");
 
-    if (check_named) {
-        BIO_printf(bio_err, "validating named elliptic curve parameters: ");
-        if (EC_GROUP_check_named_curve(group, 0, NULL) <= 0) {
-            BIO_printf(bio_err, "failed\n");
-            ERR_print_errors(bio_err);
-            goto end;
+        if (check_named
+            && !EVP_PKEY_set_utf8_string_param(params_key,
+                                           OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
+                                           OSSL_PKEY_EC_GROUP_CHECK_NAMED)) {
+                BIO_printf(bio_err, "unable to set check_type\n");
+                goto end;
         }
-        BIO_printf(bio_err, "ok\n");
-    }
-
-    if (check) {
-        BIO_printf(bio_err, "checking elliptic curve parameters: ");
-        if (!EC_GROUP_check(group, NULL)) {
+        pctx = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL);
+        if (pctx == NULL || !EVP_PKEY_param_check(pctx)) {
             BIO_printf(bio_err, "failed\n");
-            ERR_print_errors(bio_err);
             goto end;
         }
         BIO_printf(bio_err, "ok\n");
@@ -302,60 +290,54 @@ int ecparam_main(int argc, char **argv)
         noout = 1;
 
     if (!noout) {
-        if (outformat == FORMAT_ASN1)
-            i = i2d_ECPKParameters_bio(out, group);
-        else
-            i = PEM_write_bio_ECPKParameters(out, group);
-        if (!i) {
-            BIO_printf(bio_err, "unable to write elliptic "
-                       "curve parameters\n");
-            ERR_print_errors(bio_err);
+        ectx_params = OSSL_ENCODER_CTX_new_by_EVP_PKEY(
+                          params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
+                          outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
+        if (!OSSL_ENCODER_to_bio(ectx_params, out)) {
+            BIO_printf(bio_err, "unable to write elliptic curve parameters\n");
             goto end;
         }
     }
 
     if (genkey) {
-        EC_KEY *eckey = EC_KEY_new();
-
-        if (eckey == NULL)
-            goto end;
-
-        if (EC_KEY_set_group(eckey, group) == 0) {
-            BIO_printf(bio_err, "unable to set group when generating key\n");
-            EC_KEY_free(eckey);
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-
-        if (new_form)
-            EC_KEY_set_conv_form(eckey, form);
-
-        if (!EC_KEY_generate_key(eckey)) {
+        /*
+         * NOTE: EC keygen does not normally need to pass in the param_key
+         * for named curves. This can be achieved using:
+         *    gctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
+         *    EVP_PKEY_keygen_init(gctx);
+         *    EVP_PKEY_CTX_set_group_name(gctx, curvename);
+         *    EVP_PKEY_keygen(gctx, &key) <= 0)
+         */
+        gctx_key = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL);
+        if (EVP_PKEY_keygen_init(gctx_key) <= 0
+            || EVP_PKEY_keygen(gctx_key, &key) <= 0) {
             BIO_printf(bio_err, "unable to generate key\n");
-            EC_KEY_free(eckey);
-            ERR_print_errors(bio_err);
             goto end;
         }
         assert(private);
-        if (outformat == FORMAT_ASN1)
-            i = i2d_ECPrivateKey_bio(out, eckey);
-        else
-            i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
-                                           NULL, 0, NULL, NULL);
-        EC_KEY_free(eckey);
+        ectx_key = OSSL_ENCODER_CTX_new_by_EVP_PKEY(
+                       key, OSSL_KEYMGMT_SELECT_ALL,
+                       outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
+        if (!OSSL_ENCODER_to_bio(ectx_key, out)) {
+            BIO_printf(bio_err, "unable to write elliptic "
+                       "curve parameters\n");
+            goto end;
+        }
     }
 
     ret = 0;
- end:
-    BN_free(ec_p);
-    BN_free(ec_a);
-    BN_free(ec_b);
-    BN_free(ec_gen);
-    BN_free(ec_order);
-    BN_free(ec_cofactor);
-    OPENSSL_free(buffer);
-    EC_GROUP_free(group);
+end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
     release_engine(e);
+    EVP_PKEY_free(params_key);
+    EVP_PKEY_free(key);
+    EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_CTX_free(gctx_params);
+    EVP_PKEY_CTX_free(gctx_key);
+    OSSL_DECODER_CTX_free(dctx_params);
+    OSSL_ENCODER_CTX_free(ectx_params);
+    OSSL_ENCODER_CTX_free(ectx_key);
     BIO_free(in);
     BIO_free_all(out);
     return ret;
diff --git a/crypto/threads_lib.c b/apps/include/ec_common.h
similarity index 60%
copy from crypto/threads_lib.c
copy to apps/include/ec_common.h
index 0c7162392d..4ed12163fa 100644
--- a/crypto/threads_lib.c
+++ b/apps/include/ec_common.h
@@ -6,20 +6,18 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
-#include <openssl/crypto.h>
 
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-
-void OPENSSL_fork_prepare(void)
-{
-}
-
-void OPENSSL_fork_parent(void)
-{
-}
-
-void OPENSSL_fork_child(void)
-{
-}
+#ifndef OPENSSL_NO_EC
+static const char *point_format_options[] = {
+    "uncompressed",
+    "compressed",
+    "hybrid",
+    NULL
+};
 
+static const char *asn1_encoding_options[] = {
+    "named_curve",
+    "explicit",
+    NULL
+};
 #endif
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 15375e3a80..34298cf50d 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -363,6 +363,7 @@ int opt_umax(const char *arg, uintmax_t *result);
 # define uintmax_t unsigned long
 #endif
 int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_string(const char *name, const char **options);
 int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
 int opt_md(const char *name, const EVP_MD **mdp);
 char *opt_arg(void);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 9675bc474d..11a9a13496 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -391,6 +391,20 @@ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
     return 0;
 }
 
+/* Look through a list of valid names */
+int opt_string(const char *name, const char **options)
+{
+    const char **p;
+
+    for (p = options; *p != NULL; p++)
+        if (strcmp(*p, name) == 0)
+            return 1;
+    opt_printf_stderr("%s: Value must be one of:\n", prog);
+    for (p = options; *p != NULL; p++)
+        opt_printf_stderr("\t%s\n", *p);
+    return 0;
+}
+
 /* Parse an int, put it into *result; return 0 on failure, else 1. */
 int opt_int(const char *value, int *result)
 {
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 67e0fbd5bd..d77647246d 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -397,15 +397,13 @@ int ssl_print_tmp_key(BIO *out, SSL *s)
 #ifndef OPENSSL_NO_EC
     case EVP_PKEY_EC:
         {
-            EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
-            int nid;
-            const char *cname;
-            nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
-            EC_KEY_free(ec);
-            cname = EC_curve_nid2nist(nid);
-            if (cname == NULL)
-                cname = OBJ_nid2sn(nid);
-            BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
+            char name[80];
+            size_t name_len;
+
+            if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,
+                                                name, sizeof(name), &name_len))
+                strcpy(name, "?");
+            BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_bits(key));
         }
     break;
 #endif
diff --git a/apps/pkey.c b/apps/pkey.c
index 5d12cc059a..33ed5ebf58 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -11,26 +11,11 @@
 #include <string.h>
 #include "apps.h"
 #include "progs.h"
+#include "ec_common.h"
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
-
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-
-static OPT_PAIR ec_conv_forms[] = {
-    {"compressed", POINT_CONVERSION_COMPRESSED},
-    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
-    {"hybrid", POINT_CONVERSION_HYBRID},
-    {NULL}
-};
-
-static OPT_PAIR ec_param_enc[] = {
-    {"named_curve", OPENSSL_EC_NAMED_CURVE},
-    {"explicit", 0},
-    {NULL}
-};
-#endif
+#include <openssl/core_names.h>
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
@@ -94,10 +79,8 @@ int pkey_main(int argc, char **argv)
     int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1;
     int private = 0, traditional = 0, check = 0, pub_check = 0;
 #ifndef OPENSSL_NO_EC
-    EC_KEY *eckey;
-    int ec_asn1_flag = OPENSSL_EC_NAMED_CURVE, new_ec_asn1_flag = 0;
-    int i, new_ec_form = 0;
-    point_conversion_form_t ec_form = POINT_CONVERSION_UNCOMPRESSED;
+    char *asn1_encoding = NULL;
+    char *point_format = NULL;
 #endif
 
     prog = opt_init(argc, argv, pkey_options);
@@ -167,20 +150,18 @@ int pkey_main(int argc, char **argv)
 #ifdef OPENSSL_NO_EC
             goto opthelp;
 #else
-            if (!opt_pair(opt_arg(), ec_conv_forms, &i))
+            point_format = opt_arg();
+            if (!opt_string(point_format, point_format_options))
                 goto opthelp;
-            new_ec_form = 1;
-            ec_form = i;
             break;
 #endif
         case OPT_EC_PARAM_ENC:
 #ifdef OPENSSL_NO_EC
             goto opthelp;
 #else
-            if (!opt_pair(opt_arg(), ec_param_enc, &i))
+            asn1_encoding = opt_arg();
+            if (!opt_string(asn1_encoding, asn1_encoding_options))
                 goto opthelp;
-            new_ec_asn1_flag = 1;
-            ec_asn1_flag = i;
             break;
 #endif
         case OPT_PROV_CASES:
@@ -234,20 +215,22 @@ int pkey_main(int argc, char **argv)
         goto end;
 
 #ifndef OPENSSL_NO_EC
-    /*
-     * TODO: remove this and use a set params call with a 'pkeyopt' command
-     * line option instead.
-     */
-    if (new_ec_form || new_ec_asn1_flag) {
-        if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
-            ERR_print_errors(bio_err);
+    if (asn1_encoding != NULL || point_format != NULL) {
+        OSSL_PARAM params[3], *p = params;
+
+        if (!EVP_PKEY_is_a(pkey, "EC"))
             goto end;
-        }
-        if (new_ec_form)
-            EC_KEY_set_conv_form(eckey, ec_form);
 
-        if (new_ec_asn1_flag)
-            EC_KEY_set_asn1_flag(eckey, ec_asn1_flag);
+        if (asn1_encoding != NULL)
+            *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
+                                                    asn1_encoding, 0);
+        if (point_format != NULL)
+            *p++ = OSSL_PARAM_construct_utf8_string(
+                       OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                       point_format, 0);
+        *p = OSSL_PARAM_construct_end();
+        if (EVP_PKEY_set_params(pkey, params) <= 0)
+            goto end;
     }
 #endif
 
diff --git a/apps/speed.c b/apps/speed.c
index c8c4f65b47..e2b98c86b5 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -583,7 +583,9 @@ typedef struct loopargs_st {
     DSA *dsa_key[DSA_NUM];
 #endif
 #ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     EC_KEY *ecdsa[ECDSA_NUM];
+# endif
     EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
     EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
     EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
@@ -4082,8 +4084,10 @@ int speed_main(int argc, char **argv)
             DSA_free(loopargs[i].dsa_key[k]);
 #endif
 #ifndef OPENSSL_NO_EC
+# if !defined(OPENSSL_NO_DEPRECATED_3_0)
         for (k = 0; k < ECDSA_NUM; k++)
             EC_KEY_free(loopargs[i].ecdsa[k]);
+# endif
         for (k = 0; k < EC_NUM; k++)
             EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
         for (k = 0; k < EdDSA_NUM; k++) {
diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h
index 01d9076350..b8c5581146 100644
--- a/crypto/asn1/asn1_item_list.h
+++ b/crypto/asn1/asn1_item_list.h
@@ -63,8 +63,10 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
     ASN1_ITEM_ref(DIST_POINT_NAME),
     ASN1_ITEM_ref(DIST_POINT),
 #ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     ASN1_ITEM_ref(ECPARAMETERS),
     ASN1_ITEM_ref(ECPKPARAMETERS),
+# endif
 #endif
     ASN1_ITEM_ref(EDIPARTYNAME),
     ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c
index f950657173..06acb7d607 100644
--- a/crypto/ec/ec_backend.c
+++ b/crypto/ec/ec_backend.c
@@ -7,6 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+/*
+ * Low level APIs related to EC_KEY are deprecated for public use,
+ * but still ok for internal use.
+ */
+#include "internal/deprecated.h"
+
 #include <openssl/core_names.h>
 #include <openssl/objects.h>
 #include <openssl/params.h>
@@ -23,6 +29,18 @@ static const OSSL_ITEM encoding_nameid_map[] = {
     { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP },
 };
 
+static const OSSL_ITEM check_group_type_nameid_map[] = {
+    { 0, OSSL_PKEY_EC_GROUP_CHECK_DEFAULT },
+    { EC_FLAG_CHECK_NAMED_GROUP, OSSL_PKEY_EC_GROUP_CHECK_NAMED },
+    { EC_FLAG_CHECK_NAMED_GROUP_NIST, OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST },
+};
+
+static const OSSL_ITEM format_nameid_map[] = {
+    { (int)POINT_CONVERSION_UNCOMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED },
+    { (int)POINT_CONVERSION_COMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED },
+    { (int)POINT_CONVERSION_HYBRID, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID },
+};
+
 int ec_encoding_name2id(const char *name)
 {
     size_t i, sz;
@@ -49,13 +67,95 @@ static char *ec_param_encoding_id2name(int id)
     return NULL;
 }
 
+char *ec_check_group_type_id2name(int id)
+{
+    size_t i, sz;
+
+    for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) {
+        if (id == (int)check_group_type_nameid_map[i].id)
+            return check_group_type_nameid_map[i].ptr;
+    }
+    return NULL;
+}
+
+static int ec_check_group_type_name2id(const char *name)
+{
+    size_t i, sz;
+
+    /* Return the default value if there is no name */
+    if (name == NULL)
+        return 0;
+
+    for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) {
+        if (strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0)
+            return check_group_type_nameid_map[i].id;
+    }
+    return -1;
+}
+
+int ec_set_check_group_type_from_name(EC_KEY *ec, const char *name)
+{
+    int flags = ec_check_group_type_name2id(name);
+
+    if (flags == -1)
+        return 0;
+    EC_KEY_clear_flags(ec, EC_FLAG_CHECK_NAMED_GROUP_MASK);
+    EC_KEY_set_flags(ec, flags);
+    return 1;
+}
+
+static int ec_set_check_group_type_from_param(EC_KEY *ec, const OSSL_PARAM *p)
+{
+    const char *name = NULL;
+    int status = 0;
+
+    switch (p->data_type) {
+    case OSSL_PARAM_UTF8_STRING:
+        name = p->data;
+        status = (name != NULL);
+        break;
+    case OSSL_PARAM_UTF8_PTR:
+        status = OSSL_PARAM_get_utf8_ptr(p, &name);
+        break;
+    }
+    if (status)
+        return ec_set_check_group_type_from_name(ec, name);
+    return 0;
+}
+
+int ec_pt_format_name2id(const char *name)
+{
+    size_t i, sz;
+
+    /* Return the default value if there is no name */
+    if (name == NULL)
+        return (int)POINT_CONVERSION_UNCOMPRESSED;
+
+    for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) {
+        if (strcasecmp(name, format_nameid_map[i].ptr) == 0)
+            return format_nameid_map[i].id;
+    }
+    return -1;
+}
+
+char *ec_pt_format_id2name(int id)
+{
+    size_t i, sz;
+
+    for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) {
+        if (id == (int)format_nameid_map[i].id)
+            return format_nameid_map[i].ptr;
+    }
+    return NULL;
+}
+
 int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
                     OSSL_PARAM params[], OSSL_LIB_CTX *libctx,
                     const char *propq,
                     BN_CTX *bnctx, unsigned char **genbuf)
 {
     int ret = 0, curve_nid, encoding_flag;
-    const char *field_type, *encoding_name;
+    const char *field_type, *encoding_name, *pt_form_name;
     const BIGNUM *cofactor, *order;
     BIGNUM *p = NULL, *a = NULL, *b = NULL;
     point_conversion_form_t genform;
@@ -68,6 +168,15 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
         return 0;
     }
 
+    genform = EC_GROUP_get_point_conversion_form(group);
+    pt_form_name = ec_pt_format_id2name(genform);
+    if (pt_form_name == NULL
+        || !ossl_param_build_set_utf8_string(
+                tmpl, params,
+                OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) {
+        ECerr(0, EC_R_INVALID_FORM);
+        return 0;
+    }
     encoding_flag = EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE;
     encoding_name = ec_param_encoding_id2name(encoding_flag);
     if (encoding_name == NULL
@@ -115,7 +224,6 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
             goto err;
         }
-        genform = EC_GROUP_get_point_conversion_form(group);
         genbuf_len = EC_POINT_point2buf(group, genpt, genform, genbuf, bnctx);
         if (genbuf_len == 0) {
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR);
@@ -336,17 +444,50 @@ int ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
 
     if (!EC_KEY_set_group(ec, group))
         goto err;
-
-    /*
-     * TODO(3.0): if the group has changed, should we invalidate the private and
-     * public key?
-     */
     ok = 1;
 err:
     EC_GROUP_free(group);
     return ok;
 }
 
+static int ec_key_point_format_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
+{
+    const OSSL_PARAM *p;
+    int format = -1;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT);
+    if (p != NULL) {
+        if (!ec_pt_format_param2id(p, &format)) {
+            ECerr(0, EC_R_INVALID_FORM);
+            return 0;
+        }
+        EC_KEY_set_conv_form(ec, format);
+    }
+    return 1;
+}
+
+static int ec_key_group_check_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
+{
+    const OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE);
+    if (p != NULL)
+        return ec_set_check_group_type_from_param(ec, p);
+    return 1;
+}
+
+static int ec_set_include_public(EC_KEY *ec, int include)
+{
+    int flags = EC_KEY_get_enc_flags(ec);
+
+    if (!include)
+        flags |= EC_PKEY_NO_PUBKEY;
+    else
+        flags &= ~EC_PKEY_NO_PUBKEY;
+    EC_KEY_set_enc_flags(ec, flags);
+    return 1;
+}
+
 int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
 {
     const OSSL_PARAM *p;
@@ -363,5 +504,69 @@ int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[])
             return 0;
     }
 
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC);
+    if (p != NULL) {
+        int include = 1;
+
+        if (!OSSL_PARAM_get_int(p, &include)
+            || !ec_set_include_public(ec, include))
+            return 0;
+    }
+    if (!ec_key_point_format_fromdata(ec, params))
+        return 0;
+    if (!ec_key_group_check_fromdata(ec, params))
+        return 0;
     return 1;
 }
+
+int ec_encoding_param2id(const OSSL_PARAM *p, int *id)
+{
+    const char *name = NULL;
+    int status = 0;
+
+    switch (p->data_type) {
+    case OSSL_PARAM_UTF8_STRING:
+        /* The OSSL_PARAM functions have no support for this */
+        name = p->data;
+        status = (name != NULL);
+        break;
+    case OSSL_PARAM_UTF8_PTR:
+        status = OSSL_PARAM_get_utf8_ptr(p, &name);
+        break;
+    }
+    if (status) {
+        int i = ec_encoding_name2id(name);
+
+        if (i >= 0) {
+            *id = i;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int ec_pt_format_param2id(const OSSL_PARAM *p, int *id)
+{
+    const char *name = NULL;
+    int status = 0;
+
+    switch (p->data_type) {
+    case OSSL_PARAM_UTF8_STRING:
+        /* The OSSL_PARAM functions have no support for this */
+        name = p->data;
+        status = (name != NULL);
+        break;
+    case OSSL_PARAM_UTF8_PTR:
+        status = OSSL_PARAM_get_utf8_ptr(p, &name);
+        break;
+    }
+    if (status) {
+        int i = ec_pt_format_name2id(name);
+
+        if (i >= 0) {
+            *id = i;
+            return 1;
+        }
+    }
+    return 0;
+}
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index d03c75e8aa..d354fd484e 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -9,7 +9,7 @@
  */
 
 /*
- * ECDSA low level APIs are deprecated for public use, but still ok for
+ * EC_KEY low level APIs are deprecated for public use, but still ok for
  * internal use.
  */
 #include "internal/deprecated.h"
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 678b77047d..e1b92f7c33 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -9,7 +9,7 @@
  */
 
 /*
- * ECDSA low level APIs are deprecated for public use, but still ok for
+ * EC_GROUP low level APIs are deprecated for public use, but still ok for
  * internal use.
  */
 #include "internal/deprecated.h"
@@ -1461,32 +1461,6 @@ err:
     return NULL;
 }
 
-static int ec_encoding_param2id(const OSSL_PARAM *p, int *id)
-{
-    const char *name = NULL;
-    int status = 0;
-
-    switch (p->data_type) {
-    case OSSL_PARAM_UTF8_STRING:
-        /* The OSSL_PARAM functions have no support for this */
-        name = p->data;
-        status = (name != NULL);
-        break;
-    case OSSL_PARAM_UTF8_PTR:
-        status = OSSL_PARAM_get_utf8_ptr(p, &name);
-        break;
-    }
-    if (status) {
-        int i = ec_encoding_name2id(name);
-
-        if (i >= 0) {
-            *id = i;
-            return 1;
-        }
-    }
-    return 0;
-}
-
 static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
                                      OSSL_LIB_CTX *libctx, const char *propq)
 {
@@ -1516,6 +1490,42 @@ static EC_GROUP *group_new_from_name(const OSSL_PARAM *p,
     return NULL;
 }
 
+/* These parameters can be set directly into an EC_GROUP */
+int ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[])
+{
+    int encoding_flag = -1, format = -1;
+    const OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT);
+    if (p != NULL) {
+        if (!ec_pt_format_param2id(p, &format)) {
+            ECerr(0, EC_R_INVALID_FORM);
+            return 0;
+        }
+        EC_GROUP_set_point_conversion_form(group, format);
+    }
+
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
+    if (p != NULL) {
+        if (!ec_encoding_param2id(p, &encoding_flag)) {
+            ECerr(0, EC_R_INVALID_FORM);
+            return 0;
+        }
+        EC_GROUP_set_asn1_flag(group, encoding_flag);
+    }
+    /* Optional seed */
+    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED);
+    if (p != NULL) {
+        /* The seed is allowed to be NULL */
+        if (p->data_type != OSSL_PARAM_OCTET_STRING
+            || !EC_GROUP_set_seed(group, p->data, p->data_size)) {
+            ECerr(0, EC_R_INVALID_SEED);
+            return 0;
+        }
+    }
+    return 1;
+}
+
 EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx, const char *propq)
 {
@@ -1530,19 +1540,19 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
     const unsigned char *buf = NULL;
     int encoding_flag = -1;
 
-    ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
-    if (ptmp != NULL && !ec_encoding_param2id(ptmp, &encoding_flag)) {
-        ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
-        return 0;
-    }
-
+    /* This is the simple named group case */
     ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
     if (ptmp != NULL) {
         group = group_new_from_name(ptmp, libctx, propq);
-        if (group != NULL)
-            EC_GROUP_set_asn1_flag(group, encoding_flag);
+        if (group != NULL) {
+            if (!ec_group_set_params(group, params)) {
+                EC_GROUP_free(group);
+                group = NULL;
+            }
+        }
         return group;
     }
+    /* If it gets here then we are trying explicit parameters */
     bnctx = BN_CTX_new_ex(libctx);
     if (bnctx == NULL) {
         ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
@@ -1690,6 +1700,12 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
          * If we did not find a named group then the encoding should be explicit
          * if it was specified
          */
+        ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
+        if (ptmp != NULL
+            && !ec_encoding_param2id(ptmp, &encoding_flag)) {
+            ECerr(0, EC_R_INVALID_ENCODING);
+            return 0;
+        }
         if (encoding_flag == OPENSSL_EC_NAMED_CURVE) {
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING);
             goto err;
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index cd1632dc9a..084633dcdc 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -172,6 +172,9 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
     if (!key) {
         const EC_GROUP *group;
         group = EC_KEY_get0_group(eckey);
+
+        if (group == NULL)
+            return 0;
         *keylen = (EC_GROUP_get_degree(group) + 7) / 8;
         return 1;
     }
diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
index 20c6065a31..e731d7c369 100644
--- a/crypto/ec/eck_prn.c
+++ b/crypto/ec/eck_prn.c
@@ -8,13 +8,16 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/ec.h>
 #include <openssl/bn.h>
 
-#ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_STDIO
 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
 {
     BIO *b;
@@ -59,7 +62,7 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
     BIO_free(b);
     return ret;
 }
-#endif
+#endif /* OPENSSL_NO_STDIO */
 
 static int print_bin(BIO *fp, const char *str, const unsigned char *num,
                      size_t len, int off);
@@ -256,3 +259,4 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
 
     return 1;
 }
+#endif /* OPENSSL_NO_DEPRECATED_3_0 */
diff --git a/crypto/evp/ec_ctrl.c b/crypto/evp/ec_ctrl.c
index 541d8549d4..5bb078639c 100644
--- a/crypto/evp/ec_ctrl.c
+++ b/crypto/evp/ec_ctrl.c
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/deprecated.h"
+
 #include <string.h>
 
 #include <openssl/core_names.h>
@@ -466,7 +468,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc)
 
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
                                             (char *)enc, 0);
-    *p++ = OSSL_PARAM_construct_end();
+    *p = OSSL_PARAM_construct_end();
 
     ret = evp_pkey_ctx_set_params_strict(ctx, params);
  end:
diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c
index cad4d67d73..a4e478c223 100644
--- a/crypto/evp/p_legacy.c
+++ b/crypto/evp/p_legacy.c
@@ -17,6 +17,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/rsa.h>
+#include <openssl/ec.h>
 #include "crypto/types.h"
 #include "crypto/evp.h"
 #include "evp_local.h"
@@ -24,6 +25,7 @@
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 {
     int ret = EVP_PKEY_assign_RSA(pkey, key);
+
     if (ret)
         RSA_up_ref(key);
     return ret;
@@ -45,7 +47,41 @@ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
 {
     RSA *ret = EVP_PKEY_get0_RSA(pkey);
+
     if (ret != NULL)
         RSA_up_ref(ret);
     return ret;
 }
+
+#ifndef OPENSSL_NO_EC
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+{
+    int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
+
+    if (ret)
+        EC_KEY_up_ref(key);
+    return ret;
+}
+
+EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
+{
+    if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
+        return NULL;
+    }
+    if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+        return NULL;
+    }
+    return pkey->pkey.ec;
+}
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+{
+    EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
+
+    if (ret != NULL)
+        EC_KEY_up_ref(ret);
+    return ret;
+}
+#endif /* OPENSSL_NO_EC */
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index f82e42c7e3..d91cf01762 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -43,7 +43,6 @@
 
 #include "crypto/ec.h"
 
-/* TODO remove this when the EVP_PKEY_is_a() #legacy support hack is removed */
 #include "e_os.h"                /* strcasecmp on Windows */
 
 static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
@@ -115,8 +114,7 @@ void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx)
 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 {
     /*
-     * TODO: clean up legacy stuff from this function when legacy support
-     * is gone.
+     * Clean up legacy stuff from this function when legacy support is gone.
      */
 
     /*
@@ -814,35 +812,6 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
 
 #ifndef FIPS_MODULE
 # ifndef OPENSSL_NO_EC
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
-{
-    int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
-    if (ret)
-        EC_KEY_up_ref(key);
-    return ret;
-}
-
-EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey)
-{
-    if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
-        ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_KEY);
-        return NULL;
-    }
-    if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
-        ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY);
-        return NULL;
-    }
-    return pkey->pkey.ec;
-}
-
-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
-{
-    EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
-    if (ret != NULL)
-        EC_KEY_up_ref(ret);
-    return ret;
-}
-
 static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
 {
     if (!evp_pkey_downgrade((EVP_PKEY *)pkey)) {
@@ -1252,9 +1221,11 @@ int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char *gname, size_t gname_sz,
 #ifndef OPENSSL_NO_EC
         case EVP_PKEY_EC:
             {
-                EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
-                int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                const EC_GROUP *grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
+                int nid = NID_undef;
 
+                if (grp != NULL)
+                    nid = EC_GROUP_get_curve_name(grp);
                 if (nid != NID_undef)
                     name = ec_curve_nid2name(nid);
             }
@@ -2138,3 +2109,188 @@ int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name,
         return 0;
     return 1;
 }
+
+int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in)
+{
+    OSSL_PARAM params[2];
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL)
+        return 0;
+
+    params[0] = OSSL_PARAM_construct_int(key_name, &in);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in)
+{
+    OSSL_PARAM params[2];
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL)
+        return 0;
+
+    params[0] = OSSL_PARAM_construct_size_t(key_name, &in);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn)
+{
+    OSSL_PARAM params[2];
+    unsigned char buffer[2048];
+    int bsize = 0;
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL
+        || bn == NULL)
+        return 0;
+
+    bsize = BN_num_bytes(bn);
+    if (!ossl_assert(bsize <= (int)sizeof(buffer)))
+        return 0;
+
+    if (BN_bn2nativepad(bn, buffer, bsize) < 0)
+        return 0;
+    params[0] = OSSL_PARAM_construct_BN(key_name, buffer, bsize);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+                                   char *str)
+{
+    OSSL_PARAM params[2];
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL)
+        return 0;
+
+    params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, 0);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+                                    unsigned char *buf, size_t bsize)
+{
+    OSSL_PARAM params[2];
+
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL
+        || key_name == NULL)
+        return 0;
+
+    params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, bsize);
+    params[1] = OSSL_PARAM_construct_end();
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey)
+{
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL)
+        return 0;
+    return EVP_KEYMGMT_settable_params(pkey->keymgmt);
+}
+
+int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[])
+{
+    if (pkey == NULL
+        || pkey->keymgmt == NULL
+        || pkey->keydata == NULL)
+        return 0;
+    return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params);
+}
+
+#ifndef FIPS_MODULE
+int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey)
+{
+    char name[80];
+    size_t name_len;
+
+    if (pkey == NULL)
+        return 0;
+
+    if (pkey->keymgmt == NULL
+            || pkey->keydata == NULL) {
+#ifndef OPENSSL_NO_EC
+        /* Might work through the legacy route */
+        EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+
+        if (ec == NULL)
+            return 0;
+
+        return EC_KEY_get_conv_form(ec);
+#else
+        return 0;
+#endif
+    }
+
+    if (!EVP_PKEY_get_utf8_string_param(pkey,
+                                        OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                                        name, sizeof(name), &name_len))
+        return 0;
+
+    if (strcmp(name, "uncompressed") == 0)
+        return POINT_CONVERSION_UNCOMPRESSED;
+
+    if (strcmp(name, "compressed") == 0)
+        return POINT_CONVERSION_COMPRESSED;
+
+    if (strcmp(name, "hybrid") == 0)
+        return POINT_CONVERSION_HYBRID;
+
+    return 0;
+}
+
+int EVP_PKEY_get_field_type(const EVP_PKEY *pkey)
+{
+    char fstr[80];
+    size_t fstrlen;
+
+    if (pkey == NULL)
+        return 0;
+
+    if (pkey->keymgmt == NULL
+            || pkey->keydata == NULL) {
+#ifndef OPENSSL_NO_EC
+        /* Might work through the legacy route */
+        EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+        const EC_GROUP *grp;
+
+        if (ec == NULL)
+            return 0;
+        grp = EC_KEY_get0_group(ec);
+        if (grp == NULL)
+            return 0;
+
+        return EC_GROUP_get_field_type(grp);
+#else
+        return 0;
+#endif
+    }
+
+    if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_EC_FIELD_TYPE,
+                                        fstr, sizeof(fstr), &fstrlen))
+        return 0;
+
+    if (strcmp(fstr, SN_X9_62_prime_field) == 0)
+        return NID_X9_62_prime_field;
+    else if (strcmp(fstr, SN_X9_62_characteristic_two_field))
+        return NID_X9_62_characteristic_two_field;
+
+    return 0;
+}
+#endif
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index 5f73f93ce8..a31b81ceec 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -128,7 +128,9 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
 
 IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
 #endif
-#ifndef OPENSSL_NO_EC
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
 static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
 {
     EC_KEY *dtmp;
@@ -160,7 +162,7 @@ IMPLEMENT_PEM_rw(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
                        ECPrivateKey)
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
-# ifndef OPENSSL_NO_STDIO
+#  ifndef OPENSSL_NO_STDIO
 EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
                               void *u)
 {
@@ -168,10 +170,9 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
     pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
     return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
 }
-
-# endif
-
-#endif
+#  endif
+# endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
 
 #ifndef OPENSSL_NO_DH
 
diff --git a/crypto/sm2/sm2_key.c b/crypto/sm2/sm2_key.c
index 5182d01058..c91a712b67 100644
--- a/crypto/sm2/sm2_key.c
+++ b/crypto/sm2/sm2_key.c
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/deprecated.h" /* to be able to use EC_KEY and EC_GROUP */
+
 #include <openssl/err.h>
 #include "crypto/sm2err.h"
 #include "crypto/sm2.h"
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index 94ea3aef96..1383e2e4f8 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -9,6 +9,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/deprecated.h"
+
 #include "crypto/sm2.h"
 #include "crypto/sm2err.h"
 #include "crypto/ec.h" /* ec_group_do_inverse_ord() */
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index d18d1e2b67..579cac077b 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -400,13 +400,18 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
 
 static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
 {
-    const EC_GROUP *grp = NULL;
+    char curve_name[80];
+    size_t curve_name_len;
     int curve_nid;
-    if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC)
-        grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
-    if (!grp)
+
+    if (pkey == NULL || !EVP_PKEY_is_a(pkey, "EC"))
         return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
-    curve_nid = EC_GROUP_get_curve_name(grp);
+
+    if (!EVP_PKEY_get_group_name(pkey, curve_name, sizeof(curve_name),
+                                 &curve_name_len))
+        return X509_V_ERR_SUITE_B_INVALID_CURVE;
+
+    curve_nid = OBJ_txt2nid(curve_name);
     /* Check curve is consistent with LOS */
     if (curve_nid == NID_secp384r1) { /* P-384 */
         /*
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1d79449331..2e61969791 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/deprecated.h"
+
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in
index 5cdd3d820a..9b4b5cab0b 100644
--- a/doc/man1/openssl-ec.pod.in
+++ b/doc/man1/openssl-ec.pod.in
@@ -189,6 +189,9 @@ L<openssl-rsa(1)>
 
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
+The B<-conv_form> and B<-no_public> options are no longer supported
+with keys loaded from an engine in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/EVP_PKEY_get_field_type.pod b/doc/man3/EVP_PKEY_get_field_type.pod
new file mode 100644
index 0000000000..e32fa7290c
--- /dev/null
+++ b/doc/man3/EVP_PKEY_get_field_type.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_get_field_type, EVP_PKEY_get_ec_point_conv_form - get field type
+or point conversion form of a key
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);
+ int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_get_field_type() returns the field type NID of the I<pkey>, if
+I<pkey>'s key type supports it. The types currently supported
+by the built-in OpenSSL providers are either B<NID_X9_62_prime_field>
+for prime curves or B<NID_X9_62_characteristic_two_field> for binary curves;
+these values are defined in the F<< <openssl/obj_mac.h> >> header file.
+
+EVP_PKEY_get_ec_point_conv_form() returns the point conversion format
+of the I<pkey>, if I<pkey>'s key type supports it.
+
+=head1 NOTES
+
+Among the standard OpenSSL key types, this is only supported for EC and
+SM2 keys.  Other providers may support this for additional key types.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_get_field_type() returns the field type NID or 0 on error.
+
+EVP_PKEY_get_ec_point_conv_form() returns the point conversion format number
+(see L<EC_GROUP_copy(3)>) or 0 on error.
+
+=head1 SEE ALSO
+
+L<EC_GROUP_copy(3)>
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/EVP_PKEY_get_group_name.pod b/doc/man3/EVP_PKEY_get_group_name.pod
index 964d6b8007..1dc6df26d7 100644
--- a/doc/man3/EVP_PKEY_get_group_name.pod
+++ b/doc/man3/EVP_PKEY_get_group_name.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-EVP_PKEY_get_group_name - get private key group name
+EVP_PKEY_get_group_name - get group name of a key
 
 =head1 SYNOPSIS
 
diff --git a/doc/man3/EVP_PKEY_settable_params.pod b/doc/man3/EVP_PKEY_settable_params.pod
new file mode 100644
index 0000000000..7d18472465
--- /dev/null
+++ b/doc/man3/EVP_PKEY_settable_params.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_settable_params, EVP_PKEY_set_params,
+EVP_PKEY_set_int_param, EVP_PKEY_set_size_t_param, EVP_PKEY_set_bn_param,
+EVP_PKEY_set_utf8_string_param, EVP_PKEY_set_octet_string_param
+- set key parameters into a key
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
+ int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
+ int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
+ int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
+ int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+ int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+                                    char *str);
+ int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+                                     unsigned char *buf, size_t bsize);
+
+=head1 DESCRIPTION
+
+These functions can be used to set additional parameters into an existing
+B<EVP_PKEY>.
+
+EVP_PKEY_set_params() sets one or more I<params> into a I<pkey>.
+See L<OSSL_PARAM(3)> for information about parameters.
+
+EVP_PKEY_settable_params() returns a constant list of I<params> indicating
+the names and types of key parameters that can be set.
+See L<OSSL_PARAM(3)> for information about parameters.
+
+EVP_PKEY_set_int_param() sets an integer value I<in> into a key I<pkey> for the
+associated field I<key_name>.
+
+EVP_PKEY_set_size_t_param() sets an size_t value I<in> into a key I<pkey> for
+the associated field I<key_name>.
+
+EVP_PKEY_set_bn_param() sets the BIGNUM value I<bn> into a key I<pkey> for the
+associated field I<key_name>.
+
+EVP_PKEY_set_utf8_string_param() sets the UTF8 string I<str> into a key I<pkey>
+for the associated field I<key_name>.
+
+EVP_PKEY_set_octet_string_param() sets the octet string value I<buf> with a
+size I<bsize> into a key I<pkey> for the associated field I<key_name>.
+
+=head1 NOTES
+
+These functions only work for B<EVP_PKEY>s that contain a provider side key.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_settable_params() returns NULL on error or if it is not supported,
+
+All other methods return 1 if a value was successfully set, or 0 if
+there was an error.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_gettable_params(3)>,
+L<EVP_PKEY_CTX_new(3)>, L<provider-keymgmt(7)>, L<OSSL_PARAM(3)>,
+
+
+=head1 HISTORY
+
+These functions were added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
+
diff --git a/doc/man3/d2i_RSAPrivateKey.pod b/doc/man3/d2i_RSAPrivateKey.pod
index 7375f1bab3..8e7c010578 100644
--- a/doc/man3/d2i_RSAPrivateKey.pod
+++ b/doc/man3/d2i_RSAPrivateKey.pod
@@ -28,6 +28,14 @@ d2i_RSA_PUBKEY_fp,
 d2i_DHparams,
 d2i_DHparams_bio,
 d2i_DHparams_fp,
+d2i_ECPKParameters,
+d2i_ECParameters,
+d2i_ECPrivateKey,
+d2i_ECPrivateKey_bio,
+d2i_ECPrivateKey_fp,
+d2i_EC_PUBKEY,
+d2i_EC_PUBKEY_bio,
+d2i_EC_PUBKEY_fp,
 i2d_RSAPrivateKey,
 i2d_RSAPrivateKey_bio,
 i2d_RSAPrivateKey_fp,
@@ -39,7 +47,15 @@ i2d_RSA_PUBKEY_bio,
 i2d_RSA_PUBKEY_fp,
 i2d_DHparams,
 i2d_DHparams_bio,
-i2d_DHparams_fp
+i2d_DHparams_fp,
+i2d_ECPKParameters,
+i2d_ECParameters,
+i2d_ECPrivateKey,
+i2d_ECPrivateKey_bio,
+i2d_ECPrivateKey_fp,
+i2d_EC_PUBKEY,
+i2d_EC_PUBKEY_bio,
+i2d_EC_PUBKEY_fp
 - DEPRECATED
 
 =head1 SYNOPSIS
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index d5c684e31d..02542ba32d 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -53,14 +53,6 @@ d2i_DIST_POINT,
 d2i_DIST_POINT_NAME,
 d2i_DSA_SIG,
 d2i_ECDSA_SIG,
-d2i_ECPKParameters,
-d2i_ECParameters,
-d2i_ECPrivateKey,
-d2i_ECPrivateKey_bio,
-d2i_ECPrivateKey_fp,
-d2i_EC_PUBKEY,
-d2i_EC_PUBKEY_bio,
-d2i_EC_PUBKEY_fp,
 d2i_EDIPARTYNAME,
 d2i_ESS_CERT_ID,
 d2i_ESS_CERT_ID_V2,
@@ -237,14 +229,6 @@ i2d_DSA_PUBKEY_fp,
 i2d_DSA_SIG,
 i2d_DSAparams,
 i2d_ECDSA_SIG,
-i2d_ECPKParameters,
-i2d_ECParameters,
-i2d_ECPrivateKey,
-i2d_ECPrivateKey_bio,
-i2d_ECPrivateKey_fp,
-i2d_EC_PUBKEY,
-i2d_EC_PUBKEY_bio,
-i2d_EC_PUBKEY_fp,
 i2d_EDIPARTYNAME,
 i2d_ESS_CERT_ID,
 i2d_ESS_CERT_ID_V2,
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
index be6e507169..ad188c6f46 100644
--- a/doc/man7/EVP_PKEY-EC.pod
+++ b/doc/man7/EVP_PKEY-EC.pod
@@ -79,6 +79,26 @@ EC curve's cofactor (note for some curves the cofactor is 1).
 Set the format used for serializing the EC group parameters.
 Valid values are "explicit" or "named_curve". The default value is "named_curve".
 
+=item "point-format" (B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>) <utf8 string>
+
+Sets or gets the point_conversion_form for the I<key>. For a description of
+point_conversion_forms please see L<EC_POINT_new(3)>. Valid values are
+"uncompressed" or "compressed". The default value is "uncompressed".
+
+=item "group-check" (B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>) <utf8 string>
+
+Sets or Gets the type of group check done when EVP_PKEY_param_check() is called.
+Valid values are "default", "named" and "named-nist".
+The "named" type checks that the domain parameters match the inbuilt curve parameters,
+"named-nist" is similiar but also checks that the named curve is a nist curve.
+The "default" type does domain parameter validation for the OpenSSL default provider,
+but is equivalent to "named-nist" for the OpenSSL fips provider.
+
+=item "include-public" (B<OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC>) <integer>
+
+Setting this value to 0 indicates that the public key should not be included when
+encoding the private key. The default value of 1 will include the public key.
+
 See also L<EVP_KEYEXCH-ECDH(7)> for the related
 B<OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE> parameter that can be set on a
 per-operation basis.
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index b0d2ecd14e..e85a9607a4 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -96,7 +96,7 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(DISPLAYTEXT),
     ASN1_ITEM_ref(DIST_POINT),
     ASN1_ITEM_ref(DIST_POINT_NAME),
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     ASN1_ITEM_ref(ECPARAMETERS),
     ASN1_ITEM_ref(ECPKPARAMETERS),
 #endif
@@ -347,10 +347,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey);
 #endif
 #ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
     DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
     DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print);
-# ifndef OPENSSL_NO_DEPRECATED_3_0
     DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG);
 # endif
 #endif
diff --git a/fuzz/server.c b/fuzz/server.c
index ead9fc1105..9631787885 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -12,7 +12,7 @@
 
 /* Test first part of SSL server handshake. */
 
-/* We need to use the deprecated RSA low level calls */
+/* We need to use the deprecated RSA/EC low level calls */
 #define OPENSSL_SUPPRESS_DEPRECATED
 
 #include <time.h>
@@ -200,8 +200,8 @@ static const uint8_t kRSAPrivateKeyDER[] = {
 };
 #endif
 
-
 #ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 /*
  *  -----BEGIN EC PRIVATE KEY-----
  *  MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49
@@ -230,6 +230,7 @@ static const char ECDSAPrivateKeyPEM[] = {
     0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54,
     0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
 };
+# endif
 
 /*
  * -----BEGIN CERTIFICATE-----
@@ -522,14 +523,14 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     RSA *privkey;
 #endif
     const uint8_t *bufp;
-#if !defined(OPENSSL_NO_DEPRECATED_3_0)         \
-    || !defined(OPENSSL_NO_DSA)                 \
-    || !defined(OPENSSL_NO_EC)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
     EVP_PKEY *pkey;
 #endif
     X509 *cert;
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
     EC_KEY *ecdsakey = NULL;
+# endif
 #endif
 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     DSA *dsakey = NULL;
@@ -571,6 +572,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     X509_free(cert);
 
 #ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     /* ECDSA */
     bio_buf = BIO_new(BIO_s_mem());
     OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM));
@@ -583,7 +585,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     ret = SSL_CTX_use_PrivateKey(ctx, pkey);
     OPENSSL_assert(ret == 1);
     EVP_PKEY_free(pkey);
-
+# endif
     bio_buf = BIO_new(BIO_s_mem());
     OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM));
     cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);
diff --git a/include/crypto/ec.h b/include/crypto/ec.h
index 087457fa50..4127b6e9a0 100644
--- a/include/crypto/ec.h
+++ b/include/crypto/ec.h
@@ -23,6 +23,7 @@ int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc);
 # ifndef OPENSSL_NO_EC
 #  include <openssl/core.h>
 #  include <openssl/ec.h>
+#  include "crypto/types.h"
 
 /*-
  * Computes the multiplicative inverse of x in the range
@@ -69,10 +70,18 @@ int ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl,
                     const char *propq,
                     BN_CTX *bnctx, unsigned char **genbuf);
 int ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
+int ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]);
 int ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], int include_private);
 int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
 int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode);
 int ec_encoding_name2id(const char *name);
+int ec_encoding_param2id(const OSSL_PARAM *p, int *id);
+int ec_pt_format_name2id(const char *name);
+int ec_pt_format_param2id(const OSSL_PARAM *p, int *id);
+char *ec_pt_format_id2name(int id);
+
+char *ec_check_group_type_id2name(int flags);
+int ec_set_check_group_type_from_name(EC_KEY *ec, const char *name);
 
 # endif /* OPENSSL_NO_EC */
 #endif
diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h
index e442e7aec7..a38d940a70 100644
--- a/include/crypto/sm2.h
+++ b/include/crypto/sm2.h
@@ -16,6 +16,7 @@
 # ifndef OPENSSL_NO_SM2
 
 #  include <openssl/ec.h>
+#  include "crypto/types.h"
 
 int sm2_key_private_check(const EC_KEY *eckey);
 
diff --git a/include/crypto/types.h b/include/crypto/types.h
index ccb75e3cbf..e6e90d6177 100644
--- a/include/crypto/types.h
+++ b/include/crypto/types.h
@@ -12,5 +12,6 @@
 #ifdef OPENSSL_NO_DEPRECATED_3_0
 typedef struct rsa_st RSA;
 typedef struct rsa_meth_st RSA_METHOD;
+typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
 #endif
-
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 17b0573ac3..7b9af62962 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -400,12 +400,23 @@ extern "C" {
 #define OSSL_PKEY_PARAM_FFC_DIGEST       OSSL_PKEY_PARAM_DIGEST
 #define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
 
-#define OSSL_PKEY_PARAM_EC_ENCODING      "encoding" /* utf8_string */
+#define OSSL_PKEY_PARAM_EC_ENCODING                "encoding" /* utf8_string */
+#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE        "group-check"
+#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC          "include-public"
 
 /* OSSL_PKEY_PARAM_EC_ENCODING values */
 #define OSSL_PKEY_EC_ENCODING_EXPLICIT  "explicit"
 #define OSSL_PKEY_EC_ENCODING_GROUP     "named_curve"
 
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED   "compressed"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID       "hybrid"
+
+#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT     "default"
+#define OSSL_PKEY_EC_GROUP_CHECK_NAMED       "named"
+#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST  "named-nist"
+
 /* Key Exchange parameters */
 #define OSSL_EXCHANGE_PARAM_PAD                   "pad" /* uint */
 #define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 1f01c09fb2..c7797e957d 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -68,18 +68,6 @@ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
  */
 # define EVP_PKEY_ECDH_KDF_X9_62   EVP_PKEY_ECDH_KDF_X9_63
 
-# ifndef OPENSSL_NO_EC
-#  include <openssl/asn1.h>
-#  include <openssl/symhacks.h>
-#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
-#   include <openssl/bn.h>
-#  endif
-#  include <openssl/ecerr.h>
-
-#  ifndef OPENSSL_ECC_MAX_FIELD_BITS
-#   define OPENSSL_ECC_MAX_FIELD_BITS 661
-#  endif
-
 /** Enum for the point conversion form as defined in X9.62 (ECDSA)
  *  for the encoding of a elliptic curve point (x,y) */
 typedef enum {
@@ -93,6 +81,18 @@ typedef enum {
     POINT_CONVERSION_HYBRID = 6
 } point_conversion_form_t;
 
+# ifndef OPENSSL_NO_EC
+#  include <openssl/asn1.h>
+#  include <openssl/symhacks.h>
+#  ifndef OPENSSL_NO_DEPRECATED_1_1_0
+#   include <openssl/bn.h>
+#  endif
+#  include <openssl/ecerr.h>
+
+#  ifndef OPENSSL_ECC_MAX_FIELD_BITS
+#   define OPENSSL_ECC_MAX_FIELD_BITS 661
+#  endif
+
 #  include <openssl/params.h>
 #  ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef struct ec_method_st EC_METHOD;
@@ -106,40 +106,41 @@ typedef struct ec_parameters_st ECPARAMETERS;
 /*               EC_METHODs for curves over GF(p)                   */
 /********************************************************************/
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /** Returns the basic GFp ec methods which provides the basis for the
  *  optimized methods.
  *  \return  EC_METHOD object
  */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_simple_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_simple_method(void);
 
 /** Returns GFp methods using montgomery multiplication.
  *  \return  EC_METHOD object
  */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_mont_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_mont_method(void);
 
 /** Returns GFp methods using optimized methods for NIST recommended curves
  *  \return  EC_METHOD object
  */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nist_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nist_method(void);
 
-#  ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+#   ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 /** Returns 64-bit optimized methods for nistp224
  *  \return  EC_METHOD object
  */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp224_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp224_method(void);
 
 /** Returns 64-bit optimized methods for nistp256
  *  \return  EC_METHOD object
  */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp256_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp256_method(void);
 
 /** Returns 64-bit optimized methods for nistp521
  *  \return  EC_METHOD object
  */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp521_method(void))
-#  endif
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GFp_nistp521_method(void);
+#   endif /* OPENSSL_NO_EC_NISTP_64_GCC_128 */
 
-#  ifndef OPENSSL_NO_EC2M
+#   ifndef OPENSSL_NO_EC2M
 /********************************************************************/
 /*           EC_METHOD for curves over GF(2^m)                      */
 /********************************************************************/
@@ -147,9 +148,9 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp521_method(void))
 /** Returns the basic GF2m ec method
  *  \return  EC_METHOD object
  */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GF2m_simple_method(void))
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GF2m_simple_method(void);
 
-#  endif
+#   endif
 
 /********************************************************************/
 /*                   EC_GROUP functions                             */
@@ -160,18 +161,31 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_GF2m_simple_method(void))
  *  \param   meth   EC_METHOD to use
  *  \return  newly created EC_GROUP object or NULL in case of an error.
  */
-DEPRECATEDIN_3_0(EC_GROUP *EC_GROUP_new(const EC_METHOD *meth))
+OSSL_DEPRECATEDIN_3_0 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+
+/** Clears and frees a EC_GROUP object
+ *  \param  group  EC_GROUP object to be cleared and freed.
+ */
+OSSL_DEPRECATEDIN_3_0 void EC_GROUP_clear_free(EC_GROUP *group);
+
+/** Returns the EC_METHOD of the EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return EC_METHOD used in this EC_GROUP object.
+ */
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+
+/** Returns the field type of the EC_METHOD.
+ *  \param  meth  EC_METHOD object
+ *  \return NID of the underlying field type OID.
+ */
+OSSL_DEPRECATEDIN_3_0 int EC_METHOD_get_field_type(const EC_METHOD *meth);
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 /** Frees a EC_GROUP object
  *  \param  group  EC_GROUP object to be freed.
  */
 void EC_GROUP_free(EC_GROUP *group);
 
-/** Clears and frees a EC_GROUP object
- *  \param  group  EC_GROUP object to be cleared and freed.
- */
-DEPRECATEDIN_3_0(void EC_GROUP_clear_free(EC_GROUP *group))
-
 /** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
  *  \param  dst  destination EC_GROUP object
  *  \param  src  source EC_GROUP object
@@ -186,18 +200,6 @@ int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
  */
 EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
 
-/** Returns the EC_METHOD of the EC_GROUP object.
- *  \param  group  EC_GROUP object
- *  \return EC_METHOD used in this EC_GROUP object.
- */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group))
-
-/** Returns the field type of the EC_METHOD.
- *  \param  meth  EC_METHOD object
- *  \return NID of the underlying field type OID.
- */
-DEPRECATEDIN_3_0(int EC_METHOD_get_field_type(const EC_METHOD *meth))
-
 /** Sets the generator and its order/cofactor of a EC_GROUP object.
  *  \param  group      EC_GROUP object
  *  \param  generator  EC_POINT object with the generator.
@@ -317,6 +319,7 @@ int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
 int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
                        BN_CTX *ctx);
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve
  *  \param  group  EC_GROUP object
  *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
@@ -326,9 +329,11 @@ int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
-                                          const BIGNUM *a, const BIGNUM *b,
-                                          BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GFp(EC_GROUP *group,
+                                                 const BIGNUM *p,
+                                                 const BIGNUM *a,
+                                                 const BIGNUM *b,
+                                                 BN_CTX *ctx);
 
 /** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
  *  \param  group  EC_GROUP object
@@ -339,11 +344,12 @@ DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
-                                          BIGNUM *a, BIGNUM *b,
-                                          BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GFp(const EC_GROUP *group,
+                                                 BIGNUM *p,
+                                                 BIGNUM *a, BIGNUM *b,
+                                                 BN_CTX *ctx);
 
-#  ifndef OPENSSL_NO_EC2M
+#   ifndef OPENSSL_NO_EC2M
 /** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve
  *  \param  group  EC_GROUP object
  *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
@@ -353,9 +359,11 @@ DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
-                                           const BIGNUM *a, const BIGNUM *b,
-                                           BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_set_curve_GF2m(EC_GROUP *group,
+                                                  const BIGNUM *p,
+                                                  const BIGNUM *a,
+                                                  const BIGNUM *b,
+                                                  BN_CTX *ctx);
 
 /** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
  *  \param  group  EC_GROUP object
@@ -366,10 +374,13 @@ DEPRECATEDIN_3_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
-                                           BIGNUM *a, BIGNUM *b,
-                                           BN_CTX *ctx))
-#  endif
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group,
+                                                  BIGNUM *p,
+                                                  BIGNUM *a, BIGNUM *b,
+                                                  BN_CTX *ctx);
+#   endif /* OPENSSL_NO_EC2M */
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
 /** Returns the number of bits needed to represent a field element
  *  \param  group  EC_GROUP object
  *  \return number of bits needed to represent a field element
@@ -550,12 +561,6 @@ int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
  */
 EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
 
-/** Returns the EC_METHOD used in EC_POINT object
- *  \param  point  EC_POINT object
- *  \return the EC_METHOD used
- */
-DEPRECATEDIN_3_0(const EC_METHOD *EC_POINT_method_of(const EC_POINT *point))
-
 /** Sets a point to infinity (neutral element)
  *  \param  group  underlying EC_GROUP object
  *  \param  point  EC_POINT to set to infinity
@@ -563,6 +568,13 @@ DEPRECATEDIN_3_0(const EC_METHOD *EC_POINT_method_of(const EC_POINT *point))
  */
 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+/** Returns the EC_METHOD used in EC_POINT object
+ *  \param  point  EC_POINT object
+ *  \return the EC_METHOD used
+ */
+OSSL_DEPRECATEDIN_3_0 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+
 /** Sets the jacobian projective coordinates of a EC_POINT over GFp
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
@@ -572,10 +584,10 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
-                                             EC_POINT *p, const BIGNUM *x,
-                                             const BIGNUM *y, const BIGNUM *z,
-                                             BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_Jprojective_coordinates_GFp
+                      (const EC_GROUP *group, EC_POINT *p,
+                       const BIGNUM *x, const BIGNUM *y, const BIGNUM *z,
+                       BN_CTX *ctx);
 
 /** Gets the jacobian projective coordinates of a EC_POINT over GFp
  *  \param  group  underlying EC_GROUP object
@@ -586,10 +598,10 @@ DEPRECATEDIN_3_0(int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *gr
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
-                                             const EC_POINT *p, BIGNUM *x,
-                                             BIGNUM *y, BIGNUM *z,
-                                             BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_Jprojective_coordinates_GFp
+                      (const EC_GROUP *group, const EC_POINT *p,
+                       BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 /** Sets the affine coordinates of an EC_POINT
  *  \param  group  underlying EC_GROUP object
@@ -614,6 +626,7 @@ int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
 int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
                                     BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /** Sets the affine coordinates of an EC_POINT. A synonym of
  *  EC_POINT_set_affine_coordinates
  *  \param  group  underlying EC_GROUP object
@@ -623,11 +636,9 @@ int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
-                                                       EC_POINT *p,
-                                                       const BIGNUM *x,
-                                                       const BIGNUM *y,
-                                                       BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GFp
+                      (const EC_GROUP *group, EC_POINT *p,
+                       const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
 
 /** Gets the affine coordinates of an EC_POINT. A synonym of
  *  EC_POINT_get_affine_coordinates
@@ -638,11 +649,10 @@ DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
-                                                       const EC_POINT *p,
-                                                       BIGNUM *x,
-                                                       BIGNUM *y,
-                                                       BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GFp
+                      (const EC_GROUP *group, const EC_POINT *p,
+                       BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 /** Sets the x9.62 compressed coordinates of a EC_POINT
  *  \param  group  underlying EC_GROUP object
@@ -656,6 +666,7 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
                                         const BIGNUM *x, int y_bit,
                                         BN_CTX *ctx);
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
  *  EC_POINT_set_compressed_coordinates
  *  \param  group  underlying EC_GROUP object
@@ -665,12 +676,10 @@ int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
-                                                           EC_POINT *p,
-                                                           const BIGNUM *x,
-                                                           int y_bit,
-                                                           BN_CTX *ctx))
-#  ifndef OPENSSL_NO_EC2M
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GFp
+                      (const EC_GROUP *group, EC_POINT *p,
+                       const BIGNUM *x, int y_bit, BN_CTX *ctx);
+#   ifndef OPENSSL_NO_EC2M
 /** Sets the affine coordinates of an EC_POINT. A synonym of
  *  EC_POINT_set_affine_coordinates
  *  \param  group  underlying EC_GROUP object
@@ -680,11 +689,9 @@ DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *gro
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
-                                                        EC_POINT *p,
-                                                        const BIGNUM *x,
-                                                        const BIGNUM *y,
-                                                        BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GF2m
+                      (const EC_GROUP *group, EC_POINT *p,
+                       const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
 
 /** Gets the affine coordinates of an EC_POINT. A synonym of
  *  EC_POINT_get_affine_coordinates
@@ -695,11 +702,9 @@ DEPRECATEDIN_3_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
-                                                        const EC_POINT *p,
-                                                        BIGNUM *x,
-                                                        BIGNUM *y,
-                                                        BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GF2m
+                      (const EC_GROUP *group, const EC_POINT *p,
+                       BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
 
 /** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
  *  EC_POINT_set_compressed_coordinates
@@ -710,12 +715,12 @@ DEPRECATEDIN_3_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
-                                                            EC_POINT *p,
-                                                            const BIGNUM *x,
-                                                            int y_bit,
-                                                            BN_CTX *ctx))
-#  endif
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_compressed_coordinates_GF2m
+                      (const EC_GROUP *group, EC_POINT *p,
+                       const BIGNUM *x, int y_bit, BN_CTX *ctx);
+#   endif
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
 /** Encodes a EC_POINT object to a octet string
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
@@ -828,10 +833,11 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
                  BN_CTX *ctx);
 
-DEPRECATEDIN_3_0(int EC_POINT_make_affine(const EC_GROUP *group,
-                                          EC_POINT *point, BN_CTX *ctx))
-DEPRECATEDIN_3_0(int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
-                                           EC_POINT *points[], BN_CTX *ctx))
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int EC_POINT_make_affine(const EC_GROUP *group,
+                                               EC_POINT *point, BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                                                EC_POINT *points[], BN_CTX *ctx);
 
 /** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
@@ -843,10 +849,11 @@ DEPRECATEDIN_3_0(int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
-                                   const BIGNUM *n, size_t num,
-                                   const EC_POINT *p[], const BIGNUM *m[],
-                                   BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
+                                        const BIGNUM *n, size_t num,
+                                        const EC_POINT *p[], const BIGNUM *m[],
+                                        BN_CTX *ctx);
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 /** Computes r = generator * n + q * m
  *  \param  group  underlying EC_GROUP object
@@ -860,18 +867,20 @@ DEPRECATEDIN_3_0(int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
                  const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /** Stores multiples of generator for faster point multiplication
  *  \param  group  EC_GROUP object
  *  \param  ctx    BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred
  */
-DEPRECATEDIN_3_0(int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
 
 /** Reports whether a precomputation has been done
  *  \param  group  EC_GROUP object
  *  \return 1 if a pre-computation has been done and 0 otherwise
  */
-DEPRECATEDIN_3_0(int EC_GROUP_have_precompute_mult(const EC_GROUP *group))
+OSSL_DEPRECATEDIN_3_0 int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 /********************************************************************/
 /*                       ASN1 stuff                                 */
@@ -906,10 +915,14 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
 #  define i2d_ECPKParameters_fp(fp,x) \
     ASN1_i2d_fp(i2d_ECPKParameters,(fp), (unsigned char *)(x))
 
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-#  ifndef OPENSSL_NO_STDIO
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print(BIO *bp, const EC_GROUP *x,
+                                               int off);
+#   ifndef OPENSSL_NO_STDIO
+OSSL_DEPRECATEDIN_3_0 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x,
+                                                  int off);
+#   endif
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 /********************************************************************/
 /*                      EC_KEY functions                            */
@@ -920,33 +933,40 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
 #  define EC_PKEY_NO_PUBKEY       0x002
 
 /* some values for the flags field */
-#  define EC_FLAG_NON_FIPS_ALLOW  0x1
-#  define EC_FLAG_FIPS_CHECKED    0x2
-#  define EC_FLAG_COFACTOR_ECDH   0x1000
-#  define EC_FLAG_SM2_RANGE       0x4
+#  define EC_FLAG_SM2_RANGE              0x0004
+#  define EC_FLAG_COFACTOR_ECDH          0x1000
+#  define EC_FLAG_CHECK_NAMED_GROUP      0x2000
+#  define EC_FLAG_CHECK_NAMED_GROUP_NIST 0x4000
+#  define EC_FLAG_CHECK_NAMED_GROUP_MASK \
+    (EC_FLAG_CHECK_NAMED_GROUP | EC_FLAG_CHECK_NAMED_GROUP_NIST)
 
+/* Deprecated flags -  it was using 0x01..0x02 */
+#  define EC_FLAG_NON_FIPS_ALLOW         0x0000
+#  define EC_FLAG_FIPS_CHECKED           0x0000
+
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /**
  *  Creates a new EC_KEY object.
  *  \param  ctx  The library context for to use for this EC_KEY. May be NULL in
  *               which case the default library context is used.
  *  \return EC_KEY object or NULL if an error occurred.
  */
-EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq);
 
 /**
  *  Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a
  *  NULL library context
  *  \return EC_KEY object or NULL if an error occurred.
  */
-EC_KEY *EC_KEY_new(void);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new(void);
 
-int EC_KEY_get_flags(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_get_flags(const EC_KEY *key);
 
-void EC_KEY_set_flags(EC_KEY *key, int flags);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_flags(EC_KEY *key, int flags);
 
-void EC_KEY_clear_flags(EC_KEY *key, int flags);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_clear_flags(EC_KEY *key, int flags);
 
-int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
 
 /**
  *  Creates a new EC_KEY object using a named curve as underlying
@@ -957,8 +977,9 @@ int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
  *  \param  nid   NID of the named curve.
  *  \return EC_KEY object or NULL if an error occurred.
  */
-EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq,
-                                    int nid);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx,
+                                                          const char *propq,
+                                                          int nid);
 
 /**
  *  Creates a new EC_KEY object using a named curve as underlying
@@ -967,44 +988,43 @@ EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq,
  *  \param  nid  NID of the named curve.
  *  \return EC_KEY object or NULL if an error occurred.
  */
-EC_KEY *EC_KEY_new_by_curve_name(int nid);
-
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
 
 /** Frees a EC_KEY object.
  *  \param  key  EC_KEY object to be freed.
  */
-void EC_KEY_free(EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
 
 /** Copies a EC_KEY object.
  *  \param  dst  destination EC_KEY object
  *  \param  src  src EC_KEY object
  *  \return dst or NULL if an error occurred.
  */
-EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
 
 /** Creates a new EC_KEY object and copies the content from src to it.
  *  \param  src  the source EC_KEY object
  *  \return newly created EC_KEY object or NULL if an error occurred.
  */
-EC_KEY *EC_KEY_dup(const EC_KEY *src);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_dup(const EC_KEY *src);
 
 /** Increases the internal reference count of a EC_KEY object.
  *  \param  key  EC_KEY object
  *  \return 1 on success and 0 if an error occurred.
  */
-int EC_KEY_up_ref(EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_up_ref(EC_KEY *key);
 
 /** Returns the ENGINE object of a EC_KEY object
  *  \param  eckey  EC_KEY object
  *  \return the ENGINE object (possibly NULL).
  */
-ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+OSSL_DEPRECATEDIN_3_0 ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
 
 /** Returns the EC_GROUP object of a EC_KEY object
  *  \param  key  EC_KEY object
  *  \return the EC_GROUP object (possibly NULL).
  */
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
 
 /** Sets the EC_GROUP of a EC_KEY object.
  *  \param  key    EC_KEY object
@@ -1012,13 +1032,13 @@ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
  *                 object will use an own copy of the EC_GROUP).
  *  \return 1 on success and 0 if an error occurred.
  */
-int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
 
 /** Returns the private key of a EC_KEY object.
  *  \param  key  EC_KEY object
  *  \return a BIGNUM with the private key (possibly NULL).
  */
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
 
 /** Sets the private key of a EC_KEY object.
  *  \param  key  EC_KEY object
@@ -1026,13 +1046,13 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
  *               will use an own copy of the BIGNUM).
  *  \return 1 on success and 0 if an error occurred.
  */
-int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
 
 /** Returns the public key of a EC_KEY object.
  *  \param  key  the EC_KEY object
  *  \return a EC_POINT object with the public key (possibly NULL)
  */
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
 
 /** Sets the public key of a EC_KEY object.
  *  \param  key  EC_KEY object
@@ -1040,20 +1060,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
  *               will use an own copy of the EC_POINT object).
  *  \return 1 on success and 0 if an error occurred.
  */
-int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
-unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
-void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+OSSL_DEPRECATEDIN_3_0 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+OSSL_DEPRECATEDIN_3_0 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_conv_form(EC_KEY *eckey,
+                                                point_conversion_form_t cform);
+#  endif /*OPENSSL_NO_DEPRECATED_3_0 */
 
 # define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
     CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
-int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
-void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
+
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
+OSSL_DEPRECATEDIN_3_0 void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
 
 /* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
 
 /** Creates a table of pre-computed multiples of the generator to
  *  accelerate further EC_KEY operations.
@@ -1061,25 +1085,25 @@ void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
  *  \param  ctx  BN_CTX object (optional)
  *  \return 1 on success and 0 if an error occurred.
  */
-DEPRECATEDIN_3_0(int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx))
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
 
 /** Creates a new ec private (and optional a new public) key.
  *  \param  key  EC_KEY object
  *  \return 1 on success and 0 if an error occurred.
  */
-int EC_KEY_generate_key(EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_generate_key(EC_KEY *key);
 
 /** Verifies that a private and/or public key is valid.
  *  \param  key  the EC_KEY object
  *  \return 1 on success and 0 otherwise.
  */
-int EC_KEY_check_key(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
  *  \return 1 if can can sign and 0 otherwise.
  */
-int EC_KEY_can_sign(const EC_KEY *eckey);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 
 /** Sets a public key from affine coordinates performing
  *  necessary NIST PKV tests.
@@ -1088,8 +1112,9 @@ int EC_KEY_can_sign(const EC_KEY *eckey);
  *  \param  y    public key y coordinate
  *  \return 1 on success and 0 otherwise.
  */
-int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
-                                             BIGNUM *y);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
+                                                                   BIGNUM *x,
+                                                                   BIGNUM *y);
 
 /** Encodes an EC_KEY public key to an allocated octet string
  *  \param  key    key to encode
@@ -1098,8 +1123,9 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
  *  \param  ctx    BN_CTX object (optional)
  *  \return the length of the encoded octet string or 0 if an error occurred
  */
-size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
-                      unsigned char **pbuf, BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_key2buf(const EC_KEY *key,
+                                            point_conversion_form_t form,
+                                            unsigned char **pbuf, BN_CTX *ctx);
 
 /** Decodes a EC_KEY public key from a octet string
  *  \param  key    key to decode
@@ -1109,8 +1135,8 @@ size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
  *  \return 1 on success and 0 if an error occurred
  */
 
-int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
-                   BN_CTX *ctx);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf,
+                                         size_t len, BN_CTX *ctx);
 
 /** Decodes an EC_KEY private key from an octet string
  *  \param  key    key to decode
@@ -1119,7 +1145,8 @@ int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
  *  \return 1 on success and 0 if an error occurred
  */
 
-int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf,
+                                          size_t len);
 
 /** Encodes a EC_KEY private key to an octet string
  *  \param  key    key to encode
@@ -1129,14 +1156,16 @@ int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
  *  \return the length of the encoded octet string or 0 if an error occurred
  */
 
-size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len);
+OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2oct(const EC_KEY *key,
+                                             unsigned char *buf, size_t len);
 
 /** Encodes an EC_KEY private key to an allocated octet string
  *  \param  eckey  key to encode
  *  \param  pbuf   returns pointer to allocated buffer
  *  \return the length of the encoded octet string or 0 if an error occurred
  */
-size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+OSSL_DEPRECATEDIN_3_0 size_t EC_KEY_priv2buf(const EC_KEY *eckey,
+                                             unsigned char **pbuf);
 
 /********************************************************************/
 /*        de- and encoding functions for SEC1 ECPrivateKey          */
@@ -1148,7 +1177,9 @@ size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
  *  \param  len  length of the DER encoded private key
  *  \return the decoded private key or NULL if an error occurred.
  */
-EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey(EC_KEY **key,
+                                               const unsigned char **in,
+                                               long len);
 
 /** Encodes a private key object and stores the result in a buffer.
  *  \param  key  the EC_KEY object to encode
@@ -1156,7 +1187,8 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
  *               of bytes needed).
  *  \return 1 on success and 0 if an error occurred.
  */
-int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out);
+OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey(const EC_KEY *key,
+                                           unsigned char **out);
 
 /********************************************************************/
 /*        de- and encoding functions for EC parameters              */
@@ -1169,7 +1201,9 @@ int i2d_ECPrivateKey(const EC_KEY *key, unsigned char **out);
  *  \return a EC_KEY object with the decoded parameters or NULL if an error
  *          occurred.
  */
-EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECParameters(EC_KEY **key,
+                                               const unsigned char **in,
+                                               long len);
 
 /** Encodes ec parameter and stores the result in a buffer.
  *  \param  key  the EC_KEY object with ec parameters to encode
@@ -1177,7 +1211,8 @@ EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
  *               of bytes needed).
  *  \return 1 on success and 0 if an error occurred.
  */
-int i2d_ECParameters(const EC_KEY *key, unsigned char **out);
+OSSL_DEPRECATEDIN_3_0 int i2d_ECParameters(const EC_KEY *key,
+                                           unsigned char **out);
 
 /********************************************************************/
 /*         de- and encoding functions for EC public key             */
@@ -1191,7 +1226,8 @@ int i2d_ECParameters(const EC_KEY *key, unsigned char **out);
  *  \return EC_KEY object with decoded public key or NULL if an error
  *          occurred.
  */
-EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *o2i_ECPublicKey(EC_KEY **key,
+                                              const unsigned char **in, long len);
 
 /** Encodes a ec public key in an octet string.
  *  \param  key  the EC_KEY object with the public key
@@ -1199,14 +1235,14 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
  *               of bytes needed).
  *  \return 1 on success and 0 if an error occurred
  */
-int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
+OSSL_DEPRECATEDIN_3_0 int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
 
 /** Prints out the ec parameters on human readable form.
  *  \param  bp   BIO object to which the information is printed
  *  \param  key  EC_KEY object
  *  \return 1 on success and 0 if an error occurred
  */
-int ECParameters_print(BIO *bp, const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int ECParameters_print(BIO *bp, const EC_KEY *key);
 
 /** Prints out the contents of a EC_KEY object
  *  \param  bp   BIO object to which the information is printed
@@ -1214,15 +1250,15 @@ int ECParameters_print(BIO *bp, const EC_KEY *key);
  *  \param  off  line offset
  *  \return 1 on success and 0 if an error occurred
  */
-int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
 
-#  ifndef OPENSSL_NO_STDIO
+#   ifndef OPENSSL_NO_STDIO
 /** Prints out the ec parameters on human readable form.
  *  \param  fp   file descriptor to which the information is printed
  *  \param  key  EC_KEY object
  *  \return 1 on success and 0 if an error occurred
  */
-int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
 
 /** Prints out the contents of a EC_KEY object
  *  \param  fp   file descriptor to which the information is printed
@@ -1230,32 +1266,33 @@ int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
  *  \param  off  line offset
  *  \return 1 on success and 0 if an error occurred
  */
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
+#   endif /* OPENSSL_NO_STDIO */
 
-#  endif
-
-const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
-const EC_KEY_METHOD *EC_KEY_get_default_method(void);
-void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
-const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
-int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
-EC_KEY *EC_KEY_new_method(ENGINE *engine);
+OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
+OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_default_method(void);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+OSSL_DEPRECATEDIN_3_0 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
 
 /** The old name for ecdh_KDF_X9_63
  *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
  *  it is actually specified in ANSI X9.63.
  *  This identifier is retained for backwards compatibility
  */
-DEPRECATEDIN_3_0(int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
-                                    const unsigned char *Z, size_t Zlen,
-                                    const unsigned char *sinfo, size_t sinfolen,
-                                    const EVP_MD *md))
-
-DEPRECATEDIN_3_0(int ECDH_compute_key(void *out, size_t outlen,
-                                      const EC_POINT *pub_key,
-                                      const EC_KEY *ecdh,
-                                      void *(*KDF)(const void *in, size_t inlen,
-                                                   void *out, size_t *outlen)))
+OSSL_DEPRECATEDIN_3_0 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                                         const unsigned char *Z, size_t Zlen,
+                                         const unsigned char *sinfo,
+                                         size_t sinfolen, const EVP_MD *md);
+
+OSSL_DEPRECATEDIN_3_0 int ECDH_compute_key(void *out, size_t outlen,
+                                           const EC_POINT *pub_key,
+                                           const EC_KEY *ecdh,
+                                           void *(*KDF)(const void *in,
+                                                        size_t inlen, void *out,
+                                                        size_t *outlen));
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 typedef struct ECDSA_SIG_st ECDSA_SIG;
 
@@ -1310,6 +1347,7 @@ const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
  */
 int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
 
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 /** Computes the ECDSA signature of the given hash value using
  *  the supplied private key and returns the created signature.
  *  \param  dgst      pointer to the hash value
@@ -1317,8 +1355,8 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
  *  \param  eckey     EC_KEY object containing a private EC key
  *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
  */
-DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,
-                                          int dgst_len, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,
+                                               int dgst_len, EC_KEY *eckey);
 
 /** Computes ECDSA signature of a given hash value using the supplied
  *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
@@ -1330,9 +1368,9 @@ DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,
  *  \param  eckey    EC_KEY object containing a private EC key
  *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
  */
-DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst,
-                                             int dgstlen, const BIGNUM *kinv,
-                                             const BIGNUM *rp, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst,
+                                                  int dgstlen, const BIGNUM *kinv,
+                                                  const BIGNUM *rp, EC_KEY *eckey);
 
 /** Verifies that the supplied signature is a valid ECDSA
  *  signature of the supplied hash value using the supplied public key.
@@ -1343,8 +1381,8 @@ DEPRECATEDIN_3_0(ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst,
  *  \return 1 if the signature is valid, 0 if the signature is invalid
  *          and -1 on error
  */
-DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
-                                     const ECDSA_SIG *sig, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                                          const ECDSA_SIG *sig, EC_KEY *eckey);
 
 /** Precompute parts of the signing operation
  *  \param  eckey  EC_KEY object containing a private EC key
@@ -1353,8 +1391,8 @@ DEPRECATEDIN_3_0(int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
  *  \param  rp     BIGNUM pointer for x coordinate of k * generator
  *  \return 1 on success and 0 otherwise
  */
-DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
-                                      BIGNUM **kinv, BIGNUM **rp))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
+                                           BIGNUM **kinv, BIGNUM **rp);
 
 /** Computes ECDSA signature of a given hash value using the supplied
  *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
@@ -1366,9 +1404,9 @@ DEPRECATEDIN_3_0(int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
  *  \param  eckey    EC_KEY object containing a private EC key
  *  \return 1 on success and 0 otherwise
  */
-DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst,
-                                int dgstlen, unsigned char *sig,
-                                unsigned int *siglen, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_sign(int type, const unsigned char *dgst,
+                                     int dgstlen, unsigned char *sig,
+                                     unsigned int *siglen, EC_KEY *eckey);
 
 /** Computes ECDSA signature of a given hash value using the supplied
  *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
@@ -1383,10 +1421,10 @@ DEPRECATEDIN_3_0(int ECDSA_sign(int type, const unsigned char *dgst,
  *  \param  eckey    EC_KEY object containing a private EC key
  *  \return 1 on success and 0 otherwise
  */
-DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst,
-                                   int dgstlen, unsigned char *sig,
-                                   unsigned int *siglen, const BIGNUM *kinv,
-                                   const BIGNUM *rp, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_sign_ex(int type, const unsigned char *dgst,
+                                        int dgstlen, unsigned char *sig,
+                                        unsigned int *siglen, const BIGNUM *kinv,
+                                        const BIGNUM *rp, EC_KEY *eckey);
 
 /** Verifies that the given signature is valid ECDSA signature
  *  of the supplied hash value using the specified public key.
@@ -1399,119 +1437,112 @@ DEPRECATEDIN_3_0(int ECDSA_sign_ex(int type, const unsigned char *dgst,
  *  \return 1 if the signature is valid, 0 if the signature is invalid
  *          and -1 on error
  */
-DEPRECATEDIN_3_0(int ECDSA_verify(int type, const unsigned char *dgst,
-                                  int dgstlen, const unsigned char *sig,
-                                  int siglen, EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_verify(int type, const unsigned char *dgst,
+                                       int dgstlen, const unsigned char *sig,
+                                       int siglen, EC_KEY *eckey);
 
 /** Returns the maximum length of the DER encoded signature
  *  \param  eckey  EC_KEY object
  *  \return numbers of bytes required for the DER encoded signature
  */
-DEPRECATEDIN_3_0(int ECDSA_size(const EC_KEY *eckey))
+OSSL_DEPRECATEDIN_3_0 int ECDSA_size(const EC_KEY *eckey);
 
 /********************************************************************/
 /*  EC_KEY_METHOD constructors, destructors, writers and accessors  */
 /********************************************************************/
 
-DEPRECATEDIN_3_0(EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth))
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_free(EC_KEY_METHOD *meth))
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_init
-                 (EC_KEY_METHOD *meth,
-                  int (*init)(EC_KEY *key),
-                  void (*finish)(EC_KEY *key),
-                  int (*copy)(EC_KEY *dest, const EC_KEY *src),
-                  int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
-                  int (*set_private)(EC_KEY *key,
-                                     const BIGNUM *priv_key),
-                  int (*set_public)(EC_KEY *key,
-                                    const EC_POINT *pub_key)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
-                                               int (*keygen)(EC_KEY *key)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_compute_key
-                 (EC_KEY_METHOD *meth,
-                  int (*ckey)(unsigned char **psec,
-                              size_t *pseclen,
-                              const EC_POINT *pub_key,
-                              const EC_KEY *ecdh)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_sign
-                 (EC_KEY_METHOD *meth,
-                  int (*sign)(int type, const unsigned char *dgst,
-                              int dlen, unsigned char *sig,
-                              unsigned int *siglen,
-                              const BIGNUM *kinv, const BIGNUM *r,
-                              EC_KEY *eckey),
-                  int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
-                                    BIGNUM **kinvp, BIGNUM **rp),
-                  ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
-                                         int dgst_len,
-                                         const BIGNUM *in_kinv,
-                                         const BIGNUM *in_r,
-                                         EC_KEY *eckey)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_set_verify
-                 (EC_KEY_METHOD *meth,
-                  int (*verify)(int type, const unsigned
-                                char *dgst, int dgst_len,
-                                const unsigned char *sigbuf,
-                                int sig_len, EC_KEY *eckey),
-                  int (*verify_sig)(const unsigned char *dgst,
-                                    int dgst_len,
-                                    const ECDSA_SIG *sig,
-                                    EC_KEY *eckey)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_init
-                 (const EC_KEY_METHOD *meth,
-                  int (**pinit)(EC_KEY *key),
-                  void (**pfinish)(EC_KEY *key),
-                  int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
-                  int (**pset_group)(EC_KEY *key,
-                                     const EC_GROUP *grp),
-                  int (**pset_private)(EC_KEY *key,
-                                       const BIGNUM *priv_key),
-                  int (**pset_public)(EC_KEY *key,
-                                      const EC_POINT *pub_key)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
-                                               int (**pkeygen)(EC_KEY *key)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_compute_key
-                 (const EC_KEY_METHOD *meth,
-                  int (**pck)(unsigned char **psec,
-                              size_t *pseclen,
-                              const EC_POINT *pub_key,
-                              const EC_KEY *ecdh)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_sign
-                 (const EC_KEY_METHOD *meth,
-                  int (**psign)(int type, const unsigned char *dgst,
-                                int dlen, unsigned char *sig,
-                                unsigned int *siglen,
-                                const BIGNUM *kinv, const BIGNUM *r,
-                                EC_KEY *eckey),
-                  int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
-                                      BIGNUM **kinvp, BIGNUM **rp),
-                  ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+OSSL_DEPRECATEDIN_3_0 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_free(EC_KEY_METHOD *meth);
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_init
+                      (EC_KEY_METHOD *meth,
+                       int (*init)(EC_KEY *key),
+                       void (*finish)(EC_KEY *key),
+                       int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                       int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                       int (*set_private)(EC_KEY *key, const BIGNUM *priv_key),
+                       int (*set_public)(EC_KEY *key, const EC_POINT *pub_key));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                                                    int (*keygen)(EC_KEY *key));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_compute_key
+                      (EC_KEY_METHOD *meth,
+                       int (*ckey)(unsigned char **psec, size_t *pseclen,
+                                   const EC_POINT *pub_key, const EC_KEY *ecdh));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_sign
+                      (EC_KEY_METHOD *meth,
+                       int (*sign)(int type, const unsigned char *dgst,
+                                   int dlen, unsigned char *sig,
+                                   unsigned int *siglen,
+                                   const BIGNUM *kinv, const BIGNUM *r,
+                                   EC_KEY *eckey),
+                       int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                         BIGNUM **kinvp, BIGNUM **rp),
+                       ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                              int dgst_len,
+                                              const BIGNUM *in_kinv,
+                                              const BIGNUM *in_r,
+                                              EC_KEY *eckey));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_set_verify
+                      (EC_KEY_METHOD *meth,
+                       int (*verify)(int type, const unsigned
+                                     char *dgst, int dgst_len,
+                                     const unsigned char *sigbuf,
+                                     int sig_len, EC_KEY *eckey),
+                       int (*verify_sig)(const unsigned char *dgst,
+                                         int dgst_len, const ECDSA_SIG *sig,
+                                         EC_KEY *eckey));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_init
+                      (const EC_KEY_METHOD *meth,
+                       int (**pinit)(EC_KEY *key),
+                       void (**pfinish)(EC_KEY *key),
+                       int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                       int (**pset_group)(EC_KEY *key, const EC_GROUP *grp),
+                       int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key),
+                       int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_keygen
+                      (const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_compute_key
+                      (const EC_KEY_METHOD *meth,
+                       int (**pck)(unsigned char **psec,
+                       size_t *pseclen,
+                       const EC_POINT *pub_key,
+                       const EC_KEY *ecdh));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_sign
+                      (const EC_KEY_METHOD *meth,
+                       int (**psign)(int type, const unsigned char *dgst,
+                                     int dlen, unsigned char *sig,
+                                     unsigned int *siglen,
+                                     const BIGNUM *kinv, const BIGNUM *r,
+                                     EC_KEY *eckey),
+                       int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                           BIGNUM **kinvp, BIGNUM **rp),
+                       ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const BIGNUM *in_kinv,
+                                                const BIGNUM *in_r,
+                                                EC_KEY *eckey));
+
+OSSL_DEPRECATEDIN_3_0 void EC_KEY_METHOD_get_verify
+                      (const EC_KEY_METHOD *meth,
+                       int (**pverify)(int type, const unsigned
+                                       char *dgst, int dgst_len,
+                                       const unsigned char *sigbuf,
+                                       int sig_len, EC_KEY *eckey),
+                       int (**pverify_sig)(const unsigned char *dgst,
                                            int dgst_len,
-                                           const BIGNUM *in_kinv,
-                                           const BIGNUM *in_r,
-                                           EC_KEY *eckey)))
-
-DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify
-                 (const EC_KEY_METHOD *meth,
-                  int (**pverify)(int type, const unsigned
-                                  char *dgst, int dgst_len,
-                                  const unsigned char *sigbuf,
-                                  int sig_len, EC_KEY *eckey),
-                  int (**pverify_sig)(const unsigned char *dgst,
-                                      int dgst_len,
-                                      const ECDSA_SIG *sig,
-                                      EC_KEY *eckey)))
+                                           const ECDSA_SIG *sig,
+                                           EC_KEY *eckey));
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 #  define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \
-                                           d2i_ECParameters, x)
+                                          d2i_ECParameters, x)
 
 #  ifndef __cplusplus
 #   if defined(__SUNPRO_C)
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 0180170b8d..ac92887aad 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -494,9 +494,11 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
 #  define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,(dh))
 # endif
 
-# ifndef OPENSSL_NO_EC
-#  define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
-                                        (eckey))
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  ifndef OPENSSL_NO_EC
+#   define EVP_PKEY_assign_EC_KEY(pkey,eckey) \
+        EVP_PKEY_assign((pkey), EVP_PKEY_EC, (eckey))
+#  endif
 # endif
 # ifndef OPENSSL_NO_SIPHASH
 #  define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),\
@@ -1261,11 +1263,16 @@ OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
 OSSL_DEPRECATEDIN_3_0 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
 #  endif
 # endif
-# ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  ifndef OPENSSL_NO_EC
 struct ec_key_st;
+OSSL_DEPRECATEDIN_3_0
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+OSSL_DEPRECATEDIN_3_0
 struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
+OSSL_DEPRECATEDIN_3_0
 struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+#  endif
 # endif
 
 EVP_PKEY *EVP_PKEY_new(void);
@@ -1795,6 +1802,19 @@ int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name,
                                     unsigned char *buf, size_t max_buf_sz,
                                     size_t *out_sz);
 
+const OSSL_PARAM *EVP_PKEY_settable_params(EVP_PKEY *pkey);
+int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]);
+int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in);
+int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in);
+int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, BIGNUM *bn);
+int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name,
+                                   char *str);
+int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name,
+                                    unsigned char *buf, size_t bsize);
+
+int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey);
+int EVP_PKEY_get_field_type(const EVP_PKEY *pkey);
+
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
index 97d52e729b..22d42be8e4 100644
--- a/include/openssl/pem.h
+++ b/include/openssl/pem.h
@@ -455,11 +455,15 @@ DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSA_PUBKEY, DSA)
 DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DSAparams, DSA)
 #  endif
 # endif
-# ifndef OPENSSL_NO_EC
-DECLARE_PEM_rw(ECPKParameters, EC_GROUP)
-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  ifndef OPENSSL_NO_EC
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, EC_PUBKEY, EC_KEY)
+#  endif
 # endif
+
 # ifndef OPENSSL_NO_DH
 #  ifndef OPENSSL_NO_DEPRECATED_3_0
 DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 0025a2a8cd..8c01334f49 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -1227,13 +1227,13 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_ERROR_WANT_ASYNC            9
 # define SSL_ERROR_WANT_ASYNC_JOB       10
 # define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
+
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define SSL_CTRL_SET_TMP_DH                    3
-# endif
-# define SSL_CTRL_SET_TMP_ECDH                   4
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define SSL_CTRL_SET_TMP_ECDH                  4
 #  define SSL_CTRL_SET_TMP_DH_CB                 6
 # endif
+
 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
 # define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
diff --git a/include/openssl/types.h b/include/openssl/types.h
index cf11b8549d..56437f96f9 100644
--- a/include/openssl/types.h
+++ b/include/openssl/types.h
@@ -144,8 +144,10 @@ typedef struct rsa_meth_st RSA_METHOD;
 # endif
 typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef struct ec_key_st EC_KEY;
 typedef struct ec_key_method_st EC_KEY_METHOD;
+# endif
 
 typedef struct rand_meth_st RAND_METHOD;
 typedef struct rand_drbg_st RAND_DRBG;
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index bf525f427f..cb4f126edf 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -430,12 +430,14 @@ OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
 OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa);
 #   endif
 #  endif
-#  ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
-int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
-int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey);
-#  endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+#   ifndef OPENSSL_NO_EC
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
+OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
+OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey);
+#   endif /* OPENSSL_NO_EC */
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
 int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8);
 X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk);
@@ -474,12 +476,16 @@ OSSL_DEPRECATEDIN_3_0 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
 OSSL_DEPRECATEDIN_3_0 int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa);
 #   endif
 #  endif
-#  ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
-int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
-int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey);
-#  endif
+
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+#   ifndef OPENSSL_NO_EC
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
+OSSL_DEPRECATEDIN_3_0 int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *eckey);
+OSSL_DEPRECATEDIN_3_0 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
+OSSL_DEPRECATEDIN_3_0 int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey);
+#   endif /* OPENSSL_NO_EC */
+#  endif /* OPENSSL_NO_DEPRECATED_3_0 */
+
 X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
 int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8);
 X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk);
@@ -555,8 +561,10 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,DSA, DSA_PUBKEY)
 #  endif
 # endif
-# ifndef OPENSSL_NO_EC
-DECLARE_ASN1_ENCODE_FUNCTIONS_only(EC_KEY, EC_PUBKEY)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  ifndef OPENSSL_NO_EC
+DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0, EC_KEY, EC_PUBKEY)
+#  endif
 # endif
 
 DECLARE_ASN1_FUNCTIONS(X509_SIG)
diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in
index 2d56119ba1..0ec78389a4 100644
--- a/providers/common/der/der_ec.h.in
+++ b/providers/common/der/der_ec.h.in
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "crypto/ec.h"
 #include "internal/der.h"
 
 /* Well known OIDs precompiled */
diff --git a/providers/common/der/der_sm2.h.in b/providers/common/der/der_sm2.h.in
index 406ddf2b16..721c63d421 100644
--- a/providers/common/der/der_sm2.h.in
+++ b/providers/common/der/der_sm2.h.in
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "crypto/ec.h"
 #include "internal/der.h"
 
 /* Well known OIDs precompiled */
diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c
index a67e2c26e4..b1f62b03c7 100644
--- a/providers/implementations/asymciphers/sm2_enc.c
+++ b/providers/implementations/asymciphers/sm2_enc.c
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include "internal/deprecated.h"
+
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/core_dispatch.h>
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 8775622a01..5d71d3ee1d 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -229,11 +229,33 @@ static ossl_inline
 int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
                           OSSL_PARAM params[])
 {
-    int ecdh_cofactor_mode = 0;
+    int ecdh_cofactor_mode = 0, group_check = 0;
+    const char *name = NULL;
+    point_conversion_form_t format;
 
     if (ec == NULL)
         return 0;
 
+    format = EC_KEY_get_conv_form(ec);
+    name = ec_pt_format_id2name((int)format);
+    if (name != NULL
+        && !ossl_param_build_set_utf8_string(tmpl, params,
+                                             OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                                             name))
+        return 0;
+
+    group_check = EC_KEY_get_flags(ec) & EC_FLAG_CHECK_NAMED_GROUP_MASK;
+    name = ec_check_group_type_id2name(group_check);
+    if (name != NULL
+        && !ossl_param_build_set_utf8_string(tmpl, params,
+                                             OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
+                                             name))
+        return 0;
+
+    if ((EC_KEY_get_enc_flags(ec) & EC_PKEY_NO_PUBKEY) != 0)
+        ossl_param_build_set_int(tmpl, params,
+                                 OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0);
+
     ecdh_cofactor_mode =
         (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
     return ossl_param_build_set_int(tmpl, params,
@@ -462,6 +484,7 @@ end:
 # define EC_IMEXPORTABLE_DOM_PARAMETERS                                        \
     OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),               \
     OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),              \
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),\
     OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0),            \
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0),                              \
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0),                              \
@@ -476,7 +499,8 @@ end:
 # define EC_IMEXPORTABLE_PRIVATE_KEY                                           \
     OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
 # define EC_IMEXPORTABLE_OTHER_PARAMETERS                                      \
-    OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL)
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),                   \
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL)
 
 /*
  * Include all the possible combinations of OSSL_PARAM arrays for
@@ -484,11 +508,6 @@ end:
  *
  * They are in a separate file as it is ~100 lines of unreadable and
  * uninteresting machine generated stuff.
- *
- * TODO(3.0): the generated list looks quite ugly, as to cover all possible
- * combinations of the bits in `selection`, it also includes combinations that
- * are not really useful: we might want to consider alternatives to this
- * solution.
  */
 #include "ec_kmgmt_imexport.inc"
 
@@ -727,6 +746,11 @@ const OSSL_PARAM *ec_gettable_params(void *provctx)
 static const OSSL_PARAM ec_known_settable_params[] = {
     OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL),
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, NULL, 0),
     OSSL_PARAM_END
 };
 
@@ -742,6 +766,12 @@ int ec_set_params(void *key, const OSSL_PARAM params[])
     EC_KEY *eck = key;
     const OSSL_PARAM *p;
 
+    if (key == NULL)
+        return 0;
+
+    if (!ec_group_set_params((EC_GROUP *)EC_KEY_get0_group(key), params))
+        return 0;
+
     p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
     if (p != NULL) {
         BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
@@ -850,8 +880,15 @@ int ec_validate(const void *keydata, int selection)
     if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
         ok = 1;
 
-    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
-        ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
+    if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+        int flags = EC_KEY_get_flags(eck);
+
+        if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0)
+            ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck),
+                           (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx);
+        else
+            ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
+    }
 
     if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
         ok = ok && ec_key_public_check(eck, ctx);
@@ -870,6 +907,8 @@ struct ec_gen_ctx {
     OSSL_LIB_CTX *libctx;
     char *group_name;
     char *encoding;
+    char *pt_format;
+    char *group_check;
     char *field_type;
     BIGNUM *p, *a, *b, *order, *cofactor;
     unsigned char *gen, *seed;
@@ -972,6 +1011,8 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[])
     COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_GROUP_NAME, gctx->group_name);
     COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE, gctx->field_type);
     COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_ENCODING, gctx->encoding);
+    COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, gctx->pt_format);
+    COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, gctx->group_check);
 
     COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_P, gctx->p);
     COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_A, gctx->a);
@@ -1005,6 +1046,12 @@ static int ec_gen_set_group_from_params(struct ec_gen_ctx *gctx)
                                             gctx->encoding, 0))
         goto err;
 
+    if (gctx->pt_format != NULL
+        && !OSSL_PARAM_BLD_push_utf8_string(bld,
+                                            OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
+                                            gctx->pt_format, 0))
+        goto err;
+
     if (gctx->group_name != NULL) {
         if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
                                              gctx->group_name, 0))
@@ -1066,6 +1113,7 @@ static const OSSL_PARAM *ec_gen_settable_params(void *provctx)
         OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
         OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),
+        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),
         OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0),
         OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0),
         OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0),
@@ -1107,12 +1155,20 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
         if (!ec_gen_set_group_from_params(gctx))
             goto err;
     } else {
-        if (gctx->encoding) {
+        if (gctx->encoding != NULL) {
             int flags = ec_encoding_name2id(gctx->encoding);
+
             if (flags < 0)
                 goto err;
             EC_GROUP_set_asn1_flag(gctx->gen_group, flags);
         }
+        if (gctx->pt_format != NULL) {
+            int format = ec_pt_format_name2id(gctx->pt_format);
+
+            if (format < 0)
+                goto err;
+            EC_GROUP_set_point_conversion_form(gctx->gen_group, format);
+        }
     }
 
     /* We must always assign a group, no matter what */
@@ -1125,6 +1181,8 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     if (gctx->ecdh_mode != -1)
         ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
 
+    if (gctx->group_check != NULL)
+        ret = ret && ec_set_check_group_type_from_name(ec, gctx->group_check);
     if (ret)
         return ec;
 err:
@@ -1154,10 +1212,18 @@ static void *sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
     } else {
         if (gctx->encoding) {
             int flags = ec_encoding_name2id(gctx->encoding);
+
             if (flags < 0)
                 goto err;
             EC_GROUP_set_asn1_flag(gctx->gen_group, flags);
         }
+        if (gctx->pt_format != NULL) {
+            int format = ec_pt_format_name2id(gctx->pt_format);
+
+            if (format < 0)
+                goto err;
+            EC_GROUP_set_point_conversion_form(gctx->gen_group, format);
+        }
     }
 
     /* We must always assign a group, no matter what */
@@ -1197,7 +1263,8 @@ static void ec_gen_cleanup(void *genctx)
     BN_free(gctx->order);
     BN_free(gctx->cofactor);
     OPENSSL_free(gctx->group_name);
-    OPENSSL_free(gctx->field_type);;
+    OPENSSL_free(gctx->field_type);
+    OPENSSL_free(gctx->pt_format);
     OPENSSL_free(gctx->encoding);
     OPENSSL_free(gctx->seed);
     OPENSSL_free(gctx->gen);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0739bc9082..966d799d6b 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -18,6 +18,7 @@
 #include <openssl/rand.h>
 #include <openssl/trace.h>
 #include <openssl/x509v3.h>
+#include <openssl/core_names.h>
 #include "internal/cryptlib.h"
 
 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
@@ -3472,34 +3473,22 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
             ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
             return ret;
         }
-# endif
+#endif
     case SSL_CTRL_SET_DH_AUTO:
         s->cert->dh_tmp_auto = larg;
         return 1;
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_ECDH:
         {
-            const EC_GROUP *group = NULL;
-            int nid;
-
             if (parg == NULL) {
                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
             }
-            group = EC_KEY_get0_group((const EC_KEY *)parg);
-            if (group == NULL) {
-                ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
-                return 0;
-            }
-            nid = EC_GROUP_get_curve_name(group);
-            if (nid == NID_undef)
-                return 0;
-            return tls1_set_groups(&s->ext.supportedgroups,
-                                   &s->ext.supportedgroups_len,
-                                   &nid, 1);
+            return ssl_set_tmp_ecdh_groups(&s->ext.supportedgroups,
+                                           &s->ext.supportedgroups_len,
+                                           parg);
         }
-        break;
-#endif                          /* !OPENSSL_NO_EC */
+#endif
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
         /*
          * TODO(OpenSSL1.2)
@@ -3816,29 +3805,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
     case SSL_CTRL_SET_DH_AUTO:
         ctx->cert->dh_tmp_auto = larg;
         return 1;
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_ECDH:
         {
-            const EC_GROUP *group = NULL;
-            int nid;
-
             if (parg == NULL) {
                 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
             }
-            group = EC_KEY_get0_group((const EC_KEY *)parg);
-            if (group == NULL) {
-                ERR_raise(ERR_LIB_SSL, EC_R_MISSING_PARAMETERS);
-                return 0;
-            }
-            nid = EC_GROUP_get_curve_name(group);
-            if (nid == NID_undef)
-                return 0;
-            return tls1_set_groups(&ctx->ext.supportedgroups,
-                                   &ctx->ext.supportedgroups_len,
-                                   &nid, 1);
+            return ssl_set_tmp_ecdh_groups(&ctx->ext.supportedgroups,
+                                           &ctx->ext.supportedgroups_len,
+                                           parg);
         }
-#endif                          /* !OPENSSL_NO_EC */
+#endif
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
         ctx->ext.servername_arg = parg;
         break;
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 22ab387422..810461bc51 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2468,6 +2468,8 @@ __owur int ssl_encapsulate(SSL *s, EVP_PKEY *pubkey,
                            unsigned char **ctp, size_t *ctlenp,
                            int gensecret);
 __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+__owur int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+                                   void *key);
 __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
 __owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 60c17dd809..ccc71a1995 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -818,28 +818,29 @@ void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
 /* Check a key is compatible with compression extension */
 static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
 {
-    const EC_KEY *ec;
-    const EC_GROUP *grp;
     unsigned char comp_id;
     size_t i;
+    int point_conv;
 
     /* If not an EC key nothing to check */
     if (!EVP_PKEY_is_a(pkey, "EC"))
         return 1;
-    ec = EVP_PKEY_get0_EC_KEY(pkey);
-    grp = EC_KEY_get0_group(ec);
+
 
     /* Get required compression id */
-    if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+    point_conv = EVP_PKEY_get_ec_point_conv_form(pkey);
+    if (point_conv == 0)
+        return 0;
+    if (point_conv == POINT_CONVERSION_UNCOMPRESSED) {
             comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
     } else if (SSL_IS_TLS13(s)) {
-            /*
-             * ec_point_formats extension is not used in TLSv1.3 so we ignore
-             * this check.
-             */
-            return 1;
+        /*
+         * ec_point_formats extension is not used in TLSv1.3 so we ignore
+         * this check.
+         */
+        return 1;
     } else {
-        int field_type = EC_GROUP_get_field_type(grp);
+        int field_type = EVP_PKEY_get_field_type(pkey);
 
         if (field_type == NID_X9_62_prime_field)
             comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
diff --git a/ssl/tls_depr.c b/ssl/tls_depr.c
index 6f2103ad91..4ac7fcb916 100644
--- a/ssl/tls_depr.c
+++ b/ssl/tls_depr.c
@@ -159,5 +159,23 @@ EVP_PKEY *ssl_dh_to_pkey(DH *dh)
     return ret;
 }
 # endif
-#endif
 
+/* Some deprecated public APIs pass EC_KEY objects */
+# ifndef OPENSSL_NO_EC
+int ssl_set_tmp_ecdh_groups(uint16_t **pext, size_t *pextlen,
+                            void *key)
+{
+    const EC_GROUP *group = EC_KEY_get0_group((const EC_KEY *)key);
+    int nid;
+
+    if (group == NULL) {
+        ERR_raise(ERR_LIB_SSL, SSL_R_MISSING_PARAMETERS);
+        return 0;
+    }
+    nid = EC_GROUP_get_curve_name(group);
+    if (nid == NID_undef)
+        return 0;
+    return tls1_set_groups(pext, pextlen, &nid, 1);
+}
+# endif
+#endif
diff --git a/test/build.info b/test/build.info
index a8f60c385b..b9e6d4f3b1 100644
--- a/test/build.info
+++ b/test/build.info
@@ -32,7 +32,7 @@ IF[{- !$disabled{tests} -}]
           versions \
           aborttest test_test pkcs12_format_test \
           sanitytest rsa_complex exdatatest bntest \
-          ectest ecstresstest gmdifftest pbelutest \
+          ecstresstest gmdifftest pbelutest \
           destest mdc2test \
           exptest \
           evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
@@ -96,7 +96,7 @@ IF[{- !$disabled{tests} -}]
 
   SOURCE[ectest]=ectest.c
   INCLUDE[ectest]=../include ../apps/include
-  DEPEND[ectest]=../libcrypto libtestutil.a
+  DEPEND[ectest]=../libcrypto.a libtestutil.a
 
   SOURCE[ecstresstest]=ecstresstest.c
   INCLUDE[ecstresstest]=../include ../apps/include
@@ -548,7 +548,7 @@ IF[{- !$disabled{tests} -}]
       PROGRAMS{noinst}=sm4_internal_test
     ENDIF
     IF[{- !$disabled{ec} -}]
-      PROGRAMS{noinst}=ec_internal_test curve448_internal_test
+      PROGRAMS{noinst}=ectest ec_internal_test curve448_internal_test
     ENDIF
     IF[{- !$disabled{cmac} -}]
       PROGRAMS{noinst}=cmactest
diff --git a/test/ectest.c b/test/ectest.c
index 9088fd166a..e00e7c2b3a 100644
--- a/test/ectest.c
+++ b/test/ectest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -9,32 +9,28 @@
  */
 
 /*
- * We need access to the deprecated EC_POINTs_mul, EC_GROUP_precompute_mult,
- * and EC_GROUP_have_precompute_mult for testing purposes
- * when the deprecated calls are not hidden
+ * EC_KEY low level APIs are deprecated for public use, but still ok for
+ * internal use.
  */
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-# define OPENSSL_SUPPRESS_DEPRECATED
-#endif
+#include "internal/deprecated.h"
 
 #include <string.h>
 #include "internal/nelem.h"
 #include "testutil.h"
 
-#ifndef OPENSSL_NO_EC
-# include <openssl/ec.h>
-# ifndef OPENSSL_NO_ENGINE
-#  include <openssl/engine.h>
-# endif
-# include <openssl/err.h>
-# include <openssl/obj_mac.h>
-# include <openssl/objects.h>
-# include <openssl/rand.h>
-# include <openssl/bn.h>
-# include <openssl/opensslconf.h>
-# include "openssl/core_names.h"
-# include "openssl/param_build.h"
-# include "openssl/evp.h"
+#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+#include "openssl/core_names.h"
+#include "openssl/param_build.h"
+#include "openssl/evp.h"
 
 static size_t crv_len = 0;
 static EC_builtin_curve *curves = NULL;
@@ -62,9 +58,9 @@ static int group_order_tests(EC_GROUP *group)
     if (!TEST_true(EC_GROUP_get_order(group, order, ctx))
         || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
         || !TEST_true(EC_POINT_is_at_infinity(group, Q))
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
         || !TEST_true(EC_GROUP_precompute_mult(group, ctx))
-# endif
+#endif
         || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
         || !TEST_true(EC_POINT_is_at_infinity(group, Q))
         || !TEST_true(EC_POINT_copy(P, G))
@@ -78,10 +74,10 @@ static int group_order_tests(EC_GROUP *group)
         goto err;
 
     for (i = 1; i <= 2; i++) {
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
         const BIGNUM *scalars[6];
         const EC_POINT *points[6];
-# endif
+#endif
 
         if (!TEST_true(BN_set_word(n1, i))
             /*
@@ -116,7 +112,7 @@ static int group_order_tests(EC_GROUP *group)
             || !TEST_false(EC_POINT_is_at_infinity(group, P)))
             goto err;
 
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
         /* Exercise EC_POINTs_mul, including corner cases. */
         scalars[0] = scalars[1] = BN_value_one();
         points[0]  = points[1]  = P;
@@ -141,7 +137,7 @@ static int group_order_tests(EC_GROUP *group)
         if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
             || !TEST_true(EC_POINT_is_at_infinity(group, P)))
             goto err;
-# endif
+#endif
     }
 
     r = 1;
@@ -167,10 +163,10 @@ static int prime_field_tests(void)
     EC_GROUP *group = NULL;
     EC_POINT *P = NULL, *Q = NULL, *R = NULL;
     BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL;
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     const EC_POINT *points[4];
     const BIGNUM *scalars[4];
-# endif
+#endif
     unsigned char buf[100];
     size_t len, r = 0;
     int k;
@@ -542,7 +538,7 @@ static int prime_field_tests(void)
         || !TEST_false(EC_POINT_is_at_infinity(group, Q)))
         goto err;
 
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     TEST_note("combined multiplication ...");
     points[0] = Q;
     points[1] = Q;
@@ -588,7 +584,7 @@ static int prime_field_tests(void)
     if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
         || !TEST_true(EC_POINT_is_at_infinity(group, P)))
         goto err;
-# endif
+#endif
     TEST_note(" ok\n");
     r = 1;
 err:
@@ -608,7 +604,7 @@ err:
     return r;
 }
 
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
 
 static struct c2_curve_test {
     const char *name;
@@ -983,20 +979,20 @@ static int char2_field_tests(void)
         || !TEST_ptr(yplusone = BN_new())
         || !TEST_true(BN_hex2bn(&x, "6"))
 /* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
+# ifdef OPENSSL_EC_BIN_PT_COMP
         || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))
-#  else
+# else
         || !TEST_true(BN_hex2bn(&y, "8"))
         || !TEST_true(EC_POINT_set_affine_coordinates(group, Q, x, y, ctx))
-#  endif
+# endif
        )
         goto err;
     if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) {
 /* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
+# ifdef OPENSSL_EC_BIN_PT_COMP
         if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx)))
             goto err;
-#  endif
+# endif
         TEST_info("Point is not on curve");
         test_output_bignum("x", x);
         test_output_bignum("y", y);
@@ -1031,7 +1027,7 @@ static int char2_field_tests(void)
         goto err;
 
 /* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
+# ifdef OPENSSL_EC_BIN_PT_COMP
     len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED,
                              buf, sizeof(buf), ctx);
     if (!TEST_size_t_ne(len, 0)
@@ -1040,7 +1036,7 @@ static int char2_field_tests(void)
         goto err;
     test_output_memory("Generator as octet string, compressed form:",
                        buf, len);
-#  endif
+# endif
 
     len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED,
                              buf, sizeof(buf), ctx);
@@ -1052,7 +1048,7 @@ static int char2_field_tests(void)
                        buf, len);
 
 /* Change test based on whether binary point compression is enabled or not. */
-#  ifdef OPENSSL_EC_BIN_PT_COMP
+# ifdef OPENSSL_EC_BIN_PT_COMP
     len =
         EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
                            ctx);
@@ -1062,7 +1058,7 @@ static int char2_field_tests(void)
         goto err;
     test_output_memory("Generator as octet string, hybrid form:",
                        buf, len);
-#  endif
+# endif
 
     if (!TEST_true(EC_POINT_invert(group, P, ctx))
         || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)))
@@ -1087,7 +1083,7 @@ err:
     BN_free(yplusone);
     return r;
 }
-# endif
+#endif
 
 static int internal_curve_test(int n)
 {
@@ -1342,12 +1338,12 @@ static int nistp_single_test(int idx)
     /* random point multiplication */
     EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
     if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#ifndef OPENSSL_NO_DEPRECATED_3_0
         /* We have not performed precomp so this should be false */
         || !TEST_false(EC_GROUP_have_precompute_mult(NISTP))
         /* now repeat all tests with precomputation */
         || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx))
-# endif
+#endif
         )
         goto err;
 
@@ -1712,7 +1708,7 @@ int are_ec_nids_compatible(int n1d, int n2d)
 {
     int ret = 0;
     switch (n1d) {
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
         case NID_sect113r1:
         case NID_wap_wsg_idm_ecid_wtls4:
             ret = (n2d == NID_sect113r1 || n2d == NID_wap_wsg_idm_ecid_wtls4);
@@ -1734,7 +1730,7 @@ int are_ec_nids_compatible(int n1d, int n2d)
             ret = (n2d == NID_X9_62_c2pnb163v1
                    || n2d == NID_wap_wsg_idm_ecid_wtls5);
             break;
-# endif /* OPENSSL_NO_EC2M */
+#endif /* OPENSSL_NO_EC2M */
         case NID_secp112r1:
         case NID_wap_wsg_idm_ecid_wtls6:
             ret = (n2d == NID_secp112r1 || n2d == NID_wap_wsg_idm_ecid_wtls6);
@@ -1743,12 +1739,12 @@ int are_ec_nids_compatible(int n1d, int n2d)
         case NID_wap_wsg_idm_ecid_wtls7:
             ret = (n2d == NID_secp160r2 || n2d == NID_wap_wsg_idm_ecid_wtls7);
             break;
-# ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
         case NID_secp224r1:
         case NID_wap_wsg_idm_ecid_wtls12:
             ret = (n2d == NID_secp224r1 || n2d == NID_wap_wsg_idm_ecid_wtls12);
             break;
-# else
+#else
         /*
          * For SEC P-224 we want to ensure that the SECP nid is returned, as
          * that is associated with a specialized method.
@@ -1756,7 +1752,7 @@ int are_ec_nids_compatible(int n1d, int n2d)
         case NID_wap_wsg_idm_ecid_wtls12:
             ret = (n2d == NID_secp224r1);
             break;
-# endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
+#endif /* def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
 
         default:
             ret = (n1d == n2d);
@@ -2142,14 +2138,14 @@ static int cardinality_test(int n)
         || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1)))
         || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx))
         /* construct g2 manually with g1 parameters */
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
         || !TEST_ptr(g2 = (is_binary) ?
                            EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) :
                            EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx))
-# else
+#else
         || !TEST_int_eq(0, is_binary)
         || !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx))
-# endif
+#endif
         || !TEST_ptr(g2_gen = EC_POINT_new(g2))
         || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx))
         /* pass NULL cofactor: lib should compute it */
@@ -2682,12 +2678,12 @@ static int custom_params_test(int id)
         goto err;
 
     is_prime = EC_GROUP_get_field_type(group) == NID_X9_62_prime_field;
-# ifdef OPENSSL_NO_EC2M
+#ifdef OPENSSL_NO_EC2M
     if (!is_prime) {
         ret = TEST_skip("binary curves not supported in this build");
         goto err;
     }
-# endif
+#endif
 
     BN_CTX_start(ctx);
     if (!TEST_ptr(p = BN_CTX_get(ctx))
@@ -2724,12 +2720,12 @@ static int custom_params_test(int id)
         if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GFp(p, a, b, ctx)))
             goto err;
     }
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
     else {
         if (!TEST_ptr(altgroup = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
             goto err;
     }
-# endif
+#endif
 
     /* set 2*G as the generator of altgroup */
     EC_POINT_free(G2); /* discard G2 as it refers to the original group */
@@ -2918,11 +2914,8 @@ static int custom_params_test(int id)
     return ret;
 }
 
-#endif /* OPENSSL_NO_EC */
-
 int setup_tests(void)
 {
-#ifndef OPENSSL_NO_EC
     crv_len = EC_get_builtin_curves(NULL, 0);
     if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len))
         || !TEST_true(EC_get_builtin_curves(curves, crv_len)))
@@ -2932,10 +2925,10 @@ int setup_tests(void)
     ADD_TEST(cofactor_range_test);
     ADD_ALL_TESTS(cardinality_test, crv_len);
     ADD_TEST(prime_field_tests);
-# ifndef OPENSSL_NO_EC2M
+#ifndef OPENSSL_NO_EC2M
     ADD_TEST(char2_field_tests);
     ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
-# endif
+#endif
     ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
     ADD_ALL_TESTS(internal_curve_test, crv_len);
     ADD_ALL_TESTS(internal_curve_test_method, crv_len);
@@ -2947,13 +2940,10 @@ int setup_tests(void)
     ADD_ALL_TESTS(ec_point_hex2point_test, crv_len);
     ADD_ALL_TESTS(custom_generator_test, crv_len);
     ADD_ALL_TESTS(custom_params_test, crv_len);
-#endif /* OPENSSL_NO_EC */
     return 1;
 }
 
 void cleanup_tests(void)
 {
-#ifndef OPENSSL_NO_EC
     OPENSSL_free(curves);
-#endif
 }
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 4358fbe5c5..440b4759dd 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -384,6 +384,7 @@ static const unsigned char pExampleECParamDER[] = {
 typedef struct APK_DATA_st {
     const unsigned char *kder;
     size_t size;
+    const char *keytype;
     int evptype;
     int check;
     int pub_check;
@@ -392,22 +393,22 @@ typedef struct APK_DATA_st {
 } APK_DATA;
 
 static APK_DATA keydata[] = {
-    {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
-    {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
+    {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
+    {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
 #ifndef OPENSSL_NO_EC
-    {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
+    {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
 #endif
 };
 
 static APK_DATA keycheckdata[] = {
-    {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
-    {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
+    {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 0},
+    {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
      0, 1, 1, 0},
 #ifndef OPENSSL_NO_EC
-    {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
+    {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
     /* group is also associated in our pub key */
-    {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
-    {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
+    {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 1, 1},
+    {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 2}
 #endif
 };
 
@@ -911,18 +912,14 @@ static struct ec_der_pub_keys_st {
 static int test_invalide_ec_char2_pub_range_decode(int id)
 {
     int ret = 0;
-    BIO *bio = NULL;
-    EC_KEY *eckey = NULL;
+    EVP_PKEY *pkey;
 
-    if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
-                                        ec_der_pub_keys[id].len)))
-        goto err;
-    eckey = d2i_EC_PUBKEY_bio(bio, NULL);
-    ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
-          || TEST_ptr_null(eckey);
-err:
-    EC_KEY_free(eckey);
-    BIO_free(bio);
+    pkey = load_example_key("EC", ec_der_pub_keys[id].der,
+                            ec_der_pub_keys[id].len);
+
+    ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
+          || TEST_ptr_null(pkey);
+    EVP_PKEY_free(pkey);
     return ret;
 }
 
@@ -1417,11 +1414,7 @@ static EVP_PKEY_METHOD *custom_pmeth;
 static int test_EVP_PKEY_check(int i)
 {
     int ret = 0;
-    const unsigned char *p;
     EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_EC
-    EC_KEY *eckey = NULL;
-#endif
     EVP_PKEY_CTX *ctx = NULL;
 #ifndef OPENSSL_NO_DEPRECATED_3_0
     EVP_PKEY_CTX *ctx2 = NULL;
@@ -1434,36 +1427,12 @@ static int test_EVP_PKEY_check(int i)
     int expected_pub_check = ak->pub_check;
     int expected_param_check = ak->param_check;
     int type = ak->type;
-    BIO *pubkey = NULL;
-
-    p = input;
 
-    switch (type) {
-    case 0:
-        if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
-            || !TEST_ptr_eq(p, input + input_len)
-            || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
-            goto done;
-        break;
-#ifndef OPENSSL_NO_EC
-    case 1:
-        if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
-            || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
-            || !TEST_ptr(pkey = EVP_PKEY_new())
-            || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
-            goto done;
-        break;
-    case 2:
-        if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
-            || !TEST_ptr_eq(p, input + input_len)
-            || !TEST_ptr(pkey = EVP_PKEY_new())
-            || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
-            goto done;
-        break;
-#endif
-    default:
-        return 0;
-    }
+    if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
+        goto done;
+    if (type == 0
+        && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
+        goto done;
 
     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
         goto done;
@@ -1501,7 +1470,6 @@ static int test_EVP_PKEY_check(int i)
     EVP_PKEY_CTX_free(ctx2);
 #endif
     EVP_PKEY_free(pkey);
-    BIO_free(pubkey);
     return ret;
 }
 
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
index 08fcd39bea..e286df6cf0 100644
--- a/test/helpers/handshake.c
+++ b/test/helpers/handshake.c
@@ -12,6 +12,7 @@
 #include <openssl/bio.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/ssl.h>
+#include <openssl/core_names.h>
 #ifndef OPENSSL_NO_SRP
 #include <openssl/srp.h>
 #endif
@@ -1270,15 +1271,15 @@ static char *dup_str(const unsigned char *in, size_t len)
 
 static int pkey_type(EVP_PKEY *pkey)
 {
-    int nid = EVP_PKEY_id(pkey);
+    if (EVP_PKEY_is_a(pkey, "EC")) {
+        char name[80];
+        size_t name_len;
 
-#ifndef OPENSSL_NO_EC
-    if (nid == EVP_PKEY_EC) {
-        const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
-        return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+        if (!EVP_PKEY_get_group_name(pkey, name, sizeof(name), &name_len))
+            return NID_undef;
+        return OBJ_txt2nid(name);
     }
-#endif
-    return nid;
+    return EVP_PKEY_id(pkey);
 }
 
 static int peer_pkey_type(SSL *s)
diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
index 5a042d1d4d..acd1b3960d 100644
--- a/test/recipes/15-test_ec.t
+++ b/test/recipes/15-test_ec.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,6 +16,8 @@ use OpenSSL::Test::Utils;
 
 setup("test_ec");
 
+plan skip_all => 'EC is not supported in this build' if disabled('ec');
+
 plan tests => 14;
 
 require_ok(srctop_file('test','recipes','tconversion.pl'));
@@ -25,77 +27,61 @@ ok(run(test(["ectest"])), "running ectest");
 # TODO: remove these when the 'ec' app is removed.
 # Also consider moving this to the 20-25 test section because it is testing
 # the command line tool in addition to the algorithm.
-SKIP: {
-    skip "Skipping EC conversion test", 3
-        if disabled("ec");
-
-    subtest 'EC conversions -- private key' => sub {
-        tconversion( -type => 'ec', -prefix => 'ec-priv',
-                     -in => srctop_file("test","testec-p256.pem") );
-    };
-    subtest 'EC conversions -- private key PKCS#8' => sub {
-        tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
-                     -in => srctop_file("test","testec-p256.pem"),
-                     -args => "pkey" );
-    };
-    subtest 'EC conversions -- public key' => sub {
-        tconversion( -type => 'ec', -prefix => 'ec-pub',
-                     -in => srctop_file("test","testecpub-p256.pem"),
-                     -args => [ "ec", "-pubin", "-pubout" ] );
-    };
-}
-
-SKIP: {
-    skip "Skipping PKEY conversion test", 3
-        if disabled("ec");
-
-    subtest 'PKEY conversions -- private key' => sub {
-        tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv',
-                     -in => srctop_file("test","testec-p256.pem") );
-    };
-    subtest 'PKEY conversions -- private key PKCS#8' => sub {
-        tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8',
-                     -in => srctop_file("test","testec-p256.pem"),
-                     -args => "pkey" );
-    };
-    subtest 'PKEY conversions -- public key' => sub {
-        tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub',
-                     -in => srctop_file("test","testecpub-p256.pem"),
-                     -args => [ "pkey", "-pubin", "-pubout" ] );
-    };
-}
-
-SKIP: {
-    skip "Skipping EdDSA conversion test", 6
-        if disabled("ec");
+subtest 'EC conversions -- private key' => sub {
+    tconversion( -type => 'ec', -prefix => 'ec-priv',
+                 -in => srctop_file("test","testec-p256.pem") );
+};
+subtest 'EC conversions -- private key PKCS#8' => sub {
+    tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
+                 -in => srctop_file("test","testec-p256.pem"),
+                 -args => "pkey" );
+};
+subtest 'EC conversions -- public key' => sub {
+    tconversion( -type => 'ec', -prefix => 'ec-pub',
+                 -in => srctop_file("test","testecpub-p256.pem"),
+                 -args => [ "ec", "-pubin", "-pubout" ] );
+};
 
-    subtest 'Ed25519 conversions -- private key' => sub {
-        tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv",
-                     -in => srctop_file("test", "tested25519.pem") );
-    };
-    subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
-        tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8",
-                     -in => srctop_file("test", "tested25519.pem"),
-                     -args => ["pkey"] );
-    };
-    subtest 'Ed25519 conversions -- public key' => sub {
-        tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub",
-                     -in => srctop_file("test", "tested25519pub.pem"),
-                     -args => ["pkey", "-pubin", "-pubout"] );
-    };
+subtest 'PKEY conversions -- private key' => sub {
+    tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv',
+                 -in => srctop_file("test","testec-p256.pem") );
+};
+subtest 'PKEY conversions -- private key PKCS#8' => sub {
+    tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8',
+                 -in => srctop_file("test","testec-p256.pem"),
+                 -args => "pkey" );
+};
+subtest 'PKEY conversions -- public key' => sub {
+    tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub',
+                 -in => srctop_file("test","testecpub-p256.pem"),
+                 -args => [ "pkey", "-pubin", "-pubout" ] );
+};
 
-    subtest 'Ed448 conversions -- private key' => sub {
-        tconversion( -type => "pkey", -prefix => "ed448-pkey-priv",
-                     -in => srctop_file("test", "tested448.pem") );
-    };
-    subtest 'Ed448 conversions -- private key PKCS#8' => sub {
-        tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8",
-                     -in => srctop_file("test", "tested448.pem"),
-                     -args => ["pkey"] );
-    };
-    subtest 'Ed448 conversions -- public key' => sub {
-        tconversion( -type => "pkey", -prefix => "ed448-pkey-pub",
-                     -in => srctop_file("test", "tested448pub.pem"),
-                     -args => ["pkey", "-pubin", "-pubout"] );
-    };
-}
+subtest 'Ed25519 conversions -- private key' => sub {
+    tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv",
+                 -in => srctop_file("test", "tested25519.pem") );
+};
+subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
+    tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8",
+                 -in => srctop_file("test", "tested25519.pem"),
+                 -args => ["pkey"] );
+};
+subtest 'Ed25519 conversions -- public key' => sub {
+    tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub",
+                 -in => srctop_file("test", "tested25519pub.pem"),
+                 -args => ["pkey", "-pubin", "-pubout"] );
+};
+subtest 'Ed448 conversions -- private key' => sub {
+    tconversion( -type => "pkey", -prefix => "ed448-pkey-priv",
+                 -in => srctop_file("test", "tested448.pem") );
+};
+subtest 'Ed448 conversions -- private key PKCS#8' => sub {
+    tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8",
+                 -in => srctop_file("test", "tested448.pem"),
+                 -args => ["pkey"] );
+};
+subtest 'Ed448 conversions -- public key' => sub {
+    tconversion( -type => "pkey", -prefix => "ed448-pkey-pub",
+                 -in => srctop_file("test", "tested448pub.pem"),
+                 -args => ["pkey", "-pubin", "-pubout"] );
+};
diff --git a/test/recipes/15-test_ecparam.t b/test/recipes/15-test_ecparam.t
index 4294a00ef2..93b2aa4a21 100644
--- a/test/recipes/15-test_ecparam.t
+++ b/test/recipes/15-test_ecparam.t
@@ -11,46 +11,100 @@ use strict;
 use warnings;
 
 use File::Spec;
+use File::Compare qw/compare_text/;
 use OpenSSL::Glob;
 use OpenSSL::Test qw/:DEFAULT data_file/;
 use OpenSSL::Test::Utils;
 
 setup("test_ecparam");
 
-plan skip_all => "EC isn't supported in this build"
+plan skip_all => "EC or EC2M isn't supported in this build"
     if disabled("ec") || disabled("ec2m");
 
 my @valid = glob(data_file("valid", "*.pem"));
+my @noncanon = glob(data_file("noncanon", "*.pem"));
 my @invalid = glob(data_file("invalid", "*.pem"));
 
-my $num_tests = scalar @valid + scalar @invalid;
-plan tests => 3 * $num_tests;
+plan tests => 11;
 
- SKIP: {
-    skip "Skipping EC tests", 2 * $num_tests
-        if disabled('deprecated-3.0');
+sub checkload {
+    my $files = shift; # List of files
+    my $valid = shift; # Check should pass or fail?
+    my $app = shift;   # Which application
+    my $opt = shift;   # Additional option
 
-    foreach (@valid) {
-        ok(run(app([qw{openssl ecparam -noout -check -in}, $_])));
+    foreach (@$files) {
+        if ($valid) {
+            ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
+        } else {
+            ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
+        }
     }
+}
 
-    foreach (@valid) {
-        ok(run(app([qw{openssl ecparam -noout -check_named -in}, $_])));
-    }
+sub checkcompare {
+    my $files = shift; # List of files
+    my $app = shift;   # Which application
 
-    foreach (@invalid) {
-        ok(!run(app([qw{openssl ecparam -noout -check -in}, $_])));
-    }
+    foreach (@$files) {
+        my $testout = "$app.tst";
 
-    foreach (@invalid) {
-        ok(!run(app([qw{openssl ecparam -noout -check_named -in}, $_])));
+        ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
+        ok(!compare_text($_, $testout), "Original file $_ is the same as new one");
     }
 }
 
-foreach (@valid) {
-    ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
-}
+subtest "Check loading valid parameters by ecparam with -check" => sub {
+    plan tests => scalar(@valid);
+    checkload(\@valid, 1, "ecparam", "-check");
+};
 
-foreach (@invalid) {
-    ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
-}
+subtest "Check loading valid parameters by ecparam with -check_named" => sub {
+    plan tests => scalar(@valid);
+    checkload(\@valid, 1, "ecparam", "-check_named");
+};
+
+subtest "Check loading valid parameters by pkeyparam with -check" => sub {
+    plan tests => scalar(@valid);
+    checkload(\@valid, 1, "pkeyparam", "-check");
+};
+
+subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
+    plan tests => scalar(@noncanon);
+    checkload(\@noncanon, 1, "ecparam", "-check");
+};
+
+subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
+    plan tests => scalar(@noncanon);
+    checkload(\@noncanon, 1, "ecparam", "-check_named");
+};
+
+subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
+    plan tests => scalar(@noncanon);
+    checkload(\@noncanon, 1, "pkeyparam", "-check");
+};
+
+subtest "Check loading invalid parameters by ecparam with -check" => sub {
+    plan tests => scalar(@invalid);
+    checkload(\@invalid, 0, "ecparam", "-check");
+};
+
+subtest "Check loading invalid parameters by ecparam with -check_named" => sub {
+    plan tests => scalar(@invalid);
+    checkload(\@invalid, 0, "ecparam", "-check_named");
+};
+
+subtest "Check loading invalid parameters by pkeyparam with -check" => sub {
+    plan tests => scalar(@invalid);
+    checkload(\@invalid, 0, "pkeyparam", "-check");
+};
+
+subtest "Check ecparam does not change the parameter file on output" => sub {
+    plan tests => 2 * scalar(@valid);
+    checkcompare(\@valid, "ecparam");
+};
+
+subtest "Check pkeyparam does not change the parameter file on output" => sub {
+    plan tests => 2 * scalar(@valid);
+    checkcompare(\@valid, "pkeyparam");
+};
diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/c2pnb163v1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/c2pnb163v1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/c2pnb163v1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/c2pnb208w1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/c2pnb208w1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/c2pnb208w1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp160k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp160k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp160k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp192k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp192k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp192k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp224k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp224k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp224k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp256k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp256k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp256k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/secp521r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/secp521r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/secp521r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect113r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect113r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect113r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect113r2-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect113r2-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect113r2-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect163k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect163k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect163k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect163r2-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect163r2-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect163r2-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect193r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect193r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect193r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect193r2-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect193r2-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect193r2-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect233k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect233k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect233k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect233r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect233r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect233r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect239k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect239k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect239k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect283k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect283k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect283k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect283r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect283r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect283r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect409k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect409k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect409k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect409r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect409r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect409r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect571k1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect571k1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect571k1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/sect571r1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/sect571r1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/sect571r1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls1-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls1-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls1-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls10-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls10-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls10-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls11-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls11-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls11-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls3-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls3-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls3-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls4-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls4-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls4-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls5-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls5-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls5-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls8-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls8-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls8-explicit.pem
diff --git a/test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem b/test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls9-explicit.pem
similarity index 100%
rename from test/recipes/15-test_ecparam_data/valid/wap-wsg-idm-ecid-wtls9-explicit.pem
rename to test/recipes/15-test_ecparam_data/noncanon/wap-wsg-idm-ecid-wtls9-explicit.pem
diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
index 4114d94917..69b01b7e0a 100644
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@@ -718,17 +718,15 @@ static void sv_usage(void)
 static void print_key_details(BIO *out, EVP_PKEY *key)
 {
     int keyid = EVP_PKEY_id(key);
+
 #ifndef OPENSSL_NO_EC
     if (keyid == EVP_PKEY_EC) {
-        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
-        int nid;
-        const char *cname;
-        nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
-        EC_KEY_free(ec);
-        cname = EC_curve_nid2nist(nid);
-        if (!cname)
-            cname = OBJ_nid2sn(nid);
-        BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
+        char group[80];
+        size_t size;
+
+        if (!EVP_PKEY_get_group_name(key, group, sizeof(group), &size))
+            strcpy(group, "unknown group");
+        BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), group);
     } else
 #endif
     {
diff --git a/util/libcrypto.num b/util/libcrypto.num
index bc39e25b6d..509c694d69 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1,4 +1,4 @@
-d2i_EC_PUBKEY                           1	3_0_0	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY                           1	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 b2i_PVK_bio                             2	3_0_0	EXIST::FUNCTION:
 PEM_read_bio_NETSCAPE_CERT_SEQUENCE     3	3_0_0	EXIST::FUNCTION:
 X509_STORE_CTX_get0_chain               4	3_0_0	EXIST::FUNCTION:
@@ -15,7 +15,7 @@ X509at_get_attr_by_NID                  14	3_0_0	EXIST::FUNCTION:
 X509_PUBKEY_set0_param                  15	3_0_0	EXIST::FUNCTION:
 PKCS12_it                               16	3_0_0	EXIST::FUNCTION:
 i2d_ASN1_OCTET_STRING                   17	3_0_0	EXIST::FUNCTION:
-EC_KEY_set_private_key                  18	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_private_key                  18	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 SRP_VBASE_get_by_user                   19	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SRP
 Camellia_cfb128_encrypt                 21	3_0_0	EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
 DES_ncbc_encrypt                        22	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
@@ -180,7 +180,7 @@ i2d_ASN1_PRINTABLESTRING                183	3_0_0	EXIST::FUNCTION:
 X509_VERIFY_PARAM_set_hostflags         184	3_0_0	EXIST::FUNCTION:
 SCT_get0_log_id                         185	3_0_0	EXIST::FUNCTION:CT
 ASN1_IA5STRING_it                       186	3_0_0	EXIST::FUNCTION:
-PEM_write_bio_ECPrivateKey              187	3_0_0	EXIST::FUNCTION:EC
+PEM_write_bio_ECPrivateKey              187	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 BN_consttime_swap                       188	3_0_0	EXIST::FUNCTION:
 BIO_f_buffer                            189	3_0_0	EXIST::FUNCTION:
 CMS_SignerInfo_get0_signer_id           190	3_0_0	EXIST::FUNCTION:CMS
@@ -198,7 +198,7 @@ OCSP_request_add0_id                    201	3_0_0	EXIST::FUNCTION:OCSP
 EVP_seed_cfb128                         202	3_0_0	EXIST::FUNCTION:SEED
 BASIC_CONSTRAINTS_free                  203	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_flags                        204	3_0_0	EXIST::FUNCTION:
-PEM_write_bio_ECPKParameters            205	3_0_0	EXIST::FUNCTION:EC
+PEM_write_bio_ECPKParameters            205	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 SCT_set_version                         206	3_0_0	EXIST::FUNCTION:CT
 CMS_add1_ReceiptRequest                 207	3_0_0	EXIST::FUNCTION:CMS
 d2i_CRL_DIST_POINTS                     208	3_0_0	EXIST::FUNCTION:
@@ -206,7 +206,7 @@ X509_CRL_INFO_free                      209	3_0_0	EXIST::FUNCTION:
 ERR_load_UI_strings                     210	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 ERR_load_strings                        211	3_0_0	EXIST::FUNCTION:
 RSA_X931_hash_id                        212	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EC_KEY_set_method                       213	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_method                       213	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PEM_write_PKCS8_PRIV_KEY_INFO           214	3_0_0	EXIST::FUNCTION:STDIO
 X509at_get0_data_by_OBJ                 215	3_0_0	EXIST::FUNCTION:
 b2i_PublicKey_bio                       216	3_0_0	EXIST::FUNCTION:
@@ -234,9 +234,9 @@ ASN1_item_i2d                           238	3_0_0	EXIST::FUNCTION:
 OCSP_copy_nonce                         239	3_0_0	EXIST::FUNCTION:OCSP
 OBJ_txt2nid                             240	3_0_0	EXIST::FUNCTION:
 SEED_set_key                            241	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,SEED
-EC_KEY_clear_flags                      242	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_clear_flags                      242	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 CMS_RecipientInfo_ktri_get0_algs        243	3_0_0	EXIST::FUNCTION:CMS
-i2d_EC_PUBKEY                           244	3_0_0	EXIST::FUNCTION:EC
+i2d_EC_PUBKEY                           244	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 MDC2                                    245	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
 BN_clear_free                           246	3_0_0	EXIST::FUNCTION:
 ENGINE_get_pkey_asn1_meths              247	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
@@ -254,7 +254,7 @@ EVP_md2                                 259	3_0_0	EXIST::FUNCTION:MD2
 RC2_ecb_encrypt                         260	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RC2
 ENGINE_register_DH                      261	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 ASN1_NULL_free                          262	3_0_0	EXIST::FUNCTION:
-EC_KEY_copy                             263	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_copy                             263	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_des_ede3                            264	3_0_0	EXIST::FUNCTION:DES
 PKCS7_add1_attrib_digest                265	3_0_0	EXIST::FUNCTION:
 EC_POINT_get_affine_coordinates_GFp     266	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
@@ -318,7 +318,7 @@ BIO_s_accept                            323	3_0_0	EXIST::FUNCTION:SOCK
 EVP_whirlpool                           324	3_0_0	EXIST::FUNCTION:WHIRLPOOL
 OCSP_ONEREQ_get1_ext_d2i                325	3_0_0	EXIST::FUNCTION:OCSP
 d2i_ESS_SIGNING_CERT                    326	3_0_0	EXIST::FUNCTION:
-EC_KEY_set_default_method               327	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_default_method               327	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_OBJECT_up_ref_count                328	3_0_0	EXIST::FUNCTION:
 RAND_load_file                          329	3_0_0	EXIST::FUNCTION:
 BIO_ctrl_reset_read_request             330	3_0_0	EXIST::FUNCTION:
@@ -521,7 +521,7 @@ X509_CRL_add1_ext_i2d                   532	3_0_0	EXIST::FUNCTION:
 i2d_TS_TST_INFO                         533	3_0_0	EXIST::FUNCTION:TS
 OBJ_sigid_free                          534	3_0_0	EXIST::FUNCTION:
 TS_STATUS_INFO_get0_status              535	3_0_0	EXIST::FUNCTION:TS
-EC_KEY_get_flags                        536	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get_flags                        536	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 ASN1_TYPE_cmp                           537	3_0_0	EXIST::FUNCTION:
 i2d_RSAPublicKey                        538	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EC_GROUP_get_trinomial_basis            539	3_0_0	EXIST::FUNCTION:EC,EC2M
@@ -537,7 +537,7 @@ RSA_sign_ASN1_OCTET_STRING              548	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3
 d2i_X509_CRL_fp                         549	3_0_0	EXIST::FUNCTION:STDIO
 i2d_RSA_PUBKEY                          550	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_aes_128_ccm                         551	3_0_0	EXIST::FUNCTION:
-ECParameters_print                      552	3_0_0	EXIST::FUNCTION:EC
+ECParameters_print                      552	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 OCSP_SINGLERESP_get1_ext_d2i            553	3_0_0	EXIST::FUNCTION:OCSP
 RAND_status                             554	3_0_0	EXIST::FUNCTION:
 EVP_ripemd160                           555	3_0_0	EXIST::FUNCTION:RMD160
@@ -645,7 +645,7 @@ OCSP_resp_get0_produced_at              661	3_0_0	EXIST::FUNCTION:OCSP
 IDEA_encrypt                            662	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,IDEA
 CRYPTO_nistcts128_encrypt_block         663	3_0_0	EXIST::FUNCTION:
 EVP_MD_do_all                           664	3_0_0	EXIST::FUNCTION:
-EC_KEY_oct2priv                         665	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_oct2priv                         665	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 CONF_parse_list                         666	3_0_0	EXIST::FUNCTION:
 ENGINE_set_table_flags                  667	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 EVP_MD_meth_get_ctrl                    668	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -772,7 +772,7 @@ CONF_get1_default_config_file           790	3_0_0	EXIST::FUNCTION:
 CRYPTO_ocb128_encrypt                   791	3_0_0	EXIST::FUNCTION:OCB
 EXTENDED_KEY_USAGE_new                  792	3_0_0	EXIST::FUNCTION:
 EVP_EncryptFinal                        793	3_0_0	EXIST::FUNCTION:
-PEM_write_ECPrivateKey                  794	3_0_0	EXIST::FUNCTION:EC,STDIO
+PEM_write_ECPrivateKey                  794	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 EVP_CIPHER_meth_set_get_asn1_params     796	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 PKCS7_dataInit                          797	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_app_data               798	3_0_0	EXIST::FUNCTION:
@@ -792,8 +792,8 @@ i2a_ASN1_ENUMERATED                     811	3_0_0	EXIST::FUNCTION:
 PKCS7_ISSUER_AND_SERIAL_new             812	3_0_0	EXIST::FUNCTION:
 d2i_USERNOTICE                          813	3_0_0	EXIST::FUNCTION:
 X509_cmp                                814	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_set1_EC_KEY                    815	3_0_0	EXIST::FUNCTION:EC
-ECPKParameters_print_fp                 816	3_0_0	EXIST::FUNCTION:EC,STDIO
+EVP_PKEY_set1_EC_KEY                    815	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
+ECPKParameters_print_fp                 816	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 GENERAL_SUBTREE_free                    817	3_0_0	EXIST::FUNCTION:
 RSA_blinding_off                        818	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 i2d_OCSP_REVOKEDINFO                    819	3_0_0	EXIST::FUNCTION:OCSP
@@ -910,7 +910,7 @@ DHparams_dup                            932	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3
 X509_get_ext                            933	3_0_0	EXIST::FUNCTION:
 X509_issuer_and_serial_hash             934	3_0_0	EXIST::FUNCTION:
 ASN1_BMPSTRING_it                       935	3_0_0	EXIST::FUNCTION:
-PEM_read_EC_PUBKEY                      936	3_0_0	EXIST::FUNCTION:EC,STDIO
+PEM_read_EC_PUBKEY                      936	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 d2i_ASN1_IA5STRING                      937	3_0_0	EXIST::FUNCTION:
 TS_TST_INFO_ext_free                    938	3_0_0	EXIST::FUNCTION:TS
 i2d_X509_CRL_fp                         939	3_0_0	EXIST::FUNCTION:STDIO
@@ -920,7 +920,7 @@ TS_VERIFY_CTX_set_certs                 942	3_0_0	EXIST::FUNCTION:TS
 BN_MONT_CTX_copy                        943	3_0_0	EXIST::FUNCTION:
 OPENSSL_INIT_new                        945	3_0_0	EXIST::FUNCTION:
 TS_ACCURACY_dup                         946	3_0_0	EXIST::FUNCTION:TS
-i2d_ECPrivateKey                        947	3_0_0	EXIST::FUNCTION:EC
+i2d_ECPrivateKey                        947	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_NAME_ENTRY_create_by_OBJ           948	3_0_0	EXIST::FUNCTION:
 TS_VERIFY_CTX_cleanup                   949	3_0_0	EXIST::FUNCTION:TS
 ASN1_INTEGER_get                        950	3_0_0	EXIST::FUNCTION:
@@ -1021,7 +1021,7 @@ X509_EXTENSION_new                      1047	3_0_0	EXIST::FUNCTION:
 X509_getm_notAfter                      1048	3_0_0	EXIST::FUNCTION:
 X509_ALGOR_dup                          1049	3_0_0	EXIST::FUNCTION:
 d2i_X509_REQ_INFO                       1050	3_0_0	EXIST::FUNCTION:
-d2i_EC_PUBKEY_bio                       1051	3_0_0	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_bio                       1051	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_STORE_CTX_set_error                1052	3_0_0	EXIST::FUNCTION:
 EC_KEY_METHOD_set_keygen                1053	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 CRYPTO_free                             1054	3_0_0	EXIST::FUNCTION:
@@ -1074,7 +1074,7 @@ X509_CRL_set1_nextUpdate                1100	3_0_0	EXIST::FUNCTION:
 EVP_des_ede3_cfb64                      1101	3_0_0	EXIST::FUNCTION:DES
 BN_to_ASN1_INTEGER                      1102	3_0_0	EXIST::FUNCTION:
 EXTENDED_KEY_USAGE_free                 1103	3_0_0	EXIST::FUNCTION:
-PEM_read_bio_EC_PUBKEY                  1104	3_0_0	EXIST::FUNCTION:EC
+PEM_read_bio_EC_PUBKEY                  1104	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 BN_MONT_CTX_set                         1105	3_0_0	EXIST::FUNCTION:
 TS_CONF_set_serial                      1106	3_0_0	EXIST::FUNCTION:TS
 X509_NAME_ENTRY_new                     1107	3_0_0	EXIST::FUNCTION:
@@ -1091,7 +1091,7 @@ X509_STORE_CTX_get0_store               1117	3_0_0	EXIST::FUNCTION:
 PKCS12_pack_p7data                      1118	3_0_0	EXIST::FUNCTION:
 RSA_print_fp                            1119	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO
 OPENSSL_INIT_set_config_appname         1120	3_0_0	EXIST::FUNCTION:STDIO
-EC_KEY_print_fp                         1121	3_0_0	EXIST::FUNCTION:EC,STDIO
+EC_KEY_print_fp                         1121	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 BIO_dup_chain                           1122	3_0_0	EXIST::FUNCTION:
 PKCS8_PRIV_KEY_INFO_it                  1123	3_0_0	EXIST::FUNCTION:
 RSA_OAEP_PARAMS_free                    1124	3_0_0	EXIST::FUNCTION:
@@ -1185,7 +1185,7 @@ EC_GFp_simple_method                    1211	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 X509_it                                 1212	3_0_0	EXIST::FUNCTION:
 d2i_PROXY_POLICY                        1213	3_0_0	EXIST::FUNCTION:
 MDC2_Update                             1214	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
-EC_KEY_new_by_curve_name                1215	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_new_by_curve_name                1215	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_CRL_free                           1216	3_0_0	EXIST::FUNCTION:
 i2d_PKCS7_SIGN_ENVELOPE                 1217	3_0_0	EXIST::FUNCTION:
 OCSP_CERTSTATUS_it                      1218	3_0_0	EXIST::FUNCTION:OCSP
@@ -1256,7 +1256,7 @@ MD5_Init                                1284	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 UI_add_error_string                     1285	3_0_0	EXIST::FUNCTION:
 X509_TRUST_cleanup                      1286	3_0_0	EXIST::FUNCTION:
 PEM_read_X509                           1287	3_0_0	EXIST::FUNCTION:STDIO
-EC_KEY_new_method                       1288	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_new_method                       1288	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 i2d_RSAPublicKey_fp                     1289	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,STDIO
 CRYPTO_ctr128_encrypt_ctr32             1290	3_0_0	EXIST::FUNCTION:
 X509_VERIFY_PARAM_move_peername         1291	3_0_0	EXIST::FUNCTION:
@@ -1266,7 +1266,7 @@ X509_CRL_METHOD_free                    1294	3_0_0	EXIST::FUNCTION:
 PEM_read_NETSCAPE_CERT_SEQUENCE         1295	3_0_0	EXIST::FUNCTION:STDIO
 OPENSSL_load_builtin_modules            1296	3_0_0	EXIST::FUNCTION:
 X509_set_version                        1297	3_0_0	EXIST::FUNCTION:
-i2d_EC_PUBKEY_bio                       1298	3_0_0	EXIST::FUNCTION:EC
+i2d_EC_PUBKEY_bio                       1298	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_REQ_get_attr_count                 1299	3_0_0	EXIST::FUNCTION:
 CMS_set1_signers_certs                  1300	3_0_0	EXIST::FUNCTION:CMS
 TS_ACCURACY_free                        1301	3_0_0	EXIST::FUNCTION:TS
@@ -1312,7 +1312,7 @@ CRYPTO_mem_leaks_fp                     1340	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG
 DES_set_key_unchecked                   1341	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
 BN_free                                 1342	3_0_0	EXIST::FUNCTION:
 EVP_aes_128_cfb1                        1343	3_0_0	EXIST::FUNCTION:
-EC_KEY_get0_group                       1344	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get0_group                       1344	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PEM_write_bio_CMS_stream                1345	3_0_0	EXIST::FUNCTION:CMS
 BIO_f_linebuffer                        1346	3_0_0	EXIST::FUNCTION:
 ASN1_item_d2i_bio                       1347	3_0_0	EXIST::FUNCTION:
@@ -1403,7 +1403,7 @@ ASN1_check_infinite_end                 1435	3_0_0	EXIST::FUNCTION:
 i2d_PKCS7_DIGEST                        1436	3_0_0	EXIST::FUNCTION:
 ERR_lib_error_string                    1437	3_0_0	EXIST::FUNCTION:
 X509_ATTRIBUTE_set1_object              1438	3_0_0	EXIST::FUNCTION:
-i2d_ECPrivateKey_bio                    1439	3_0_0	EXIST::FUNCTION:EC
+i2d_ECPrivateKey_bio                    1439	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 BN_GENCB_free                           1440	3_0_0	EXIST::FUNCTION:
 HMAC_size                               1441	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_PKEY_get0_DH                        1442	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
@@ -1513,7 +1513,7 @@ EVP_CIPHER_asn1_to_param                1546	3_0_0	EXIST::FUNCTION:
 OCSP_request_onereq_get0                1547	3_0_0	EXIST::FUNCTION:OCSP
 ERR_load_PKCS7_strings                  1548	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_PUBKEY_get                         1549	3_0_0	EXIST::FUNCTION:
-EC_KEY_free                             1550	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_free                             1550	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 BIO_read                                1551	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_attr_by_NID                1552	3_0_0	EXIST::FUNCTION:
 BIO_get_accept_socket                   1553	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
@@ -1629,7 +1629,7 @@ i2d_CMS_bio_stream                      1667	3_0_0	EXIST::FUNCTION:CMS
 DES_quad_cksum                          1668	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
 X509_ATTRIBUTE_create_by_NID            1669	3_0_0	EXIST::FUNCTION:
 TS_VERIFY_CTX_free                      1670	3_0_0	EXIST::FUNCTION:TS
-EC_KEY_up_ref                           1671	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_up_ref                           1671	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EC_GROUP_get_basis_type                 1672	3_0_0	EXIST::FUNCTION:EC
 OCSP_crlID_new                          1673	3_0_0	EXIST:!VMS:FUNCTION:OCSP
 OCSP_crlID2_new                         1673	3_0_0	EXIST:VMS:FUNCTION:OCSP
@@ -1650,9 +1650,9 @@ OBJ_find_sigid_by_algs                  1687	3_0_0	EXIST::FUNCTION:
 ASN1_generate_nconf                     1688	3_0_0	EXIST::FUNCTION:
 CMS_add0_recipient_password             1689	3_0_0	EXIST::FUNCTION:CMS
 UI_get_string_type                      1690	3_0_0	EXIST::FUNCTION:
-PEM_read_bio_ECPrivateKey               1691	3_0_0	EXIST::FUNCTION:EC
+PEM_read_bio_ECPrivateKey               1691	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_PKEY_get_attr                       1692	3_0_0	EXIST::FUNCTION:
-PEM_read_bio_ECPKParameters             1693	3_0_0	EXIST::FUNCTION:EC
+PEM_read_bio_ECPKParameters             1693	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 d2i_PKCS12_MAC_DATA                     1694	3_0_0	EXIST::FUNCTION:
 ENGINE_ctrl_cmd                         1695	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 PKCS12_SAFEBAG_get_bag_nid              1696	3_0_0	EXIST::FUNCTION:
@@ -1793,7 +1793,7 @@ EVP_MD_meth_set_update                  1835	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 EVP_camellia_192_cbc                    1836	3_0_0	EXIST::FUNCTION:CAMELLIA
 OPENSSL_LH_stats_bio                    1837	3_0_0	EXIST::FUNCTION:
 PKCS7_set_signed_attributes             1838	3_0_0	EXIST::FUNCTION:
-EC_KEY_priv2buf                         1839	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_priv2buf                         1839	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 BN_BLINDING_free                        1840	3_0_0	EXIST::FUNCTION:
 IPAddressChoice_new                     1841	3_0_0	EXIST::FUNCTION:RFC3779
 X509_CRL_get_ext_count                  1842	3_0_0	EXIST::FUNCTION:
@@ -1928,7 +1928,7 @@ NCONF_load_fp                           1973	3_0_0	EXIST::FUNCTION:STDIO
 i2d_OCSP_REQINFO                        1974	3_0_0	EXIST::FUNCTION:OCSP
 EVP_PKEY_sign                           1975	3_0_0	EXIST::FUNCTION:
 TS_REQ_get_ext_by_critical              1976	3_0_0	EXIST::FUNCTION:TS
-EC_KEY_key2buf                          1977	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_key2buf                          1977	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_EXTENSION_it                       1978	3_0_0	EXIST::FUNCTION:
 i2d_PKCS8_fp                            1979	3_0_0	EXIST::FUNCTION:STDIO
 UTF8_getc                               1980	3_0_0	EXIST::FUNCTION:
@@ -1972,7 +1972,7 @@ UI_dup_input_boolean                    2017	3_0_0	EXIST::FUNCTION:
 PKCS7_dup                               2018	3_0_0	EXIST::FUNCTION:
 i2d_TS_REQ_fp                           2019	3_0_0	EXIST::FUNCTION:STDIO,TS
 i2d_OTHERNAME                           2020	3_0_0	EXIST::FUNCTION:
-EC_KEY_get0_private_key                 2021	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get0_private_key                 2021	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 SCT_get0_extensions                     2022	3_0_0	EXIST::FUNCTION:CT
 OPENSSL_LH_node_stats_bio               2023	3_0_0	EXIST::FUNCTION:
 i2d_DIRECTORYSTRING                     2024	3_0_0	EXIST::FUNCTION:
@@ -1998,12 +1998,12 @@ PKCS7_SIGN_ENVELOPE_it                  2044	3_0_0	EXIST::FUNCTION:
 ASN1_d2i_fp                             2045	3_0_0	EXIST::FUNCTION:STDIO
 EVP_DecryptFinal                        2046	3_0_0	EXIST::FUNCTION:
 ASN1_ENUMERATED_it                      2047	3_0_0	EXIST::FUNCTION:
-o2i_ECPublicKey                         2048	3_0_0	EXIST::FUNCTION:EC
+o2i_ECPublicKey                         2048	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 ERR_load_BUF_strings                    2049	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 PEM_read_bio_RSA_PUBKEY                 2050	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 OCSP_SINGLERESP_new                     2051	3_0_0	EXIST::FUNCTION:OCSP
 ASN1_SCTX_free                          2052	3_0_0	EXIST::FUNCTION:
-i2d_ECPrivateKey_fp                     2053	3_0_0	EXIST::FUNCTION:EC,STDIO
+i2d_ECPrivateKey_fp                     2053	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 EVP_CIPHER_CTX_original_iv              2054	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 PKCS7_SIGNED_free                       2055	3_0_0	EXIST::FUNCTION:
 X509_TRUST_get0_name                    2056	3_0_0	EXIST::FUNCTION:
@@ -2168,7 +2168,7 @@ CRYPTO_ccm128_decrypt_ccm64             2215	3_0_0	EXIST::FUNCTION:
 TS_RESP_CTX_set_clock_precision_digits  2216	3_0_0	EXIST::FUNCTION:TS
 SCT_LIST_validate                       2217	3_0_0	EXIST::FUNCTION:CT
 X509_PURPOSE_get_id                     2218	3_0_0	EXIST::FUNCTION:
-EC_KEY_get_ex_data                      2219	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get_ex_data                      2219	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_MD_size                             2220	3_0_0	EXIST::FUNCTION:
 CRYPTO_malloc                           2221	3_0_0	EXIST::FUNCTION:
 ERR_load_ASN1_strings                   2222	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -2238,7 +2238,7 @@ SXNET_get_id_asc                        2285	3_0_0	EXIST::FUNCTION:
 SCT_set1_extensions                     2286	3_0_0	EXIST::FUNCTION:CT
 PKCS12_SAFEBAG_new                      2287	3_0_0	EXIST::FUNCTION:
 TS_TST_INFO_set_nonce                   2288	3_0_0	EXIST::FUNCTION:TS
-PEM_read_ECPrivateKey                   2289	3_0_0	EXIST::FUNCTION:EC,STDIO
+PEM_read_ECPrivateKey                   2289	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 RSA_free                                2290	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_CRL_INFO_new                       2291	3_0_0	EXIST::FUNCTION:
 AES_cfb8_encrypt                        2292	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -2268,7 +2268,7 @@ PKCS7_ISSUER_AND_SERIAL_digest          2315	3_0_0	EXIST::FUNCTION:
 EVP_des_ofb                             2316	3_0_0	EXIST::FUNCTION:DES
 DSA_set_method                          2317	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
 EVP_PKEY_get1_RSA                       2318	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EC_KEY_OpenSSL                          2319	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_OpenSSL                          2319	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_camellia_192_ofb                    2320	3_0_0	EXIST::FUNCTION:CAMELLIA
 ASN1_STRING_length                      2321	3_0_0	EXIST::FUNCTION:
 PKCS7_set_digest                        2322	3_0_0	EXIST::FUNCTION:
@@ -2345,11 +2345,11 @@ BN_sqr                                  2393	3_0_0	EXIST::FUNCTION:
 TS_TST_INFO_set_time                    2394	3_0_0	EXIST::FUNCTION:TS
 OPENSSL_die                             2395	3_0_0	EXIST::FUNCTION:
 X509_LOOKUP_by_alias                    2396	3_0_0	EXIST::FUNCTION:
-EC_KEY_set_conv_form                    2397	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_conv_form                    2397	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_TRUST_get_count                    2399	3_0_0	EXIST::FUNCTION:
 IPAddressOrRange_free                   2400	3_0_0	EXIST::FUNCTION:RFC3779
 RSA_padding_add_PKCS1_OAEP              2401	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EC_KEY_set_ex_data                      2402	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_ex_data                      2402	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 SRP_VBASE_new                           2403	3_0_0	EXIST::FUNCTION:SRP
 i2d_ECDSA_SIG                           2404	3_0_0	EXIST::FUNCTION:EC
 BIO_dump_indent                         2405	3_0_0	EXIST::FUNCTION:
@@ -2393,7 +2393,7 @@ ASIdentifiers_new                       2443	3_0_0	EXIST::FUNCTION:RFC3779
 CONF_imodule_get_flags                  2444	3_0_0	EXIST::FUNCTION:
 PKCS12_SAFEBAG_it                       2445	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_meth_set_set_asn1_params     2446	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-EC_KEY_get_enc_flags                    2447	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get_enc_flags                    2447	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_OBJECT_idx_by_subject              2448	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_meth_copy                      2449	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 NETSCAPE_CERT_SEQUENCE_new              2450	3_0_0	EXIST::FUNCTION:
@@ -2488,7 +2488,7 @@ WHIRLPOOL                               2540	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 UI_set_default_method                   2542	3_0_0	EXIST::FUNCTION:
 EC_POINT_is_at_infinity                 2543	3_0_0	EXIST::FUNCTION:EC
 i2d_NOTICEREF                           2544	3_0_0	EXIST::FUNCTION:
-EC_KEY_new                              2545	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_new                              2545	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_chacha20                            2546	3_0_0	EXIST::FUNCTION:CHACHA
 BN_bn2dec                               2547	3_0_0	EXIST::FUNCTION:
 X509_REQ_print_ex                       2548	3_0_0	EXIST::FUNCTION:
@@ -2504,7 +2504,7 @@ X509_CRL_get0_signature                 2557	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get_keygen_info            2558	3_0_0	EXIST::FUNCTION:
 d2i_ASN1_UINTEGER                       2559	3_0_0	EXIST::FUNCTION:
 i2s_ASN1_INTEGER                        2560	3_0_0	EXIST::FUNCTION:
-d2i_EC_PUBKEY_fp                        2561	3_0_0	EXIST::FUNCTION:EC,STDIO
+d2i_EC_PUBKEY_fp                        2561	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 i2d_OCSP_SIGNATURE                      2562	3_0_0	EXIST::FUNCTION:OCSP
 i2d_X509_EXTENSION                      2563	3_0_0	EXIST::FUNCTION:
 PEM_read_bio_X509                       2564	3_0_0	EXIST::FUNCTION:
@@ -2566,7 +2566,7 @@ CMS_get0_type                           2620	3_0_0	EXIST::FUNCTION:CMS
 ASN1_PCTX_free                          2621	3_0_0	EXIST::FUNCTION:
 ESS_SIGNING_CERT_new                    2622	3_0_0	EXIST::FUNCTION:
 X509V3_EXT_conf_nid                     2623	3_0_0	EXIST::FUNCTION:
-EC_KEY_check_key                        2624	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_check_key                        2624	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PKCS5_PBKDF2_HMAC                       2625	3_0_0	EXIST::FUNCTION:
 CONF_get_section                        2626	3_0_0	EXIST::FUNCTION:
 CMS_RecipientInfo_kari_decrypt          2627	3_0_0	EXIST::FUNCTION:CMS
@@ -2601,7 +2601,7 @@ OPENSSL_sk_new                          2656	3_0_0	EXIST::FUNCTION:
 BN_dup                                  2657	3_0_0	EXIST::FUNCTION:
 TS_MSG_IMPRINT_print_bio                2658	3_0_0	EXIST::FUNCTION:TS
 CONF_module_set_usr_data                2659	3_0_0	EXIST::FUNCTION:
-EC_KEY_generate_key                     2660	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_generate_key                     2660	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 BIO_ctrl_get_write_guarantee            2661	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_assign                         2662	3_0_0	EXIST::FUNCTION:
 EVP_aes_128_ofb                         2663	3_0_0	EXIST::FUNCTION:
@@ -2629,14 +2629,14 @@ TS_RESP_CTX_set_signer_cert             2685	3_0_0	EXIST::FUNCTION:TS
 X509V3_EXT_d2i                          2686	3_0_0	EXIST::FUNCTION:
 ASN1_GENERALSTRING_it                   2687	3_0_0	EXIST::FUNCTION:
 POLICYQUALINFO_free                     2688	3_0_0	EXIST::FUNCTION:
-EC_KEY_set_group                        2689	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_group                        2689	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 OCSP_check_validity                     2690	3_0_0	EXIST::FUNCTION:OCSP
-PEM_write_ECPKParameters                2691	3_0_0	EXIST::FUNCTION:EC,STDIO
+PEM_write_ECPKParameters                2691	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 X509_VERIFY_PARAM_lookup                2692	3_0_0	EXIST::FUNCTION:
 X509_LOOKUP_by_fingerprint              2693	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_meth_free                    2694	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 PKCS7_RECIP_INFO_new                    2695	3_0_0	EXIST::FUNCTION:
-d2i_ECPrivateKey_fp                     2696	3_0_0	EXIST::FUNCTION:EC,STDIO
+d2i_ECPrivateKey_fp                     2696	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 TS_CONF_set_ordering                    2697	3_0_0	EXIST::FUNCTION:TS
 X509_CRL_get_ext                        2698	3_0_0	EXIST::FUNCTION:
 X509_CRL_get_ext_by_OBJ                 2699	3_0_0	EXIST::FUNCTION:
@@ -2742,13 +2742,13 @@ EC_GROUP_set_point_conversion_form      2801	3_0_0	EXIST::FUNCTION:EC
 CMS_dataFinal                           2802	3_0_0	EXIST::FUNCTION:CMS
 ASN1_TIME_it                            2803	3_0_0	EXIST::FUNCTION:
 ENGINE_get_static_state                 2804	3_0_0	EXIST::FUNCTION:ENGINE
-EC_KEY_set_asn1_flag                    2805	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_asn1_flag                    2805	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EC_GFp_mont_method                      2806	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 OPENSSL_asc2uni                         2807	3_0_0	EXIST::FUNCTION:
 TS_REQ_new                              2808	3_0_0	EXIST::FUNCTION:TS
 ENGINE_register_all_DH                  2809	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 ERR_clear_error                         2810	3_0_0	EXIST::FUNCTION:
-EC_KEY_dup                              2811	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_dup                              2811	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_LOOKUP_init                        2812	3_0_0	EXIST::FUNCTION:
 i2b_PVK_bio                             2813	3_0_0	EXIST::FUNCTION:
 OCSP_ONEREQ_free                        2814	3_0_0	EXIST::FUNCTION:OCSP
@@ -2770,7 +2770,7 @@ X509_REQ_get_signature_nid              2830	3_0_0	EXIST::FUNCTION:
 TS_TST_INFO_get_ext                     2831	3_0_0	EXIST::FUNCTION:TS
 i2d_OCSP_RESPID                         2832	3_0_0	EXIST::FUNCTION:OCSP
 EVP_camellia_256_cfb8                   2833	3_0_0	EXIST::FUNCTION:CAMELLIA
-EC_KEY_get0_public_key                  2834	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get0_public_key                  2834	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 SRP_Calc_x                              2835	3_0_0	EXIST::FUNCTION:SRP
 a2i_ASN1_ENUMERATED                     2836	3_0_0	EXIST::FUNCTION:
 CONF_module_get_usr_data                2837	3_0_0	EXIST::FUNCTION:
@@ -2802,13 +2802,13 @@ BIO_socket_nbio                         2863	3_0_0	EXIST::FUNCTION:SOCK
 EVP_CIPHER_set_asn1_iv                  2864	3_0_0	EXIST::FUNCTION:
 EC_GFp_nistp224_method                  2865	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128
 BN_swap                                 2866	3_0_0	EXIST::FUNCTION:
-d2i_ECParameters                        2867	3_0_0	EXIST::FUNCTION:EC
+d2i_ECParameters                        2867	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 X509_NAME_add_entry_by_OBJ              2868	3_0_0	EXIST::FUNCTION:
 TS_TST_INFO_get_ext_count               2869	3_0_0	EXIST::FUNCTION:TS
 i2d_OCSP_CERTID                         2870	3_0_0	EXIST::FUNCTION:OCSP
 BN_CTX_start                            2871	3_0_0	EXIST::FUNCTION:
 BN_print                                2872	3_0_0	EXIST::FUNCTION:
-EC_KEY_set_flags                        2873	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_flags                        2873	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_PKEY_get0                           2874	3_0_0	EXIST::FUNCTION:
 ENGINE_set_default                      2875	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 NCONF_get_number_e                      2876	3_0_0	EXIST::FUNCTION:
@@ -2827,7 +2827,7 @@ POLICY_CONSTRAINTS_it                   2888	3_0_0	EXIST::FUNCTION:
 NCONF_free_data                         2889	3_0_0	EXIST::FUNCTION:
 BIO_asn1_set_prefix                     2890	3_0_0	EXIST::FUNCTION:
 PEM_SignUpdate                          2891	3_0_0	EXIST::FUNCTION:
-PEM_write_bio_EC_PUBKEY                 2892	3_0_0	EXIST::FUNCTION:EC
+PEM_write_bio_EC_PUBKEY                 2892	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 CMS_add_simple_smimecap                 2893	3_0_0	EXIST::FUNCTION:CMS
 IPAddressChoice_free                    2894	3_0_0	EXIST::FUNCTION:RFC3779
 d2i_X509_AUX                            2895	3_0_0	EXIST::FUNCTION:
@@ -2901,7 +2901,7 @@ BN_CTX_new                              2963	3_0_0	EXIST::FUNCTION:
 EC_curve_nid2nist                       2964	3_0_0	EXIST::FUNCTION:EC
 ENGINE_get_finish_function              2965	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 EC_POINT_add                            2966	3_0_0	EXIST::FUNCTION:EC
-EC_KEY_oct2key                          2967	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_oct2key                          2967	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 SHA384_Init                             2968	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 ASN1_UNIVERSALSTRING_new                2969	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_print_private                  2970	3_0_0	EXIST::FUNCTION:
@@ -2952,7 +2952,7 @@ EVP_aes_128_gcm                         3015	3_0_0	EXIST::FUNCTION:
 BIO_dgram_non_fatal_error               3016	3_0_0	EXIST::FUNCTION:DGRAM
 OCSP_request_is_signed                  3017	3_0_0	EXIST::FUNCTION:OCSP
 i2d_BASIC_CONSTRAINTS                   3018	3_0_0	EXIST::FUNCTION:
-EC_KEY_get_method                       3019	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get_method                       3019	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EC_POINT_bn2point                       3021	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PBE2PARAM_it                            3022	3_0_0	EXIST::FUNCTION:
 BN_rand                                 3023	3_0_0	EXIST::FUNCTION:
@@ -3026,7 +3026,7 @@ TS_TST_INFO_set_version                 3090	3_0_0	EXIST::FUNCTION:TS
 PKCS12_get0_mac                         3091	3_0_0	EXIST::FUNCTION:
 EVP_EncodeInit                          3092	3_0_0	EXIST::FUNCTION:
 X509_get0_trust_objects                 3093	3_0_0	EXIST::FUNCTION:
-d2i_ECPrivateKey_bio                    3094	3_0_0	EXIST::FUNCTION:EC
+d2i_ECPrivateKey_bio                    3094	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 BIO_s_secmem                            3095	3_0_0	EXIST::FUNCTION:
 ENGINE_get_default_EC                   3096	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 TS_RESP_create_response                 3097	3_0_0	EXIST::FUNCTION:TS
@@ -3110,7 +3110,7 @@ EVP_MD_CTX_update_fn                    3174	3_0_0	EXIST::FUNCTION:
 EVP_aes_128_ecb                         3175	3_0_0	EXIST::FUNCTION:
 i2d_PKCS7_bio_stream                    3176	3_0_0	EXIST::FUNCTION:
 i2a_ACCESS_DESCRIPTION                  3178	3_0_0	EXIST::FUNCTION:
-EC_KEY_set_enc_flags                    3179	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_enc_flags                    3179	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 i2d_PUBKEY_fp                           3180	3_0_0	EXIST::FUNCTION:STDIO
 b2i_PrivateKey_bio                      3181	3_0_0	EXIST::FUNCTION:
 OCSP_REQUEST_add_ext                    3182	3_0_0	EXIST::FUNCTION:OCSP
@@ -3155,13 +3155,13 @@ OCSP_CERTID_free                        3220	3_0_0	EXIST::FUNCTION:OCSP
 BIO_hex_string                          3221	3_0_0	EXIST::FUNCTION:
 X509_REQ_sign_ctx                       3222	3_0_0	EXIST::FUNCTION:
 CRYPTO_ocb128_init                      3223	3_0_0	EXIST::FUNCTION:OCB
-EVP_PKEY_get1_EC_KEY                    3224	3_0_0	EXIST::FUNCTION:EC
+EVP_PKEY_get1_EC_KEY                    3224	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 ASN1_PRINTABLESTRING_free               3225	3_0_0	EXIST::FUNCTION:
 BIO_get_retry_reason                    3226	3_0_0	EXIST::FUNCTION:
 X509_NAME_print                         3227	3_0_0	EXIST::FUNCTION:
 ACCESS_DESCRIPTION_free                 3228	3_0_0	EXIST::FUNCTION:
 BN_nist_mod_384                         3229	3_0_0	EXIST::FUNCTION:
-i2d_EC_PUBKEY_fp                        3230	3_0_0	EXIST::FUNCTION:EC,STDIO
+i2d_EC_PUBKEY_fp                        3230	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 ENGINE_set_default_pkey_meths           3231	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 DH_bits                                 3232	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 i2d_X509_ALGORS                         3233	3_0_0	EXIST::FUNCTION:
@@ -3193,7 +3193,7 @@ ENGINE_setup_bsd_cryptodev              3258	3_0_0	EXIST:__FreeBSD__:FUNCTION:DE
 PEM_read_bio_DHparams                   3259	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
 CMS_SharedInfo_encode                   3260	3_0_0	EXIST::FUNCTION:CMS
 ASN1_OBJECT_create                      3261	3_0_0	EXIST::FUNCTION:
-i2d_ECParameters                        3262	3_0_0	EXIST::FUNCTION:EC
+i2d_ECParameters                        3262	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 BN_GF2m_mod_arr                         3263	3_0_0	EXIST::FUNCTION:EC2M
 ENGINE_set_finish_function              3264	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 d2i_ASN1_OCTET_STRING                   3265	3_0_0	EXIST::FUNCTION:
@@ -3226,7 +3226,7 @@ NETSCAPE_SPKI_set_pubkey                3292	3_0_0	EXIST::FUNCTION:
 EVP_sha512                              3293	3_0_0	EXIST::FUNCTION:
 X509_CRL_match                          3294	3_0_0	EXIST::FUNCTION:
 i2s_ASN1_IA5STRING                      3295	3_0_0	EXIST::FUNCTION:
-EC_KEY_get_default_method               3296	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get_default_method               3296	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PKCS8_decrypt                           3297	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get_data                   3298	3_0_0	EXIST::FUNCTION:
 POLICYQUALINFO_it                       3299	3_0_0	EXIST::FUNCTION:
@@ -3248,7 +3248,7 @@ ASN1_STRING_dup                         3314	3_0_0	EXIST::FUNCTION:
 X509_LOOKUP_free                        3315	3_0_0	EXIST::FUNCTION:
 EC_GROUP_cmp                            3316	3_0_0	EXIST::FUNCTION:EC
 TS_TST_INFO_get_ext_by_critical         3317	3_0_0	EXIST::FUNCTION:TS
-ECParameters_print_fp                   3318	3_0_0	EXIST::FUNCTION:EC,STDIO
+ECParameters_print_fp                   3318	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 X509_REQ_sign                           3319	3_0_0	EXIST::FUNCTION:
 CRYPTO_xts128_encrypt                   3320	3_0_0	EXIST::FUNCTION:
 PEM_def_callback                        3321	3_0_0	EXIST::FUNCTION:
@@ -3306,7 +3306,7 @@ RSA_padding_check_SSLv23                3373	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 CRYPTO_gcm128_finish                    3374	3_0_0	EXIST::FUNCTION:
 PKCS12_SAFEBAGS_it                      3375	3_0_0	EXIST::FUNCTION:
 PKCS12_PBE_add                          3376	3_0_0	EXIST::FUNCTION:
-EC_KEY_set_public_key_affine_coordinates 3377	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_public_key_affine_coordinates 3377	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_EncryptInit_ex                      3378	3_0_0	EXIST::FUNCTION:
 ENGINE_add                              3379	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 OPENSSL_LH_error                        3380	3_0_0	EXIST::FUNCTION:
@@ -3377,7 +3377,7 @@ BN_get_rfc3526_prime_2048               3448	3_0_0	EXIST::FUNCTION:
 BIO_new_bio_pair                        3449	3_0_0	EXIST::FUNCTION:
 EC_GFp_nistp256_method                  3450	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128
 BIO_method_type                         3451	3_0_0	EXIST::FUNCTION:
-ECPKParameters_print                    3452	3_0_0	EXIST::FUNCTION:EC
+ECPKParameters_print                    3452	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_rc4                                 3453	3_0_0	EXIST::FUNCTION:RC4
 CMS_data_create                         3454	3_0_0	EXIST::FUNCTION:CMS
 EC_POINT_point2bn                       3455	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
@@ -3385,7 +3385,7 @@ CMS_unsigned_get0_data_by_OBJ           3456	3_0_0	EXIST::FUNCTION:CMS
 ASN1_OCTET_STRING_cmp                   3457	3_0_0	EXIST::FUNCTION:
 X509_NAME_print_ex                      3458	3_0_0	EXIST::FUNCTION:
 ASN1_parse                              3459	3_0_0	EXIST::FUNCTION:
-EC_KEY_priv2oct                         3460	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_priv2oct                         3460	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PKCS7_simple_smimecap                   3461	3_0_0	EXIST::FUNCTION:
 ASN1_TYPE_set_int_octetstring           3462	3_0_0	EXIST::FUNCTION:
 BIO_number_written                      3463	3_0_0	EXIST::FUNCTION:
@@ -3432,7 +3432,7 @@ BIO_ADDR_rawport                        3503	3_0_0	EXIST::FUNCTION:SOCK
 BUF_MEM_grow_clean                      3504	3_0_0	EXIST::FUNCTION:
 X509_NAME_print_ex_fp                   3505	3_0_0	EXIST::FUNCTION:STDIO
 X509_check_host                         3506	3_0_0	EXIST::FUNCTION:
-PEM_read_ECPKParameters                 3507	3_0_0	EXIST::FUNCTION:EC,STDIO
+PEM_read_ECPKParameters                 3507	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 X509_ATTRIBUTE_get0_data                3508	3_0_0	EXIST::FUNCTION:
 CMS_add1_signer                         3509	3_0_0	EXIST::FUNCTION:CMS
 BN_pseudo_rand                          3510	3_0_0	EXIST::FUNCTION:
@@ -3525,7 +3525,7 @@ CMS_get0_signers                        3602	3_0_0	EXIST::FUNCTION:CMS
 i2d_PrivateKey_fp                       3603	3_0_0	EXIST::FUNCTION:STDIO
 OTHERNAME_cmp                           3604	3_0_0	EXIST::FUNCTION:
 SMIME_write_PKCS7                       3605	3_0_0	EXIST::FUNCTION:
-EC_KEY_set_public_key                   3606	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_set_public_key                   3606	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 d2i_X509_EXTENSION                      3607	3_0_0	EXIST::FUNCTION:
 CMS_add1_recipient_cert                 3608	3_0_0	EXIST::FUNCTION:CMS
 CMS_RecipientInfo_kekri_get0_id         3609	3_0_0	EXIST::FUNCTION:CMS
@@ -3535,7 +3535,7 @@ BN_is_prime_ex                          3612	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 PKCS5_v2_PBE_keyivgen                   3613	3_0_0	EXIST::FUNCTION:
 CRYPTO_ctr128_encrypt                   3614	3_0_0	EXIST::FUNCTION:
 CMS_unsigned_add1_attr_by_OBJ           3615	3_0_0	EXIST::FUNCTION:CMS
-PEM_write_EC_PUBKEY                     3616	3_0_0	EXIST::FUNCTION:EC,STDIO
+PEM_write_EC_PUBKEY                     3616	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,STDIO
 X509v3_asid_add_inherit                 3617	3_0_0	EXIST::FUNCTION:RFC3779
 ERR_get_error                           3618	3_0_0	EXIST::FUNCTION:
 TS_CONF_set_signer_digest               3619	3_0_0	EXIST::FUNCTION:TS
@@ -3611,7 +3611,7 @@ X509_VERIFY_PARAM_set1_ip               3691	3_0_0	EXIST::FUNCTION:
 OTHERNAME_free                          3692	3_0_0	EXIST::FUNCTION:
 OCSP_REVOKEDINFO_free                   3693	3_0_0	EXIST::FUNCTION:OCSP
 EVP_CIPHER_CTX_encrypting               3694	3_0_0	EXIST::FUNCTION:
-EC_KEY_can_sign                         3695	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_can_sign                         3695	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PEM_write_bio_RSAPublicKey              3696	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_CRL_set1_lastUpdate                3697	3_0_0	EXIST::FUNCTION:
 OCSP_sendreq_nbio                       3698	3_0_0	EXIST::FUNCTION:OCSP
@@ -3647,7 +3647,7 @@ DES_set_key_checked                     3727	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 EVP_PKEY_meth_free                      3728	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 EVP_sha224                              3729	3_0_0	EXIST::FUNCTION:
 ENGINE_set_id                           3730	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-d2i_ECPrivateKey                        3731	3_0_0	EXIST::FUNCTION:EC
+d2i_ECPrivateKey                        3731	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 CMS_signed_add1_attr_by_NID             3732	3_0_0	EXIST::FUNCTION:CMS
 i2d_DSAPrivateKey_fp                    3733	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
 EVP_CIPHER_meth_get_set_asn1_params     3734	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -3701,7 +3701,7 @@ EC_GROUP_new_curve_GFp                  3782	3_0_0	EXIST::FUNCTION:EC
 UI_new_method                           3783	3_0_0	EXIST::FUNCTION:
 Camellia_ofb128_encrypt                 3784	3_0_0	EXIST::FUNCTION:CAMELLIA,DEPRECATEDIN_3_0
 X509_new                                3785	3_0_0	EXIST::FUNCTION:
-EC_KEY_get_conv_form                    3786	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get_conv_form                    3786	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 CTLOG_STORE_get0_log_by_id              3787	3_0_0	EXIST::FUNCTION:CT
 CMS_signed_add1_attr                    3788	3_0_0	EXIST::FUNCTION:CMS
 EVP_CIPHER_meth_set_iv_length           3789	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -3746,14 +3746,14 @@ d2i_AUTHORITY_KEYID                     3828	3_0_0	EXIST::FUNCTION:
 RIPEMD160_Transform                     3829	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,RMD160
 DES_random_key                          3830	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
 i2d_PKCS12_MAC_DATA                     3831	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_get0_EC_KEY                    3832	3_0_0	EXIST::FUNCTION:EC
+EVP_PKEY_get0_EC_KEY                    3832	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 ASN1_SCTX_get_item                      3833	3_0_0	EXIST::FUNCTION:
 NOTICEREF_new                           3834	3_0_0	EXIST::FUNCTION:
 BN_GF2m_mod_inv                         3835	3_0_0	EXIST::FUNCTION:EC2M
 X509_CERT_AUX_free                      3836	3_0_0	EXIST::FUNCTION:
 BN_GF2m_mod_inv_arr                     3837	3_0_0	EXIST::FUNCTION:EC2M
 X509_REQ_get1_email                     3838	3_0_0	EXIST::FUNCTION:
-EC_KEY_print                            3839	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_print                            3839	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 i2d_ASN1_INTEGER                        3840	3_0_0	EXIST::FUNCTION:
 OCSP_SINGLERESP_add1_ext_i2d            3841	3_0_0	EXIST::FUNCTION:OCSP
 PKCS7_add_signed_attribute              3842	3_0_0	EXIST::FUNCTION:
@@ -3772,7 +3772,7 @@ d2i_OCSP_ONEREQ                         3854	3_0_0	EXIST::FUNCTION:OCSP
 EVP_PKEY_asn1_set_security_bits         3855	3_0_0	EXIST::FUNCTION:
 i2d_CERTIFICATEPOLICIES                 3856	3_0_0	EXIST::FUNCTION:
 i2d_X509_CERT_AUX                       3857	3_0_0	EXIST::FUNCTION:
-i2o_ECPublicKey                         3858	3_0_0	EXIST::FUNCTION:EC
+i2o_ECPublicKey                         3858	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PKCS12_SAFEBAG_create0_pkcs8            3859	3_0_0	EXIST::FUNCTION:
 OBJ_get0_data                           3860	3_0_0	EXIST::FUNCTION:
 EC_GROUP_get0_seed                      3861	3_0_0	EXIST::FUNCTION:EC
@@ -4114,7 +4114,7 @@ EVP_aria_256_ctr                        4203	3_0_0	EXIST::FUNCTION:ARIA
 EVP_aria_128_ctr                        4204	3_0_0	EXIST::FUNCTION:ARIA
 EVP_aria_192_ctr                        4205	3_0_0	EXIST::FUNCTION:ARIA
 UI_null                                 4206	3_0_0	EXIST::FUNCTION:
-EC_KEY_get0_engine                      4207	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_get0_engine                      4207	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 INT32_it                                4208	3_0_0	EXIST::FUNCTION:
 UINT64_it                               4209	3_0_0	EXIST::FUNCTION:
 ZINT32_it                               4210	3_0_0	EXIST::FUNCTION:
@@ -5084,8 +5084,8 @@ OSSL_PROVIDER_query_operation           ?	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get0_provider_ctx         ?	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get_capabilities          ?	3_0_0	EXIST::FUNCTION:
 EC_GROUP_new_by_curve_name_ex           ?	3_0_0	EXIST::FUNCTION:EC
-EC_KEY_new_ex                           ?	3_0_0	EXIST::FUNCTION:EC
-EC_KEY_new_by_curve_name_ex             ?	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_new_ex                           ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
+EC_KEY_new_by_curve_name_ex             ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 OSSL_LIB_CTX_set0_default               ?	3_0_0	EXIST::FUNCTION:
 PEM_X509_INFO_read_bio_ex               ?	3_0_0	EXIST::FUNCTION:
 PEM_X509_INFO_read_ex                   ?	3_0_0	EXIST::FUNCTION:STDIO
@@ -5232,7 +5232,7 @@ CMS_AuthEnvelopedData_create_ex         ?	3_0_0	EXIST::FUNCTION:CMS
 EVP_PKEY_CTX_set_ec_param_enc           ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get0_first_alg_name            ?	3_0_0	EXIST::FUNCTION:
 EVP_KEYMGMT_get0_first_name             ?	3_0_0	EXIST::FUNCTION:
-EC_KEY_decoded_from_explicit_params     ?	3_0_0	EXIST::FUNCTION:EC
+EC_KEY_decoded_from_explicit_params     ?	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_KEM_free                            ?	3_0_0	EXIST::FUNCTION:
 EVP_KEM_up_ref                          ?	3_0_0	EXIST::FUNCTION:
 EVP_KEM_provider                        ?	3_0_0	EXIST::FUNCTION:
@@ -5287,3 +5287,12 @@ PEM_write_bio_PUBKEY_ex                 ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get_group_name                 ?	3_0_0	EXIST::FUNCTION:
 CRYPTO_atomic_or                        ?	3_0_0	EXIST::FUNCTION:
 CRYPTO_atomic_load                      ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_settable_params                ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_params                     ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_int_param                  ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_size_t_param               ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_bn_param                   ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_utf8_string_param          ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_set_octet_string_param         ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_ec_point_conv_form         ?	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_field_type                 ?	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list