[openssl] master update

shane.lontis at oracle.com shane.lontis at oracle.com
Thu Mar 18 07:59:41 UTC 2021


The branch master has been updated
       via  c8830891e6cb8d0782986662ca50b8fa7c97f49f (commit)
       via  3022b7f40407aa9d50d1e4193e22a092b23c7717 (commit)
       via  78715dcc310e27a8c862ecdf3a956c1cfdc0f2c1 (commit)
       via  6d7776892f571cb438563d65d5d252e0245cd57e (commit)
       via  4e17fb006187c1b745eb72474efb3ad797e2a4dc (commit)
       via  b78c016649d13c48429c132e56314117f8f3d9d7 (commit)
       via  4669015d7b0784d00812f6b015ca8080e37ff70b (commit)
       via  6dd4b77a855570a6433af0a8584bdb9bfe353bc3 (commit)
       via  285aa80ef1bb3a8e136a88cf41f3b34863409cd2 (commit)
       via  b54cab31d2593421198f75e715b5f851ce24fe6b (commit)
       via  fc27fca84a6eebad5f0b6d4d5b6ebcf71e1307bd (commit)
       via  ff0266eddc34e3f00494651e76bf46e6501dfc0b (commit)
       via  8a6e9125200223fa2294d3634d3dfec24857264b (commit)
       via  7bbadfc15a446134d15d8fd0aa5362628b8c96be (commit)
       via  78f32a316589c93bfbb06cb58d996a39c3f43678 (commit)
       via  f148f7034c9e2f9155ca4a8e51cbe7af02f8600a (commit)
       via  054d43ff972068a0f2ec07319808ca32ad0afb5f (commit)
       via  47864aeafd2ca0ea551f00df99c4c598b53c5912 (commit)
       via  4158b0dc1d73ce73b9a924b77205f4d2b67abdc1 (commit)
       via  2858156e0309031da8476e51fe76f0ce8c15010f (commit)
       via  adf7e6d1d63890f037625031789ed042187c3947 (commit)
       via  1335ca4b0799d1714a2f8e21525cb23edf660e93 (commit)
       via  9500c8234d8e99396717b9e43f10cc518e8bf668 (commit)
       via  e4bec869104cf4ba51cbb1effb0f5437e327ecd8 (commit)
      from  63b64f19c13d59d68dc2e525f454aea62a739842 (commit)


- Log -----------------------------------------------------------------
commit c8830891e6cb8d0782986662ca50b8fa7c97f49f
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 15:26:17 2021 +1000

    Add ossl_provider symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 3022b7f40407aa9d50d1e4193e22a092b23c7717
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 14:49:27 2021 +1000

    Rename CMS_si_check_attributes to ossl_cms_si_check_attributes
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 78715dcc310e27a8c862ecdf3a956c1cfdc0f2c1
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 14:47:25 2021 +1000

    rename err_get_state_int() to ossl_err_get_state_int()
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 6d7776892f571cb438563d65d5d252e0245cd57e
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 14:46:05 2021 +1000

    Add ossl_is_partially_overlapping symbol
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 4e17fb006187c1b745eb72474efb3ad797e2a4dc
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 14:44:51 2021 +1000

    Add ossl_pkcs5_pbkdf2_hmac_ex symbol
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit b78c016649d13c48429c132e56314117f8f3d9d7
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 14:43:28 2021 +1000

    Add ossl_pem_check_suffix symbol
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 4669015d7b0784d00812f6b015ca8080e37ff70b
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 14:18:03 2021 +1000

    Add ossl_ x509 symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 6dd4b77a855570a6433af0a8584bdb9bfe353bc3
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 14:12:46 2021 +1000

    Add ossl_gost symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 285aa80ef1bb3a8e136a88cf41f3b34863409cd2
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 13:37:22 2021 +1000

    Add ossl_lhash symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit b54cab31d2593421198f75e715b5f851ce24fe6b
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 13:23:45 2021 +1000

    Add ossl_ symbol to x509 policy
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit fc27fca84a6eebad5f0b6d4d5b6ebcf71e1307bd
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 12:15:27 2021 +1000

    Add ossl_bn_group symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit ff0266eddc34e3f00494651e76bf46e6501dfc0b
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 12:07:36 2021 +1000

    Add ossl_sa symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 8a6e9125200223fa2294d3634d3dfec24857264b
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 11:53:33 2021 +1000

    Add ossl_ symbols for sm3 and sm4
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 7bbadfc15a446134d15d8fd0aa5362628b8c96be
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 11:49:26 2021 +1000

    Add ossl_siv symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 78f32a316589c93bfbb06cb58d996a39c3f43678
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 11:47:48 2021 +1000

    Add ossl_aria symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit f148f7034c9e2f9155ca4a8e51cbe7af02f8600a
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 11:36:36 2021 +1000

    Add ossl_ conf symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 054d43ff972068a0f2ec07319808ca32ad0afb5f
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 11:04:21 2021 +1000

    Add ossl_ ecx symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 47864aeafd2ca0ea551f00df99c4c598b53c5912
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 10:52:15 2021 +1000

    Add ossl_v3 symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 4158b0dc1d73ce73b9a924b77205f4d2b67abdc1
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 10:14:45 2021 +1000

    Add ossl_rsa symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 2858156e0309031da8476e51fe76f0ce8c15010f
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 09:59:13 2021 +1000

    Add ossl_encode symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit adf7e6d1d63890f037625031789ed042187c3947
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Tue Mar 9 09:48:16 2021 +1000

    Add ossl_asn1 symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 1335ca4b0799d1714a2f8e21525cb23edf660e93
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Mon Mar 8 19:17:53 2021 +1000

    Add ossl_rand symbols
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit 9500c8234d8e99396717b9e43f10cc518e8bf668
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Thu Feb 25 09:08:54 2021 +1000

    Fix misc external ossl_ symbols.
    
    Partial fix for #12964
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

commit e4bec869104cf4ba51cbb1effb0f5437e327ecd8
Author: Shane Lontis <shane.lontis at oracle.com>
Date:   Wed Feb 24 18:07:52 2021 +1000

    Fix external symbols for crypto_*
    
    Partial fix for #12964
    
    This adds ossl_ names for symbols related to crypto_*
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14473)

-----------------------------------------------------------------------

Summary of changes:
 crypto/aria/aria.c                                 |  28 ++--
 crypto/asn1/a_bitstr.c                             |   6 +-
 crypto/asn1/a_digest.c                             |   8 +-
 crypto/asn1/a_gentm.c                              |   9 +-
 crypto/asn1/a_int.c                                |  11 +-
 crypto/asn1/a_object.c                             |   6 +-
 crypto/asn1/a_time.c                               |  34 ++--
 crypto/asn1/a_type.c                               |   2 +-
 crypto/asn1/a_utctm.c                              |  12 +-
 crypto/asn1/asn1_lib.c                             |   9 +-
 crypto/asn1/asn1_local.h                           |  70 ++++----
 crypto/asn1/evp_asn1.c                             |   8 +-
 crypto/asn1/standard_methods.h                     |  32 ++--
 crypto/asn1/tasn_dec.c                             |  40 ++---
 crypto/asn1/tasn_enc.c                             |  20 +--
 crypto/asn1/tasn_fre.c                             |  40 ++---
 crypto/asn1/tasn_new.c                             |  12 +-
 crypto/asn1/tasn_prn.c                             |   8 +-
 crypto/asn1/tasn_utl.c                             |  35 ++--
 crypto/asn1/x_algor.c                              |  10 +-
 crypto/asn1/x_int64.c                              |  14 +-
 crypto/asn1_dsa.c                                  |  19 +--
 crypto/bn/bn_srp.c                                 |  20 +--
 crypto/cmp/cmp_client.c                            |   8 +-
 crypto/cmp/cmp_ctx.c                               |   2 +-
 crypto/cmp/cmp_msg.c                               |   2 +-
 crypto/cmp/cmp_vfy.c                               |   4 +-
 crypto/cms/cms_att.c                               |   2 +-
 crypto/cms/cms_env.c                               |   6 +-
 crypto/cms/cms_ess.c                               |   8 +-
 crypto/cms/cms_lib.c                               |   2 +-
 crypto/cms/cms_local.h                             |   2 +-
 crypto/cms/cms_rsa.c                               |  10 +-
 crypto/cms/cms_sd.c                                |   4 +-
 crypto/comp/c_zlib.c                               |   4 +-
 crypto/conf/conf_local.h                           |   3 +-
 crypto/conf/conf_mall.c                            |   2 +-
 crypto/conf/conf_mod.c                             |   2 +-
 crypto/conf/conf_sap.c                             |   6 +-
 crypto/conf/conf_ssl.c                             |   2 +-
 crypto/context.c                                   |  22 +--
 crypto/core_namemap.c                              |   4 +-
 crypto/ct/ct_local.h                               |   2 +-
 crypto/ct/ct_x509v3.c                              |   2 +-
 crypto/ctype.c                                     |   2 +-
 crypto/dh/dh_ameth.c                               |  12 +-
 crypto/dh/dh_key.c                                 |   2 +-
 crypto/dsa/dsa_ameth.c                             |   2 +-
 crypto/dsa/dsa_lib.c                               |   3 +-
 crypto/dsa/dsa_sign.c                              |   2 +-
 crypto/ec/curve25519.c                             |  28 ++--
 crypto/ec/curve448/curve448.c                      |  88 +++++-----
 crypto/ec/curve448/curve448_local.h                |  15 +-
 crypto/ec/curve448/curve448_tables.c               |   4 +-
 crypto/ec/curve448/ed448.h                         | 100 ++++++------
 crypto/ec/curve448/eddsa.c                         | 181 +++++++++++----------
 crypto/ec/curve448/point_448.h                     |  67 +++++---
 crypto/ec/curve448/scalar.c                        |  47 +++---
 crypto/ec/ec_ameth.c                               |   6 +-
 crypto/ec/ec_asn1.c                                |   2 +-
 crypto/ec/ecx_backend.c                            |  12 +-
 crypto/ec/ecx_meth.c                               |  28 ++--
 crypto/err/err.c                                   |  20 +--
 crypto/err/err_blocks.c                            |   6 +-
 crypto/err/err_local.h                             |   2 +-
 crypto/err/err_prn.c                               |   3 +-
 crypto/ess/ess_lib.c                               |   2 +-
 crypto/evp/e_aes.c                                 |   4 +-
 crypto/evp/e_aria.c                                |  32 ++--
 crypto/evp/e_des3.c                                |   2 +-
 crypto/evp/e_sm4.c                                 |  16 +-
 crypto/evp/evp_enc.c                               |  10 +-
 crypto/evp/evp_lib.c                               |   9 +-
 crypto/evp/evp_local.h                             |   2 +-
 crypto/evp/p5_crpt2.c                              |  13 +-
 crypto/ex_data.c                                   |  29 ++--
 crypto/http/http_client.c                          |  35 ++--
 crypto/http/http_lib.c                             |   8 +-
 crypto/http/http_local.h                           |  29 ++--
 crypto/init.c                                      |  30 ++--
 crypto/lhash/lhash.c                               |   2 +-
 crypto/modes/siv128.c                              |  24 +--
 crypto/o_str.c                                     |  10 +-
 crypto/objects/o_names.c                           |   4 +-
 crypto/objects/obj_dat.c                           |   2 +-
 crypto/ocsp/v3_ocsp.c                              |  14 +-
 crypto/pem/pem_lib.c                               |   8 +-
 crypto/pem/pem_pkey.c                              |   2 +-
 crypto/pkcs7/pk7_lib.c                             |   4 +-
 crypto/provider_core.c                             |   2 +-
 crypto/provider_local.h                            |   2 +-
 crypto/provider_predefined.c                       |   6 +-
 crypto/rand/prov_seed.c                            |  18 +-
 crypto/rand/rand_lib.c                             |  26 +--
 crypto/rand/rand_local.h                           |   2 +-
 crypto/rand/rand_meth.c                            |   4 +-
 crypto/rand/rand_pool.c                            |  54 +++---
 crypto/rsa/rsa_acvp_test_params.c                  |  18 +-
 crypto/rsa/rsa_ameth.c                             |  41 ++---
 crypto/rsa/rsa_asn1.c                              |   2 +-
 crypto/rsa/rsa_backend.c                           |   2 +-
 crypto/rsa/rsa_chk.c                               |   2 +-
 crypto/rsa/rsa_gen.c                               |   7 +-
 crypto/rsa/rsa_lib.c                               |  28 ++--
 crypto/rsa/rsa_local.h                             |  18 +-
 crypto/rsa/rsa_mp.c                                |  12 +-
 crypto/rsa/rsa_pmeth.c                             |  13 +-
 crypto/rsa/rsa_sign.c                              |   8 +-
 crypto/rsa/rsa_sp800_56b_gen.c                     |   3 +-
 crypto/sm3/legacy_sm3.c                            |   2 +-
 crypto/sm3/sm3.c                                   |   5 +-
 crypto/sm3/sm3_local.h                             |  12 +-
 crypto/sm4/sm4.c                                   |   6 +-
 crypto/sparse_array.c                              |  17 +-
 crypto/srp/srp_lib.c                               |  14 +-
 crypto/store/store_result.c                        |   4 +-
 crypto/ts/ts_rsp_verify.c                          |   2 +-
 crypto/x509/ext_dat.h                              |  34 ++--
 crypto/x509/pcy_cache.c                            |  20 +--
 crypto/x509/pcy_data.c                             |   6 +-
 crypto/x509/pcy_local.h                            |  44 +++--
 crypto/x509/pcy_map.c                              |  12 +-
 crypto/x509/pcy_node.c                             |  30 ++--
 crypto/x509/pcy_tree.c                             |  47 +++---
 crypto/x509/standard_exts.h                        |  98 +++++------
 crypto/x509/t_x509.c                               |  12 +-
 crypto/x509/v3_addr.c                              |  14 +-
 crypto/x509/v3_admis.c                             |   2 +-
 crypto/x509/v3_akid.c                              |   4 +-
 crypto/x509/v3_asid.c                              |   6 +-
 crypto/x509/v3_bcons.c                             |   2 +-
 crypto/x509/v3_bitst.c                             |   4 +-
 crypto/x509/v3_cpols.c                             |   6 +-
 crypto/x509/v3_crld.c                              |   6 +-
 crypto/x509/v3_enum.c                              |   2 +-
 crypto/x509/v3_extku.c                             |   4 +-
 crypto/x509/v3_ia5.c                               |   2 +-
 crypto/x509/v3_info.c                              |   4 +-
 crypto/x509/v3_int.c                               |   6 +-
 crypto/x509/v3_ist.c                               |   2 +-
 crypto/x509/v3_ncons.c                             |   6 +-
 crypto/x509/v3_pci.c                               |   2 +-
 crypto/x509/v3_pcons.c                             |   2 +-
 crypto/x509/v3_pku.c                               |   2 +-
 crypto/x509/v3_pmaps.c                             |   2 +-
 crypto/x509/v3_purp.c                              |  26 +--
 crypto/x509/v3_san.c                               |  26 +--
 crypto/x509/v3_skid.c                              |  10 +-
 crypto/x509/v3_sxnet.c                             |   2 +-
 crypto/x509/v3_tlsf.c                              |   2 +-
 crypto/x509/v3_utf8.c                              |   2 +-
 crypto/x509/v3_utl.c                               |  14 +-
 crypto/x509/x509_local.h                           |   8 +-
 crypto/x509/x509_lu.c                              |   4 +-
 crypto/x509/x509_set.c                             |   8 +-
 crypto/x509/x509_vfy.c                             |  20 +--
 crypto/x509/x509_vpm.c                             |   4 +-
 crypto/x509/x509cset.c                             |   4 +-
 crypto/x509/x_all.c                                |   4 +-
 crypto/x509/x_crl.c                                |   5 +-
 crypto/x509/x_pubkey.c                             |  14 +-
 crypto/x509/x_x509.c                               |  14 +-
 include/crypto/aria.h                              |  12 +-
 include/crypto/asn1.h                              |  42 ++---
 include/crypto/asn1_dsa.h                          |   6 +-
 include/crypto/bn_srp.h                            |  20 +--
 include/crypto/ctype.h                             |   2 +-
 include/crypto/ecx.h                               |  65 ++++----
 include/crypto/evp.h                               |   9 +-
 include/crypto/lhash.h                             |   2 +-
 include/crypto/objects.h                           |   2 +-
 include/crypto/rand.h                              |   8 +-
 include/crypto/rand_pool.h                         |  38 ++---
 include/crypto/rsa.h                               |  18 +-
 include/crypto/security_bits.h                     |   2 +-
 include/crypto/siv.h                               |  39 ++---
 include/crypto/sm4.h                               |   6 +-
 include/crypto/sparse_array.h                      |  71 ++++----
 include/crypto/x509.h                              |  36 ++--
 include/internal/comp.h                            |   2 +-
 include/internal/conf.h                            |   6 +-
 include/internal/cryptlib.h                        |  34 ++--
 include/internal/sm3.h                             |   6 +-
 providers/baseprov.c                               |   2 +-
 providers/common/bio_prov.c                        |   4 +-
 providers/common/capabilities.c                    |   4 +-
 providers/common/der/der_sm2.h.in                  |   6 +-
 providers/common/der/der_sm2_key.c                 |   2 +-
 providers/common/der/der_sm2_sig.c                 |   4 +-
 providers/common/include/prov/bio.h                |   4 +-
 providers/common/include/prov/providercommon.h     |   2 +-
 providers/defltprov.c                              |   5 +-
 providers/fips/fipsprov.c                          |  12 +-
 .../implementations/ciphers/cipher_aes_siv_hw.c    |  18 +-
 providers/implementations/ciphers/cipher_aes_xts.c |   2 +-
 providers/implementations/ciphers/cipher_aes_xts.h |   2 +-
 .../implementations/ciphers/cipher_aes_xts_fips.c  |   4 +-
 .../implementations/ciphers/cipher_aria_ccm_hw.c   |   4 +-
 .../implementations/ciphers/cipher_aria_gcm_hw.c   |   2 +-
 providers/implementations/ciphers/cipher_aria_hw.c |   6 +-
 providers/implementations/ciphers/cipher_sm4_hw.c  |   6 +-
 providers/implementations/digests/sm3_prov.c       |   2 +-
 .../implementations/encode_decode/decode_der2key.c |   4 +-
 .../implementations/encode_decode/decode_ms2key.c  |   4 +-
 .../implementations/encode_decode/decode_pem2der.c |   2 +-
 .../implementations/encode_decode/encode_key2any.c |   2 +-
 .../encode_decode/encode_key2blob.c                |   2 +-
 .../implementations/encode_decode/encode_key2ms.c  |   4 +-
 .../encode_decode/encode_key2text.c                |   2 +-
 providers/implementations/exchange/ecx_exch.c      |   6 +-
 providers/implementations/exchange/kdf_exch.c      |   6 +-
 .../implementations/include/prov/kdfexchange.h     |   6 +-
 providers/implementations/include/prov/seeding.h   |  11 +-
 providers/implementations/kdfs/pbkdf2.c            |   2 +-
 providers/implementations/kdfs/pbkdf2.h            |   2 +-
 providers/implementations/kdfs/pbkdf2_fips.c       |   4 +-
 providers/implementations/kdfs/scrypt.c            |   8 +-
 providers/implementations/keymgmt/ecx_kmgmt.c      |  24 +--
 .../implementations/keymgmt/kdf_legacy_kmgmt.c     |  10 +-
 providers/implementations/keymgmt/rsa_kmgmt.c      |   6 +-
 providers/implementations/rands/seed_src.c         |   6 +-
 .../implementations/rands/seeding/rand_cpu_x86.c   |  10 +-
 providers/implementations/rands/seeding/rand_tsc.c |   6 +-
 .../implementations/rands/seeding/rand_unix.c      |  66 ++++----
 providers/implementations/rands/seeding/rand_vms.c |  28 ++--
 .../implementations/rands/seeding/rand_vxworks.c   |  22 +--
 providers/implementations/rands/seeding/rand_win.c |  42 ++---
 providers/implementations/signature/eddsa.c        |  16 +-
 providers/implementations/signature/rsa.c          |   4 +-
 providers/implementations/signature/sm2sig.c       |   2 +-
 providers/implementations/storemgmt/file_store.c   |   2 +-
 .../implementations/storemgmt/file_store_der2obj.c |   2 +-
 ssl/statem/statem_clnt.c                           |   8 +-
 ssl/statem/statem_local.h                          |   4 +-
 ssl/statem/statem_srvr.c                           |   4 +-
 test/curve448_internal_test.c                      |  58 ++++---
 test/hexstr_test.c                                 |   4 +-
 test/sm4_internal_test.c                           |   8 +-
 238 files changed, 1674 insertions(+), 1593 deletions(-)

diff --git a/crypto/aria/aria.c b/crypto/aria/aria.c
index c1b2254af7..dabc843324 100644
--- a/crypto/aria/aria.c
+++ b/crypto/aria/aria.c
@@ -468,8 +468,8 @@ static const uint32_t X2[256] = {
         (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16);  \
     } while(0)
 
-void aria_encrypt(const unsigned char *in, unsigned char *out,
-                  const ARIA_KEY *key)
+void ossl_aria_encrypt(const unsigned char *in, unsigned char *out,
+                       const ARIA_KEY *key)
 {
     register uint32_t reg0, reg1, reg2, reg3;
     int Nr;
@@ -535,8 +535,8 @@ void aria_encrypt(const unsigned char *in, unsigned char *out,
     PUT_U32_BE(out, 3, reg3);
 }
 
-int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
-                         ARIA_KEY *key)
+int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                              ARIA_KEY *key)
 {
     register uint32_t reg0, reg1, reg2, reg3;
     uint32_t w0[4], w1[4], w2[4], w3[4];
@@ -667,8 +667,8 @@ int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
     return 0;
 }
 
-int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
-                         ARIA_KEY *key)
+int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                              ARIA_KEY *key)
 {
     ARIA_u128 *rk_head;
     ARIA_u128 *rk_tail;
@@ -676,7 +676,7 @@ int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
     register uint32_t reg0, reg1, reg2, reg3;
     uint32_t s0, s1, s2, s3;
 
-    const int r = aria_set_encrypt_key(userKey, bits, key);
+    const int r = ossl_aria_set_encrypt_key(userKey, bits, key);
 
     if (r != 0) {
         return r;
@@ -1106,8 +1106,8 @@ static void do_encrypt(unsigned char *o, const unsigned char *pin,
  * Encrypt a single block
  * in and out can overlap
  */
-void aria_encrypt(const unsigned char *in, unsigned char *out,
-                  const ARIA_KEY *key)
+void ossl_aria_encrypt(const unsigned char *in, unsigned char *out,
+                       const ARIA_KEY *key)
 {
     assert(in != NULL && out != NULL && key != NULL);
     do_encrypt(out, in, key->rounds, key->rd_key);
@@ -1119,8 +1119,8 @@ void aria_encrypt(const unsigned char *in, unsigned char *out,
  * We short circuit execution of the last two
  * or four rotations based on the key size.
  */
-int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
-                         ARIA_KEY *key)
+int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                              ARIA_KEY *key)
 {
     const ARIA_u128 *ck1, *ck2, *ck3;
     ARIA_u128 kr, w0, w1, w2, w3;
@@ -1192,11 +1192,11 @@ int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
 /*
  * Expand the cipher key into the decryption key schedule.
  */
-int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
-                         ARIA_KEY *key)
+int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                              ARIA_KEY *key)
 {
     ARIA_KEY ek;
-    const int r = aria_set_encrypt_key(userKey, bits, &ek);
+    const int r = ossl_aria_set_encrypt_key(userKey, bits, &ek);
     unsigned int i, rounds = ek.rounds;
 
     if (r == 0) {
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 7d179e6f89..a9da7eab3b 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -18,7 +18,7 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
     return ASN1_STRING_set(x, d, len);
 }
 
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 {
     int ret, j, bits, len;
     unsigned char *p, *d;
@@ -76,8 +76,8 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
     return ret;
 }
 
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
-                                     const unsigned char **pp, long len)
+ASN1_BIT_STRING *ossl_c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                          const unsigned char **pp, long len)
 {
     ASN1_BIT_STRING *ret = NULL;
     const unsigned char *p;
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index 0fd1e6e0b8..3976cfbd16 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -53,9 +53,9 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
 
 #endif
 
-int asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *md, void *asn,
-                        unsigned char *data, unsigned int *len,
-                        OSSL_LIB_CTX *libctx, const char *propq)
+int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *md, void *asn,
+                             unsigned char *data, unsigned int *len,
+                             OSSL_LIB_CTX *libctx, const char *propq)
 {
     int i, ret = 0;
     unsigned char *str = NULL;
@@ -89,6 +89,6 @@ err:
 int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *md, void *asn,
                      unsigned char *data, unsigned int *len)
 {
-    return asn1_item_digest_ex(it, md, asn, data, len, NULL, NULL);
+    return ossl_asn1_item_digest_ex(it, md, asn, data, len, NULL, NULL);
 }
 
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index 1d89e23b8f..aed5ae7499 100644
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -21,12 +21,13 @@
 IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_GENERALIZEDTIME)
 
 /* This is the primary function used to parse ASN1_GENERALIZEDTIME */
-int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
+static int asn1_generalizedtime_to_tm(struct tm *tm,
+                                      const ASN1_GENERALIZEDTIME *d)
 {
-    /* wrapper around asn1_time_to_tm */
+    /* wrapper around ossl_asn1_time_to_tm */
     if (d->type != V_ASN1_GENERALIZEDTIME)
         return 0;
-    return asn1_time_to_tm(tm, d);
+    return ossl_asn1_time_to_tm(tm, d);
 }
 
 int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
@@ -74,7 +75,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
             return NULL;
     }
 
-    return asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME);
+    return ossl_asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME);
 }
 
 int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 98c759cc93..92c58b3418 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -204,7 +204,7 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg,
     return plen;
 }
 
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 {
     return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
 }
@@ -283,8 +283,8 @@ static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
 }
 
 /* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-                               long len)
+ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                    long len)
 {
     ASN1_INTEGER *ret = NULL;
     size_t r;
@@ -609,7 +609,8 @@ BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
 }
 
 /* Internal functions used by x_int64.c */
-int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
+int ossl_c2i_uint64_int(uint64_t *ret, int *neg,
+                        const unsigned char **pp, long len)
 {
     unsigned char buf[sizeof(uint64_t)];
     size_t buflen;
@@ -625,7 +626,7 @@ int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
     return asn1_get_uint64(ret, buf, buflen);
 }
 
-int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
+int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
 {
     unsigned char buf[sizeof(uint64_t)];
     size_t off;
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 15726e7f03..6967ab44e8 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -226,7 +226,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
         i = ASN1_R_EXPECTING_AN_OBJECT;
         goto err;
     }
-    ret = c2i_ASN1_OBJECT(a, &p, len);
+    ret = ossl_c2i_ASN1_OBJECT(a, &p, len);
     if (ret)
         *pp = p;
     return ret;
@@ -235,8 +235,8 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
     return NULL;
 }
 
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-                             long len)
+ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                                  long len)
 {
     ASN1_OBJECT *ret = NULL, tobj;
     const unsigned char *p;
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index b9950cc5cb..1a0c91ef9f 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -73,7 +73,7 @@ static void determine_days(struct tm *tm)
     tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
 }
 
-int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
+int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
 {
     static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
     static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
@@ -130,14 +130,14 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
             i++;
             break;
         }
-        if (!ascii_isdigit(a[o]))
+        if (!ossl_ascii_isdigit(a[o]))
             goto err;
         n = a[o] - num_zero;
         /* incomplete 2-digital number */
         if (++o == l)
             goto err;
 
-        if (!ascii_isdigit(a[o]))
+        if (!ossl_ascii_isdigit(a[o]))
             goto err;
         n = (n * 10) + a[o] - num_zero;
         /* no more bytes to read, but we haven't seen time-zone yet */
@@ -198,7 +198,7 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
         if (++o == l)
             goto err;
         i = o;
-        while ((o < l) && ascii_isdigit(a[o]))
+        while ((o < l) && ossl_ascii_isdigit(a[o]))
             o++;
         /* Must have at least one digit after decimal point */
         if (i == o)
@@ -229,11 +229,11 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
         if (o + 4 != l)
             goto err;
         for (i = end; i < end + 2; i++) {
-            if (!ascii_isdigit(a[o]))
+            if (!ossl_ascii_isdigit(a[o]))
                 goto err;
             n = a[o] - num_zero;
             o++;
-            if (!ascii_isdigit(a[o]))
+            if (!ossl_ascii_isdigit(a[o]))
                 goto err;
             n = (n * 10) + a[o] - num_zero;
             i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
@@ -264,7 +264,7 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
     return 0;
 }
 
-ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
+ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
 {
     char* p;
     ASN1_TIME *tmps = NULL;
@@ -336,7 +336,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
         if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
             return NULL;
     }
-    return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
+    return ossl_asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
 }
 
 int ASN1_TIME_check(const ASN1_TIME *t)
@@ -361,7 +361,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
     if (out != NULL)
         ret = *out;
 
-    ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
+    ret = ossl_asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
 
     if (out != NULL && ret != NULL)
         *out = ret;
@@ -410,7 +410,7 @@ int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
      */
 
     if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
-        if (!asn1_time_to_tm(&tm, &t))
+        if (!ossl_asn1_time_to_tm(&tm, &t))
             goto out;
         if (is_utc(tm.tm_year)) {
             t.length -= 2;
@@ -448,7 +448,7 @@ int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
         return 0;
     }
 
-    return asn1_time_to_tm(tm, s);
+    return ossl_asn1_time_to_tm(tm, s);
 }
 
 int ASN1_TIME_diff(int *pday, int *psec,
@@ -471,19 +471,19 @@ static const char _asn1_mon[12][4] = {
 /* returns 1 on success, 0 on BIO write error or parse failure */
 int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 {
-    return asn1_time_print_ex(bp, tm) > 0;
+    return ossl_asn1_time_print_ex(bp, tm) > 0;
 }
 
 /* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */
-int asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm)
+int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm)
 {
     char *v;
     int gmt = 0, l;
     struct tm stm;
     const char upper_z = 0x5A, period = 0x2E;
 
-    /* asn1_time_to_tm will check the time type */
-    if (!asn1_time_to_tm(&stm, tm))
+    /* ossl_asn1_time_to_tm will check the time type */
+    if (!ossl_asn1_time_to_tm(&stm, tm))
         return BIO_write(bp, "Bad time value", 14) ? -1 : 0;
 
     l = tm->length;
@@ -502,7 +502,7 @@ int asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm)
         if (tm->length > 15 && v[14] == period) {
             f = &v[14];
             f_len = 1;
-            while (14 + f_len < l && ascii_isdigit(f[f_len]))
+            while (14 + f_len < l && ossl_ascii_isdigit(f[f_len]))
                 ++f_len;
         }
 
@@ -546,7 +546,7 @@ int ASN1_TIME_normalize(ASN1_TIME *t)
     if (!ASN1_TIME_to_tm(t, &tm))
         return 0;
 
-    return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
+    return ossl_asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
 }
 
 int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index 3a75385a25..c0eee53ff0 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -29,7 +29,7 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
             && a->type != V_ASN1_NULL
             && a->value.ptr != NULL) {
         ASN1_TYPE **tmp_a = &a;
-        asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0);
+        ossl_asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0);
     }
     a->type = type;
     if (type == V_ASN1_BOOLEAN)
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index c5b49730ff..5ae878a8e6 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -17,17 +17,17 @@
 IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_UTCTIME)
 
 /* This is the primary function used to parse ASN1_UTCTIME */
-int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
+int ossl_asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
 {
-    /* wrapper around asn1_time_to_tm */
+    /* wrapper around ossl_asn1_time_to_tm */
     if (d->type != V_ASN1_UTCTIME)
         return 0;
-    return asn1_time_to_tm(tm, d);
+    return ossl_asn1_time_to_tm(tm, d);
 }
 
 int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 {
-    return asn1_utctime_to_tm(NULL, d);
+    return ossl_asn1_utctime_to_tm(NULL, d);
 }
 
 /* Sets the string via simple copy without cleaning it up */
@@ -69,7 +69,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
             return NULL;
     }
 
-    return asn1_time_from_tm(s, ts, V_ASN1_UTCTIME);
+    return ossl_asn1_time_from_tm(s, ts, V_ASN1_UTCTIME);
 }
 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
@@ -77,7 +77,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
     struct tm stm, ttm;
     int day, sec;
 
-    if (!asn1_utctime_to_tm(&stm, s))
+    if (!ossl_asn1_utctime_to_tm(&stm, s))
         return -2;
 
     if (OPENSSL_gmtime(&t, &ttm) == NULL)
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 97b016ae18..1fd46913af 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -340,7 +340,7 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
     return ret;
 }
 
-void asn1_string_embed_free(ASN1_STRING *a, int embed)
+void ossl_asn1_string_embed_free(ASN1_STRING *a, int embed)
 {
     if (a == NULL)
         return;
@@ -354,7 +354,7 @@ void ASN1_STRING_free(ASN1_STRING *a)
 {
     if (a == NULL)
         return;
-    asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED);
+    ossl_asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED);
 }
 
 void ASN1_STRING_clear_free(ASN1_STRING *a)
@@ -411,8 +411,9 @@ unsigned char *ASN1_STRING_data(ASN1_STRING *x)
 }
 #endif
 
-char *sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, const char *sep,
-                              size_t max_len /* excluding NUL terminator */)
+char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text,
+                                   const char *sep,
+                                   size_t max_len /* excluding NUL terminator */)
 {
     int i;
     ASN1_UTF8STRING *current;
diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h
index 5720c9096a..f7717c09f8 100644
--- a/crypto/asn1/asn1_local.h
+++ b/crypto/asn1/asn1_local.h
@@ -12,9 +12,8 @@
 typedef const ASN1_VALUE const_ASN1_VALUE;
 SKM_DEFINE_STACK_OF(const_ASN1_VALUE, const ASN1_VALUE, ASN1_VALUE)
 
-int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d);
-int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
-int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
+int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d);
+int ossl_asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
 
 /* ASN1 scan context structure */
 
@@ -46,44 +45,47 @@ DEFINE_STACK_OF(MIME_PARAM)
 typedef struct mime_header_st MIME_HEADER;
 DEFINE_STACK_OF(MIME_HEADER)
 
-void asn1_string_embed_free(ASN1_STRING *a, int embed);
+void ossl_asn1_string_embed_free(ASN1_STRING *a, int embed);
 
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_get_choice_selector_const(const ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
-                             const ASN1_ITEM *it);
+int ossl_asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ossl_asn1_get_choice_selector_const(const ASN1_VALUE **pval,
+                                        const ASN1_ITEM *it);
+int ossl_asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                                  const ASN1_ITEM *it);
 
-ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-const ASN1_VALUE **asn1_get_const_field_ptr(const ASN1_VALUE **pval,
-                                            const ASN1_TEMPLATE *tt);
+ASN1_VALUE **ossl_asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+const ASN1_VALUE **ossl_asn1_get_const_field_ptr(const ASN1_VALUE **pval,
+                                                 const ASN1_TEMPLATE *tt);
 
-const ASN1_TEMPLATE *asn1_do_adb(const ASN1_VALUE *val, const ASN1_TEMPLATE *tt,
-                                 int nullerr);
+const ASN1_TEMPLATE *ossl_asn1_do_adb(const ASN1_VALUE *val,
+                                      const ASN1_TEMPLATE *tt,
+                                      int nullerr);
 
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+int ossl_asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
 
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval,
-                     const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
-                  const ASN1_ITEM *it);
+void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval,
+                          const ASN1_ITEM *it);
+int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                       const ASN1_ITEM *it);
 
-void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
-void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
-void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void ossl_asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void ossl_asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-                             long length);
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
-                                     const unsigned char **pp, long length);
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-                               long length);
+ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                                  long length);
+int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
+ASN1_BIT_STRING *ossl_c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                          const unsigned char **pp, long length);
+int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
+ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                    long length);
 
 /* Internal functions used by x_int64.c */
-int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len);
-int i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
+int ossl_c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp,
+                        long len);
+int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
 
-ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type);
+ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type);
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index 3129fdf2df..d3db5f75cb 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -143,8 +143,8 @@ ASN1_SEQUENCE(asn1_oct_int) = {
 
 DECLARE_ASN1_ITEM(asn1_oct_int)
 
-int asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, unsigned char *data,
-                                  int len)
+int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
+                                       unsigned char *data, int len)
 {
     asn1_oct_int atmp;
     ASN1_OCTET_STRING oct;
@@ -158,8 +158,8 @@ int asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, unsigned char *data,
     return 0;
 }
 
-int asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
-                                  unsigned char *data, int max_len)
+int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
+                                       unsigned char *data, int max_len)
 {
     asn1_oct_int *atmp = NULL;
     int ret = -1;
diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h
index 7d225b308a..664d657178 100644
--- a/crypto/asn1/standard_methods.h
+++ b/crypto/asn1/standard_methods.h
@@ -13,35 +13,35 @@
  * is used to search it.
  */
 static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
-    &rsa_asn1_meths[0],
-    &rsa_asn1_meths[1],
+    &ossl_rsa_asn1_meths[0],
+    &ossl_rsa_asn1_meths[1],
 #ifndef OPENSSL_NO_DH
-    &dh_asn1_meth,
+    &ossl_dh_asn1_meth,
 #endif
 #ifndef OPENSSL_NO_DSA
-    &dsa_asn1_meths[0],
-    &dsa_asn1_meths[1],
-    &dsa_asn1_meths[2],
-    &dsa_asn1_meths[3],
-    &dsa_asn1_meths[4],
+    &ossl_dsa_asn1_meths[0],
+    &ossl_dsa_asn1_meths[1],
+    &ossl_dsa_asn1_meths[2],
+    &ossl_dsa_asn1_meths[3],
+    &ossl_dsa_asn1_meths[4],
 #endif
 #ifndef OPENSSL_NO_EC
-    &eckey_asn1_meth,
+    &ossl_eckey_asn1_meth,
 #endif
-    &rsa_pss_asn1_meth,
+    &ossl_rsa_pss_asn1_meth,
 #ifndef OPENSSL_NO_DH
-    &dhx_asn1_meth,
+    &ossl_dhx_asn1_meth,
 #endif
 #ifndef OPENSSL_NO_EC
-    &ecx25519_asn1_meth,
-    &ecx448_asn1_meth,
+    &ossl_ecx25519_asn1_meth,
+    &ossl_ecx448_asn1_meth,
 #endif
 #ifndef OPENSSL_NO_EC
-    &ed25519_asn1_meth,
-    &ed448_asn1_meth,
+    &ossl_ed25519_asn1_meth,
+    &ossl_ed448_asn1_meth,
 #endif
 #ifndef OPENSSL_NO_SM2
-    &sm2_asn1_meth,
+    &ossl_sm2_asn1_meth,
 #endif
 };
 
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 9a210e221f..0987c2ece3 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -239,12 +239,12 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
             goto auxerr;
         if (*pval) {
             /* Free up and zero CHOICE value if initialised */
-            i = asn1_get_choice_selector(pval, it);
+            i = ossl_asn1_get_choice_selector(pval, it);
             if ((i >= 0) && (i < it->tcount)) {
                 tt = it->templates + i;
-                pchptr = asn1_get_field_ptr(pval, tt);
-                asn1_template_free(pchptr, tt);
-                asn1_set_choice_selector(pval, -1, it);
+                pchptr = ossl_asn1_get_field_ptr(pval, tt);
+                ossl_asn1_template_free(pchptr, tt);
+                ossl_asn1_set_choice_selector(pval, -1, it);
             }
         } else if (!ASN1_item_ex_new(pval, it)) {
             ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
@@ -253,7 +253,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
         /* CHOICE type, try each possibility in turn */
         p = *in;
         for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-            pchptr = asn1_get_field_ptr(pval, tt);
+            pchptr = ossl_asn1_get_field_ptr(pval, tt);
             /*
              * We mark field as OPTIONAL so its absence can be recognised.
              */
@@ -268,7 +268,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
              * Must be an ASN1 parsing error.
              * Free up any partial choice value
              */
-            asn1_template_free(pchptr, tt);
+            ossl_asn1_template_free(pchptr, tt);
             errtt = tt;
             ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
             goto err;
@@ -286,7 +286,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
             goto err;
         }
 
-        asn1_set_choice_selector(pval, i, it);
+        ossl_asn1_set_choice_selector(pval, i, it);
 
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
             goto auxerr;
@@ -336,11 +336,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
             if (tt->flags & ASN1_TFLG_ADB_MASK) {
                 const ASN1_TEMPLATE *seqtt;
                 ASN1_VALUE **pseqval;
-                seqtt = asn1_do_adb(*pval, tt, 0);
+                seqtt = ossl_asn1_do_adb(*pval, tt, 0);
                 if (seqtt == NULL)
                     continue;
-                pseqval = asn1_get_field_ptr(pval, seqtt);
-                asn1_template_free(pseqval, seqtt);
+                pseqval = ossl_asn1_get_field_ptr(pval, seqtt);
+                ossl_asn1_template_free(pseqval, seqtt);
             }
         }
 
@@ -348,10 +348,10 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
         for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
             const ASN1_TEMPLATE *seqtt;
             ASN1_VALUE **pseqval;
-            seqtt = asn1_do_adb(*pval, tt, 1);
+            seqtt = ossl_asn1_do_adb(*pval, tt, 1);
             if (seqtt == NULL)
                 goto err;
-            pseqval = asn1_get_field_ptr(pval, seqtt);
+            pseqval = ossl_asn1_get_field_ptr(pval, seqtt);
             /* Have we ran out of data? */
             if (!len)
                 break;
@@ -388,7 +388,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
                 /*
                  * OPTIONAL component absent. Free and zero the field.
                  */
-                asn1_template_free(pseqval, seqtt);
+                ossl_asn1_template_free(pseqval, seqtt);
                 continue;
             }
             /* Update length */
@@ -413,13 +413,13 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
          */
         for (; i < it->tcount; tt++, i++) {
             const ASN1_TEMPLATE *seqtt;
-            seqtt = asn1_do_adb(*pval, tt, 1);
+            seqtt = ossl_asn1_do_adb(*pval, tt, 1);
             if (seqtt == NULL)
                 goto err;
             if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
                 ASN1_VALUE **pseqval;
-                pseqval = asn1_get_field_ptr(pval, seqtt);
-                asn1_template_free(pseqval, seqtt);
+                pseqval = ossl_asn1_get_field_ptr(pval, seqtt);
+                ossl_asn1_template_free(pseqval, seqtt);
             } else {
                 errtt = seqtt;
                 ERR_raise(ERR_LIB_ASN1, ASN1_R_FIELD_MISSING);
@@ -427,7 +427,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
             }
         }
         /* Save encoding */
-        if (!asn1_enc_save(pval, *in, p - *in, it))
+        if (!ossl_asn1_enc_save(pval, *in, p - *in, it))
             goto auxerr;
         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
             goto auxerr;
@@ -814,7 +814,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     }
     switch (utype) {
     case V_ASN1_OBJECT:
-        if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+        if (!ossl_c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
             goto err;
         break;
 
@@ -838,14 +838,14 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         break;
 
     case V_ASN1_BIT_STRING:
-        if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+        if (!ossl_c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
             goto err;
         break;
 
     case V_ASN1_INTEGER:
     case V_ASN1_ENUMERATED:
         tint = (ASN1_INTEGER **)pval;
-        if (!c2i_ASN1_INTEGER(tint, &cont, len))
+        if (!ossl_c2i_ASN1_INTEGER(tint, &cont, len))
             goto err;
         /* Fixup type to match the expected form */
         (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 9d65f294db..c066bc5837 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -127,12 +127,12 @@ int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
         }
         if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
             return 0;
-        i = asn1_get_choice_selector_const(pval, it);
+        i = ossl_asn1_get_choice_selector_const(pval, it);
         if ((i >= 0) && (i < it->tcount)) {
             const ASN1_VALUE **pchval;
             const ASN1_TEMPLATE *chtt;
             chtt = it->templates + i;
-            pchval = asn1_get_const_field_ptr(pval, chtt);
+            pchval = ossl_asn1_get_const_field_ptr(pval, chtt);
             return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
         }
         /* Fixme: error condition if selector out of range */
@@ -152,7 +152,7 @@ int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
         /* fall through */
 
     case ASN1_ITYPE_SEQUENCE:
-        i = asn1_enc_restore(&seqcontlen, out, pval, it);
+        i = ossl_asn1_enc_restore(&seqcontlen, out, pval, it);
         /* An error occurred */
         if (i < 0)
             return 0;
@@ -175,10 +175,10 @@ int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
             const ASN1_TEMPLATE *seqtt;
             const ASN1_VALUE **pseqval;
             int tmplen;
-            seqtt = asn1_do_adb(*pval, tt, 1);
+            seqtt = ossl_asn1_do_adb(*pval, tt, 1);
             if (!seqtt)
                 return 0;
-            pseqval = asn1_get_const_field_ptr(pval, seqtt);
+            pseqval = ossl_asn1_get_const_field_ptr(pval, seqtt);
             tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
             if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
                 return -1;
@@ -193,10 +193,10 @@ int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
         for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
             const ASN1_TEMPLATE *seqtt;
             const ASN1_VALUE **pseqval;
-            seqtt = asn1_do_adb(*pval, tt, 1);
+            seqtt = ossl_asn1_do_adb(*pval, tt, 1);
             if (!seqtt)
                 return 0;
-            pseqval = asn1_get_const_field_ptr(pval, seqtt);
+            pseqval = ossl_asn1_get_const_field_ptr(pval, seqtt);
             /* FIXME: check for errors in enhanced version */
             asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
         }
@@ -578,15 +578,15 @@ static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype
         break;
 
     case V_ASN1_BIT_STRING:
-        return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
-                                   cout ? &cout : NULL);
+        return ossl_i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                                        cout ? &cout : NULL);
 
     case V_ASN1_INTEGER:
     case V_ASN1_ENUMERATED:
         /*
          * These are all have the same content format as ASN1_INTEGER
          */
-        return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+        return ossl_i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
 
     case V_ASN1_OCTET_STRING:
     case V_ASN1_NUMERICSTRING:
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index 3a5b29f37d..c6cf62c441 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -17,15 +17,15 @@
 
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
 {
-    asn1_item_embed_free(&val, it, 0);
+    ossl_asn1_item_embed_free(&val, it, 0);
 }
 
 void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    asn1_item_embed_free(pval, it, 0);
+    ossl_asn1_item_embed_free(pval, it, 0);
 }
 
-void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
 {
     const ASN1_TEMPLATE *tt = NULL, *seqtt;
     const ASN1_EXTERN_FUNCS *ef;
@@ -46,13 +46,13 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
 
     case ASN1_ITYPE_PRIMITIVE:
         if (it->templates)
-            asn1_template_free(pval, it->templates);
+            ossl_asn1_template_free(pval, it->templates);
         else
-            asn1_primitive_free(pval, it, embed);
+            ossl_asn1_primitive_free(pval, it, embed);
         break;
 
     case ASN1_ITYPE_MSTRING:
-        asn1_primitive_free(pval, it, embed);
+        ossl_asn1_primitive_free(pval, it, embed);
         break;
 
     case ASN1_ITYPE_CHOICE:
@@ -61,13 +61,13 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
             if (i == 2)
                 return;
         }
-        i = asn1_get_choice_selector(pval, it);
+        i = ossl_asn1_get_choice_selector(pval, it);
         if ((i >= 0) && (i < it->tcount)) {
             ASN1_VALUE **pchval;
 
             tt = it->templates + i;
-            pchval = asn1_get_field_ptr(pval, tt);
-            asn1_template_free(pchval, tt);
+            pchval = ossl_asn1_get_field_ptr(pval, tt);
+            ossl_asn1_template_free(pchval, tt);
         }
         if (asn1_cb)
             asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
@@ -85,14 +85,14 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
 
     case ASN1_ITYPE_NDEF_SEQUENCE:
     case ASN1_ITYPE_SEQUENCE:
-        if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
+        if (ossl_asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
             return;
         if (asn1_cb) {
             i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
             if (i == 2)
                 return;
         }
-        asn1_enc_free(pval, it);
+        ossl_asn1_enc_free(pval, it);
         /*
          * If we free up as normal we will invalidate any ANY DEFINED BY
          * field and we won't be able to determine the type of the field it
@@ -103,11 +103,11 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
             ASN1_VALUE **pseqval;
 
             tt--;
-            seqtt = asn1_do_adb(*pval, tt, 0);
+            seqtt = ossl_asn1_do_adb(*pval, tt, 0);
             if (!seqtt)
                 continue;
-            pseqval = asn1_get_field_ptr(pval, seqtt);
-            asn1_template_free(pseqval, seqtt);
+            pseqval = ossl_asn1_get_field_ptr(pval, seqtt);
+            ossl_asn1_template_free(pseqval, seqtt);
         }
         if (asn1_cb)
             asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
@@ -119,7 +119,7 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
     }
 }
 
-void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+void ossl_asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
     int embed = tt->flags & ASN1_TFLG_EMBED;
     ASN1_VALUE *tval;
@@ -134,16 +134,16 @@ void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
         for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
             ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);
 
-            asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed);
+            ossl_asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed);
         }
         sk_ASN1_VALUE_free(sk);
         *pval = NULL;
     } else {
-        asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed);
+        ossl_asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed);
     }
 }
 
-void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+void ossl_asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
 {
     int utype;
 
@@ -196,12 +196,12 @@ void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
         break;
 
     case V_ASN1_ANY:
-        asn1_primitive_free(pval, NULL, 0);
+        ossl_asn1_primitive_free(pval, NULL, 0);
         OPENSSL_free(*pval);
         break;
 
     default:
-        asn1_string_embed_free((ASN1_STRING *)*pval, embed);
+        ossl_asn1_string_embed_free((ASN1_STRING *)*pval, embed);
         break;
     }
     *pval = NULL;
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 06fc558457..826636f027 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -91,7 +91,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
             if (*pval == NULL)
                 goto memerr;
         }
-        asn1_set_choice_selector(pval, -1, it);
+        ossl_asn1_set_choice_selector(pval, -1, it);
         if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
             goto auxerr2;
         break;
@@ -114,16 +114,16 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
                 goto memerr;
         }
         /* 0 : init. lock */
-        if (asn1_do_lock(pval, 0, it) < 0) {
+        if (ossl_asn1_do_lock(pval, 0, it) < 0) {
             if (!embed) {
                 OPENSSL_free(*pval);
                 *pval = NULL;
             }
             goto memerr;
         }
-        asn1_enc_init(pval, it);
+        ossl_asn1_enc_init(pval, it);
         for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-            pseqval = asn1_get_field_ptr(pval, tt);
+            pseqval = ossl_asn1_get_field_ptr(pval, tt);
             if (!asn1_template_new(pseqval, tt))
                 goto memerr2;
         }
@@ -134,13 +134,13 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
     return 1;
 
  memerr2:
-    asn1_item_embed_free(pval, it, embed);
+    ossl_asn1_item_embed_free(pval, it, embed);
  memerr:
     ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
     return 0;
 
  auxerr2:
-    asn1_item_embed_free(pval, it, embed);
+    ossl_asn1_item_embed_free(pval, it, embed);
  auxerr:
     ERR_raise(ERR_LIB_ASN1, ASN1_R_AUX_ERROR);
     return 0;
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
index e4926616f3..0d1a82a1c5 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -195,7 +195,7 @@ static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent,
 
     case ASN1_ITYPE_CHOICE:
         /* CHOICE type, get selector */
-        i = asn1_get_choice_selector_const(fld, it);
+        i = ossl_asn1_get_choice_selector_const(fld, it);
         /* This should never happen... */
         if ((i < 0) || (i >= it->tcount)) {
             if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0)
@@ -203,7 +203,7 @@ static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent,
             return 1;
         }
         tt = it->templates + i;
-        tmpfld = asn1_get_const_field_ptr(fld, tt);
+        tmpfld = ossl_asn1_get_const_field_ptr(fld, tt);
         if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
             return 0;
         break;
@@ -233,10 +233,10 @@ static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent,
         /* Print each field entry */
         for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
             const ASN1_TEMPLATE *seqtt;
-            seqtt = asn1_do_adb(*fld, tt, 1);
+            seqtt = ossl_asn1_do_adb(*fld, tt, 1);
             if (!seqtt)
                 return 0;
-            tmpfld = asn1_get_const_field_ptr(fld, seqtt);
+            tmpfld = ossl_asn1_get_const_field_ptr(fld, seqtt);
             if (!asn1_template_print_ctx(out, tmpfld,
                                          indent + 2, seqtt, pctx))
                 return 0;
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 0fcfedc845..889c6a2b7b 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -26,14 +26,15 @@
  * Given an ASN1_ITEM CHOICE type return the selector value
  */
 
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+int ossl_asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
     int *sel = offset2ptr(*pval, it->utype);
 
     return *sel;
 }
 
-int asn1_get_choice_selector_const(const ASN1_VALUE **pval, const ASN1_ITEM *it)
+int ossl_asn1_get_choice_selector_const(const ASN1_VALUE **pval,
+                                        const ASN1_ITEM *it)
 {
     int *sel = offset2ptr(*pval, it->utype);
 
@@ -44,8 +45,8 @@ int asn1_get_choice_selector_const(const ASN1_VALUE **pval, const ASN1_ITEM *it)
  * Given an ASN1_ITEM CHOICE type set the selector value, return old value.
  */
 
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
-                             const ASN1_ITEM *it)
+int ossl_asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                                  const ASN1_ITEM *it)
 {
     int *sel, ret;
 
@@ -64,7 +65,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
  * It returns -1 on initialisation error.
  * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects
  */
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+int ossl_asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
 {
     const ASN1_AUX *aux;
     CRYPTO_REF_COUNT *lck;
@@ -135,7 +136,7 @@ static const ASN1_ENCODING *asn1_get_const_enc_ptr(const ASN1_VALUE **pval,
     return offset2ptr(*pval, aux->enc_offset);
 }
 
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
     ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it);
 
@@ -146,7 +147,7 @@ void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
     }
 }
 
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
     ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it);
 
@@ -158,8 +159,8 @@ void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
     }
 }
 
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
-                  const ASN1_ITEM *it)
+int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                       const ASN1_ITEM *it)
 {
     ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it);
 
@@ -178,8 +179,8 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
     return 1;
 }
 
-int asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval,
-                     const ASN1_ITEM *it)
+int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval,
+                          const ASN1_ITEM *it)
 {
     const ASN1_ENCODING *enc = asn1_get_const_enc_ptr(pval, it);
 
@@ -195,7 +196,7 @@ int asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval,
 }
 
 /* Given an ASN1_TEMPLATE get a pointer to a field */
-ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+ASN1_VALUE **ossl_asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 {
     ASN1_VALUE **pvaltmp = offset2ptr(*pval, tt->offset);
 
@@ -207,8 +208,8 @@ ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 }
 
 /* Given an ASN1_TEMPLATE get a const pointer to a field */
-const ASN1_VALUE **asn1_get_const_field_ptr(const ASN1_VALUE **pval,
-                                            const ASN1_TEMPLATE *tt)
+const ASN1_VALUE **ossl_asn1_get_const_field_ptr(const ASN1_VALUE **pval,
+                                                 const ASN1_TEMPLATE *tt)
 {
     return offset2ptr(*pval, tt->offset);
 }
@@ -218,9 +219,9 @@ const ASN1_VALUE **asn1_get_const_field_ptr(const ASN1_VALUE **pval,
  * ASN1_TEMPLATE in the table and return it.
  */
 
-const ASN1_TEMPLATE *asn1_do_adb(const ASN1_VALUE *val,
-                                 const ASN1_TEMPLATE *tt,
-                                 int nullerr)
+const ASN1_TEMPLATE *ossl_asn1_do_adb(const ASN1_VALUE *val,
+                                      const ASN1_TEMPLATE *tt,
+                                      int nullerr)
 {
     const ASN1_ADB *adb;
     const ASN1_ADB_TABLE *atbl;
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 9a313170f0..aab1e3a6dc 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -129,7 +129,7 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
 }
 
 /* allocate and set algorithm ID from EVP_MD, default SHA1 */
-int x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md)
+int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md)
 {
     /* Default is SHA1 so no need to create it - still success */
     if (md == NULL || EVP_MD_is_a(md, "SHA1"))
@@ -142,7 +142,7 @@ int x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md)
 }
 
 /* convert algorithm ID to EVP_MD, default SHA1 */
-const EVP_MD *x509_algor_get_md(X509_ALGOR *alg)
+const EVP_MD *ossl_x509_algor_get_md(X509_ALGOR *alg)
 {
     const EVP_MD *md;
 
@@ -154,7 +154,7 @@ const EVP_MD *x509_algor_get_md(X509_ALGOR *alg)
     return md;
 }
 
-X509_ALGOR *x509_algor_mgf1_decode(X509_ALGOR *alg)
+X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg)
 {
     if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
         return NULL;
@@ -163,7 +163,7 @@ X509_ALGOR *x509_algor_mgf1_decode(X509_ALGOR *alg)
 }
 
 /* Allocate and set MGF1 algorithm ID from EVP_MD */
-int x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
+int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
 {
     X509_ALGOR *algtmp = NULL;
     ASN1_STRING *stmp = NULL;
@@ -172,7 +172,7 @@ int x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
     if (mgf1md == NULL || EVP_MD_is_a(mgf1md, "SHA1"))
         return 1;
     /* need to embed algorithm ID inside another */
-    if (!x509_algor_new_from_md(&algtmp, mgf1md))
+    if (!ossl_x509_algor_new_from_md(&algtmp, mgf1md))
         goto err;
     if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL)
          goto err;
diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c
index 50157a2bb2..e01ca4ef2f 100644
--- a/crypto/asn1/x_int64.c
+++ b/crypto/asn1/x_int64.c
@@ -62,12 +62,12 @@ static int uint64_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype,
         return -1;
     if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
         && (int64_t)utmp < 0) {
-        /* i2c_uint64_int() assumes positive values */
+        /* ossl_i2c_uint64_int() assumes positive values */
         utmp = 0 - utmp;
         neg = 1;
     }
 
-    return i2c_uint64_int(cont, utmp, neg);
+    return ossl_i2c_uint64_int(cont, utmp, neg);
 }
 
 static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
@@ -91,7 +91,7 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     if (len == 0)
         goto long_compat;
 
-    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+    if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len))
         return 0;
     if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
@@ -103,7 +103,7 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         return 0;
     }
     if (neg)
-        /* c2i_uint64_int() returns positive values */
+        /* ossl_c2i_uint64_int() returns positive values */
         utmp = 0 - utmp;
 
  long_compat:
@@ -157,12 +157,12 @@ static int uint32_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype,
         return -1;
     if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
         && (int32_t)utmp < 0) {
-        /* i2c_uint64_int() assumes positive values */
+        /* ossl_i2c_uint64_int() assumes positive values */
         utmp = 0 - utmp;
         neg = 1;
     }
 
-    return i2c_uint64_int(cont, (uint64_t)utmp, neg);
+    return ossl_i2c_uint64_int(cont, (uint64_t)utmp, neg);
 }
 
 /*
@@ -194,7 +194,7 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     if (len == 0)
         goto long_compat;
 
-    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+    if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len))
         return 0;
     if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
diff --git a/crypto/asn1_dsa.c b/crypto/asn1_dsa.c
index cb48ae9956..59642f4b3c 100644
--- a/crypto/asn1_dsa.c
+++ b/crypto/asn1_dsa.c
@@ -36,7 +36,7 @@
  *
  * Returns 1 on success or 0 on error.
  */
-int encode_der_length(WPACKET *pkt, size_t cont_len)
+int ossl_encode_der_length(WPACKET *pkt, size_t cont_len)
 {
     if (cont_len > 0xffff)
         return 0; /* Too large for supported length encodings */
@@ -63,7 +63,7 @@ int encode_der_length(WPACKET *pkt, size_t cont_len)
  *
  * Returns 1 on success or 0 on error.
  */
-int encode_der_integer(WPACKET *pkt, const BIGNUM *n)
+int ossl_encode_der_integer(WPACKET *pkt, const BIGNUM *n)
 {
     unsigned char *bnbytes;
     size_t cont_len;
@@ -84,7 +84,7 @@ int encode_der_integer(WPACKET *pkt, const BIGNUM *n)
 
     if (!WPACKET_start_sub_packet(pkt)
             || !WPACKET_put_bytes_u8(pkt, ID_INTEGER)
-            || !encode_der_length(pkt, cont_len)
+            || !ossl_encode_der_length(pkt, cont_len)
             || !WPACKET_allocate_bytes(pkt, cont_len, &bnbytes)
             || !WPACKET_close(pkt))
         return 0;
@@ -103,7 +103,7 @@ int encode_der_integer(WPACKET *pkt, const BIGNUM *n)
  *
  * Returns 1 on success or 0 on error.
  */
-int encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s)
+int ossl_encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s)
 {
     WPACKET tmppkt, *dummypkt;
     size_t cont_len;
@@ -122,8 +122,8 @@ int encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s)
     }
 
     /* Calculate the content length */
-    if (!encode_der_integer(dummypkt, r)
-            || !encode_der_integer(dummypkt, s)
+    if (!ossl_encode_der_integer(dummypkt, r)
+            || !ossl_encode_der_integer(dummypkt, s)
             || !WPACKET_get_length(dummypkt, &cont_len)
             || (!isnull && !WPACKET_finish(dummypkt))) {
         if (!isnull)
@@ -133,13 +133,13 @@ int encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s)
 
     /* Add the tag and length bytes */
     if (!WPACKET_put_bytes_u8(pkt, ID_SEQUENCE)
-            || !encode_der_length(pkt, cont_len)
+            || !ossl_encode_der_length(pkt, cont_len)
                /*
                 * Really encode the integers. We already wrote to the main pkt
                 * if it had a NULL buffer, so don't do it again
                 */
-            || (!isnull && !encode_der_integer(pkt, r))
-            || (!isnull && !encode_der_integer(pkt, s))
+            || (!isnull && !ossl_encode_der_integer(pkt, r))
+            || (!isnull && !ossl_encode_der_integer(pkt, s))
             || !WPACKET_close(pkt))
         return 0;
 
@@ -250,4 +250,3 @@ size_t ossl_decode_der_dsa_sig(BIGNUM *r, BIGNUM *s,
     *ppin += consumed;
     return consumed;
 }
-
diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c
index 34e11ce774..047e2e3433 100644
--- a/crypto/bn/bn_srp.c
+++ b/crypto/bn/bn_srp.c
@@ -48,7 +48,7 @@ static const BN_ULONG bn_group_1024_value[] = {
     bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6)
 };
 
-const BIGNUM bn_group_1024 = {
+const BIGNUM ossl_bn_group_1024 = {
     (BN_ULONG *)bn_group_1024_value,
     OSSL_NELEM(bn_group_1024_value),
     OSSL_NELEM(bn_group_1024_value),
@@ -83,7 +83,7 @@ static const BN_ULONG bn_group_1536_value[] = {
     bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A)
 };
 
-const BIGNUM bn_group_1536 = {
+const BIGNUM ossl_bn_group_1536 = {
     (BN_ULONG *)bn_group_1536_value,
     OSSL_NELEM(bn_group_1536_value),
     OSSL_NELEM(bn_group_1536_value),
@@ -126,7 +126,7 @@ static const BN_ULONG bn_group_2048_value[] = {
     bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B)
 };
 
-const BIGNUM bn_group_2048 = {
+const BIGNUM ossl_bn_group_2048 = {
     (BN_ULONG *)bn_group_2048_value,
     OSSL_NELEM(bn_group_2048_value),
     OSSL_NELEM(bn_group_2048_value),
@@ -185,7 +185,7 @@ static const BN_ULONG bn_group_3072_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
 };
 
-const BIGNUM bn_group_3072 = {
+const BIGNUM ossl_bn_group_3072 = {
     (BN_ULONG *)bn_group_3072_value,
     OSSL_NELEM(bn_group_3072_value),
     OSSL_NELEM(bn_group_3072_value),
@@ -260,7 +260,7 @@ static const BN_ULONG bn_group_4096_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
 };
 
-const BIGNUM bn_group_4096 = {
+const BIGNUM ossl_bn_group_4096 = {
     (BN_ULONG *)bn_group_4096_value,
     OSSL_NELEM(bn_group_4096_value),
     OSSL_NELEM(bn_group_4096_value),
@@ -367,7 +367,7 @@ static const BN_ULONG bn_group_6144_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
 };
 
-const BIGNUM bn_group_6144 = {
+const BIGNUM ossl_bn_group_6144 = {
     (BN_ULONG *)bn_group_6144_value,
     OSSL_NELEM(bn_group_6144_value),
     OSSL_NELEM(bn_group_6144_value),
@@ -506,7 +506,7 @@ static const BN_ULONG bn_group_8192_value[] = {
     bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
 };
 
-const BIGNUM bn_group_8192 = {
+const BIGNUM ossl_bn_group_8192 = {
     (BN_ULONG *)bn_group_8192_value,
     OSSL_NELEM(bn_group_8192_value),
     OSSL_NELEM(bn_group_8192_value),
@@ -516,7 +516,7 @@ const BIGNUM bn_group_8192 = {
 
 static const BN_ULONG bn_generator_19_value[] = { 19 };
 
-const BIGNUM bn_generator_19 = {
+const BIGNUM ossl_bn_generator_19 = {
     (BN_ULONG *)bn_generator_19_value,
     1,
     1,
@@ -525,7 +525,7 @@ const BIGNUM bn_generator_19 = {
 };
 static const BN_ULONG bn_generator_5_value[] = { 5 };
 
-const BIGNUM bn_generator_5 = {
+const BIGNUM ossl_bn_generator_5 = {
     (BN_ULONG *)bn_generator_5_value,
     1,
     1,
@@ -534,7 +534,7 @@ const BIGNUM bn_generator_5 = {
 };
 static const BN_ULONG bn_generator_2_value[] = { 2 };
 
-const BIGNUM bn_generator_2 = {
+const BIGNUM ossl_bn_generator_2 = {
     (BN_ULONG *)bn_generator_2_value,
     1,
     1,
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 00c5256013..728ec21968 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -221,8 +221,8 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
                                 ASN1_INTEGER_get(emc->errorCode)) > 0)
             ERR_add_error_data(1, buf);
         if (emc->errorDetails != NULL) {
-            char *text = sk_ASN1_UTF8STRING2text(emc->errorDetails, ", ",
-                                                 OSSL_CMP_PKISI_BUFLEN - 1);
+            char *text = ossl_sk_ASN1_UTF8STRING2text(emc->errorDetails, ", ",
+                                                      OSSL_CMP_PKISI_BUFLEN - 1);
 
             if (text != NULL)
                 ERR_add_error_data(2, "; errorDetails: ", text);
@@ -316,8 +316,8 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
                                            " with reason = '")) < 0) {
                 *str = '\0';
             } else {
-                char *text = sk_ASN1_UTF8STRING2text(pollRep->reason, ", ",
-                                                     sizeof(str) - len - 2);
+                char *text = ossl_sk_ASN1_UTF8STRING2text(pollRep->reason, ", ",
+                                                          sizeof(str) - len - 2);
 
                 if (text == NULL
                         || BIO_snprintf(str + len, sizeof(str) - len,
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index e65dabe323..0016569356 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -607,7 +607,7 @@ int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \
     return 1; \
 }
 
-#define X509_invalid(cert) (!x509v3_cache_extensions(cert))
+#define X509_invalid(cert) (!ossl_x509v3_cache_extensions(cert))
 #define EVP_PKEY_invalid(key) 0
 #define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \
 int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 09b2d7b03b..77b2175b11 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -1027,7 +1027,7 @@ X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep,
     if (crt == NULL)
         ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND);
     else
-        (void)x509_set0_libctx(crt, ctx->libctx, ctx->propq);
+        (void)ossl_x509_set0_libctx(crt, ctx->libctx, ctx->propq);
     return crt;
 }
 
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 88052d5ec5..064e8e37b3 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -58,7 +58,7 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
     }
 
  sig_err:
-    res = x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
+    res = ossl_x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
     ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_SIGNATURE);
     if (res)
         ERR_add_error_mem_bio("\n", bio);
@@ -266,7 +266,7 @@ static int cert_acceptable(const OSSL_CMP_CTX *ctx,
     if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID))
         return 0;
     /* prevent misleading error later in case x509v3_cache_extensions() fails */
-    if (!x509v3_cache_extensions(cert)) {
+    if (!ossl_x509v3_cache_extensions(cert)) {
         ossl_cmp_warn(ctx, "cert appears to be invalid");
         return 0;
     }
diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c
index 2ac118b9e6..c7a757d80b 100644
--- a/crypto/cms/cms_att.c
+++ b/crypto/cms/cms_att.c
@@ -263,7 +263,7 @@ static int cms_check_attribute(int nid, int flags, int type,
  *     attributes. Only one instance of each is allowed, with each of these
  *     attributes containing a single attribute value in its set.
  */
-int CMS_si_check_attributes(const CMS_SignerInfo *si)
+int ossl_cms_si_check_attributes(const CMS_SignerInfo *si)
 {
     int i;
     int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0);
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index b0b9e4aaac..494c2cc8fc 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -181,9 +181,9 @@ void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms)
                 break;
             case CMS_RECIPINFO_TRANS:
                 ri->d.ktri->cms_ctx = ctx;
-                x509_set0_libctx(ri->d.ktri->recip,
-                                 ossl_cms_ctx_get0_libctx(ctx),
-                                 ossl_cms_ctx_get0_propq(ctx));
+                ossl_x509_set0_libctx(ri->d.ktri->recip,
+                                      ossl_cms_ctx_get0_libctx(ctx),
+                                      ossl_cms_ctx_get0_propq(ctx));
                 break;
             case CMS_RECIPINFO_KEK:
                 ri->d.kekri->cms_ctx = ctx;
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 5982035c45..b713581c05 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -166,10 +166,10 @@ static int cms_msgSigDigest(CMS_SignerInfo *si,
 
     if (md == NULL)
         return 0;
-    if (!asn1_item_digest_ex(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
-                             si->signedAttrs, dig, diglen,
-                             ossl_cms_ctx_get0_libctx(si->cms_ctx),
-                             ossl_cms_ctx_get0_propq(si->cms_ctx)))
+    if (!ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+                                  si->signedAttrs, dig, diglen,
+                                  ossl_cms_ctx_get0_libctx(si->cms_ctx),
+                                  ossl_cms_ctx_get0_propq(si->cms_ctx)))
         return 0;
     return 1;
 }
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 03e6c631ef..0c9a372832 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -105,7 +105,7 @@ void ossl_cms_resolve_libctx(CMS_ContentInfo *ci)
         for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
             cch = sk_CMS_CertificateChoices_value(*pcerts, i);
             if (cch->type == CMS_CERTCHOICE_CERT)
-                x509_set0_libctx(cch->d.certificate, libctx, propq);
+                ossl_x509_set0_libctx(cch->d.certificate, libctx, propq);
         }
     }
 }
diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h
index 0827c55a1c..15b4a29ce0 100644
--- a/crypto/cms/cms_local.h
+++ b/crypto/cms/cms_local.h
@@ -468,7 +468,7 @@ int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
 int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
                                       CMS_RecipientInfo *ri, int en_de);
 /* SignerInfo routines */
-int CMS_si_check_attributes(const CMS_SignerInfo *si);
+int ossl_cms_si_check_attributes(const CMS_SignerInfo *si);
 void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms);
 
 
diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index f577d462f1..b9e895aed4 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -25,7 +25,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
         return NULL;
 
     if (oaep->maskGenFunc != NULL) {
-        oaep->maskHash = x509_algor_mgf1_decode(oaep->maskGenFunc);
+        oaep->maskHash = ossl_x509_algor_mgf1_decode(oaep->maskGenFunc);
         if (oaep->maskHash == NULL) {
             RSA_OAEP_PARAMS_free(oaep);
             return NULL;
@@ -65,10 +65,10 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
         goto err;
     }
 
-    mgf1md = x509_algor_get_md(oaep->maskHash);
+    mgf1md = ossl_x509_algor_get_md(oaep->maskHash);
     if (mgf1md == NULL)
         goto err;
-    md = x509_algor_get_md(oaep->hashFunc);
+    md = ossl_x509_algor_get_md(oaep->hashFunc);
     if (md == NULL)
         goto err;
 
@@ -140,9 +140,9 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
     oaep = RSA_OAEP_PARAMS_new();
     if (oaep == NULL)
         goto err;
-    if (!x509_algor_new_from_md(&oaep->hashFunc, md))
+    if (!ossl_x509_algor_new_from_md(&oaep->hashFunc, md))
         goto err;
-    if (!x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
+    if (!ossl_x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
         goto err;
     if (labellen > 0) {
         ASN1_OCTET_STRING *los;
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 0c3f04388b..a57943513e 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -734,7 +734,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
             goto err;
     }
 
-    if (!CMS_si_check_attributes(si))
+    if (!ossl_cms_si_check_attributes(si))
         goto err;
 
     if (si->pctx)
@@ -829,7 +829,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
         return -1;
     }
 
-    if (!CMS_si_check_attributes(si))
+    if (!ossl_cms_si_check_attributes(si))
         return -1;
 
     name = OBJ_nid2sn(OBJ_obj2nid(si->digestAlgorithm->algorithm));
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 6d893c0c80..aa2986266e 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -244,7 +244,7 @@ COMP_METHOD *COMP_zlib(void)
                 zlib_loaded++;
 
             if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) {
-                comp_zlib_cleanup_int();
+                ossl_comp_zlib_cleanup();
                 return meth;
             }
             if (zlib_loaded)
@@ -259,7 +259,7 @@ COMP_METHOD *COMP_zlib(void)
     return meth;
 }
 
-void comp_zlib_cleanup_int(void)
+void ossl_comp_zlib_cleanup(void)
 {
 #ifdef ZLIB_SHARED
     DSO_free(zlib_dso);
diff --git a/crypto/conf/conf_local.h b/crypto/conf/conf_local.h
index 1bc9c701ac..9961010f45 100644
--- a/crypto/conf/conf_local.h
+++ b/crypto/conf/conf_local.h
@@ -7,5 +7,4 @@
  * https://www.openssl.org/source/license.html
  */
 
-void conf_add_ssl_module(void);
-
+void ossl_config_add_ssl_module(void);
diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
index 5d24a36cd9..50e7038074 100644
--- a/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
@@ -32,7 +32,7 @@ void OPENSSL_load_builtin_modules(void)
     ENGINE_add_conf_module();
 #endif
     EVP_add_alg_module();
-    conf_add_ssl_module();
+    ossl_config_add_ssl_module();
     ossl_provider_add_conf_module();
     ossl_random_add_conf_module();
 }
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index b42eb36aba..93e0fa5e17 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -485,7 +485,7 @@ int CONF_module_add(const char *name, conf_init_func *ifunc,
         return 0;
 }
 
-void conf_modules_free_int(void)
+void ossl_config_modules_free(void)
 {
     CONF_modules_finish();
     CONF_modules_unload(1);
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index ffd9e9c5b2..1969f0d05a 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -40,7 +40,7 @@ void OPENSSL_config(const char *appname)
 }
 #endif
 
-int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
+int ossl_config_int(const OPENSSL_INIT_SETTINGS *settings)
 {
     int ret = 0;
     const char *filename;
@@ -55,7 +55,7 @@ int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
     flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS;
 
 #ifdef OPENSSL_INIT_DEBUG
-    fprintf(stderr, "OPENSSL_INIT: openssl_config_int(%s, %s, %lu)\n",
+    fprintf(stderr, "OPENSSL_INIT: ossl_config_int(%s, %s, %lu)\n",
             filename, appname, flags);
 #endif
 
@@ -66,7 +66,7 @@ int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
     return ret;
 }
 
-void openssl_no_config_int(void)
+void ossl_no_config_int(void)
 {
     openssl_configured = 1;
 }
diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c
index a4b35bab99..d32289ec44 100644
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
@@ -176,7 +176,7 @@ void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
     *arg = cmd[idx].arg;
 }
 
-void conf_add_ssl_module(void)
+void ossl_config_add_ssl_module(void)
 {
     CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free);
 }
diff --git a/crypto/context.c b/crypto/context.c
index 803111459a..852f9dd7ce 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -60,13 +60,13 @@ static int context_init(OSSL_LIB_CTX *ctx)
     }
 
     /* OSSL_LIB_CTX is built on top of ex_data so we initialise that directly */
-    if (!do_ex_data_init(ctx))
+    if (!ossl_do_ex_data_init(ctx))
         goto err;
     exdata_done = 1;
 
-    if (!crypto_new_ex_data_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL,
-                               &ctx->data)) {
-        crypto_cleanup_all_ex_data_int(ctx);
+    if (!ossl_crypto_new_ex_data_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL,
+                                    &ctx->data)) {
+        ossl_crypto_cleanup_all_ex_data_int(ctx);
         goto err;
     }
 
@@ -77,7 +77,7 @@ static int context_init(OSSL_LIB_CTX *ctx)
     return 1;
  err:
     if (exdata_done)
-        crypto_cleanup_all_ex_data_int(ctx);
+        ossl_crypto_cleanup_all_ex_data_int(ctx);
     CRYPTO_THREAD_lock_free(ctx->oncelock);
     CRYPTO_THREAD_lock_free(ctx->lock);
     ctx->lock = NULL;
@@ -102,7 +102,7 @@ static int context_deinit(OSSL_LIB_CTX *ctx)
         OPENSSL_free(tmp);
     }
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL, &ctx->data);
-    crypto_cleanup_all_ex_data_int(ctx);
+    ossl_crypto_cleanup_all_ex_data_int(ctx);
     for (i = 0; i < OSSL_LIB_CTX_MAX_INDEXES; i++)
         CRYPTO_THREAD_lock_free(ctx->index_locks[i]);
 
@@ -228,7 +228,7 @@ static void ossl_lib_ctx_generic_new(void *parent_ign, void *ptr_ign,
                                      long argl_ign, void *argp)
 {
     const OSSL_LIB_CTX_METHOD *meth = argp;
-    OSSL_LIB_CTX *ctx = crypto_ex_data_get_ossl_lib_ctx(ad);
+    OSSL_LIB_CTX *ctx = ossl_crypto_ex_data_get_ossl_lib_ctx(ad);
     void *ptr = meth->new_func(ctx);
 
     if (ptr != NULL) {
@@ -261,10 +261,10 @@ static int ossl_lib_ctx_init_index(OSSL_LIB_CTX *ctx, int static_index,
     if (ctx == NULL)
         return 0;
 
-    idx = crypto_get_ex_new_index_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, 0,
-                                     (void *)meth,
-                                     ossl_lib_ctx_generic_new,
-                                     NULL, ossl_lib_ctx_generic_free);
+    idx = ossl_crypto_get_ex_new_index_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, 0,
+                                          (void *)meth,
+                                          ossl_lib_ctx_generic_new,
+                                          NULL, ossl_lib_ctx_generic_free);
     if (idx < 0)
         return 0;
 
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index 1cc76bf030..ae9aa19c3f 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -10,7 +10,7 @@
 #include "e_os.h"                /* strcasecmp */
 #include "internal/namemap.h"
 #include <openssl/lhash.h>
-#include "crypto/lhash.h"      /* openssl_lh_strcasehash */
+#include "crypto/lhash.h"      /* ossl_lh_strcasehash */
 #include "internal/tsan_assist.h"
 
 /*-
@@ -47,7 +47,7 @@ struct ossl_namemap_st {
 
 static unsigned long namenum_hash(const NAMENUM_ENTRY *n)
 {
-    return openssl_lh_strcasehash(n->name);
+    return ossl_lh_strcasehash(n->name);
 }
 
 static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b)
diff --git a/crypto/ct/ct_local.h b/crypto/ct/ct_local.h
index a7573c97bb..a1bff33a74 100644
--- a/crypto/ct/ct_local.h
+++ b/crypto/ct/ct_local.h
@@ -219,4 +219,4 @@ __owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
 /*
  * Handlers for Certificate Transparency X509v3/OCSP extensions
  */
-extern const X509V3_EXT_METHOD v3_ct_scts[3];
+extern const X509V3_EXT_METHOD ossl_v3_ct_scts[3];
diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
index 085402b046..92991b3f9d 100644
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -75,7 +75,7 @@ static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
 }
 
 /* Handlers for X509v3/OCSP Certificate Transparency extensions */
-const X509V3_EXT_METHOD v3_ct_scts[3] = {
+const X509V3_EXT_METHOD ossl_v3_ct_scts[3] = {
     /* X509v3 extension in certificates that contains SCTs */
     { NID_ct_precert_scts, 0, NULL,
     NULL, (X509V3_EXT_FREE)SCT_LIST_free,
diff --git a/crypto/ctype.c b/crypto/ctype.c
index dbd7891399..8612415b9b 100644
--- a/crypto/ctype.c
+++ b/crypto/ctype.c
@@ -273,7 +273,7 @@ int ossl_toupper(int c)
     return ossl_islower(c) ? c ^ case_change : c;
 }
 
-int ascii_isdigit(const char inchar) {
+int ossl_ascii_isdigit(const char inchar) {
     if (inchar > 0x2F && inchar < 0x3A)
         return 1;
     return 0;
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index cccd880c20..08656877f3 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -35,7 +35,7 @@ static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
                    long length)
 {
     DH *dh = NULL;
-    int is_dhx = (pkey->ameth == &dhx_asn1_meth);
+    int is_dhx = (pkey->ameth == &ossl_dhx_asn1_meth);
 
     if (is_dhx)
         dh = d2i_DHxparams(NULL, pp, length);
@@ -47,7 +47,7 @@ static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
 
 static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
 {
-    if (pkey->ameth == &dhx_asn1_meth)
+    if (pkey->ameth == &ossl_dhx_asn1_meth)
         return i2d_DHxparams(a, pp);
     return i2d_DHparams(a, pp);
 }
@@ -350,7 +350,7 @@ static int dh_security_bits(const EVP_PKEY *pkey)
 static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 {
     return ossl_ffc_params_cmp(&a->pkey.dh->params, &a->pkey.dh->params,
-                               a->ameth != &dhx_asn1_meth);
+                               a->ameth != &ossl_dhx_asn1_meth);
 }
 
 static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
@@ -386,7 +386,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
             return 0;
     }
     return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
-                             from->ameth == &dhx_asn1_meth);
+                             from->ameth == &ossl_dhx_asn1_meth);
 }
 
 static int dh_missing_parameters(const EVP_PKEY *a)
@@ -574,7 +574,7 @@ static int dhx_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
     return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DHX);
 }
 
-const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_dh_asn1_meth = {
     EVP_PKEY_DH,
     EVP_PKEY_DH,
     0,
@@ -619,7 +619,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
     dh_pkey_import_from,
 };
 
-const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_dhx_asn1_meth = {
     EVP_PKEY_DHX,
     EVP_PKEY_DHX,
     0,
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index f282a12b4c..3617e61e23 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -290,7 +290,7 @@ static int generate_key(DH *dh)
         /* Is it an approved safe prime ?*/
         if (DH_get_nid(dh) != NID_undef) {
             int max_strength =
-                    ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p));
+                    ossl_ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p));
 
             if (dh->params.q == NULL
                 || dh->length > BN_num_bits(dh->params.q))
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index c073f6b799..50ecd3ed3b 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -557,7 +557,7 @@ static int dsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
 
 /* NB these are sorted in pkey_id order, lowest first */
 
-const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
+const EVP_PKEY_ASN1_METHOD ossl_dsa_asn1_meths[5] = {
 
     {
      EVP_PKEY_DSA2,
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 5de633e11e..5512b99ef1 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -169,7 +169,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
     ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
 
 #ifndef FIPS_MODULE
-    if (!crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
+    if (!ossl_crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret,
+                                    &ret->ex_data))
         goto err;
 #endif
 
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 6819e5c131..6e87bd1657 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -95,7 +95,7 @@ int i2d_DSA_SIG(const DSA_SIG *sig, unsigned char **ppout)
             return -1;
     }
 
-    if (!encode_der_dsa_sig(&pkt, sig->r, sig->s)
+    if (!ossl_encode_der_dsa_sig(&pkt, sig->r, sig->s)
             || !WPACKET_get_total_written(&pkt, &encoded_len)
             || !WPACKET_finish(&pkt)) {
         BUF_MEM_free(buf);
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c
index d939003043..3f24215047 100644
--- a/crypto/ec/curve25519.c
+++ b/crypto/ec/curve25519.c
@@ -5437,9 +5437,10 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
     s[31] = (uint8_t) (s11 >> 17);
 }
 
-int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
-                 const uint8_t public_key[32], const uint8_t private_key[32],
-                 OSSL_LIB_CTX *libctx, const char *propq)
+int
+ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                  const uint8_t public_key[32], const uint8_t private_key[32],
+                  OSSL_LIB_CTX *libctx, const char *propq)
 {
     uint8_t az[SHA512_DIGEST_LENGTH];
     uint8_t nonce[SHA512_DIGEST_LENGTH];
@@ -5493,9 +5494,10 @@ err:
 
 static const char allzeroes[15];
 
-int ED25519_verify(const uint8_t *message, size_t message_len,
-                   const uint8_t signature[64], const uint8_t public_key[32],
-                   OSSL_LIB_CTX *libctx, const char *propq)
+int
+ossl_ed25519_verify(const uint8_t *message, size_t message_len,
+                    const uint8_t signature[64], const uint8_t public_key[32],
+                    OSSL_LIB_CTX *libctx, const char *propq)
 {
     int i;
     ge_p3 A;
@@ -5577,8 +5579,10 @@ err:
     return res;
 }
 
-int ED25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
-                                const uint8_t private_key[32], const char *propq)
+int
+ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
+                                 const uint8_t private_key[32],
+                                 const char *propq)
 {
     uint8_t az[SHA512_DIGEST_LENGTH];
     ge_p3 A;
@@ -5606,8 +5610,9 @@ int ED25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
     return 1;
 }
 
-int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
-           const uint8_t peer_public_value[32])
+int
+ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+            const uint8_t peer_public_value[32])
 {
     static const uint8_t kZeros[32] = {0};
     x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
@@ -5615,7 +5620,8 @@ int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
     return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
 }
 
-void X25519_public_from_private(uint8_t out_public_value[32],
+void
+ossl_x25519_public_from_private(uint8_t out_public_value[32],
                                 const uint8_t private_key[32])
 {
     uint8_t e[32];
diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c
index b03218283e..b624692713 100644
--- a/crypto/ec/curve448/curve448.c
+++ b/crypto/ec/curve448/curve448.c
@@ -55,7 +55,7 @@ static void gf_invert(gf y, const gf x, int assert_nonzero)
 }
 
 /** identity = (0,1) */
-const curve448_point_t curve448_point_identity =
+const curve448_point_t ossl_curve448_point_identity =
     { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} };
 
 static void point_double_internal(curve448_point_t p, const curve448_point_t q,
@@ -82,7 +82,7 @@ static void point_double_internal(curve448_point_t p, const curve448_point_t q,
         gf_mul(p->t, b, d);
 }
 
-void curve448_point_double(curve448_point_t p, const curve448_point_t q)
+void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q)
 {
     point_double_internal(p, q, 0);
 }
@@ -184,8 +184,9 @@ static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn,
     sub_niels_from_pt(p, pn->n, before_double);
 }
 
-c448_bool_t curve448_point_eq(const curve448_point_t p,
-                              const curve448_point_t q)
+c448_bool_t
+ossl_curve448_point_eq(const curve448_point_t p,
+                       const curve448_point_t q)
 {
     mask_t succ;
     gf a, b;
@@ -198,7 +199,8 @@ c448_bool_t curve448_point_eq(const curve448_point_t p,
     return mask_to_bool(succ);
 }
 
-c448_bool_t curve448_point_valid(const curve448_point_t p)
+c448_bool_t
+ossl_curve448_point_valid(const curve448_point_t p)
 {
     mask_t out;
     gf a, b, c;
@@ -225,7 +227,8 @@ static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni,
     constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx);
 }
 
-void curve448_precomputed_scalarmul(curve448_point_t out,
+void
+ossl_curve448_precomputed_scalarmul(curve448_point_t out,
                                     const curve448_precomputed_s * table,
                                     const curve448_scalar_t scalar)
 {
@@ -234,8 +237,8 @@ void curve448_precomputed_scalarmul(curve448_point_t out,
     niels_t ni;
     curve448_scalar_t scalar1x;
 
-    curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
-    curve448_scalar_halve(scalar1x, scalar1x);
+    ossl_curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
+    ossl_curve448_scalar_halve(scalar1x, scalar1x);
 
     for (i = s; i > 0; i--) {
         if (i != s)
@@ -272,7 +275,8 @@ void curve448_precomputed_scalarmul(curve448_point_t out,
     OPENSSL_cleanse(scalar1x, sizeof(scalar1x));
 }
 
-void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(
                                     uint8_t enc[EDDSA_448_PUBLIC_BYTES],
                                     const curve448_point_t p)
 {
@@ -316,10 +320,11 @@ void curve448_point_mul_by_ratio_and_encode_like_eddsa(
     OPENSSL_cleanse(y, sizeof(y));
     OPENSSL_cleanse(z, sizeof(z));
     OPENSSL_cleanse(t, sizeof(t));
-    curve448_point_destroy(q);
+    ossl_curve448_point_destroy(q);
 }
 
-c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+c448_error_t
+ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
                                 curve448_point_t p,
                                 const uint8_t enc[EDDSA_448_PUBLIC_BYTES])
 {
@@ -372,14 +377,15 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
     }
 
     OPENSSL_cleanse(enc2, sizeof(enc2));
-    assert(curve448_point_valid(p) || ~succ);
+    assert(ossl_curve448_point_valid(p) || ~succ);
 
     return c448_succeed_if(mask_to_bool(succ));
 }
 
-c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
-                      const uint8_t base[X_PUBLIC_BYTES],
-                      const uint8_t scalar[X_PRIVATE_BYTES])
+c448_error_t
+ossl_x448_int(uint8_t out[X_PUBLIC_BYTES],
+              const uint8_t base[X_PUBLIC_BYTES],
+              const uint8_t scalar[X_PRIVATE_BYTES])
 {
     gf x1, x2, z2, x3, z3, t1, t2;
     int t;
@@ -456,7 +462,8 @@ c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
     return c448_succeed_if(mask_to_bool(nz));
 }
 
-void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
                                                       out[X_PUBLIC_BYTES],
                                                       const curve448_point_t p)
 {
@@ -467,11 +474,11 @@ void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
     gf_mul(q->z, q->t, q->y);   /* y/x */
     gf_sqr(q->y, q->z);         /* (y/x)^2 */
     gf_serialize(out, q->y, 1);
-    curve448_point_destroy(q);
+    ossl_curve448_point_destroy(q);
 }
 
-void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
-                            const uint8_t scalar[X_PRIVATE_BYTES])
+void ossl_x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
+                                 const uint8_t scalar[X_PRIVATE_BYTES])
 {
     /* Scalar conditioning */
     uint8_t scalar2[X_PRIVATE_BYTES];
@@ -485,15 +492,16 @@ void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
     scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8));
     scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8);
 
-    curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
+    ossl_curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
 
     /* Compensate for the encoding ratio */
     for (i = 1; i < X448_ENCODE_RATIO; i <<= 1)
-        curve448_scalar_halve(the_scalar, the_scalar);
+        ossl_curve448_scalar_halve(the_scalar, the_scalar);
 
-    curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar);
-    curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
-    curve448_point_destroy(p);
+    ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+                                        the_scalar);
+    ossl_curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
+    ossl_curve448_point_destroy(p);
 }
 
 /* Control for variable-time scalar multiply algorithms. */
@@ -610,7 +618,7 @@ static void prepare_wnaf_table(pniels_t * output,
     if (tbits == 0)
         return;
 
-    curve448_point_double(tmp, working);
+    ossl_curve448_point_double(tmp, working);
     pt_to_pniels(twop, tmp);
 
     add_pniels_to_pt(tmp, output[0], 0);
@@ -621,11 +629,12 @@ static void prepare_wnaf_table(pniels_t * output,
         pt_to_pniels(output[i], tmp);
     }
 
-    curve448_point_destroy(tmp);
+    ossl_curve448_point_destroy(tmp);
     OPENSSL_cleanse(twop, sizeof(twop));
 }
 
-void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+void
+ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
                                                const curve448_scalar_t scalar1,
                                                const curve448_point_t base2,
                                                const curve448_scalar_t scalar2)
@@ -645,7 +654,7 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
     i = control_var[0].power;
 
     if (i < 0) {
-        curve448_point_copy(combo, curve448_point_identity);
+        curve448_point_copy(combo, ossl_curve448_point_identity);
         return;
     }
     if (i > control_pre[0].power) {
@@ -653,13 +662,14 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
         contv++;
     } else if (i == control_pre[0].power && i >= 0) {
         pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
-        add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1],
+        add_niels_to_pt(combo,
+                        ossl_curve448_wnaf_base[control_pre[0].addend >> 1],
                         i);
         contv++;
         contp++;
     } else {
         i = control_pre[0].power;
-        niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);
+        niels_to_pt(combo, ossl_curve448_wnaf_base[control_pre[0].addend >> 1]);
         contp++;
     }
 
@@ -688,11 +698,11 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
 
             if (control_pre[contp].addend > 0)
                 add_niels_to_pt(combo,
-                                curve448_wnaf_base[control_pre[contp].addend
+                                ossl_curve448_wnaf_base[control_pre[contp].addend
                                                    >> 1], i);
             else
                 sub_niels_from_pt(combo,
-                                  curve448_wnaf_base[(-control_pre
+                                  ossl_curve448_wnaf_base[(-control_pre
                                                       [contp].addend) >> 1], i);
             contp++;
         }
@@ -709,20 +719,20 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
     (void)ncb_pre;
 }
 
-void curve448_point_destroy(curve448_point_t point)
+void ossl_curve448_point_destroy(curve448_point_t point)
 {
     OPENSSL_cleanse(point, sizeof(curve448_point_t));
 }
 
-int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
-         const uint8_t peer_public_value[56])
+int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+              const uint8_t peer_public_value[56])
 {
-    return x448_int(out_shared_key, peer_public_value, private_key)
+    return ossl_x448_int(out_shared_key, peer_public_value, private_key)
            == C448_SUCCESS;
 }
 
-void X448_public_from_private(uint8_t out_public_value[56],
-                              const uint8_t private_key[56])
+void ossl_x448_public_from_private(uint8_t out_public_value[56],
+                                   const uint8_t private_key[56])
 {
-    x448_derive_public_key(out_public_value, private_key);
+    ossl_x448_derive_public_key(out_public_value, private_key);
 }
diff --git a/crypto/ec/curve448/curve448_local.h b/crypto/ec/curve448/curve448_local.h
index c5ffa75f6b..39534a7237 100644
--- a/crypto/ec/curve448/curve448_local.h
+++ b/crypto/ec/curve448/curve448_local.h
@@ -10,12 +10,15 @@
 # define OSSL_CRYPTO_EC_CURVE448_LOCAL_H
 # include "curve448utils.h"
 
-int ED448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
-                 const uint8_t public_key[57], const uint8_t private_key[57],
-                 const uint8_t *context, size_t context_len, const char *propq);
+int
+ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
+                  const uint8_t public_key[57], const uint8_t private_key[57],
+                  const uint8_t *context, size_t context_len, const char *propq);
 
-int ED448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
-                   const uint8_t signature[114], const uint8_t public_key[57],
-                   const uint8_t *context, size_t context_len, const char *propq);
+int
+ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
+                    const uint8_t signature[114], const uint8_t public_key[57],
+                    const uint8_t *context, size_t context_len,
+                    const char *propq);
 
 #endif              /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */
diff --git a/crypto/ec/curve448/curve448_tables.c b/crypto/ec/curve448/curve448_tables.c
index ec8ffcc36b..fe0d373f84 100644
--- a/crypto/ec/curve448/curve448_tables.c
+++ b/crypto/ec/curve448/curve448_tables.c
@@ -1058,7 +1058,7 @@ static const curve448_precomputed_s curve448_precomputed_base_table = {
         }}
     }
 };
-const struct curve448_precomputed_s *curve448_precomputed_base
+const struct curve448_precomputed_s *ossl_curve448_precomputed_base
     = &curve448_precomputed_base_table;
 
 static const niels_t curve448_wnaf_base_table[32] = {
@@ -1480,4 +1480,4 @@ static const niels_t curve448_wnaf_base_table[32] = {
                        0x001979c0df237316ULL, 0x00501e953a919b87ULL)},
     }}
 };
-const niels_t *curve448_wnaf_base = curve448_wnaf_base_table;
+const niels_t *ossl_curve448_wnaf_base = curve448_wnaf_base_table;
diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h
index 3a1a9b46d6..fad21a0273 100644
--- a/crypto/ec/curve448/ed448.h
+++ b/crypto/ec/curve448/ed448.h
@@ -37,11 +37,12 @@
  * pubkey (out): The public key.
  * privkey (in): The private key.
  */
-c448_error_t c448_ed448_derive_public_key(
-                        OSSL_LIB_CTX *ctx,
-                        uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
-                        const uint8_t privkey [EDDSA_448_PRIVATE_BYTES],
-                        const char *propq);
+c448_error_t
+ossl_c448_ed448_derive_public_key(
+                              OSSL_LIB_CTX *ctx,
+                              uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
+                              const uint8_t privkey [EDDSA_448_PRIVATE_BYTES],
+                              const char *propq);
 
 /*
  * EdDSA signing.
@@ -60,15 +61,15 @@ c448_error_t c448_ed448_derive_public_key(
  * non-prehashed messages, at least without some very careful protocol-level
  * disambiguation.  For Ed448 it is safe.
  */
-c448_error_t c448_ed448_sign(
-                        OSSL_LIB_CTX *ctx,
-                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
-                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
-                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
-                        const uint8_t *message, size_t message_len,
-                        uint8_t prehashed, const uint8_t *context,
-                        size_t context_len,
-                        const char *propq);
+c448_error_t
+ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx,
+                     uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                     const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                     const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                     const uint8_t *message, size_t message_len,
+                     uint8_t prehashed, const uint8_t *context,
+                     size_t context_len,
+                     const char *propq);
 
 /*
  * EdDSA signing with prehash.
@@ -86,15 +87,15 @@ c448_error_t c448_ed448_sign(
  * non-prehashed messages, at least without some very careful protocol-level
  * disambiguation.  For Ed448 it is safe.
  */
-c448_error_t c448_ed448_sign_prehash(
-                        OSSL_LIB_CTX *ctx,
-                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
-                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
-                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
-                        const uint8_t hash[64],
-                        const uint8_t *context,
-                        size_t context_len,
-                        const char *propq);
+c448_error_t
+ossl_c448_ed448_sign_prehash(OSSL_LIB_CTX *ctx,
+                             uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                             const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                             const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                             const uint8_t hash[64],
+                             const uint8_t *context,
+                             size_t context_len,
+                             const char *propq);
 
 /*
  * EdDSA signature verification.
@@ -114,15 +115,16 @@ c448_error_t c448_ed448_sign_prehash(
  * non-prehashed messages, at least without some very careful protocol-level
  * disambiguation.  For Ed448 it is safe.
  */
-c448_error_t c448_ed448_verify(OSSL_LIB_CTX *ctx,
-                               const uint8_t
-                               signature[EDDSA_448_SIGNATURE_BYTES],
-                               const uint8_t
-                               pubkey[EDDSA_448_PUBLIC_BYTES],
-                               const uint8_t *message, size_t message_len,
-                               uint8_t prehashed, const uint8_t *context,
-                               uint8_t context_len,
-                               const char *propq);
+c448_error_t
+ossl_c448_ed448_verify(OSSL_LIB_CTX *ctx,
+                       const uint8_t
+                       signature[EDDSA_448_SIGNATURE_BYTES],
+                       const uint8_t
+                       pubkey[EDDSA_448_PUBLIC_BYTES],
+                       const uint8_t *message, size_t message_len,
+                       uint8_t prehashed, const uint8_t *context,
+                       uint8_t context_len,
+                       const char *propq);
 
 /*
  * EdDSA signature verification.
@@ -141,14 +143,15 @@ c448_error_t c448_ed448_verify(OSSL_LIB_CTX *ctx,
  * non-prehashed messages, at least without some very careful protocol-level
  * disambiguation.  For Ed448 it is safe.
  */
-c448_error_t c448_ed448_verify_prehash(
-                    OSSL_LIB_CTX *ctx,
-                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
-                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
-                    const uint8_t hash[64],
-                    const uint8_t *context,
-                    uint8_t context_len,
-                    const char *propq);
+c448_error_t
+ossl_c448_ed448_verify_prehash(
+                            OSSL_LIB_CTX *ctx,
+                            const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                            const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                            const uint8_t hash[64],
+                            const uint8_t *context,
+                            uint8_t context_len,
+                            const char *propq);
 
 /*
  * EdDSA point encoding.  Used internally, exposed externally.
@@ -173,7 +176,8 @@ c448_error_t c448_ed448_verify_prehash(
  * enc (out): The encoded point.
  * p (in): The point.
  */
-void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(
                                     uint8_t enc [EDDSA_448_PUBLIC_BYTES],
                                     const curve448_point_t p);
 
@@ -186,7 +190,8 @@ void curve448_point_mul_by_ratio_and_encode_like_eddsa(
  * enc (out): The encoded point.
  * p (in): The point.
  */
-c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+c448_error_t
+ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
                             curve448_point_t p,
                             const uint8_t enc[EDDSA_448_PUBLIC_BYTES]);
 
@@ -198,10 +203,11 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
  * x (out): The ECDH private key as in RFC7748
  * ed (in): The EdDSA private key
  */
-c448_error_t c448_ed448_convert_private_key_to_x448(
-                            OSSL_LIB_CTX *ctx,
-                            uint8_t x[X448_PRIVATE_BYTES],
-                            const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
-                            const char *propq);
+c448_error_t
+ossl_c448_ed448_convert_private_key_to_x448(
+                                    OSSL_LIB_CTX *ctx,
+                                    uint8_t x[X448_PRIVATE_BYTES],
+                                    const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
+                                    const char *propq);
 
 #endif                          /* OSSL_CRYPTO_EC_CURVE448_ED448_H */
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index d4c7f1562a..d04469989a 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -94,7 +94,8 @@ static c448_error_t hash_init_with_dom(OSSL_LIB_CTX *ctx, EVP_MD_CTX *hashctx,
 }
 
 /* In this file because it uses the hash */
-c448_error_t c448_ed448_convert_private_key_to_x448(
+c448_error_t
+ossl_c448_ed448_convert_private_key_to_x448(
                             OSSL_LIB_CTX *ctx,
                             uint8_t x[X448_PRIVATE_BYTES],
                             const uint8_t ed [EDDSA_448_PRIVATE_BYTES],
@@ -106,7 +107,8 @@ c448_error_t c448_ed448_convert_private_key_to_x448(
                         EDDSA_448_PRIVATE_BYTES, propq);
 }
 
-c448_error_t c448_ed448_derive_public_key(
+c448_error_t
+ossl_c448_ed448_derive_public_key(
                         OSSL_LIB_CTX *ctx,
                         uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
                         const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
@@ -126,8 +128,8 @@ c448_error_t c448_ed448_derive_public_key(
 
     clamp(secret_scalar_ser);
 
-    curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
-                                sizeof(secret_scalar_ser));
+    ossl_curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
+                                     sizeof(secret_scalar_ser));
 
     /*
      * Since we are going to mul_by_cofactor during encoding, divide by it
@@ -138,28 +140,29 @@ c448_error_t c448_ed448_derive_public_key(
      * we might start at 2 instead of 1.
      */
     for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
-        curve448_scalar_halve(secret_scalar, secret_scalar);
+        ossl_curve448_scalar_halve(secret_scalar, secret_scalar);
 
-    curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar);
+    ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+                                        secret_scalar);
 
-    curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
+    ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
 
     /* Cleanup */
-    curve448_scalar_destroy(secret_scalar);
-    curve448_point_destroy(p);
+    ossl_curve448_scalar_destroy(secret_scalar);
+    ossl_curve448_point_destroy(p);
     OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser));
 
     return C448_SUCCESS;
 }
 
-c448_error_t c448_ed448_sign(
-                        OSSL_LIB_CTX *ctx,
-                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
-                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
-                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
-                        const uint8_t *message, size_t message_len,
-                        uint8_t prehashed, const uint8_t *context,
-                        size_t context_len, const char *propq)
+c448_error_t
+ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx,
+                     uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                     const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                     const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                     const uint8_t *message, size_t message_len,
+                     uint8_t prehashed, const uint8_t *context,
+                     size_t context_len, const char *propq)
 {
     curve448_scalar_t secret_scalar;
     EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
@@ -183,8 +186,8 @@ c448_error_t c448_ed448_sign(
                           EDDSA_448_PRIVATE_BYTES, propq))
             goto err;
         clamp(expanded);
-        curve448_scalar_decode_long(secret_scalar, expanded,
-                                    EDDSA_448_PRIVATE_BYTES);
+        ossl_curve448_scalar_decode_long(secret_scalar, expanded,
+                                         EDDSA_448_PRIVATE_BYTES);
 
         /* Hash to create the nonce */
         if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
@@ -205,7 +208,7 @@ c448_error_t c448_ed448_sign(
 
         if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce)))
             goto err;
-        curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
+        ossl_curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
         OPENSSL_cleanse(nonce, sizeof(nonce));
     }
 
@@ -214,15 +217,15 @@ c448_error_t c448_ed448_sign(
         curve448_scalar_t nonce_scalar_2;
         curve448_point_t p;
 
-        curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
+        ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
         for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
-            curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
+            ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
 
-        curve448_precomputed_scalarmul(p, curve448_precomputed_base,
-                                       nonce_scalar_2);
-        curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
-        curve448_point_destroy(p);
-        curve448_scalar_destroy(nonce_scalar_2);
+        ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+                                            nonce_scalar_2);
+        ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
+        ossl_curve448_point_destroy(p);
+        ossl_curve448_scalar_destroy(nonce_scalar_2);
     }
 
     {
@@ -237,22 +240,22 @@ c448_error_t c448_ed448_sign(
                 || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
             goto err;
 
-        curve448_scalar_decode_long(challenge_scalar, challenge,
-                                    sizeof(challenge));
+        ossl_curve448_scalar_decode_long(challenge_scalar, challenge,
+                                         sizeof(challenge));
         OPENSSL_cleanse(challenge, sizeof(challenge));
     }
 
-    curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
-    curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
+    ossl_curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
+    ossl_curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
 
     OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES);
     memcpy(signature, nonce_point, sizeof(nonce_point));
-    curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
-                           challenge_scalar);
+    ossl_curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
+                                challenge_scalar);
 
-    curve448_scalar_destroy(secret_scalar);
-    curve448_scalar_destroy(nonce_scalar);
-    curve448_scalar_destroy(challenge_scalar);
+    ossl_curve448_scalar_destroy(secret_scalar);
+    ossl_curve448_scalar_destroy(nonce_scalar);
+    ossl_curve448_scalar_destroy(challenge_scalar);
 
     ret = C448_SUCCESS;
  err:
@@ -260,7 +263,8 @@ c448_error_t c448_ed448_sign(
     return ret;
 }
 
-c448_error_t c448_ed448_sign_prehash(
+c448_error_t
+ossl_c448_ed448_sign_prehash(
                         OSSL_LIB_CTX *ctx,
                         uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
                         const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
@@ -268,11 +272,12 @@ c448_error_t c448_ed448_sign_prehash(
                         const uint8_t hash[64], const uint8_t *context,
                         size_t context_len, const char *propq)
 {
-    return c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
-                           context, context_len, propq);
+    return ossl_c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
+                                context, context_len, propq);
 }
 
-c448_error_t c448_ed448_verify(
+c448_error_t
+ossl_c448_ed448_verify(
                     OSSL_LIB_CTX *ctx,
                     const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
                     const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@@ -310,13 +315,13 @@ c448_error_t c448_ed448_verify(
         return C448_FAILURE;
 
     error =
-        curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
+        ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
 
     if (C448_SUCCESS != error)
         return error;
 
     error =
-        curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
+        ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
     if (C448_SUCCESS != error)
         return error;
 
@@ -337,74 +342,82 @@ c448_error_t c448_ed448_verify(
         }
 
         EVP_MD_CTX_free(hashctx);
-        curve448_scalar_decode_long(challenge_scalar, challenge,
-                                    sizeof(challenge));
+        ossl_curve448_scalar_decode_long(challenge_scalar, challenge,
+                                         sizeof(challenge));
         OPENSSL_cleanse(challenge, sizeof(challenge));
     }
-    curve448_scalar_sub(challenge_scalar, curve448_scalar_zero,
-                        challenge_scalar);
+    ossl_curve448_scalar_sub(challenge_scalar, ossl_curve448_scalar_zero,
+                             challenge_scalar);
 
-    curve448_scalar_decode_long(response_scalar,
-                                &signature[EDDSA_448_PUBLIC_BYTES],
-                                EDDSA_448_PRIVATE_BYTES);
+    ossl_curve448_scalar_decode_long(response_scalar,
+                                     &signature[EDDSA_448_PUBLIC_BYTES],
+                                     EDDSA_448_PRIVATE_BYTES);
 
     /* pk_point = -c(x(P)) + (cx + k)G = kG */
-    curve448_base_double_scalarmul_non_secret(pk_point,
-                                              response_scalar,
-                                              pk_point, challenge_scalar);
-    return c448_succeed_if(curve448_point_eq(pk_point, r_point));
+    ossl_curve448_base_double_scalarmul_non_secret(pk_point,
+                                                   response_scalar,
+                                                   pk_point, challenge_scalar);
+    return c448_succeed_if(ossl_curve448_point_eq(pk_point, r_point));
 }
 
-c448_error_t c448_ed448_verify_prehash(
+c448_error_t
+ossl_c448_ed448_verify_prehash(
                     OSSL_LIB_CTX *ctx,
                     const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
                     const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
                     const uint8_t hash[64], const uint8_t *context,
                     uint8_t context_len, const char *propq)
 {
-    return c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
-                             context_len, propq);
+    return ossl_c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
+                                  context_len, propq);
 }
 
-int ED448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
-               size_t message_len, const uint8_t public_key[57],
-               const uint8_t private_key[57], const uint8_t *context,
-               size_t context_len, const char *propq)
+int
+ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
+                size_t message_len, const uint8_t public_key[57],
+                const uint8_t private_key[57], const uint8_t *context,
+                size_t context_len, const char *propq)
 {
-    return c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
-                           message_len, 0, context, context_len,propq)
-        == C448_SUCCESS;
+    return ossl_c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
+                                message_len, 0, context, context_len,
+                                propq) == C448_SUCCESS;
 }
 
-int ED448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
-                 const uint8_t signature[114], const uint8_t public_key[57],
-                 const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
+                  const uint8_t signature[114], const uint8_t public_key[57],
+                  const uint8_t *context, size_t context_len, const char *propq)
 {
-    return c448_ed448_verify(ctx, signature, public_key, message, message_len,
-                             0, context, (uint8_t)context_len,
-                             propq) == C448_SUCCESS;
+    return ossl_c448_ed448_verify(ctx, signature, public_key, message,
+                                  message_len, 0, context, (uint8_t)context_len,
+                                  propq) == C448_SUCCESS;
 }
 
-int ED448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
-                 const uint8_t public_key[57], const uint8_t private_key[57],
-                 const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
+                  const uint8_t public_key[57], const uint8_t private_key[57],
+                  const uint8_t *context, size_t context_len, const char *propq)
 {
-    return c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, hash,
-                                   context, context_len, propq) == C448_SUCCESS;
-
+    return ossl_c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key,
+                                        hash, context, context_len,
+                                        propq) == C448_SUCCESS;
 }
 
-int ED448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
-                   const uint8_t signature[114], const uint8_t public_key[57],
-                   const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
+                    const uint8_t signature[114], const uint8_t public_key[57],
+                    const uint8_t *context, size_t context_len,
+                    const char *propq)
 {
-    return c448_ed448_verify_prehash(ctx, signature, public_key, hash, context,
-                                     (uint8_t)context_len, propq) == C448_SUCCESS;
+    return ossl_c448_ed448_verify_prehash(ctx, signature, public_key, hash,
+                                          context, (uint8_t)context_len,
+                                          propq) == C448_SUCCESS;
 }
 
-int ED448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
-                              const uint8_t private_key[57], const char *propq)
+int
+ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
+                               const uint8_t private_key[57], const char *propq)
 {
-    return c448_ed448_derive_public_key(ctx, out_public_key, private_key, propq)
-        == C448_SUCCESS;
+    return ossl_c448_ed448_derive_public_key(ctx, out_public_key, private_key,
+                                             propq) == C448_SUCCESS;
 }
diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h
index 9f09aea13f..c48872c873 100644
--- a/crypto/ec/curve448/point_448.h
+++ b/crypto/ec/curve448/point_448.h
@@ -69,17 +69,17 @@ typedef struct curve448_scalar_s {
 } curve448_scalar_t[1];
 
 /* A scalar equal to 1. */
-extern const curve448_scalar_t curve448_scalar_one;
+extern const curve448_scalar_t ossl_curve448_scalar_one;
 
 /* A scalar equal to 0. */
-extern const curve448_scalar_t curve448_scalar_zero;
+extern const curve448_scalar_t ossl_curve448_scalar_zero;
 
 /* The identity point on the curve. */
-extern const curve448_point_t curve448_point_identity;
+extern const curve448_point_t ossl_curve448_point_identity;
 
 /* Precomputed table for the base point on the curve. */
-extern const struct curve448_precomputed_s *curve448_precomputed_base;
-extern const niels_t *curve448_wnaf_base;
+extern const struct curve448_precomputed_s *ossl_curve448_precomputed_base;
+extern const niels_t *ossl_curve448_wnaf_base;
 
 /*
  * Read a scalar from wire format or from bytes.
@@ -92,8 +92,9 @@ extern const niels_t *curve448_wnaf_base;
  * C448_FAILURE: The scalar was greater than the modulus, and has been reduced
  * modulo that modulus.
  */
-c448_error_t curve448_scalar_decode(curve448_scalar_t out,
-                                    const unsigned char ser[C448_SCALAR_BYTES]);
+c448_error_t
+ossl_curve448_scalar_decode(curve448_scalar_t out,
+                            const unsigned char ser[C448_SCALAR_BYTES]);
 
 /*
  * Read a scalar from wire format or from bytes.  Reduces mod scalar prime.
@@ -102,7 +103,8 @@ c448_error_t curve448_scalar_decode(curve448_scalar_t out,
  * ser_len (in): Length of serialized form.
  * out (out): Deserialized form.
  */
-void curve448_scalar_decode_long(curve448_scalar_t out,
+void
+ossl_curve448_scalar_decode_long(curve448_scalar_t out,
                                  const unsigned char *ser, size_t ser_len);
 
 /*
@@ -111,7 +113,8 @@ void curve448_scalar_decode_long(curve448_scalar_t out,
  * ser (out): Serialized form of a scalar.
  * s (in): Deserialized scalar.
  */
-void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+void
+ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
                             const curve448_scalar_t s);
 
 /*
@@ -121,7 +124,8 @@ void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
  * b (in): Another scalar.
  * out (out): a+b.
  */
-void curve448_scalar_add(curve448_scalar_t out,
+void
+ossl_curve448_scalar_add(curve448_scalar_t out,
                          const curve448_scalar_t a, const curve448_scalar_t b);
 
 /*
@@ -130,7 +134,8 @@ void curve448_scalar_add(curve448_scalar_t out,
  * b (in): Another scalar.
  * out (out): a-b.
  */
-void curve448_scalar_sub(curve448_scalar_t out,
+void
+ossl_curve448_scalar_sub(curve448_scalar_t out,
                          const curve448_scalar_t a, const curve448_scalar_t b);
 
 /*
@@ -140,7 +145,8 @@ void curve448_scalar_sub(curve448_scalar_t out,
  * b (in): Another scalar.
  * out (out): a*b.
  */
-void curve448_scalar_mul(curve448_scalar_t out,
+void
+ossl_curve448_scalar_mul(curve448_scalar_t out,
                          const curve448_scalar_t a, const curve448_scalar_t b);
 
 /*
@@ -149,7 +155,8 @@ void curve448_scalar_mul(curve448_scalar_t out,
 * a (in): A scalar.
 * out (out): a/2.
 */
-void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
+void
+ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
 
 /*
  * Copy a scalar.  The scalars may alias each other, in which case this
@@ -188,8 +195,9 @@ static ossl_inline void curve448_point_copy(curve448_point_t a,
  * C448_TRUE: The points are equal.
  * C448_FALSE: The points are not equal.
  */
-__owur c448_bool_t curve448_point_eq(const curve448_point_t a,
-                                     const curve448_point_t b);
+__owur c448_bool_t
+ossl_curve448_point_eq(const curve448_point_t a,
+                       const curve448_point_t b);
 
 /*
  * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially
@@ -198,7 +206,8 @@ __owur c448_bool_t curve448_point_eq(const curve448_point_t a,
  * two_a (out): The sum a+a.
  * a (in): A point.
  */
-void curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
+void
+ossl_curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
 
 /*
  * RFC 7748 Diffie-Hellman scalarmul.  This function uses a different
@@ -213,9 +222,10 @@ void curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
  * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a
  * small subgroup.
  */
-__owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES],
-                             const uint8_t base[X448_PUBLIC_BYTES],
-                             const uint8_t scalar[X448_PRIVATE_BYTES]);
+__owur c448_error_t
+ossl_x448_int(uint8_t out[X448_PUBLIC_BYTES],
+              const uint8_t base[X448_PUBLIC_BYTES],
+              const uint8_t scalar[X448_PRIVATE_BYTES]);
 
 /*
  * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748.
@@ -236,7 +246,8 @@ __owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES],
  * out (out): The scaled and encoded point.
  * p (in): The point to be scaled and encoded.
  */
-void curve448_point_mul_by_ratio_and_encode_like_x448(
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_x448(
                                         uint8_t out[X448_PUBLIC_BYTES],
                                         const curve448_point_t p);
 
@@ -247,7 +258,8 @@ void curve448_point_mul_by_ratio_and_encode_like_x448(
  * out (out): The scaled point base*scalar
  * scalar (in): The scalar to multiply by.
  */
-void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
+void
+ossl_x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
                             const uint8_t scalar[X448_PRIVATE_BYTES]);
 
 /*
@@ -257,7 +269,8 @@ void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
  * base (in): The point to be scaled.
  * scalar (in): The scalar to multiply by.
  */
-void curve448_precomputed_scalarmul(curve448_point_t scaled,
+void
+ossl_curve448_precomputed_scalarmul(curve448_point_t scaled,
                                     const curve448_precomputed_s * base,
                                     const curve448_scalar_t scalar);
 
@@ -276,7 +289,8 @@ void curve448_precomputed_scalarmul(curve448_point_t scaled,
  * Warning: This function takes variable time, and may leak the scalars used.
  * It is designed for signature verification.
  */
-void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+void
+ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
                                                const curve448_scalar_t scalar1,
                                                const curve448_point_t base2,
                                                const curve448_scalar_t scalar2);
@@ -290,12 +304,13 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
  * C448_TRUE The point is valid.
  * C448_FALSE The point is invalid.
  */
-__owur c448_bool_t curve448_point_valid(const curve448_point_t to_test);
+__owur c448_bool_t
+ossl_curve448_point_valid(const curve448_point_t to_test);
 
 /* Overwrite scalar with zeros. */
-void curve448_scalar_destroy(curve448_scalar_t scalar);
+void ossl_curve448_scalar_destroy(curve448_scalar_t scalar);
 
 /* Overwrite point with zeros. */
-void curve448_point_destroy(curve448_point_t point);
+void ossl_curve448_point_destroy(curve448_point_t point);
 
 #endif                          /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */
diff --git a/crypto/ec/curve448/scalar.c b/crypto/ec/curve448/scalar.c
index 2923859e5a..fe2bb5b01b 100644
--- a/crypto/ec/curve448/scalar.c
+++ b/crypto/ec/curve448/scalar.c
@@ -38,8 +38,8 @@ static const curve448_scalar_t sc_p = {
 
 #define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
 
-const curve448_scalar_t curve448_scalar_one = {{{1}}};
-const curve448_scalar_t curve448_scalar_zero = {{{0}}};
+const curve448_scalar_t ossl_curve448_scalar_one = {{{1}}};
+const curve448_scalar_t ossl_curve448_scalar_zero = {{{0}}};
 
 /*
  * {extra,accum} - sub +? p
@@ -106,20 +106,22 @@ static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a,
     sc_subx(out, accum, sc_p, sc_p, hi_carry);
 }
 
-void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,
-                         const curve448_scalar_t b)
+void ossl_curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,
+                              const curve448_scalar_t b)
 {
     sc_montmul(out, a, b);
     sc_montmul(out, out, sc_r2);
 }
 
-void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a,
+void
+ossl_curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a,
                          const curve448_scalar_t b)
 {
     sc_subx(out, a->limb, b, sc_p, 0);
 }
 
-void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a,
+void
+ossl_curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a,
                          const curve448_scalar_t b)
 {
     c448_dword_t chain = 0;
@@ -148,9 +150,9 @@ static ossl_inline void scalar_decode_short(curve448_scalar_t s,
     }
 }
 
-c448_error_t curve448_scalar_decode(
-                                curve448_scalar_t s,
-                                const unsigned char ser[C448_SCALAR_BYTES])
+c448_error_t
+ossl_curve448_scalar_decode(curve448_scalar_t s,
+                            const unsigned char ser[C448_SCALAR_BYTES])
 {
     unsigned int i;
     c448_dsword_t accum = 0;
@@ -160,24 +162,25 @@ c448_error_t curve448_scalar_decode(
         accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS;
     /* Here accum == 0 or -1 */
 
-    curve448_scalar_mul(s, s, curve448_scalar_one); /* ham-handed reduce */
+    ossl_curve448_scalar_mul(s, s, ossl_curve448_scalar_one); /* ham-handed reduce */
 
     return c448_succeed_if(~word_is_zero((uint32_t)accum));
 }
 
-void curve448_scalar_destroy(curve448_scalar_t scalar)
+void ossl_curve448_scalar_destroy(curve448_scalar_t scalar)
 {
     OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t));
 }
 
-void curve448_scalar_decode_long(curve448_scalar_t s,
+void
+ossl_curve448_scalar_decode_long(curve448_scalar_t s,
                                  const unsigned char *ser, size_t ser_len)
 {
     size_t i;
     curve448_scalar_t t1, t2;
 
     if (ser_len == 0) {
-        curve448_scalar_copy(s, curve448_scalar_zero);
+        curve448_scalar_copy(s, ossl_curve448_scalar_zero);
         return;
     }
 
@@ -190,24 +193,25 @@ void curve448_scalar_decode_long(curve448_scalar_t s,
     if (ser_len == sizeof(curve448_scalar_t)) {
         assert(i == 0);
         /* ham-handed reduce */
-        curve448_scalar_mul(s, t1, curve448_scalar_one);
-        curve448_scalar_destroy(t1);
+        ossl_curve448_scalar_mul(s, t1, ossl_curve448_scalar_one);
+        ossl_curve448_scalar_destroy(t1);
         return;
     }
 
     while (i) {
         i -= C448_SCALAR_BYTES;
         sc_montmul(t1, t1, sc_r2);
-        (void)curve448_scalar_decode(t2, ser + i);
-        curve448_scalar_add(t1, t1, t2);
+        (void)ossl_curve448_scalar_decode(t2, ser + i);
+        ossl_curve448_scalar_add(t1, t1, t2);
     }
 
     curve448_scalar_copy(s, t1);
-    curve448_scalar_destroy(t1);
-    curve448_scalar_destroy(t2);
+    ossl_curve448_scalar_destroy(t1);
+    ossl_curve448_scalar_destroy(t2);
 }
 
-void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+void
+ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
                             const curve448_scalar_t s)
 {
     unsigned int i, j, k = 0;
@@ -218,7 +222,8 @@ void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
     }
 }
 
-void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a)
+void
+ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a)
 {
     c448_word_t mask = 0 - (a->limb[0] & 1);
     c448_dword_t chain = 0;
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 694fcb3789..d447fa4d1c 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -158,7 +158,7 @@ static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
     OSSL_LIB_CTX *libctx = NULL;
     const char *propq = NULL;
 
-    if (!X509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)
+    if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)
         || !X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
         return 0;
     X509_ALGOR_get0(NULL, &ptype, &pval, palg);
@@ -708,7 +708,7 @@ static int ec_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
     return 1;
 }
 
-const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_eckey_asn1_meth = {
     EVP_PKEY_EC,
     EVP_PKEY_EC,
     0,
@@ -759,7 +759,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
 };
 
 #if !defined(OPENSSL_NO_SM2)
-const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_sm2_asn1_meth = {
    EVP_PKEY_SM2,
    EVP_PKEY_EC,
    ASN1_PKEY_ALIAS
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 03c65ee403..ed30d1b3a9 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1245,7 +1245,7 @@ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **ppout)
             return -1;
     }
 
-    if (!encode_der_dsa_sig(&pkt, sig->r, sig->s)
+    if (!ossl_encode_der_dsa_sig(&pkt, sig->r, sig->s)
             || !WPACKET_get_total_written(&pkt, &encoded_len)
             || !WPACKET_finish(&pkt)) {
         BUF_MEM_free(buf);
diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c
index 3058cba913..17dd507c35 100644
--- a/crypto/ec/ecx_backend.c
+++ b/crypto/ec/ecx_backend.c
@@ -24,21 +24,21 @@ int ossl_ecx_public_from_private(ECX_KEY *key)
 {
     switch (key->type) {
     case ECX_KEY_TYPE_X25519:
-        X25519_public_from_private(key->pubkey, key->privkey);
+        ossl_x25519_public_from_private(key->pubkey, key->privkey);
         break;
     case ECX_KEY_TYPE_ED25519:
-        if (!ED25519_public_from_private(key->libctx, key->pubkey, key->privkey,
-                                         key->propq)) {
+        if (!ossl_ed25519_public_from_private(key->libctx, key->pubkey,
+                                              key->privkey, key->propq)) {
             ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY);
             return 0;
         }
         break;
     case ECX_KEY_TYPE_X448:
-        X448_public_from_private(key->pubkey, key->privkey);
+        ossl_x448_public_from_private(key->pubkey, key->privkey);
         break;
     case ECX_KEY_TYPE_ED448:
-        if (!ED448_public_from_private(key->libctx, key->pubkey, key->privkey,
-                                       key->propq)) {
+        if (!ossl_ed448_public_from_private(key->libctx, key->pubkey,
+                                            key->privkey, key->propq)) {
             ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY);
             return 0;
         }
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 9a812c875b..68f943fc82 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -469,7 +469,7 @@ static int x25519_import_from(const OSSL_PARAM params[], void *vpctx)
     return ecx_generic_import_from(params, vpctx, EVP_PKEY_X25519);
 }
 
-const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_ecx25519_asn1_meth = {
     EVP_PKEY_X25519,
     EVP_PKEY_X25519,
     0,
@@ -522,7 +522,7 @@ static int x448_import_from(const OSSL_PARAM params[], void *vpctx)
     return ecx_generic_import_from(params, vpctx, EVP_PKEY_X448);
 }
 
-const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_ecx448_asn1_meth = {
     EVP_PKEY_X448,
     EVP_PKEY_X448,
     0,
@@ -649,7 +649,7 @@ static int ed25519_import_from(const OSSL_PARAM params[], void *vpctx)
     return ecx_generic_import_from(params, vpctx, EVP_PKEY_ED25519);
 }
 
-const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_ed25519_asn1_meth = {
     EVP_PKEY_ED25519,
     EVP_PKEY_ED25519,
     0,
@@ -701,7 +701,7 @@ static int ed448_import_from(const OSSL_PARAM params[], void *vpctx)
     return ecx_generic_import_from(params, vpctx, EVP_PKEY_ED448);
 }
 
-const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_ed448_asn1_meth = {
     EVP_PKEY_ED448,
     EVP_PKEY_ED448,
     0,
@@ -788,7 +788,7 @@ static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key,
 
     if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
             || (key != NULL
-                && X25519(key, privkey, pubkey) == 0))
+                && ossl_x25519(key, privkey, pubkey) == 0))
         return 0;
     *keylen = X25519_KEYLEN;
     return 1;
@@ -801,7 +801,7 @@ static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key,
 
     if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
             || (key != NULL
-                && X448(key, privkey, pubkey) == 0))
+                && ossl_x448(key, privkey, pubkey) == 0))
         return 0;
     *keylen = X448_KEYLEN;
     return 1;
@@ -850,8 +850,8 @@ static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
         return 0;
     }
 
-    if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
-                     NULL) == 0)
+    if (ossl_ed25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
+                          NULL) == 0)
         return 0;
     *siglen = ED25519_SIGSIZE;
     return 1;
@@ -872,8 +872,8 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
         return 0;
     }
 
-    if (ED448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey, edkey->privkey,
-                   NULL, 0, edkey->propq) == 0)
+    if (ossl_ed448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey,
+                        edkey->privkey, NULL, 0, edkey->propq) == 0)
         return 0;
     *siglen = ED448_SIGSIZE;
     return 1;
@@ -888,8 +888,8 @@ static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
     if (siglen != ED25519_SIGSIZE)
         return 0;
 
-    return ED25519_verify(tbs, tbslen, sig, edkey->pubkey,
-                          edkey->libctx, edkey->propq);
+    return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey,
+                               edkey->libctx, edkey->propq);
 }
 
 static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
@@ -901,8 +901,8 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
     if (siglen != ED448_SIGSIZE)
         return 0;
 
-    return ED448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey, NULL, 0,
-                        edkey->propq);
+    return ossl_ed448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey,
+                             NULL, 0, edkey->propq);
 }
 
 static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 23836b844b..046bfcfe16 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -309,7 +309,7 @@ void ERR_clear_error(void)
     int i;
     ERR_STATE *es;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return;
 
@@ -423,7 +423,7 @@ static unsigned long get_error_values(ERR_GET_ACTION g,
     ERR_STATE *es;
     unsigned long ret;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return 0;
 
@@ -633,7 +633,7 @@ DEFINE_RUN_ONCE_STATIC(err_do_init)
     return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
 }
 
-ERR_STATE *err_get_state_int(void)
+ERR_STATE *ossl_err_get_state_int(void)
 {
     ERR_STATE *state;
     int saveerrno = get_last_sys_error();
@@ -675,7 +675,7 @@ ERR_STATE *err_get_state_int(void)
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 ERR_STATE *ERR_get_state(void)
 {
-    return err_get_state_int();
+    return ossl_err_get_state_int();
 }
 #endif
 
@@ -743,7 +743,7 @@ static int err_set_error_data_int(char *data, size_t size, int flags,
 {
     ERR_STATE *es;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return 0;
 
@@ -788,7 +788,7 @@ void ERR_add_error_vdata(int num, va_list args)
     ERR_STATE *es;
 
     /* Get the current error data; if an allocated string get it. */
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return;
     i = es->top;
@@ -843,7 +843,7 @@ int ERR_set_mark(void)
 {
     ERR_STATE *es;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return 0;
 
@@ -857,7 +857,7 @@ int ERR_pop_to_mark(void)
 {
     ERR_STATE *es;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return 0;
 
@@ -878,7 +878,7 @@ int ERR_clear_last_mark(void)
     ERR_STATE *es;
     int top;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return 0;
 
@@ -899,7 +899,7 @@ void err_clear_last_constant_time(int clear)
     ERR_STATE *es;
     int top;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return;
 
diff --git a/crypto/err/err_blocks.c b/crypto/err/err_blocks.c
index 20888e9576..0a2458f801 100644
--- a/crypto/err/err_blocks.c
+++ b/crypto/err/err_blocks.c
@@ -18,7 +18,7 @@ void ERR_new(void)
 {
     ERR_STATE *es;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return;
 
@@ -31,7 +31,7 @@ void ERR_set_debug(const char *file, int line, const char *func)
 {
     ERR_STATE *es;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return;
 
@@ -55,7 +55,7 @@ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
     unsigned long flags = 0;
     size_t i;
 
-    es = err_get_state_int();
+    es = ossl_err_get_state_int();
     if (es == NULL)
         return;
     i = es->top;
diff --git a/crypto/err/err_local.h b/crypto/err/err_local.h
index 3de74b5c0d..678f92dc04 100644
--- a/crypto/err/err_local.h
+++ b/crypto/err/err_local.h
@@ -86,6 +86,6 @@ static ossl_inline void err_clear(ERR_STATE *es, size_t i, int deall)
     es->err_func[i] = NULL;
 }
 
-ERR_STATE *err_get_state_int(void);
+ERR_STATE *ossl_err_get_state_int(void);
 void ossl_err_string_int(unsigned long e, const char *func,
                          char *buf, size_t len);
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
index 4a82a8880b..3ba86b3d9b 100644
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -34,8 +34,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
         if ((flags & ERR_TXT_STRING) == 0)
             data = "";
 
-        hex = openssl_buf2hexstr_sep((const unsigned char *)&tid, sizeof(tid),
-                                     '\0');
+        hex = ossl_buf2hexstr_sep((const unsigned char *)&tid, sizeof(tid), '\0');
         BIO_snprintf(buf, sizeof(buf), "%s:", hex == NULL ? "<null>" : hex);
         offset = strlen(buf);
         ossl_err_string_int(l, func, buf + offset, sizeof(buf) - offset);
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index ec1de943e4..ebc76cb79c 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -57,7 +57,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
     unsigned char cert_sha1[SHA_DIGEST_LENGTH];
 
     /* Call for side-effect of computing hash and caching extensions */
-    if (!x509v3_cache_extensions(cert))
+    if (!ossl_x509v3_cache_extensions(cert))
         return NULL;
 
     if ((cid = ESS_CERT_ID_new()) == NULL)
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index d812b2ade8..05c1ee787c 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -3567,7 +3567,7 @@ static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     /* If not padding input must be multiple of 8 */
     if (!pad && inlen & 0x7)
         return -1;
-    if (is_partially_overlapping(out, in, inlen)) {
+    if (ossl_is_partially_overlapping(out, in, inlen)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
         return 0;
     }
@@ -3871,7 +3871,7 @@ static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             buf = octx->data_buf;
             buf_len = &(octx->data_buf_len);
 
-            if (is_partially_overlapping(out + *buf_len, in, len)) {
+            if (ossl_is_partially_overlapping(out + *buf_len, in, len)) {
                 ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
                 return 0;
             }
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index 7f937d98d8..f3a68eb09d 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -63,10 +63,10 @@ static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     int mode = EVP_CIPHER_CTX_mode(ctx);
 
     if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
-        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
                                         EVP_CIPHER_CTX_get_cipher_data(ctx));
     else
-        ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = ossl_aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
                                         EVP_CIPHER_CTX_get_cipher_data(ctx));
     if (ret < 0) {
         ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED);
@@ -82,10 +82,10 @@ static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out,
 
     if (enc)
         CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
-                              (block128_f) aria_encrypt);
+                              (block128_f) ossl_aria_encrypt);
     else
         CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
-                              (block128_f) aria_encrypt);
+                              (block128_f) ossl_aria_encrypt);
 }
 
 static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out,
@@ -94,7 +94,7 @@ static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 {
 
     CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
-                          (block128_f) aria_encrypt);
+                          (block128_f) ossl_aria_encrypt);
 }
 
 static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out,
@@ -102,7 +102,7 @@ static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out,
                               unsigned char *ivec, int *num, const int enc)
 {
     CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) aria_encrypt);
+                            (block128_f) ossl_aria_encrypt);
 }
 
 static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out,
@@ -110,13 +110,13 @@ static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out,
                               unsigned char *ivec, int *num, const int enc)
 {
     CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) aria_encrypt);
+                            (block128_f) ossl_aria_encrypt);
 }
 
 static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out,
                              const ARIA_KEY *key, const int enc)
 {
-    aria_encrypt(in, out, key);
+    ossl_aria_encrypt(in, out, key);
 }
 
 static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out,
@@ -124,7 +124,7 @@ static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                              unsigned char *ivec, int *num)
 {
     CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
-                         (block128_f) aria_encrypt);
+                         (block128_f) ossl_aria_encrypt);
 }
 
 IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY,
@@ -175,7 +175,7 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
     CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
                           EVP_CIPHER_CTX_buf_noconst(ctx), &num,
-                          (block128_f) aria_encrypt);
+                          (block128_f) ossl_aria_encrypt);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -211,10 +211,10 @@ static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     if (!iv && !key)
         return 1;
     if (key) {
-        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
-                                   &gctx->ks.ks);
+        ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &gctx->ks.ks);
         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
-                           (block128_f) aria_encrypt);
+                           (block128_f) ossl_aria_encrypt);
         if (ret < 0) {
             ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED);
             return 0;
@@ -508,10 +508,10 @@ static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         return 1;
 
     if (key) {
-        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
-                                   &cctx->ks.ks);
+        ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &cctx->ks.ks);
         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-                           &cctx->ks, (block128_f) aria_encrypt);
+                           &cctx->ks, (block128_f) ossl_aria_encrypt);
         if (ret < 0) {
             ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED);
             return 0;
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 9d143d3bd5..f85d520eb6 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -397,7 +397,7 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (inl >= EVP_MAXCHUNK || inl % 8)
         return -1;
 
-    if (is_partially_overlapping(out, in, inl)) {
+    if (ossl_is_partially_overlapping(out, in, inl)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
         return 0;
     }
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
index 5a164eff75..4e6c1cdceb 100644
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
@@ -24,7 +24,7 @@ typedef struct {
 static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         const unsigned char *iv, int enc)
 {
-    SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
+    ossl_sm4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
     return 1;
 }
 
@@ -34,10 +34,10 @@ static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out,
 {
     if (enc)
         CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
-                              (block128_f)SM4_encrypt);
+                              (block128_f)ossl_sm4_encrypt);
     else
         CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
-                              (block128_f)SM4_decrypt);
+                              (block128_f)ossl_sm4_decrypt);
 }
 
 static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out,
@@ -45,16 +45,16 @@ static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out,
                                unsigned char *ivec, int *num, const int enc)
 {
     CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
-                          (block128_f)SM4_encrypt);
+                          (block128_f)ossl_sm4_encrypt);
 }
 
 static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out,
                             const SM4_KEY *key, const int enc)
 {
     if (enc)
-        SM4_encrypt(in, out, key);
+        ossl_sm4_encrypt(in, out, key);
     else
-        SM4_decrypt(in, out, key);
+        ossl_sm4_decrypt(in, out, key);
 }
 
 static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out,
@@ -62,7 +62,7 @@ static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                                unsigned char *ivec, int *num)
 {
     CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
-                          (block128_f)SM4_encrypt);
+                          (block128_f)ossl_sm4_encrypt);
 }
 
 IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4,
@@ -77,7 +77,7 @@ static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
     CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
                           EVP_CIPHER_CTX_buf_noconst(ctx), &num,
-                          (block128_f)SM4_encrypt);
+                          (block128_f)ossl_sm4_encrypt);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index eb174c2d9f..c3d2b97594 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -476,7 +476,7 @@ int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 # define PTRDIFF_T size_t
 #endif
 
-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
+int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
 {
     PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
     /*
@@ -503,7 +503,7 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
 
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
         /* If block size > 1 then the cipher will have to do this check */
-        if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
+        if (bl == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
             return 0;
         }
@@ -520,7 +520,7 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
         *outl = 0;
         return inl == 0;
     }
-    if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
+    if (ossl_is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
         return 0;
     }
@@ -785,7 +785,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         cmpl = (cmpl + 7) / 8;
 
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
-        if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
+        if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
             return 0;
         }
@@ -812,7 +812,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     if (ctx->final_used) {
         /* see comment about PTRDIFF_T comparison above */
         if (((PTRDIFF_T)out == (PTRDIFF_T)in)
-            || is_partially_overlapping(out, in, b)) {
+            || ossl_is_partially_overlapping(out, in, b)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING);
             return 0;
         }
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index dd3173ddd5..48bf99d1f5 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -243,10 +243,10 @@ int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
     if (type == NULL || asn1_params == NULL)
         return 0;
 
-    i = asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
+    i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
     if (i <= 0)
         return -1;
-    asn1_type_get_octetstring_int(type, &tl, iv, i);
+    ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
 
     memcpy(asn1_params->iv, iv, i);
     asn1_params->iv_len = i;
@@ -260,8 +260,9 @@ int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
     if (type == NULL || asn1_params == NULL)
         return 0;
 
-    return asn1_type_set_octetstring_int(type, asn1_params->tag_len,
-                                         asn1_params->iv, asn1_params->iv_len);
+    return ossl_asn1_type_set_octetstring_int(type, asn1_params->tag_len,
+                                              asn1_params->iv,
+                                              asn1_params->iv_len);
 }
 #endif /* !defined(FIPS_MODULE) */
 
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
index 92a96f433e..0db84a3d84 100644
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -227,7 +227,7 @@ struct evp_Encode_Ctx_st {
 typedef struct evp_pbe_st EVP_PBE_CTL;
 DEFINE_STACK_OF(EVP_PBE_CTL)
 
-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
+int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
 
 #include <openssl/types.h>
 #include <openssl/core.h>
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index d55199cccf..183c1f6074 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -19,10 +19,11 @@
 #include "crypto/evp.h"
 #include "evp_local.h"
 
-int pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
-                         const unsigned char *salt, int saltlen, int iter,
-                         const EVP_MD *digest, int keylen, unsigned char *out,
-                         OSSL_LIB_CTX *libctx, const char *propq)
+int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
+                              const unsigned char *salt, int saltlen, int iter,
+                              const EVP_MD *digest, int keylen,
+                              unsigned char *out,
+                              OSSL_LIB_CTX *libctx, const char *propq)
 {
     const char *empty = "";
     int rv = 1, mode = 1;
@@ -82,8 +83,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt,
                       int saltlen, int iter, const EVP_MD *digest, int keylen,
                       unsigned char *out)
 {
-    return pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, digest,
-                                keylen, out, NULL, NULL);
+    return ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, digest,
+                                     keylen, out, NULL, NULL);
 }
 
 
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index da5b5b69ba..4a0efbdb18 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -10,7 +10,7 @@
 #include "crypto/cryptlib.h"
 #include "internal/thread_once.h"
 
-int do_ex_data_init(OSSL_LIB_CTX *ctx)
+int ossl_do_ex_data_init(OSSL_LIB_CTX *ctx)
 {
     OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ctx);
 
@@ -60,7 +60,7 @@ static void cleanup_cb(EX_CALLBACK *funcs)
  * called under potential race-conditions anyway (it's for program shutdown
  * after all).
  */
-void crypto_cleanup_all_ex_data_int(OSSL_LIB_CTX *ctx)
+void ossl_crypto_cleanup_all_ex_data_int(OSSL_LIB_CTX *ctx)
 {
     int i;
     OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ctx);
@@ -101,7 +101,7 @@ static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
     return 1;
 }
 
-int crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx)
+int ossl_crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx)
 {
     EX_CALLBACKS *ip;
     EX_CALLBACK *a;
@@ -131,16 +131,17 @@ err:
 
 int CRYPTO_free_ex_index(int class_index, int idx)
 {
-    return crypto_free_ex_index_ex(NULL, class_index, idx);
+    return ossl_crypto_free_ex_index_ex(NULL, class_index, idx);
 }
 
 /*
  * Register a new index.
  */
-int crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, long argl,
-                               void *argp, CRYPTO_EX_new *new_func,
-                               CRYPTO_EX_dup *dup_func,
-                               CRYPTO_EX_free *free_func)
+int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
+                                    long argl, void *argp,
+                                    CRYPTO_EX_new *new_func,
+                                    CRYPTO_EX_dup *dup_func,
+                                    CRYPTO_EX_free *free_func)
 {
     int toret = -1;
     EX_CALLBACK *a;
@@ -193,8 +194,8 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
                             CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
                             CRYPTO_EX_free *free_func)
 {
-    return crypto_get_ex_new_index_ex(NULL, class_index, argl, argp, new_func,
-                                      dup_func, free_func);
+    return ossl_crypto_get_ex_new_index_ex(NULL, class_index, argl, argp,
+                                           new_func, dup_func, free_func);
 }
 
 /*
@@ -204,8 +205,8 @@ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
  * in the lock, then using them outside the lock. Note this only applies
  * to the global "ex_data" state (ie. class definitions), not 'ad' itself.
  */
-int crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
-                          CRYPTO_EX_DATA *ad)
+int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
+                               CRYPTO_EX_DATA *ad)
 {
     int mx, i;
     void *ptr;
@@ -253,7 +254,7 @@ int crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
 
 int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
 {
-    return crypto_new_ex_data_ex(NULL, class_index, obj, ad);
+    return ossl_crypto_new_ex_data_ex(NULL, class_index, obj, ad);
 }
 
 /*
@@ -473,7 +474,7 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
     return sk_void_value(ad->sk, idx);
 }
 
-OSSL_LIB_CTX *crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad)
+OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad)
 {
     return ad->ctx;
 }
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 2f59cb421a..1d08c41052 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -229,7 +229,7 @@ static int OSSL_HTTP_REQ_CTX_set_content(OSSL_HTTP_REQ_CTX *rctx,
         && BIO_write(rctx->mem, req, req_len) == (int)req_len;
 }
 
-BIO *HTTP_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val)
+BIO *ossl_http_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val)
 {
     BIO *res;
 
@@ -258,7 +258,7 @@ int OSSL_HTTP_REQ_CTX_i2d(OSSL_HTTP_REQ_CTX *rctx, const char *content_type,
         return 0;
     }
 
-    res = (mem = HTTP_asn1_item2bio(it, req)) != NULL
+    res = (mem = ossl_http_asn1_item2bio(it, req)) != NULL
         && OSSL_HTTP_REQ_CTX_set_content(rctx, content_type, mem);
     BIO_free(mem);
     return res;
@@ -290,14 +290,15 @@ static int OSSL_HTTP_REQ_CTX_add1_headers(OSSL_HTTP_REQ_CTX *rctx,
  * If !use_http_proxy then the 'server' and 'port' parameters are ignored.
  * If req_mem == NULL then use GET and ignore content_type, else POST.
  */
-OSSL_HTTP_REQ_CTX *HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int use_http_proxy,
-                                    const char *server, const char *port,
-                                    const char *path,
-                                    const STACK_OF(CONF_VALUE) *headers,
-                                    const char *content_type, BIO *req_mem,
-                                    int maxline, unsigned long max_resp_len,
-                                    int timeout,
-                                    const char *expected_ct, int expect_asn1)
+OSSL_HTTP_REQ_CTX
+*ossl_http_req_ctx_new(BIO *wbio, BIO *rbio, int use_http_proxy,
+                       const char *server, const char *port,
+                       const char *path,
+                       const STACK_OF(CONF_VALUE) *headers,
+                       const char *content_type, BIO *req_mem,
+                       int maxline, unsigned long max_resp_len,
+                       int timeout,
+                       const char *expected_ct, int expect_asn1)
 {
     OSSL_HTTP_REQ_CTX *rctx;
 
@@ -868,7 +869,7 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
             port = NULL;
         if (port == NULL && strchr(server, ':') == NULL)
             port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
-        proxy = http_adapt_proxy(proxy, no_proxy, server, use_ssl);
+        proxy = ossl_http_adapt_proxy(proxy, no_proxy, server, use_ssl);
         if ((cbio = HTTP_new_bio(server, port, proxy)) == NULL)
             return NULL;
 #else
@@ -893,11 +894,11 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path,
         }
     }
 
-    rctx = HTTP_REQ_CTX_new(cbio, rbio != NULL ? rbio : cbio,
-                            !use_ssl && proxy != NULL, server, port, path,
-                            headers, content_type, req_mem, maxline,
-                            max_resp_len, update_timeout(timeout, start_time),
-                            expected_ct, expect_asn1);
+    rctx = ossl_http_req_ctx_new(cbio, rbio != NULL ? rbio : cbio,
+                                 !use_ssl && proxy != NULL, server, port, path,
+                                 headers, content_type, req_mem, maxline,
+                                 max_resp_len, update_timeout(timeout, start_time),
+                                 expected_ct, expect_asn1);
     if (rctx == NULL)
         goto end;
 
@@ -1090,7 +1091,7 @@ ASN1_VALUE *OSSL_HTTP_post_asn1(const char *server, const char *port,
     }
     /* remaining parameters are checked indirectly */
 
-    req_mem = HTTP_asn1_item2bio(req_it, req);
+    req_mem = ossl_http_asn1_item2bio(req_it, req);
     res_mem = OSSL_HTTP_transfer(server, port, path, use_ssl, proxy, no_proxy,
                                  bio, rbio,
                                  bio_update_fn, arg, headers, content_type,
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 8b300a9db0..ebb2af9b2e 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -239,7 +239,7 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
     return 0;
 }
 
-int http_use_proxy(const char *no_proxy, const char *server)
+int ossl_http_use_proxy(const char *no_proxy, const char *server)
 {
     size_t sl;
     const char *found = NULL;
@@ -265,8 +265,8 @@ int http_use_proxy(const char *no_proxy, const char *server)
     return found == NULL;
 }
 
-const char *http_adapt_proxy(const char *proxy, const char *no_proxy,
-                             const char *server, int use_ssl)
+const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy,
+                                  const char *server, int use_ssl)
 {
     const int http_len = strlen(OSSL_HTTP_PREFIX);
     const int https_len = strlen(OSSL_HTTPS_PREFIX);
@@ -289,7 +289,7 @@ const char *http_adapt_proxy(const char *proxy, const char *no_proxy,
     else if (strncmp(proxy, OSSL_HTTPS_PREFIX, https_len) == 0)
         proxy += https_len;
 
-    if (*proxy == '\0' || !http_use_proxy(no_proxy, server))
+    if (*proxy == '\0' || !ossl_http_use_proxy(no_proxy, server))
         return NULL;
     return proxy;
 }
diff --git a/crypto/http/http_local.h b/crypto/http/http_local.h
index 3f52e0772f..3164f62a77 100644
--- a/crypto/http/http_local.h
+++ b/crypto/http/http_local.h
@@ -13,18 +13,21 @@
 
 # include <openssl/ocsp.h>
 
-BIO *HTTP_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
-OSSL_HTTP_REQ_CTX *HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int use_http_proxy,
-                                    const char *server, const char *port,
-                                    const char *path,
-                                    const STACK_OF(CONF_VALUE) *headers,
-                                    const char *content_type, BIO *req_mem,
-                                    int maxline, unsigned long max_resp_len,
-                                    int timeout,
-                                    const char *expected_content_type,
-                                    int expect_asn1);
-int http_use_proxy(const char *no_proxy, const char *server);
-const char *http_adapt_proxy(const char *proxy, const char *no_proxy,
-                             const char *server, int use_ssl);
+BIO *ossl_http_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
+
+OSSL_HTTP_REQ_CTX
+*ossl_http_req_ctx_new(BIO *wbio, BIO *rbio, int use_http_proxy,
+                       const char *server, const char *port,
+                       const char *path,
+                       const STACK_OF(CONF_VALUE) *headers,
+                       const char *content_type, BIO *req_mem,
+                       int maxline, unsigned long max_resp_len,
+                       int timeout,
+                       const char *expected_content_type,
+                       int expect_asn1);
+
+int ossl_http_use_proxy(const char *no_proxy, const char *server);
+const char *ossl_http_adapt_proxy(const char *proxy, const char *no_proxy,
+                                  const char *server, int use_ssl);
 
 #endif /* !defined(OSSL_CRYPTO_HTTP_LOCAL_H) */
diff --git a/crypto/init.c b/crypto/init.c
index 09be58ea12..aa9757936c 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -235,22 +235,22 @@ static int config_inited = 0;
 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
 {
-    int ret = openssl_config_int(NULL);
+    int ret = ossl_config_int(NULL);
 
     config_inited = 1;
     return ret;
 }
 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config)
 {
-    int ret = openssl_config_int(conf_settings);
+    int ret = ossl_config_int(conf_settings);
 
     config_inited = 1;
     return ret;
 }
 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
 {
-    OSSL_TRACE(INIT, "openssl_no_config_int()\n");
-    openssl_no_config_int();
+    OSSL_TRACE(INIT, "ossl_no_config_int()\n");
+    ossl_no_config_int();
     config_inited = 1;
     return 1;
 }
@@ -385,8 +385,8 @@ void OPENSSL_cleanup(void)
 
 #ifndef OPENSSL_NO_COMP
     if (zlib_inited) {
-        OSSL_TRACE(INIT, "OPENSSL_cleanup: comp_zlib_cleanup_int()\n");
-        comp_zlib_cleanup_int();
+        OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_comp_zlib_cleanup()\n");
+        ossl_comp_zlib_cleanup();
     }
 #endif
 
@@ -402,20 +402,20 @@ void OPENSSL_cleanup(void)
 
     /*
      * Note that cleanup order is important:
-     * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
+     * - ossl_rand_cleanup_int could call an ENGINE's RAND cleanup function so
      * must be called before engine_cleanup_int()
      * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
      * before the ex data handlers are wiped during default ossl_lib_ctx deinit.
-     * - conf_modules_free_int() can end up in ENGINE code so must be called
+     * - ossl_config_modules_free() can end up in ENGINE code so must be called
      * before engine_cleanup_int()
      * - ENGINEs and additional EVP algorithms might use added OIDs names so
-     * obj_cleanup_int() must be called last
+     * ossl_obj_cleanup_int() must be called last
      */
-    OSSL_TRACE(INIT, "OPENSSL_cleanup: rand_cleanup_int()\n");
-    rand_cleanup_int();
+    OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_rand_cleanup_int()\n");
+    ossl_rand_cleanup_int();
 
-    OSSL_TRACE(INIT, "OPENSSL_cleanup: conf_modules_free_int()\n");
-    conf_modules_free_int();
+    OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_config_modules_free()\n");
+    ossl_config_modules_free();
 
 #ifndef OPENSSL_NO_ENGINE
     OSSL_TRACE(INIT, "OPENSSL_cleanup: engine_cleanup_int()\n");
@@ -438,8 +438,8 @@ void OPENSSL_cleanup(void)
     OSSL_TRACE(INIT, "OPENSSL_cleanup: evp_cleanup_int()\n");
     evp_cleanup_int();
 
-    OSSL_TRACE(INIT, "OPENSSL_cleanup: obj_cleanup_int()\n");
-    obj_cleanup_int();
+    OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_obj_cleanup_int()\n");
+    ossl_obj_cleanup_int();
 
     OSSL_TRACE(INIT, "OPENSSL_cleanup: err_int()\n");
     err_cleanup();
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 77754187a7..c8a30fd77d 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -360,7 +360,7 @@ unsigned long OPENSSL_LH_strhash(const char *c)
     return (ret >> 16) ^ ret;
 }
 
-unsigned long openssl_lh_strcasehash(const char *c)
+unsigned long ossl_lh_strcasehash(const char *c)
 {
     unsigned long ret = 0;
     long n;
diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index c8bfdb0c51..3e94d0eba7 100644
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -140,7 +140,7 @@ __owur static ossl_inline int siv128_do_encrypt(EVP_CIPHER_CTX *ctx, unsigned ch
 /*
  * Create a new SIV128_CONTEXT
  */
-SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
+SIV128_CONTEXT *ossl_siv128_new(const unsigned char *key, int klen,
                                   EVP_CIPHER *cbc, EVP_CIPHER *ctr,
                                   OSSL_LIB_CTX *libctx, const char *propq)
 {
@@ -148,7 +148,7 @@ SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
     int ret;
 
     if ((ctx = OPENSSL_malloc(sizeof(*ctx))) != NULL) {
-        ret = CRYPTO_siv128_init(ctx, key, klen, cbc, ctr, libctx, propq);
+        ret = ossl_siv128_init(ctx, key, klen, cbc, ctr, libctx, propq);
         if (ret)
             return ctx;
         OPENSSL_free(ctx);
@@ -160,7 +160,7 @@ SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
 /*
  * Initialise an existing SIV128_CONTEXT
  */
-int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
+int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
                        const EVP_CIPHER *cbc, const EVP_CIPHER *ctr,
                        OSSL_LIB_CTX *libctx, const char *propq)
 {
@@ -218,7 +218,7 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
 /*
  * Copy an SIV128_CONTEXT object
  */
-int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src)
+int ossl_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src)
 {
     memcpy(&dest->d, &src->d, sizeof(src->d));
     if (dest->cipher_ctx == NULL) {
@@ -243,7 +243,7 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src)
  * Per RFC5297, the last piece of associated data
  * is the nonce, but it's not treated special
  */
-int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
+int ossl_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
                       size_t len)
 {
     SIV_BLOCK mac_out;
@@ -270,7 +270,7 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
 /*
  * Provide any data to be encrypted. This can be called once.
  */
-int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
+int ossl_siv128_encrypt(SIV128_CONTEXT *ctx,
                           const unsigned char *in, unsigned char *out,
                           size_t len)
 {
@@ -297,7 +297,7 @@ int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
 /*
  * Provide any data to be decrypted. This can be called once.
  */
-int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
+int ossl_siv128_decrypt(SIV128_CONTEXT *ctx,
                           const unsigned char *in, unsigned char *out,
                           size_t len)
 {
@@ -333,7 +333,7 @@ int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
 /*
  * Return the already calculated final result.
  */
-int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx)
+int ossl_siv128_finish(SIV128_CONTEXT *ctx)
 {
     return ctx->final_ret;
 }
@@ -341,7 +341,7 @@ int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx)
 /*
  * Set the tag
  */
-int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, size_t len)
+int ossl_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, size_t len)
 {
     if (len != SIV_LEN)
         return 0;
@@ -354,7 +354,7 @@ int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, size_t
 /*
  * Retrieve the calculated tag
  */
-int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len)
+int ossl_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len)
 {
     if (len != SIV_LEN)
         return 0;
@@ -367,7 +367,7 @@ int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len)
 /*
  * Release all resources
  */
-int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx)
+int ossl_siv128_cleanup(SIV128_CONTEXT *ctx)
 {
     if (ctx != NULL) {
         EVP_CIPHER_CTX_free(ctx->cipher_ctx);
@@ -384,7 +384,7 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx)
     return 1;
 }
 
-int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg)
+int ossl_siv128_speed(SIV128_CONTEXT *ctx, int arg)
 {
     ctx->crypto_ok = (arg == 1) ? -1 : 1;
     return 1;
diff --git a/crypto/o_str.c b/crypto/o_str.c
index dbecf4841c..ec8f3512d3 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -181,8 +181,8 @@ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen,
     return hexstr2buf_sep(buf, buf_n, buflen, str, sep);
 }
 
-unsigned char *openssl_hexstr2buf_sep(const char *str, long *buflen,
-                                      const char sep)
+unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen,
+                                   const char sep)
 {
     unsigned char *buf;
     size_t buf_n, tmp_buflen;
@@ -212,7 +212,7 @@ unsigned char *openssl_hexstr2buf_sep(const char *str, long *buflen,
 
 unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen)
 {
-    return openssl_hexstr2buf_sep(str, buflen, DEFAULT_SEPARATOR);
+    return ossl_hexstr2buf_sep(str, buflen, DEFAULT_SEPARATOR);
 }
 
 static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlen,
@@ -260,7 +260,7 @@ int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen,
     return buf2hexstr_sep(str, str_n, strlen, buf, buflen, sep);
 }
 
-char *openssl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
+char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
 {
     char *tmp;
     size_t tmp_n;
@@ -288,7 +288,7 @@ char *openssl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
  */
 char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen)
 {
-    return openssl_buf2hexstr_sep(buf, buflen, ':');
+    return ossl_buf2hexstr_sep(buf, buflen, ':');
 }
 
 int openssl_strerror_r(int errnum, char *buf, size_t buflen)
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 372f65d1ff..6f277f4338 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -104,7 +104,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
             ret = 0;
             goto out;
         }
-        name_funcs->hash_func = openssl_lh_strcasehash;
+        name_funcs->hash_func = ossl_lh_strcasehash;
         name_funcs->cmp_func = obj_strcasecmp;
         push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
 
@@ -154,7 +154,7 @@ static unsigned long obj_name_hash(const OBJ_NAME *a)
             sk_NAME_FUNCS_value(name_funcs_stack,
                                 a->type)->hash_func(a->name);
     } else {
-        ret = openssl_lh_strcasehash(a->name);
+        ret = ossl_lh_strcasehash(a->name);
     }
     ret ^= a->type;
     return ret;
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index a3cb874728..87ddb3f8ae 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -150,7 +150,7 @@ static void cleanup3_doall(ADDED_OBJ *a)
     OPENSSL_free(a);
 }
 
-void obj_cleanup_int(void)
+void ossl_obj_cleanup_int(void)
 {
     if (added == NULL)
         return;
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
index 35766de9f8..2250208a15 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -41,7 +41,7 @@ static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
 static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
                                BIO *bp, int ind);
 
-const X509V3_EXT_METHOD v3_ocsp_crlid = {
+const X509V3_EXT_METHOD ossl_v3_ocsp_crlid = {
     NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
     0, 0, 0, 0,
     0, 0,
@@ -50,7 +50,7 @@ const X509V3_EXT_METHOD v3_ocsp_crlid = {
     NULL
 };
 
-const X509V3_EXT_METHOD v3_ocsp_acutoff = {
+const X509V3_EXT_METHOD ossl_v3_ocsp_acutoff = {
     NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
     0, 0, 0, 0,
     0, 0,
@@ -59,7 +59,7 @@ const X509V3_EXT_METHOD v3_ocsp_acutoff = {
     NULL
 };
 
-const X509V3_EXT_METHOD v3_crl_invdate = {
+const X509V3_EXT_METHOD ossl_v3_crl_invdate = {
     NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
     0, 0, 0, 0,
     0, 0,
@@ -68,7 +68,7 @@ const X509V3_EXT_METHOD v3_crl_invdate = {
     NULL
 };
 
-const X509V3_EXT_METHOD v3_crl_hold = {
+const X509V3_EXT_METHOD ossl_v3_crl_hold = {
     NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
     0, 0, 0, 0,
     0, 0,
@@ -77,7 +77,7 @@ const X509V3_EXT_METHOD v3_crl_hold = {
     NULL
 };
 
-const X509V3_EXT_METHOD v3_ocsp_nonce = {
+const X509V3_EXT_METHOD ossl_v3_ocsp_nonce = {
     NID_id_pkix_OCSP_Nonce, 0, NULL,
     ocsp_nonce_new,
     ocsp_nonce_free,
@@ -89,7 +89,7 @@ const X509V3_EXT_METHOD v3_ocsp_nonce = {
     NULL
 };
 
-const X509V3_EXT_METHOD v3_ocsp_nocheck = {
+const X509V3_EXT_METHOD ossl_v3_ocsp_nocheck = {
     NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
     0, 0, 0, 0,
     0, s2i_ocsp_nocheck,
@@ -98,7 +98,7 @@ const X509V3_EXT_METHOD v3_ocsp_nocheck = {
     NULL
 };
 
-const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+const X509V3_EXT_METHOD ossl_v3_ocsp_serviceloc = {
     NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
     0, 0, 0, 0,
     0, 0,
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 7695699c73..c8e0b264da 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -29,7 +29,7 @@
 
 static int load_iv(char **fromp, unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
-int pem_check_suffix(const char *pem_str, const char *suffix);
+int ossl_pem_check_suffix(const char *pem_str, const char *suffix);
 
 int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
 {
@@ -138,7 +138,7 @@ static int check_pem(const char *nm, const char *name)
             return 1;
         if (strcmp(nm, PEM_STRING_PKCS8INF) == 0)
             return 1;
-        slen = pem_check_suffix(nm, "PRIVATE KEY");
+        slen = ossl_pem_check_suffix(nm, "PRIVATE KEY");
         if (slen > 0) {
             /*
              * NB: ENGINE implementations won't contain a deprecated old
@@ -154,7 +154,7 @@ static int check_pem(const char *nm, const char *name)
     if (strcmp(name, PEM_STRING_PARAMETERS) == 0) {
         int slen;
         const EVP_PKEY_ASN1_METHOD *ameth;
-        slen = pem_check_suffix(nm, "PARAMETERS");
+        slen = ossl_pem_check_suffix(nm, "PARAMETERS");
         if (slen > 0) {
             ENGINE *e;
             ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
@@ -1006,7 +1006,7 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
  * string "RSA".
  */
 
-int pem_check_suffix(const char *pem_str, const char *suffix)
+int ossl_pem_check_suffix(const char *pem_str, const char *suffix)
 {
     int pem_len = strlen(pem_str);
     int suffix_len = strlen(suffix);
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 26c6bbbaf6..e5b740f214 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -27,7 +27,7 @@
 #include "crypto/evp.h"
 #include "pem_local.h"
 
-int pem_check_suffix(const char *pem_str, const char *suffix);
+int ossl_pem_check_suffix(const char *pem_str, const char *suffix);
 
 static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x,
                                   pem_password_cb *cb, void *u,
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 39e1c983e8..6b941c53c4 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -439,12 +439,12 @@ void ossl_pkcs7_resolve_libctx(PKCS7 *p7)
         return;
 
     for (i = 0; i < sk_X509_num(certs); i++)
-        x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
+        ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq);
 
     for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rinfos); i++) {
         PKCS7_RECIP_INFO *ri = sk_PKCS7_RECIP_INFO_value(rinfos, i);
 
-        x509_set0_libctx(ri->cert, libctx, propq);
+        ossl_x509_set0_libctx(ri->cert, libctx, propq);
     }
 
     for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index cd295809be..4d77108c33 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -157,7 +157,7 @@ static void *provider_store_new(OSSL_LIB_CTX *ctx)
     }
     store->use_fallbacks = 1;
 
-    for (p = predefined_providers; p->name != NULL; p++) {
+    for (p = ossl_predefined_providers; p->name != NULL; p++) {
         OSSL_PROVIDER *prov = NULL;
 
         /*
diff --git a/crypto/provider_local.h b/crypto/provider_local.h
index e4c649a736..b0130eadc5 100644
--- a/crypto/provider_local.h
+++ b/crypto/provider_local.h
@@ -15,4 +15,4 @@ struct predefined_providers_st {
     unsigned int is_fallback:1;
 };
 
-extern const struct predefined_providers_st predefined_providers[];
+extern const struct predefined_providers_st ossl_predefined_providers[];
diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c
index 6acf2ea1af..cfb67d9fe3 100644
--- a/crypto/provider_predefined.c
+++ b/crypto/provider_predefined.c
@@ -13,13 +13,13 @@
 OSSL_provider_init_fn ossl_default_provider_init;
 OSSL_provider_init_fn ossl_base_provider_init;
 OSSL_provider_init_fn ossl_null_provider_init;
-OSSL_provider_init_fn fips_intern_provider_init;
+OSSL_provider_init_fn ossl_fips_intern_provider_init;
 #ifdef STATIC_LEGACY
 OSSL_provider_init_fn ossl_legacy_provider_init;
 #endif
-const struct predefined_providers_st predefined_providers[] = {
+const struct predefined_providers_st ossl_predefined_providers[] = {
 #ifdef FIPS_MODULE
-    { "fips", fips_intern_provider_init, 1 },
+    { "fips", ossl_fips_intern_provider_init, 1 },
 #else
     { "default", ossl_default_provider_init, 1 },
 # ifdef STATIC_LEGACY
diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
index f79955180a..d4677c34f5 100644
--- a/crypto/rand/prov_seed.c
+++ b/crypto/rand/prov_seed.c
@@ -20,7 +20,7 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
     size_t entropy_available;
     RAND_POOL *pool;
 
-    pool = rand_pool_new(entropy, 1, min_len, max_len);
+    pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
     if (pool == NULL) {
         ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -30,11 +30,11 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
     entropy_available = ossl_pool_acquire_entropy(pool);
 
     if (entropy_available > 0) {
-        ret   = rand_pool_length(pool);
-        *pout = rand_pool_detach(pool);
+        ret   = ossl_rand_pool_length(pool);
+        *pout = ossl_rand_pool_detach(pool);
     }
 
-    rand_pool_free(pool);
+    ossl_rand_pool_free(pool);
     return ret;
 }
 
@@ -51,7 +51,7 @@ size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
     size_t ret = 0;
     RAND_POOL *pool;
 
-    pool = rand_pool_new(0, 0, min_len, max_len);
+    pool = ossl_rand_pool_new(0, 0, min_len, max_len);
     if (pool == NULL) {
         ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -60,12 +60,12 @@ size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
     if (!ossl_pool_add_nonce_data(pool))
         goto err;
 
-    if (salt != NULL && !rand_pool_add(pool, salt, salt_len, 0))
+    if (salt != NULL && !ossl_rand_pool_add(pool, salt, salt_len, 0))
         goto err;
-    ret   = rand_pool_length(pool);
-    *pout = rand_pool_detach(pool);
+    ret   = ossl_rand_pool_length(pool);
+    *pout = ossl_rand_pool_detach(pool);
  err:
-    rand_pool_free(pool);
+    ossl_rand_pool_free(pool);
     return ret;
 }
 
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 3cd34198c1..318540cff0 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -57,7 +57,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
         goto err;
 # endif
 
-    if (!rand_pool_init())
+    if (!ossl_rand_pool_init())
         goto err;
 
     rand_inited = 1;
@@ -75,7 +75,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
     return 0;
 }
 
-void rand_cleanup_int(void)
+void ossl_rand_cleanup_int(void)
 {
 # ifndef OPENSSL_NO_DEPRECATED_3_0
     const RAND_METHOD *meth = default_RAND_meth;
@@ -87,7 +87,7 @@ void rand_cleanup_int(void)
         meth->cleanup();
     RAND_set_rand_method(NULL);
 # endif
-    rand_pool_cleanup();
+    ossl_rand_pool_cleanup();
 # ifndef OPENSSL_NO_ENGINE
     CRYPTO_THREAD_lock_free(rand_engine_lock);
     rand_engine_lock = NULL;
@@ -107,7 +107,7 @@ void rand_cleanup_int(void)
 void RAND_keep_random_devices_open(int keep)
 {
     if (RUN_ONCE(&rand_init, do_rand_init))
-        rand_pool_keep_random_devices_open(keep);
+        ossl_rand_pool_keep_random_devices_open(keep);
 }
 
 /*
@@ -128,9 +128,9 @@ int RAND_poll(void)
 
     if (!ret) {
         /* fill random pool and seed the current legacy RNG */
-        RAND_POOL *pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
-                                        (RAND_DRBG_STRENGTH + 7) / 8,
-                                        RAND_POOL_MAX_LENGTH);
+        RAND_POOL *pool = ossl_rand_pool_new(RAND_DRBG_STRENGTH, 1,
+                                             (RAND_DRBG_STRENGTH + 7) / 8,
+                                             RAND_POOL_MAX_LENGTH);
 
         if (pool == NULL)
             return 0;
@@ -139,14 +139,14 @@ int RAND_poll(void)
             goto err;
 
         if (meth->add == NULL
-            || meth->add(rand_pool_buffer(pool),
-                         rand_pool_length(pool),
-                         (rand_pool_entropy(pool) / 8.0)) == 0)
+            || meth->add(ossl_rand_pool_buffer(pool),
+                         ossl_rand_pool_length(pool),
+                         (ossl_rand_pool_entropy(pool) / 8.0)) == 0)
             goto err;
 
         ret = 1;
      err:
-        rand_pool_free(pool);
+        ossl_rand_pool_free(pool);
     }
     return ret;
 # else
@@ -194,10 +194,10 @@ const RAND_METHOD *RAND_get_rand_method(void)
             default_RAND_meth = tmp_meth;
         } else {
             ENGINE_finish(e);
-            default_RAND_meth = &rand_meth;
+            default_RAND_meth = &ossl_rand_meth;
         }
 #  else
-        default_RAND_meth = &rand_meth;
+        default_RAND_meth = &ossl_rand_meth;
 #  endif
     }
     tmp_meth = default_RAND_meth;
diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h
index d1c9bd7fec..bea8149bad 100644
--- a/crypto/rand/rand_local.h
+++ b/crypto/rand/rand_local.h
@@ -26,6 +26,6 @@
 # define SECONDARY_RESEED_TIME_INTERVAL          (7 * 60)  /* 7 minutes */
 
 /* The global RAND method, and the global buffer and DRBG instance. */
-extern RAND_METHOD rand_meth;
+extern RAND_METHOD ossl_rand_meth;
 
 #endif
diff --git a/crypto/rand/rand_meth.c b/crypto/rand/rand_meth.c
index e9237a4cd9..0f2809412a 100644
--- a/crypto/rand/rand_meth.c
+++ b/crypto/rand/rand_meth.c
@@ -50,7 +50,7 @@ static int drbg_bytes(unsigned char *out, int count)
     return EVP_RAND_generate(drbg, out, count, 0, 0, NULL, 0);
 }
 
-RAND_METHOD rand_meth = {
+RAND_METHOD ossl_rand_meth = {
     drbg_seed,
     drbg_bytes,
     NULL,
@@ -62,7 +62,7 @@ RAND_METHOD rand_meth = {
 RAND_METHOD *RAND_OpenSSL(void)
 {
 #ifndef FIPS_MODULE
-    return &rand_meth;
+    return &ossl_rand_meth;
 #else
     return NULL;
 #endif
diff --git a/crypto/rand/rand_pool.c b/crypto/rand/rand_pool.c
index ebb9078ce6..94bb1eab7c 100644
--- a/crypto/rand/rand_pool.c
+++ b/crypto/rand/rand_pool.c
@@ -19,8 +19,8 @@
 /*
  * Allocate memory and initialize a new random pool
  */
-RAND_POOL *rand_pool_new(int entropy_requested, int secure,
-                         size_t min_len, size_t max_len)
+RAND_POOL *ossl_rand_pool_new(int entropy_requested, int secure,
+                              size_t min_len, size_t max_len)
 {
     RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
     size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
@@ -62,8 +62,8 @@ err:
  * This function is intended to be used only for feeding random data
  * provided by RAND_add() and RAND_seed() into the <master> DRBG.
  */
-RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
-                            size_t entropy)
+RAND_POOL *ossl_rand_pool_attach(const unsigned char *buffer, size_t len,
+                                 size_t entropy)
 {
     RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
 
@@ -91,7 +91,7 @@ RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
 /*
  * Free |pool|, securely erasing its buffer.
  */
-void rand_pool_free(RAND_POOL *pool)
+void ossl_rand_pool_free(RAND_POOL *pool)
 {
     if (pool == NULL)
         return;
@@ -99,8 +99,8 @@ void rand_pool_free(RAND_POOL *pool)
     /*
      * Although it would be advisable from a cryptographical viewpoint,
      * we are not allowed to clear attached buffers, since they are passed
-     * to rand_pool_attach() as `const unsigned char*`.
-     * (see corresponding comment in rand_pool_attach()).
+     * to ossl_rand_pool_attach() as `const unsigned char*`.
+     * (see corresponding comment in ossl_rand_pool_attach()).
      */
     if (!pool->attached) {
         if (pool->secure)
@@ -115,7 +115,7 @@ void rand_pool_free(RAND_POOL *pool)
 /*
  * Return the |pool|'s buffer to the caller (readonly).
  */
-const unsigned char *rand_pool_buffer(RAND_POOL *pool)
+const unsigned char *ossl_rand_pool_buffer(RAND_POOL *pool)
 {
     return pool->buffer;
 }
@@ -123,7 +123,7 @@ const unsigned char *rand_pool_buffer(RAND_POOL *pool)
 /*
  * Return the |pool|'s entropy to the caller.
  */
-size_t rand_pool_entropy(RAND_POOL *pool)
+size_t ossl_rand_pool_entropy(RAND_POOL *pool)
 {
     return pool->entropy;
 }
@@ -131,7 +131,7 @@ size_t rand_pool_entropy(RAND_POOL *pool)
 /*
  * Return the |pool|'s buffer length to the caller.
  */
-size_t rand_pool_length(RAND_POOL *pool)
+size_t ossl_rand_pool_length(RAND_POOL *pool)
 {
     return pool->len;
 }
@@ -140,9 +140,9 @@ size_t rand_pool_length(RAND_POOL *pool)
  * Detach the |pool| buffer and return it to the caller.
  * It's the responsibility of the caller to free the buffer
  * using OPENSSL_secure_clear_free() or to re-attach it
- * again to the pool using rand_pool_reattach().
+ * again to the pool using ossl_rand_pool_reattach().
  */
-unsigned char *rand_pool_detach(RAND_POOL *pool)
+unsigned char *ossl_rand_pool_detach(RAND_POOL *pool)
 {
     unsigned char *ret = pool->buffer;
     pool->buffer = NULL;
@@ -154,7 +154,7 @@ unsigned char *rand_pool_detach(RAND_POOL *pool)
  * Re-attach the |pool| buffer. It is only allowed to pass
  * the |buffer| which was previously detached from the same pool.
  */
-void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
+void ossl_rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
 {
     pool->buffer = buffer;
     OPENSSL_cleanse(pool->buffer, pool->len);
@@ -177,7 +177,7 @@ void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
  *  |entropy|  if the entropy count and buffer size is large enough
  *      0      otherwise
  */
-size_t rand_pool_entropy_available(RAND_POOL *pool)
+size_t ossl_rand_pool_entropy_available(RAND_POOL *pool)
 {
     if (pool->entropy < pool->entropy_requested)
         return 0;
@@ -193,7 +193,7 @@ size_t rand_pool_entropy_available(RAND_POOL *pool)
  * the random pool.
  */
 
-size_t rand_pool_entropy_needed(RAND_POOL *pool)
+size_t ossl_rand_pool_entropy_needed(RAND_POOL *pool)
 {
     if (pool->entropy < pool->entropy_requested)
         return pool->entropy_requested - pool->entropy;
@@ -243,10 +243,10 @@ static int rand_pool_grow(RAND_POOL *pool, size_t len)
  * In case of an error, 0 is returned.
  */
 
-size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
+size_t ossl_rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
 {
     size_t bytes_needed;
-    size_t entropy_needed = rand_pool_entropy_needed(pool);
+    size_t entropy_needed = ossl_rand_pool_entropy_needed(pool);
 
     if (entropy_factor < 1) {
         ERR_raise(ERR_LIB_RAND, RAND_R_ARGUMENT_OUT_OF_RANGE);
@@ -269,7 +269,7 @@ size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
     /*
      * Make sure the buffer is large enough for the requested amount
      * of data. This guarantees that existing code patterns where
-     * rand_pool_add_begin, rand_pool_add_end or rand_pool_add
+     * ossl_rand_pool_add_begin, ossl_rand_pool_add_end or ossl_rand_pool_add
      * are used to collect entropy data without any error handling
      * whatsoever, continue to be valid.
      * Furthermore if the allocation here fails once, make sure that
@@ -288,7 +288,7 @@ size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
 }
 
 /* Returns the remaining number of bytes available */
-size_t rand_pool_bytes_remaining(RAND_POOL *pool)
+size_t ossl_rand_pool_bytes_remaining(RAND_POOL *pool)
 {
     return pool->max_len - pool->len;
 }
@@ -302,7 +302,7 @@ size_t rand_pool_bytes_remaining(RAND_POOL *pool)
  *
  * Returns 1 if the added amount is adequate, otherwise 0
  */
-int rand_pool_add(RAND_POOL *pool,
+int ossl_rand_pool_add(RAND_POOL *pool,
                   const unsigned char *buffer, size_t len, size_t entropy)
 {
     if (len > pool->max_len - pool->len) {
@@ -318,7 +318,7 @@ int rand_pool_add(RAND_POOL *pool,
     if (len > 0) {
         /*
          * This is to protect us from accidentally passing the buffer
-         * returned from rand_pool_add_begin.
+         * returned from ossl_rand_pool_add_begin.
          * The check for alloc_len makes sure we do not compare the
          * address of the end of the allocated memory to something
          * different, since that comparison would have an
@@ -332,7 +332,7 @@ int rand_pool_add(RAND_POOL *pool,
          * We have that only for cases when a pool is used to collect
          * additional data.
          * For entropy data, as long as the allocation request stays within
-         * the limits given by rand_pool_bytes_needed this rand_pool_grow
+         * the limits given by ossl_rand_pool_bytes_needed this rand_pool_grow
          * below is guaranteed to succeed, thus no allocation happens.
          */
         if (!rand_pool_grow(pool, len))
@@ -354,10 +354,10 @@ int rand_pool_add(RAND_POOL *pool,
  * If |len| == 0 this is considered a no-op and a NULL pointer
  * is returned without producing an error message.
  *
- * After updating the buffer, rand_pool_add_end() needs to be called
+ * After updating the buffer, ossl_rand_pool_add_end() needs to be called
  * to finish the update operation (see next comment).
  */
-unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
+unsigned char *ossl_rand_pool_add_begin(RAND_POOL *pool, size_t len)
 {
     if (len == 0)
         return NULL;
@@ -374,7 +374,7 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
 
     /*
      * As long as the allocation request stays within the limits given
-     * by rand_pool_bytes_needed this rand_pool_grow below is guaranteed
+     * by ossl_rand_pool_bytes_needed this rand_pool_grow below is guaranteed
      * to succeed, thus no allocation happens.
      * We have that only for cases when a pool is used to collect
      * additional data. Then the buffer might need to grow here,
@@ -391,12 +391,12 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
  * Finish to add random bytes to the random pool in-place.
  *
  * Finishes an in-place update of the random pool started by
- * rand_pool_add_begin() (see previous comment).
+ * ossl_rand_pool_add_begin() (see previous comment).
  * It is expected that |len| bytes of random input have been added
  * to the buffer which contain at least |entropy| bits of randomness.
  * It is allowed to add less bytes than originally reserved.
  */
-int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+int ossl_rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
 {
     if (len > pool->alloc_len - pool->len) {
         ERR_raise(ERR_LIB_RAND, RAND_R_RANDOM_POOL_OVERFLOW);
diff --git a/crypto/rsa/rsa_acvp_test_params.c b/crypto/rsa/rsa_acvp_test_params.c
index c1d07cb334..908f605934 100644
--- a/crypto/rsa/rsa_acvp_test_params.c
+++ b/crypto/rsa/rsa_acvp_test_params.c
@@ -13,7 +13,7 @@
 #include "crypto/rsa.h"
 #include "rsa_local.h"
 
-int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[])
+int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[])
 {
     const OSSL_PARAM *p, *s;
     OSSL_PARAM *d, *alloc = NULL;
@@ -53,16 +53,16 @@ int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[])
         }
     }
     if (ret == 0) {
-        rsa_acvp_test_gen_params_free(alloc);
+        ossl_rsa_acvp_test_gen_params_free(alloc);
         alloc = NULL;
     }
     if (*dst != NULL)
-        rsa_acvp_test_gen_params_free(*dst);
+        ossl_rsa_acvp_test_gen_params_free(*dst);
     *dst = alloc;
     return ret;
 }
 
-void rsa_acvp_test_gen_params_free(OSSL_PARAM *dst)
+void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst)
 {
     OSSL_PARAM *p;
 
@@ -76,13 +76,13 @@ void rsa_acvp_test_gen_params_free(OSSL_PARAM *dst)
     OPENSSL_free(dst);
 }
 
-int rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[])
+int ossl_rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[])
 {
     RSA_ACVP_TEST *t;
     const OSSL_PARAM *p;
 
     if (r->acvp_test != NULL) {
-        rsa_acvp_test_free(r->acvp_test);
+        ossl_rsa_acvp_test_free(r->acvp_test);
         r->acvp_test = NULL;
     }
 
@@ -118,11 +118,11 @@ int rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[])
     r->acvp_test = t;
     return 1;
 err:
-    rsa_acvp_test_free(t);
+    ossl_rsa_acvp_test_free(t);
     return 0;
 }
 
-int rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[])
+int ossl_rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[])
 {
     RSA_ACVP_TEST *t;
     OSSL_PARAM *p;
@@ -148,7 +148,7 @@ int rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[])
     return 1;
 }
 
-void rsa_acvp_test_free(RSA_ACVP_TEST *t)
+void ossl_rsa_acvp_test_free(RSA_ACVP_TEST *t)
 {
     if (t != NULL) {
         BN_free(t->Xp1);
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index e9e442606d..9e9366757d 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -299,7 +299,7 @@ static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss,
             goto err;
         if (BIO_puts(bp, " with ") <= 0)
             goto err;
-        maskHash = x509_algor_mgf1_decode(pss->maskGenAlgorithm);
+        maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm);
         if (maskHash != NULL) {
             if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
                 goto err;
@@ -455,7 +455,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg)
         return NULL;
 
     if (pss->maskGenAlgorithm != NULL) {
-        pss->maskHash = x509_algor_mgf1_decode(pss->maskGenAlgorithm);
+        pss->maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm);
         if (pss->maskHash == NULL) {
             RSA_PSS_PARAMS_free(pss);
             return NULL;
@@ -493,8 +493,8 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
     switch (op) {
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
         if (pkey->pkey.rsa->pss != NULL) {
-            if (!rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md,
-                                   &min_saltlen)) {
+            if (!ossl_rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md,
+                                        &min_saltlen)) {
                 ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
                 return 0;
             }
@@ -537,11 +537,11 @@ static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
             return NULL;
     }
 
-    return rsa_pss_params_create(sigmd, mgf1md, saltlen);
+    return ossl_rsa_pss_params_create(sigmd, mgf1md, saltlen);
 }
 
-RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
-                                      const EVP_MD *mgf1md, int saltlen)
+RSA_PSS_PARAMS *ossl_rsa_pss_params_create(const EVP_MD *sigmd,
+                                           const EVP_MD *mgf1md, int saltlen)
 {
     RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
 
@@ -554,13 +554,13 @@ RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
         if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
             goto err;
     }
-    if (!x509_algor_new_from_md(&pss->hashAlgorithm, sigmd))
+    if (!ossl_x509_algor_new_from_md(&pss->hashAlgorithm, sigmd))
         goto err;
     if (mgf1md == NULL)
         mgf1md = sigmd;
-    if (!x509_algor_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
+    if (!ossl_x509_algor_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
         goto err;
-    if (!x509_algor_new_from_md(&pss->maskHash, mgf1md))
+    if (!ossl_x509_algor_new_from_md(&pss->maskHash, mgf1md))
         goto err;
     return pss;
  err:
@@ -603,7 +603,7 @@ int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
     /* Decode PSS parameters */
     pss = rsa_pss_decode(sigalg);
 
-    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
+    if (!ossl_rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS);
         goto err;
     }
@@ -668,10 +668,10 @@ static int rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
 
     if (pss == NULL)
         return 0;
-    *pmd = x509_algor_get_md(pss->hashAlgorithm);
+    *pmd = ossl_x509_algor_get_md(pss->hashAlgorithm);
     if (*pmd == NULL)
         return 0;
-    *pmgf1md = x509_algor_get_md(pss->maskHash);
+    *pmgf1md = ossl_x509_algor_get_md(pss->maskHash);
     if (*pmgf1md == NULL)
         return 0;
     if (pss->saltLength)
@@ -686,8 +686,8 @@ static int rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
     return 1;
 }
 
-int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
-                      const EVP_MD **pmgf1md, int *psaltlen)
+int ossl_rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                           const EVP_MD **pmgf1md, int *psaltlen)
 {
     /*
      * Callers do not care about the trailer field, and yet, we must
@@ -717,7 +717,7 @@ static int rsa_sync_to_pss_params_30(RSA *rsa)
          * to even read a key with invalid values, making it hard to test
          * a bad situation.
          *
-         * Other routines use rsa_pss_get_param(), so the values will be
+         * Other routines use ossl_rsa_pss_get_param(), so the values will be
          * checked, eventually.
          */
         if (!rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md,
@@ -807,7 +807,7 @@ static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
         return 0;
     /* Decode PSS parameters */
     pss = rsa_pss_decode(sigalg);
-    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
+    if (!ossl_rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
         goto err;
     mdnid = EVP_MD_type(md);
     /*
@@ -965,7 +965,8 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
             const EVP_MD *md = EVP_get_digestbynid(mdnid);
             const EVP_MD *mgf1md = EVP_get_digestbynid(mgf1mdnid);
 
-            if ((rsa->pss = rsa_pss_params_create(md, mgf1md, saltlen)) == NULL)
+            if ((rsa->pss = ossl_rsa_pss_params_create(md, mgf1md,
+                                                       saltlen)) == NULL)
                 goto err;
         }
         break;
@@ -1018,7 +1019,7 @@ static int rsa_pss_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
     return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSASSAPSS);
 }
 
-const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
+const EVP_PKEY_ASN1_METHOD ossl_rsa_asn1_meths[2] = {
     {
      EVP_PKEY_RSA,
      EVP_PKEY_RSA,
@@ -1066,7 +1067,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
      ASN1_PKEY_ALIAS}
 };
 
-const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
+const EVP_PKEY_ASN1_METHOD ossl_rsa_pss_asn1_meth = {
      EVP_PKEY_RSA_PSS,
      EVP_PKEY_RSA_PSS,
      ASN1_PKEY_SIGPARAM_NULL,
diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
index d1e1470d37..c5799d8e4d 100644
--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
@@ -42,7 +42,7 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
             /* not a multi-prime key, skip */
             return 1;
         }
-        return (rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0;
+        return (ossl_rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0;
     }
     return 1;
 }
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index 30b16f25c6..8c16a56db5 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -161,7 +161,7 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
     /* The acvp test results are not meant for export so check for bld == NULL */
     if (bld == NULL)
-        rsa_acvp_test_get_params(rsa, params);
+        ossl_rsa_acvp_test_get_params(rsa, params);
 #endif
     ret = 1;
  err:
diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
index 0c32e01426..0596d129c1 100644
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -36,7 +36,7 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
     if (key->version == RSA_ASN1_VERSION_MULTI) {
         ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos);
         if (ex_primes <= 0
-                || (ex_primes + 2) > rsa_multip_cap(BN_num_bits(key->n))) {
+                || (ex_primes + 2) > ossl_rsa_multip_cap(BN_num_bits(key->n))) {
             ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MULTI_PRIME_KEY);
             return 0;
         }
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index a2192df575..07a3a7800e 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -97,7 +97,7 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes,
         return 0;
     }
 
-    if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) {
+    if (primes < RSA_DEFAULT_PRIME_NUM || primes > ossl_rsa_multip_cap(bits)) {
         ok = 0;             /* we set our own err */
         ERR_raise(ERR_LIB_RSA, RSA_R_KEY_PRIME_NUM_INVALID);
         goto err;
@@ -154,13 +154,14 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes,
             goto err;
         if (rsa->prime_infos != NULL) {
             /* could this happen? */
-            sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, rsa_multip_info_free);
+            sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos,
+                                       ossl_rsa_multip_info_free);
         }
         rsa->prime_infos = prime_infos;
 
         /* prime_info from 2 to |primes| -1 */
         for (i = 2; i < primes; i++) {
-            pinfo = rsa_multip_info_new();
+            pinfo = ossl_rsa_multip_info_new();
             if (pinfo == NULL)
                 goto err;
             (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 530fdaa035..89cd4da527 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -163,12 +163,12 @@ void RSA_free(RSA *r)
     BN_clear_free(r->iqmp);
 
 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
-    rsa_acvp_test_free(r->acvp_test);
+    ossl_rsa_acvp_test_free(r->acvp_test);
 #endif
 
 #ifndef FIPS_MODULE
     RSA_PSS_PARAMS_free(r->pss);
-    sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
+    sk_RSA_PRIME_INFO_pop_free(r->prime_infos, ossl_rsa_multip_info_free);
 #endif
     BN_BLINDING_free(r->blinding);
     BN_BLINDING_free(r->mt_blinding);
@@ -309,7 +309,7 @@ static uint32_t ilog_e(uint64_t v)
  *           \cdot(log_e(nBits \cdot log_e(2))^{2/3} - 4.69}{log_e(2)}
  * The two cube roots are merged together here.
  */
-uint16_t ifc_ffc_compute_security_bits(int n)
+uint16_t ossl_ifc_ffc_compute_security_bits(int n)
 {
     uint64_t x;
     uint32_t lx;
@@ -357,11 +357,11 @@ int RSA_security_bits(const RSA *rsa)
         /* This ought to mean that we have private key at hand. */
         int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
 
-        if (ex_primes <= 0 || (ex_primes + 2) > rsa_multip_cap(bits))
+        if (ex_primes <= 0 || (ex_primes + 2) > ossl_rsa_multip_cap(bits))
             return 0;
     }
 #endif
-    return ifc_ffc_compute_security_bits(bits);
+    return ossl_ifc_ffc_compute_security_bits(bits);
 }
 
 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
@@ -469,7 +469,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
         old = r->prime_infos;
 
     for (i = 0; i < pnum; i++) {
-        pinfo = rsa_multip_info_new();
+        pinfo = ossl_rsa_multip_info_new();
         if (pinfo == NULL)
             goto err;
         if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) {
@@ -483,7 +483,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
             BN_set_flags(pinfo->d, BN_FLG_CONSTTIME);
             BN_set_flags(pinfo->t, BN_FLG_CONSTTIME);
         } else {
-            rsa_multip_info_free(pinfo);
+            ossl_rsa_multip_info_free(pinfo);
             goto err;
         }
         (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
@@ -491,7 +491,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
 
     r->prime_infos = prime_infos;
 
-    if (!rsa_multip_calc_product(r)) {
+    if (!ossl_rsa_multip_calc_product(r)) {
         r->prime_infos = old;
         goto err;
     }
@@ -503,7 +503,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
          * be freed in that case. So currently, stay consistent
          * with other *set0* functions: just free it...
          */
-        sk_RSA_PRIME_INFO_pop_free(old, rsa_multip_info_free);
+        sk_RSA_PRIME_INFO_pop_free(old, ossl_rsa_multip_info_free);
     }
 
     r->version = RSA_ASN1_VERSION_MULTI;
@@ -512,7 +512,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
     return 1;
  err:
     /* r, d, t should not be freed */
-    sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
+    sk_RSA_PRIME_INFO_pop_free(prime_infos, ossl_rsa_multip_info_free_ex);
     return 0;
 }
 #endif
@@ -749,7 +749,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
             if (!ossl_assert(prime != NULL && exp != NULL && coeff != NULL))
                 goto err;
 
-            /* Using rsa_multip_info_new() is wasteful, so allocate directly */
+            /* Using ossl_rsa_multip_info_new() is wasteful, so allocate directly */
             if ((pinfo = OPENSSL_zalloc(sizeof(*pinfo))) == NULL) {
                 ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -766,7 +766,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
 
         r->prime_infos = prime_infos;
 
-        if (!rsa_multip_calc_product(r)) {
+        if (!ossl_rsa_multip_calc_product(r)) {
             r->prime_infos = old_infos;
             goto err;
         }
@@ -783,7 +783,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
          * be freed in that case. So currently, stay consistent
          * with other *set0* functions: just free it...
          */
-        sk_RSA_PRIME_INFO_pop_free(old_infos, rsa_multip_info_free);
+        sk_RSA_PRIME_INFO_pop_free(old_infos, ossl_rsa_multip_info_free);
     }
 #endif
 
@@ -794,7 +794,7 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
 #ifndef FIPS_MODULE
  err:
     /* r, d, t should not be freed */
-    sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
+    sk_RSA_PRIME_INFO_pop_free(prime_infos, ossl_rsa_multip_info_free_ex);
     return 0;
 #endif
 }
diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
index 3a8d6fe286..73f7f91804 100644
--- a/crypto/rsa/rsa_local.h
+++ b/crypto/rsa/rsa_local.h
@@ -157,16 +157,16 @@ struct rsa_meth_st {
 #define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS)
 #define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS)
 
-RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
-                                      const EVP_MD *mgf1md, int saltlen);
-int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
-                      const EVP_MD **pmgf1md, int *psaltlen);
+RSA_PSS_PARAMS *ossl_rsa_pss_params_create(const EVP_MD *sigmd,
+                                           const EVP_MD *mgf1md, int saltlen);
+int ossl_rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                           const EVP_MD **pmgf1md, int *psaltlen);
 /* internal function to clear and free multi-prime parameters */
-void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo);
-void rsa_multip_info_free(RSA_PRIME_INFO *pinfo);
-RSA_PRIME_INFO *rsa_multip_info_new(void);
-int rsa_multip_calc_product(RSA *rsa);
-int rsa_multip_cap(int bits);
+void ossl_rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo);
+void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo);
+RSA_PRIME_INFO *ossl_rsa_multip_info_new(void);
+int ossl_rsa_multip_calc_product(RSA *rsa);
+int ossl_rsa_multip_cap(int bits);
 
 int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength);
 int ossl_rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q,
diff --git a/crypto/rsa/rsa_mp.c b/crypto/rsa/rsa_mp.c
index f385a589cf..410dc690cf 100644
--- a/crypto/rsa/rsa_mp.c
+++ b/crypto/rsa/rsa_mp.c
@@ -12,23 +12,23 @@
 #include <openssl/err.h>
 #include "rsa_local.h"
 
-void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo)
+void ossl_rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo)
 {
     /* free pp and pinfo only */
     BN_clear_free(pinfo->pp);
     OPENSSL_free(pinfo);
 }
 
-void rsa_multip_info_free(RSA_PRIME_INFO *pinfo)
+void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo)
 {
     /* free a RSA_PRIME_INFO structure */
     BN_clear_free(pinfo->r);
     BN_clear_free(pinfo->d);
     BN_clear_free(pinfo->t);
-    rsa_multip_info_free_ex(pinfo);
+    ossl_rsa_multip_info_free_ex(pinfo);
 }
 
-RSA_PRIME_INFO *rsa_multip_info_new(void)
+RSA_PRIME_INFO *ossl_rsa_multip_info_new(void)
 {
     RSA_PRIME_INFO *pinfo;
 
@@ -58,7 +58,7 @@ RSA_PRIME_INFO *rsa_multip_info_new(void)
 }
 
 /* Refill products of primes */
-int rsa_multip_calc_product(RSA *rsa)
+int ossl_rsa_multip_calc_product(RSA *rsa)
 {
     RSA_PRIME_INFO *pinfo;
     BIGNUM *p1 = NULL, *p2 = NULL;
@@ -97,7 +97,7 @@ int rsa_multip_calc_product(RSA *rsa)
     return rv;
 }
 
-int rsa_multip_cap(int bits)
+int ossl_rsa_multip_cap(int bits)
 {
     int cap = 5;
 
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 203612503b..6e7e7a27e1 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -225,9 +225,9 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                 memcpy(rout, rctx->tbuf, ret);
         } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
             size_t sltmp;
-            ret = int_rsa_verify(EVP_MD_type(rctx->md),
-                                 NULL, 0, rout, &sltmp,
-                                 sig, siglen, ctx->pkey->pkey.rsa);
+            ret = ossl_rsa_verify(EVP_MD_type(rctx->md),
+                                  NULL, 0, rout, &sltmp,
+                                  sig, siglen, ctx->pkey->pkey.rsa);
             if (ret <= 0)
                 return 0;
             ret = sltmp;
@@ -711,8 +711,9 @@ static int rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx)
     /* If all parameters are default values don't set pss */
     if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2)
         return 1;
-    rsa->pss = rsa_pss_params_create(rctx->md, rctx->mgf1md,
-                                     rctx->saltlen == -2 ? 0 : rctx->saltlen);
+    rsa->pss = ossl_rsa_pss_params_create(rctx->md, rctx->mgf1md,
+                                          rctx->saltlen == -2
+                                          ? 0 : rctx->saltlen);
     if (rsa->pss == NULL)
         return 0;
     return 1;
@@ -818,7 +819,7 @@ static int pkey_pss_init(EVP_PKEY_CTX *ctx)
     if (rsa->pss == NULL)
         return 1;
     /* Get and check parameters */
-    if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen))
+    if (!ossl_rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen))
         return 0;
 
     /* See if minimum salt length exceeds maximum possible */
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 5664394114..39a90bb244 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -328,9 +328,9 @@ err:
  *
  * It returns one on successful verification or zero otherwise.
  */
-int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
-                   unsigned char *rm, size_t *prm_len,
-                   const unsigned char *sigbuf, size_t siglen, RSA *rsa)
+int ossl_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+                    unsigned char *rm, size_t *prm_len,
+                    const unsigned char *sigbuf, size_t siglen, RSA *rsa)
 {
     int len, ret = 0;
     size_t decrypt_len, encoded_len = 0;
@@ -453,5 +453,5 @@ int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
     if (rsa->meth->rsa_verify != NULL)
         return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa);
 
-    return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+    return ossl_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
 }
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c
index 63cd9afc2f..077c32f1e9 100644
--- a/crypto/rsa/rsa_sp800_56b_gen.c
+++ b/crypto/rsa/rsa_sp800_56b_gen.c
@@ -171,7 +171,8 @@ err:
  */
 int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
 {
-    int s = (int)ifc_ffc_compute_security_bits(nbits);
+    int s = (int)ossl_ifc_ffc_compute_security_bits(nbits);
+
 #ifdef FIPS_MODULE
     if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH
             || s > RSA_FIPS1864_MAX_KEYGEN_STRENGTH) {
diff --git a/crypto/sm3/legacy_sm3.c b/crypto/sm3/legacy_sm3.c
index da07aed12a..e91e59d504 100644
--- a/crypto/sm3/legacy_sm3.c
+++ b/crypto/sm3/legacy_sm3.c
@@ -13,7 +13,7 @@
 #include "../evp/legacy_meth.h"
 #include "internal/sm3.h"
 
-IMPLEMENT_LEGACY_EVP_MD_METH_LC(sm3_int, sm3)
+IMPLEMENT_LEGACY_EVP_MD_METH_LC(sm3_int, ossl_sm3)
 
 static const EVP_MD sm3_md = {
     NID_sm3,
diff --git a/crypto/sm3/sm3.c b/crypto/sm3/sm3.c
index ef03150cab..37a494b69b 100644
--- a/crypto/sm3/sm3.c
+++ b/crypto/sm3/sm3.c
@@ -12,7 +12,7 @@
 #include <openssl/e_os2.h>
 #include "sm3_local.h"
 
-int sm3_init(SM3_CTX *c)
+int ossl_sm3_init(SM3_CTX *c)
 {
     memset(c, 0, sizeof(*c));
     c->A = SM3_A;
@@ -26,7 +26,7 @@ int sm3_init(SM3_CTX *c)
     return 1;
 }
 
-void sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num)
+void ossl_sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num)
 {
     const unsigned char *data = p;
     register unsigned MD32_REG_T A, B, C, D, E, F, G, H;
@@ -193,4 +193,3 @@ void sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num)
         ctx->H ^= H;
     }
 }
-
diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h
index 07def19cf1..3325eac745 100644
--- a/crypto/sm3/sm3_local.h
+++ b/crypto/sm3/sm3_local.h
@@ -17,9 +17,9 @@
 #define HASH_LONG               SM3_WORD
 #define HASH_CTX                SM3_CTX
 #define HASH_CBLOCK             SM3_CBLOCK
-#define HASH_UPDATE             sm3_update
-#define HASH_TRANSFORM          sm3_transform
-#define HASH_FINAL              sm3_final
+#define HASH_UPDATE             ossl_sm3_update
+#define HASH_TRANSFORM          ossl_sm3_transform
+#define HASH_FINAL              ossl_sm3_final
 #define HASH_MAKE_STRING(c, s)              \
       do {                                  \
         unsigned long ll;                   \
@@ -32,10 +32,10 @@
         ll=(c)->G; (void)HOST_l2c(ll, (s)); \
         ll=(c)->H; (void)HOST_l2c(ll, (s)); \
       } while (0)
-#define HASH_BLOCK_DATA_ORDER   sm3_block_data_order
+#define HASH_BLOCK_DATA_ORDER   ossl_sm3_block_data_order
 
-void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
-void sm3_transform(SM3_CTX *c, const unsigned char *data);
+void ossl_sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
+void ossl_sm3_transform(SM3_CTX *c, const unsigned char *data);
 
 #include "crypto/md32_common.h"
 
diff --git a/crypto/sm4/sm4.c b/crypto/sm4/sm4.c
index a62993c272..5e525d96e5 100644
--- a/crypto/sm4/sm4.c
+++ b/crypto/sm4/sm4.c
@@ -129,7 +129,7 @@ static ossl_inline uint32_t SM4_T(uint32_t X)
            rotl(SM4_SBOX_T[(uint8_t)X], 8);
 }
 
-int SM4_set_key(const uint8_t *key, SM4_KEY *ks)
+int ossl_sm4_set_key(const uint8_t *key, SM4_KEY *ks)
 {
     /*
      * Family Key
@@ -184,7 +184,7 @@ int SM4_set_key(const uint8_t *key, SM4_KEY *ks)
          B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \
       } while(0)
 
-void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+void ossl_sm4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
 {
     uint32_t B0 = load_u32_be(in, 0);
     uint32_t B1 = load_u32_be(in, 1);
@@ -210,7 +210,7 @@ void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
     store_u32_be(B0, out + 12);
 }
 
-void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+void ossl_sm4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
 {
     uint32_t B0 = load_u32_be(in, 0);
     uint32_t B1 = load_u32_be(in, 1);
diff --git a/crypto/sparse_array.c b/crypto/sparse_array.c
index be4db2c620..3c20f1ea18 100644
--- a/crypto/sparse_array.c
+++ b/crypto/sparse_array.c
@@ -60,7 +60,7 @@ struct sparse_array_st {
     void **nodes;
 };
 
-OPENSSL_SA *OPENSSL_SA_new(void)
+OPENSSL_SA *ossl_sa_new(void)
 {
     OPENSSL_SA *res = OPENSSL_zalloc(sizeof(*res));
 
@@ -112,13 +112,13 @@ static void sa_free_leaf(ossl_uintmax_t n, void *p, void *arg)
     OPENSSL_free(p);
 }
 
-void OPENSSL_SA_free(OPENSSL_SA *sa)
+void ossl_sa_free(OPENSSL_SA *sa)
 {
     sa_doall(sa, &sa_free_node, NULL, NULL);
     OPENSSL_free(sa);
 }
 
-void OPENSSL_SA_free_leaves(OPENSSL_SA *sa)
+void ossl_sa_free_leaves(OPENSSL_SA *sa)
 {
     sa_doall(sa, &sa_free_node, &sa_free_leaf, NULL);
     OPENSSL_free(sa);
@@ -134,8 +134,7 @@ static void trampoline(ossl_uintmax_t n, void *l, void *arg)
     ((const struct trampoline_st *)arg)->func(n, l);
 }
 
-void OPENSSL_SA_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t,
-                                                         void *))
+void ossl_sa_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t, void *))
 {
     struct trampoline_st tramp;
 
@@ -144,7 +143,7 @@ void OPENSSL_SA_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t,
         sa_doall(sa, NULL, &trampoline, &tramp);
 }
 
-void OPENSSL_SA_doall_arg(const OPENSSL_SA *sa,
+void ossl_sa_doall_arg(const OPENSSL_SA *sa,
                           void (*leaf)(ossl_uintmax_t, void *, void *),
                           void *arg)
 {
@@ -152,12 +151,12 @@ void OPENSSL_SA_doall_arg(const OPENSSL_SA *sa,
         sa_doall(sa, NULL, leaf, arg);
 }
 
-size_t OPENSSL_SA_num(const OPENSSL_SA *sa)
+size_t ossl_sa_num(const OPENSSL_SA *sa)
 {
     return sa == NULL ? 0 : sa->nelem;
 }
 
-void *OPENSSL_SA_get(const OPENSSL_SA *sa, ossl_uintmax_t n)
+void *ossl_sa_get(const OPENSSL_SA *sa, ossl_uintmax_t n)
 {
     int level;
     void **p, *r = NULL;
@@ -180,7 +179,7 @@ static ossl_inline void **alloc_node(void)
     return OPENSSL_zalloc(SA_BLOCK_MAX * sizeof(void *));
 }
 
-int OPENSSL_SA_set(OPENSSL_SA *sa, ossl_uintmax_t posn, void *val)
+int ossl_sa_set(OPENSSL_SA *sa, ossl_uintmax_t posn, void *val)
 {
     int i, level = 1;
     ossl_uintmax_t n = posn;
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 38bde78bfa..df0d3720ff 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -291,13 +291,13 @@ int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
 }
 
 static SRP_gN knowngN[] = {
-    {"8192", &bn_generator_19, &bn_group_8192},
-    {"6144", &bn_generator_5, &bn_group_6144},
-    {"4096", &bn_generator_5, &bn_group_4096},
-    {"3072", &bn_generator_5, &bn_group_3072},
-    {"2048", &bn_generator_2, &bn_group_2048},
-    {"1536", &bn_generator_2, &bn_group_1536},
-    {"1024", &bn_generator_2, &bn_group_1024},
+    {"8192", &ossl_bn_generator_19, &ossl_bn_group_8192},
+    {"6144", &ossl_bn_generator_5, &ossl_bn_group_6144},
+    {"4096", &ossl_bn_generator_5, &ossl_bn_group_4096},
+    {"3072", &ossl_bn_generator_5, &ossl_bn_group_3072},
+    {"2048", &ossl_bn_generator_2, &ossl_bn_group_2048},
+    {"1536", &ossl_bn_generator_2, &ossl_bn_group_1536},
+    {"1024", &ossl_bn_generator_2, &ossl_bn_group_1024},
 };
 
 # define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index d41d7d9b94..72f054be17 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -483,7 +483,7 @@ static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
             /* We determined the object type */
             data->object_type = OSSL_OBJECT_CERT;
 
-        if (cert != NULL && !x509_set0_libctx(cert, libctx, propq)) {
+        if (cert != NULL && !ossl_x509_set0_libctx(cert, libctx, propq)) {
             X509_free(cert);
             cert = NULL;
         }
@@ -510,7 +510,7 @@ static int try_crl(struct extracted_param_data_st *data, OSSL_STORE_INFO **v,
             /* We determined the object type */
             data->object_type = OSSL_OBJECT_CRL;
 
-        if (crl != NULL && !x509_crl_set0_libctx(crl, libctx, propq)) {
+        if (crl != NULL && !ossl_x509_crl_set0_libctx(crl, libctx, propq)) {
             X509_CRL_free(crl);
             crl = NULL;
         }
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 4660647ffc..89428cdf54 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -373,7 +373,7 @@ static int ts_check_status_info(TS_RESP *response)
 
 static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
 {
-    return sk_ASN1_UTF8STRING2text(text, "/", TS_MAX_STATUS_LENGTH);
+    return ossl_sk_ASN1_UTF8STRING2text(text, "/", TS_MAX_STATUS_LENGTH);
 }
 
 static int ts_check_policy(const ASN1_OBJECT *req_oid,
diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h
index b2fecaa165..83c8953af2 100644
--- a/crypto/x509/ext_dat.h
+++ b/crypto/x509/ext_dat.h
@@ -7,21 +7,21 @@
  * https://www.openssl.org/source/license.html
  */
 
-int v3_name_cmp(const char *name, const char *cmp);
+int ossl_v3_name_cmp(const char *name, const char *cmp);
 
-extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
-extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id;
-extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
-extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
-extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci;
-extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
-extern const X509V3_EXT_METHOD v3_addr, v3_asid;
-extern const X509V3_EXT_METHOD v3_ct_scts[3];
-extern const X509V3_EXT_METHOD v3_tls_feature;
-extern const X509V3_EXT_METHOD v3_ext_admission;
-extern const X509V3_EXT_METHOD v3_utf8_list[1];
-extern const X509V3_EXT_METHOD v3_issuer_sign_tool;
+extern const X509V3_EXT_METHOD ossl_v3_bcons, ossl_v3_nscert, ossl_v3_key_usage, ossl_v3_ext_ku;
+extern const X509V3_EXT_METHOD ossl_v3_pkey_usage_period, ossl_v3_sxnet, ossl_v3_info, ossl_v3_sinfo;
+extern const X509V3_EXT_METHOD ossl_v3_ns_ia5_list[8], ossl_v3_alt[3], ossl_v3_skey_id, ossl_v3_akey_id;
+extern const X509V3_EXT_METHOD ossl_v3_crl_num, ossl_v3_crl_reason, ossl_v3_crl_invdate;
+extern const X509V3_EXT_METHOD ossl_v3_delta_crl, ossl_v3_cpols, ossl_v3_crld, ossl_v3_freshest_crl;
+extern const X509V3_EXT_METHOD ossl_v3_ocsp_nonce, ossl_v3_ocsp_accresp, ossl_v3_ocsp_acutoff;
+extern const X509V3_EXT_METHOD ossl_v3_ocsp_crlid, ossl_v3_ocsp_nocheck, ossl_v3_ocsp_serviceloc;
+extern const X509V3_EXT_METHOD ossl_v3_crl_hold, ossl_v3_pci;
+extern const X509V3_EXT_METHOD ossl_v3_policy_mappings, ossl_v3_policy_constraints;
+extern const X509V3_EXT_METHOD ossl_v3_name_constraints, ossl_v3_inhibit_anyp, ossl_v3_idp;
+extern const X509V3_EXT_METHOD ossl_v3_addr, ossl_v3_asid;
+extern const X509V3_EXT_METHOD ossl_v3_ct_scts[3];
+extern const X509V3_EXT_METHOD ossl_v3_tls_feature;
+extern const X509V3_EXT_METHOD ossl_v3_ext_admission;
+extern const X509V3_EXT_METHOD ossl_v3_utf8_list[1];
+extern const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool;
diff --git a/crypto/x509/pcy_cache.c b/crypto/x509/pcy_cache.c
index 22cf431895..dfb757f67f 100644
--- a/crypto/x509/pcy_cache.c
+++ b/crypto/x509/pcy_cache.c
@@ -40,7 +40,7 @@ static int policy_cache_create(X509 *x,
     }
     for (i = 0; i < num; i++) {
         policy = sk_POLICYINFO_value(policies, i);
-        data = policy_data_new(policy, NULL, crit);
+        data = ossl_policy_data_new(policy, NULL, crit);
         if (data == NULL) {
             ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
             goto just_cleanup;
@@ -68,11 +68,11 @@ static int policy_cache_create(X509 *x,
  bad_policy:
     if (ret == -1)
         x->ex_flags |= EXFLAG_INVALID_POLICY;
-    policy_data_free(data);
+    ossl_policy_data_free(data);
  just_cleanup:
     sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
     if (ret <= 0) {
-        sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+        sk_X509_POLICY_DATA_pop_free(cache->data, ossl_policy_data_free);
         cache->data = NULL;
     }
     return ret;
@@ -151,7 +151,7 @@ static int policy_cache_new(X509 *x)
         if (i != -1)
             goto bad_cache;
     } else {
-        i = policy_cache_set_mapping(x, ext_pmaps);
+        i = ossl_policy_cache_set_mapping(x, ext_pmaps);
         if (i <= 0)
             goto bad_cache;
     }
@@ -175,16 +175,16 @@ static int policy_cache_new(X509 *x)
 
 }
 
-void policy_cache_free(X509_POLICY_CACHE *cache)
+void ossl_policy_cache_free(X509_POLICY_CACHE *cache)
 {
     if (!cache)
         return;
-    policy_data_free(cache->anyPolicy);
-    sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+    ossl_policy_data_free(cache->anyPolicy);
+    sk_X509_POLICY_DATA_pop_free(cache->data, ossl_policy_data_free);
     OPENSSL_free(cache);
 }
 
-const X509_POLICY_CACHE *policy_cache_set(X509 *x)
+const X509_POLICY_CACHE *ossl_policy_cache_set(X509 *x)
 {
 
     if (x->policy_cache == NULL) {
@@ -198,8 +198,8 @@ const X509_POLICY_CACHE *policy_cache_set(X509 *x)
 
 }
 
-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
-                                         const ASN1_OBJECT *id)
+X509_POLICY_DATA *ossl_policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                              const ASN1_OBJECT *id)
 {
     int idx;
     X509_POLICY_DATA tmp;
diff --git a/crypto/x509/pcy_data.c b/crypto/x509/pcy_data.c
index 584ac1c2dd..7db465bbf6 100644
--- a/crypto/x509/pcy_data.c
+++ b/crypto/x509/pcy_data.c
@@ -15,7 +15,7 @@
 
 /* Policy Node routines */
 
-void policy_data_free(X509_POLICY_DATA *data)
+void ossl_policy_data_free(X509_POLICY_DATA *data)
 {
     if (data == NULL)
         return;
@@ -35,8 +35,8 @@ void policy_data_free(X509_POLICY_DATA *data)
  * source.
  */
 
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
-                                  const ASN1_OBJECT *cid, int crit)
+X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy,
+                                       const ASN1_OBJECT *cid, int crit)
 {
     X509_POLICY_DATA *ret;
     ASN1_OBJECT *id;
diff --git a/crypto/x509/pcy_local.h b/crypto/x509/pcy_local.h
index 0deee52c1b..893b5cc51d 100644
--- a/crypto/x509/pcy_local.h
+++ b/crypto/x509/pcy_local.h
@@ -135,33 +135,31 @@ struct X509_POLICY_TREE_st {
 
 /* Internal functions */
 
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
-                                  int crit);
-void policy_data_free(X509_POLICY_DATA *data);
+X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
+                                       int crit);
+void ossl_policy_data_free(X509_POLICY_DATA *data);
 
-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
-                                         const ASN1_OBJECT *id);
-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
+X509_POLICY_DATA *ossl_policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                              const ASN1_OBJECT *id);
+int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
 
-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
+STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void);
 
-void policy_cache_init(void);
+void ossl_policy_cache_free(X509_POLICY_CACHE *cache);
 
-void policy_cache_free(X509_POLICY_CACHE *cache);
+X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
+                                              const X509_POLICY_NODE *parent,
+                                              const ASN1_OBJECT *id);
 
-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
-                                  const X509_POLICY_NODE *parent,
-                                  const ASN1_OBJECT *id);
+X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+                                           const ASN1_OBJECT *id);
 
-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
-                               const ASN1_OBJECT *id);
+X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+                                             X509_POLICY_DATA *data,
+                                             X509_POLICY_NODE *parent,
+                                             X509_POLICY_TREE *tree);
+void ossl_policy_node_free(X509_POLICY_NODE *node);
+int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
+                           const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
 
-X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                                 X509_POLICY_DATA *data,
-                                 X509_POLICY_NODE *parent,
-                                 X509_POLICY_TREE *tree);
-void policy_node_free(X509_POLICY_NODE *node);
-int policy_node_match(const X509_POLICY_LEVEL *lvl,
-                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
-
-const X509_POLICY_CACHE *policy_cache_set(X509 *x);
+const X509_POLICY_CACHE *ossl_policy_cache_set(X509 *x);
diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
index a1210ef37f..b599ff9804 100644
--- a/crypto/x509/pcy_map.c
+++ b/crypto/x509/pcy_map.c
@@ -19,7 +19,7 @@
  * POLICY_MAPPINGS structure
  */
 
-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
 {
     POLICY_MAPPING *map;
     X509_POLICY_DATA *data;
@@ -40,16 +40,16 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
         }
 
         /* Attempt to find matching policy data */
-        data = policy_cache_find_data(cache, map->issuerDomainPolicy);
+        data = ossl_policy_cache_find_data(cache, map->issuerDomainPolicy);
         /* If we don't have anyPolicy can't map */
         if (data == NULL && !cache->anyPolicy)
             continue;
 
         /* Create a NODE from anyPolicy */
         if (data == NULL) {
-            data = policy_data_new(NULL, map->issuerDomainPolicy,
-                                   cache->anyPolicy->flags
-                                   & POLICY_DATA_FLAG_CRITICAL);
+            data = ossl_policy_data_new(NULL, map->issuerDomainPolicy,
+                                        cache->anyPolicy->flags
+                                        & POLICY_DATA_FLAG_CRITICAL);
             if (data == NULL)
                 goto bad_mapping;
             data->qualifier_set = cache->anyPolicy->qualifier_set;
@@ -59,7 +59,7 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
             data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
             data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
             if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
-                policy_data_free(data);
+                ossl_policy_data_free(data);
                 goto bad_mapping;
             }
         } else
diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
index 75207e0a10..c69ccd7b23 100644
--- a/crypto/x509/pcy_node.c
+++ b/crypto/x509/pcy_node.c
@@ -20,13 +20,13 @@ static int node_cmp(const X509_POLICY_NODE *const *a,
     return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
 }
 
-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
+STACK_OF(X509_POLICY_NODE) *ossl_policy_node_cmp_new(void)
 {
     return sk_X509_POLICY_NODE_new(node_cmp);
 }
 
-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
-                               const ASN1_OBJECT *id)
+X509_POLICY_NODE *ossl_policy_tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
+                                           const ASN1_OBJECT *id)
 {
     X509_POLICY_DATA n;
     X509_POLICY_NODE l;
@@ -40,9 +40,9 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
 
 }
 
-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
-                                  const X509_POLICY_NODE *parent,
-                                  const ASN1_OBJECT *id)
+X509_POLICY_NODE *ossl_policy_level_find_node(const X509_POLICY_LEVEL *level,
+                                              const X509_POLICY_NODE *parent,
+                                              const ASN1_OBJECT *id)
 {
     X509_POLICY_NODE *node;
     int i;
@@ -56,10 +56,10 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
     return NULL;
 }
 
-X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-                                 X509_POLICY_DATA *data,
-                                 X509_POLICY_NODE *parent,
-                                 X509_POLICY_TREE *tree)
+X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
+                                             X509_POLICY_DATA *data,
+                                             X509_POLICY_NODE *parent,
+                                             X509_POLICY_TREE *tree)
 {
     X509_POLICY_NODE *node;
 
@@ -78,7 +78,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
         } else {
 
             if (level->nodes == NULL)
-                level->nodes = policy_node_cmp_new();
+                level->nodes = ossl_policy_node_cmp_new();
             if (level->nodes == NULL) {
                 ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
                 goto node_error;
@@ -109,11 +109,11 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
     return node;
 
  node_error:
-    policy_node_free(node);
+    ossl_policy_node_free(node);
     return NULL;
 }
 
-void policy_node_free(X509_POLICY_NODE *node)
+void ossl_policy_node_free(X509_POLICY_NODE *node)
 {
     OPENSSL_free(node);
 }
@@ -123,8 +123,8 @@ void policy_node_free(X509_POLICY_NODE *node)
  * expected policy set otherwise just valid policy.
  */
 
-int policy_node_match(const X509_POLICY_LEVEL *lvl,
-                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
+int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
+                           const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
 {
     int i;
     ASN1_OBJECT *policy_oid;
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
index ab5c677ea1..fa45da5117 100644
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -113,7 +113,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
         X509_check_purpose(x, -1, 0);
 
         /* If cache is NULL, likely ENOMEM: return immediately */
-        if (policy_cache_set(x) == NULL)
+        if (ossl_policy_cache_set(x) == NULL)
             return X509_PCY_TREE_INTERNAL;
     }
 
@@ -139,7 +139,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
             return X509_PCY_TREE_INVALID;
 
         /* Access the cache which we now know exists */
-        cache = policy_cache_set(x);
+        cache = ossl_policy_cache_set(x);
 
         if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL)
             ret = X509_PCY_TREE_EMPTY;
@@ -177,10 +177,11 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
     }
     tree->nlevel = n+1;
     level = tree->levels;
-    if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+    if ((data = ossl_policy_data_new(NULL,
+                                     OBJ_nid2obj(NID_any_policy), 0)) == NULL)
         goto bad_tree;
-    if (level_add_node(level, data, NULL, tree) == NULL) {
-        policy_data_free(data);
+    if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
+        ossl_policy_data_free(data);
         goto bad_tree;
     }
 
@@ -193,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
         uint32_t ex_flags = X509_get_extension_flags(x);
 
         /* Access the cache which we now know exists */
-        cache = policy_cache_set(x);
+        cache = ossl_policy_cache_set(x);
 
         X509_up_ref(x);
         (++level)->cert = x;
@@ -247,14 +248,14 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
     for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
         X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
 
-        if (policy_node_match(last, node, data->valid_policy)) {
-            if (level_add_node(curr, data, node, NULL) == NULL)
+        if (ossl_policy_node_match(last, node, data->valid_policy)) {
+            if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
                 return 0;
             matched = 1;
         }
     }
     if (!matched && last->anyPolicy) {
-        if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+        if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
             return 0;
     }
     return 1;
@@ -300,14 +301,14 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
      * Create a new node with qualifiers from anyPolicy and id from unmatched
      * node.
      */
-    if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL)
+    if ((data = ossl_policy_data_new(NULL, id, node_critical(node))) == NULL)
         return 0;
 
     /* Curr may not have anyPolicy */
     data->qualifier_set = cache->anyPolicy->qualifier_set;
     data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-    if (level_add_node(curr, data, node, tree) == NULL) {
-        policy_data_free(data);
+    if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
+        ossl_policy_data_free(data);
         return 0;
     }
     return 1;
@@ -339,7 +340,7 @@ static int tree_link_unmatched(X509_POLICY_LEVEL *curr,
         /* Locate unmatched nodes */
         for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++) {
             ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i);
-            if (level_find_node(curr, node, oid))
+            if (ossl_policy_level_find_node(curr, node, oid))
                 continue;
             if (!tree_add_unmatched(curr, cache, oid, node, tree))
                 return 0;
@@ -368,7 +369,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
     }
     /* Finally add link to anyPolicy */
     if (last->anyPolicy &&
-        level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
+            ossl_policy_level_add_node(curr, cache->anyPolicy,
+                                       last->anyPolicy, NULL) == NULL)
         return 0;
     return 1;
 }
@@ -435,7 +437,7 @@ static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
                               X509_POLICY_NODE *pcy)
 {
     if (*pnodes == NULL &&
-        (*pnodes = policy_node_cmp_new()) == NULL)
+        (*pnodes = ossl_policy_node_cmp_new()) == NULL)
         return 0;
     if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0)
         return 1;
@@ -536,7 +538,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
 
     for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
         oid = sk_ASN1_OBJECT_value(policy_oids, i);
-        node = tree_find_sk(auth_nodes, oid);
+        node = ossl_policy_tree_find_sk(auth_nodes, oid);
         if (!node) {
             if (!anyPolicy)
                 continue;
@@ -544,13 +546,14 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
              * Create a new node with policy ID from user set and qualifiers
              * from anyPolicy.
              */
-            extra = policy_data_new(NULL, oid, node_critical(anyPolicy));
+            extra = ossl_policy_data_new(NULL, oid, node_critical(anyPolicy));
             if (extra == NULL)
                 return 0;
             extra->qualifier_set = anyPolicy->data->qualifier_set;
             extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
                 | POLICY_DATA_FLAG_EXTRA_NODE;
-            node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+            node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
+                                              tree);
         }
         if (!tree->user_policies) {
             tree->user_policies = sk_X509_POLICY_NODE_new_null();
@@ -576,7 +579,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
     const X509_POLICY_CACHE *cache;
 
     for (i = 1; i < tree->nlevel; i++, curr++) {
-        cache = policy_cache_set(curr->cert);
+        cache = ossl_policy_cache_set(curr->cert);
         if (!tree_link_nodes(curr, cache))
             return X509_PCY_TREE_INTERNAL;
 
@@ -610,11 +613,11 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree)
 
     for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
         X509_free(curr->cert);
-        sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
-        policy_node_free(curr->anyPolicy);
+        sk_X509_POLICY_NODE_pop_free(curr->nodes, ossl_policy_node_free);
+        ossl_policy_node_free(curr->anyPolicy);
     }
 
-    sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
+    sk_X509_POLICY_DATA_pop_free(tree->extra_data, ossl_policy_data_free);
     OPENSSL_free(tree->levels);
     OPENSSL_free(tree);
 
diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h
index 18f2c32485..67d83a9785 100644
--- a/crypto/x509/standard_exts.h
+++ b/crypto/x509/standard_exts.h
@@ -13,65 +13,65 @@
  */
 
 static const X509V3_EXT_METHOD *standard_exts[] = {
-    &v3_nscert,
-    &v3_ns_ia5_list[0],
-    &v3_ns_ia5_list[1],
-    &v3_ns_ia5_list[2],
-    &v3_ns_ia5_list[3],
-    &v3_ns_ia5_list[4],
-    &v3_ns_ia5_list[5],
-    &v3_ns_ia5_list[6],
-    &v3_skey_id,
-    &v3_key_usage,
-    &v3_pkey_usage_period,
-    &v3_alt[0],
-    &v3_alt[1],
-    &v3_bcons,
-    &v3_crl_num,
-    &v3_cpols,
-    &v3_akey_id,
-    &v3_crld,
-    &v3_ext_ku,
-    &v3_delta_crl,
-    &v3_crl_reason,
+    &ossl_v3_nscert,
+    &ossl_v3_ns_ia5_list[0],
+    &ossl_v3_ns_ia5_list[1],
+    &ossl_v3_ns_ia5_list[2],
+    &ossl_v3_ns_ia5_list[3],
+    &ossl_v3_ns_ia5_list[4],
+    &ossl_v3_ns_ia5_list[5],
+    &ossl_v3_ns_ia5_list[6],
+    &ossl_v3_skey_id,
+    &ossl_v3_key_usage,
+    &ossl_v3_pkey_usage_period,
+    &ossl_v3_alt[0],
+    &ossl_v3_alt[1],
+    &ossl_v3_bcons,
+    &ossl_v3_crl_num,
+    &ossl_v3_cpols,
+    &ossl_v3_akey_id,
+    &ossl_v3_crld,
+    &ossl_v3_ext_ku,
+    &ossl_v3_delta_crl,
+    &ossl_v3_crl_reason,
 #ifndef OPENSSL_NO_OCSP
-    &v3_crl_invdate,
+    &ossl_v3_crl_invdate,
 #endif
-    &v3_sxnet,
-    &v3_info,
+    &ossl_v3_sxnet,
+    &ossl_v3_info,
 #ifndef OPENSSL_NO_RFC3779
-    &v3_addr,
-    &v3_asid,
+    &ossl_v3_addr,
+    &ossl_v3_asid,
 #endif
 #ifndef OPENSSL_NO_OCSP
-    &v3_ocsp_nonce,
-    &v3_ocsp_crlid,
-    &v3_ocsp_accresp,
-    &v3_ocsp_nocheck,
-    &v3_ocsp_acutoff,
-    &v3_ocsp_serviceloc,
+    &ossl_v3_ocsp_nonce,
+    &ossl_v3_ocsp_crlid,
+    &ossl_v3_ocsp_accresp,
+    &ossl_v3_ocsp_nocheck,
+    &ossl_v3_ocsp_acutoff,
+    &ossl_v3_ocsp_serviceloc,
 #endif
-    &v3_sinfo,
-    &v3_policy_constraints,
+    &ossl_v3_sinfo,
+    &ossl_v3_policy_constraints,
 #ifndef OPENSSL_NO_OCSP
-    &v3_crl_hold,
+    &ossl_v3_crl_hold,
 #endif
-    &v3_pci,
-    &v3_name_constraints,
-    &v3_policy_mappings,
-    &v3_inhibit_anyp,
-    &v3_idp,
-    &v3_alt[2],
-    &v3_freshest_crl,
+    &ossl_v3_pci,
+    &ossl_v3_name_constraints,
+    &ossl_v3_policy_mappings,
+    &ossl_v3_inhibit_anyp,
+    &ossl_v3_idp,
+    &ossl_v3_alt[2],
+    &ossl_v3_freshest_crl,
 #ifndef OPENSSL_NO_CT
-    &v3_ct_scts[0],
-    &v3_ct_scts[1],
-    &v3_ct_scts[2],
+    &ossl_v3_ct_scts[0],
+    &ossl_v3_ct_scts[1],
+    &ossl_v3_ct_scts[2],
 #endif
-    &v3_utf8_list[0],
-    &v3_issuer_sign_tool,
-    &v3_tls_feature,
-    &v3_ext_admission
+    &ossl_v3_utf8_list[0],
+    &ossl_v3_issuer_sign_tool,
+    &ossl_v3_tls_feature,
+    &ossl_v3_ext_admission
 };
 
 /* Number of standard extensions */
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 48be16eae8..5ae952ad1f 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -140,11 +140,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
             goto err;
         if (BIO_write(bp, "            Not Before: ", 24) <= 0)
             goto err;
-        if (asn1_time_print_ex(bp, X509_get0_notBefore(x)) == 0)
+        if (ossl_asn1_time_print_ex(bp, X509_get0_notBefore(x)) == 0)
             goto err;
         if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
             goto err;
-        if (asn1_time_print_ex(bp, X509_get0_notAfter(x)) == 0)
+        if (ossl_asn1_time_print_ex(bp, X509_get0_notAfter(x)) == 0)
             goto err;
         if (BIO_write(bp, "\n", 1) <= 0)
             goto err;
@@ -386,7 +386,7 @@ int X509_aux_print(BIO *out, X509 *x, int indent)
  * Helper functions for improving certificate verification error diagnostics
  */
 
-int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags)
+int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags)
 {
     unsigned long flags = ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE |
         XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN;
@@ -428,7 +428,7 @@ static int print_certs(BIO *bio, const STACK_OF(X509) *certs)
         X509 *cert = sk_X509_value(certs, i);
 
         if (cert != NULL) {
-            if (!x509_print_ex_brief(bio, cert, 0))
+            if (!ossl_x509_print_ex_brief(bio, cert, 0))
                 return 0;
             if (!X509V3_extensions_print(bio, NULL,
                                          X509_get0_extensions(cert),
@@ -495,8 +495,8 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx)
         }
 
         BIO_printf(bio, "Failure for:\n");
-        x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx),
-                            X509_FLAG_NO_EXTENSIONS);
+        ossl_x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx),
+                                 X509_FLAG_NO_EXTENSIONS);
         if (cert_error == X509_V_ERR_CERT_UNTRUSTED
                 || cert_error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
                 || cert_error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c
index b7dd889087..f36443a8f8 100644
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@@ -908,14 +908,14 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
         const char *addr_chars = NULL;
         int prefixlen, i1, i2, delim, length;
 
-        if (!v3_name_cmp(val->name, "IPv4")) {
+        if (!ossl_v3_name_cmp(val->name, "IPv4")) {
             afi = IANA_AFI_IPV4;
-        } else if (!v3_name_cmp(val->name, "IPv6")) {
+        } else if (!ossl_v3_name_cmp(val->name, "IPv6")) {
             afi = IANA_AFI_IPV6;
-        } else if (!v3_name_cmp(val->name, "IPv4-SAFI")) {
+        } else if (!ossl_v3_name_cmp(val->name, "IPv4-SAFI")) {
             afi = IANA_AFI_IPV4;
             safi = &safi_;
-        } else if (!v3_name_cmp(val->name, "IPv6-SAFI")) {
+        } else if (!ossl_v3_name_cmp(val->name, "IPv6-SAFI")) {
             afi = IANA_AFI_IPV6;
             safi = &safi_;
         } else {
@@ -977,7 +977,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
         delim = s[i2++];
         s[i1] = '\0';
 
-        if (a2i_ipadd(min, s) != length) {
+        if (ossl_a2i_ipadd(min, s) != length) {
             ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_IPADDRESS);
             X509V3_conf_add_error_name_value(val);
             goto err;
@@ -1004,7 +1004,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
                 X509V3_conf_add_error_name_value(val);
                 goto err;
             }
-            if (a2i_ipadd(max, s + i1) != length) {
+            if (ossl_a2i_ipadd(max, s + i1) != length) {
                 ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_IPADDRESS);
                 X509V3_conf_add_error_name_value(val);
                 goto err;
@@ -1051,7 +1051,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
 /*
  * OpenSSL dispatch
  */
-const X509V3_EXT_METHOD v3_addr = {
+const X509V3_EXT_METHOD ossl_v3_addr = {
     NID_sbgp_ipAddrBlock,       /* nid */
     0,                          /* flags */
     ASN1_ITEM_ref(IPAddrBlocks), /* template */
diff --git a/crypto/x509/v3_admis.c b/crypto/x509/v3_admis.c
index 0dfd088eb4..1b6848b226 100644
--- a/crypto/x509/v3_admis.c
+++ b/crypto/x509/v3_admis.c
@@ -53,7 +53,7 @@ IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
 static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
                                 BIO *bp, int ind);
 
-const X509V3_EXT_METHOD v3_ext_admission = {
+const X509V3_EXT_METHOD ossl_v3_ext_admission = {
     NID_x509ExtAdmission,   /* .ext_nid = */
     0,                      /* .ext_flags = */
     ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */
diff --git a/crypto/x509/v3_akid.c b/crypto/x509/v3_akid.c
index c59b72a170..c8693a4ef5 100644
--- a/crypto/x509/v3_akid.c
+++ b/crypto/x509/v3_akid.c
@@ -24,7 +24,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                                             X509V3_CTX *ctx,
                                             STACK_OF(CONF_VALUE) *values);
 
-const X509V3_EXT_METHOD v3_akey_id = {
+const X509V3_EXT_METHOD ossl_v3_akey_id = {
     NID_authority_key_identifier,
     X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
     0, 0, 0, 0,
@@ -136,7 +136,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
             X509_PUBKEY *pubkey = NULL;
 
             if (X509_PUBKEY_set(&pubkey, ctx->issuer_pkey))
-                ikeyid = x509_pubkey_hash(pubkey);
+                ikeyid = ossl_x509_pubkey_hash(pubkey);
             X509_PUBKEY_free(pubkey);
         }
         if ((keyid == 2 || issuer == 0)
diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c
index 45840a0073..b3b4bf5d21 100644
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@@ -528,9 +528,9 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
         /*
          * Figure out whether this is an AS or an RDI.
          */
-        if (!v3_name_cmp(val->name, "AS")) {
+        if (!ossl_v3_name_cmp(val->name, "AS")) {
             which = V3_ASID_ASNUM;
-        } else if (!v3_name_cmp(val->name, "RDI")) {
+        } else if (!ossl_v3_name_cmp(val->name, "RDI")) {
             which = V3_ASID_RDI;
         } else {
             ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR);
@@ -624,7 +624,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
 /*
  * OpenSSL dispatch.
  */
-const X509V3_EXT_METHOD v3_asid = {
+const X509V3_EXT_METHOD ossl_v3_asid = {
     NID_sbgp_autonomousSysNum,  /* nid */
     0,                          /* flags */
     ASN1_ITEM_ref(ASIdentifiers), /* template */
diff --git a/crypto/x509/v3_bcons.c b/crypto/x509/v3_bcons.c
index 27eba96dd6..f6d1faf604 100644
--- a/crypto/x509/v3_bcons.c
+++ b/crypto/x509/v3_bcons.c
@@ -24,7 +24,7 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
                                                 X509V3_CTX *ctx,
                                                 STACK_OF(CONF_VALUE) *values);
 
-const X509V3_EXT_METHOD v3_bcons = {
+const X509V3_EXT_METHOD ossl_v3_bcons = {
     NID_basic_constraints, 0,
     ASN1_ITEM_ref(BASIC_CONSTRAINTS),
     0, 0, 0, 0,
diff --git a/crypto/x509/v3_bitst.c b/crypto/x509/v3_bitst.c
index 0caa338ff0..53ac4df9d6 100644
--- a/crypto/x509/v3_bitst.c
+++ b/crypto/x509/v3_bitst.c
@@ -38,9 +38,9 @@ static BIT_STRING_BITNAME key_usage_type_table[] = {
     {-1, NULL, NULL}
 };
 
-const X509V3_EXT_METHOD v3_nscert =
+const X509V3_EXT_METHOD ossl_v3_nscert =
 EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
-const X509V3_EXT_METHOD v3_key_usage =
+const X509V3_EXT_METHOD ossl_v3_key_usage =
 EXT_BITSTRING(NID_key_usage, key_usage_type_table);
 
 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index 55aa5cac05..40dc1e3d44 100644
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -35,7 +35,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
 static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len);
 static int displaytext_get_tag_len(const char *tagstr);
 
-const X509V3_EXT_METHOD v3_cpols = {
+const X509V3_EXT_METHOD ossl_v3_cpols = {
     NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
     0, 0, 0, 0,
     0, 0,
@@ -185,7 +185,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
             }
             pol->policyid = pobj;
 
-        } else if (!v3_name_cmp(cnf->name, "CPS")) {
+        } else if (!ossl_v3_name_cmp(cnf->name, "CPS")) {
             if (pol->qualifiers == NULL)
                 pol->qualifiers = sk_POLICYQUALINFO_new_null();
             if ((qual = POLICYQUALINFO_new()) == NULL)
@@ -201,7 +201,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
             if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
                                  strlen(cnf->value)))
                 goto merr;
-        } else if (!v3_name_cmp(cnf->name, "userNotice")) {
+        } else if (!ossl_v3_name_cmp(cnf->name, "userNotice")) {
             STACK_OF(CONF_VALUE) *unot;
             if (*cnf->value != '@') {
                 ERR_raise(ERR_LIB_X509V3, X509V3_R_EXPECTED_A_SECTION_NAME);
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index 5a3e4206fd..b36982b2f6 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -23,7 +23,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method,
 static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
                      int indent);
 
-const X509V3_EXT_METHOD v3_crld = {
+const X509V3_EXT_METHOD ossl_v3_crld = {
     NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
     0, 0, 0, 0,
     0, 0,
@@ -33,7 +33,7 @@ const X509V3_EXT_METHOD v3_crld = {
     NULL
 };
 
-const X509V3_EXT_METHOD v3_freshest_crl = {
+const X509V3_EXT_METHOD ossl_v3_freshest_crl = {
     NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
     0, 0, 0, 0,
     0, 0,
@@ -344,7 +344,7 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
 static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                      STACK_OF(CONF_VALUE) *nval);
 
-const X509V3_EXT_METHOD v3_idp = {
+const X509V3_EXT_METHOD ossl_v3_idp = {
     NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
     ASN1_ITEM_ref(ISSUING_DIST_POINT),
     0, 0, 0, 0,
diff --git a/crypto/x509/v3_enum.c b/crypto/x509/v3_enum.c
index 5dfb257fb4..0bbd19b67b 100644
--- a/crypto/x509/v3_enum.c
+++ b/crypto/x509/v3_enum.c
@@ -29,7 +29,7 @@ static ENUMERATED_NAMES crl_reasons[] = {
     {-1, NULL, NULL}
 };
 
-const X509V3_EXT_METHOD v3_crl_reason = {
+const X509V3_EXT_METHOD ossl_v3_crl_reason = {
     NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
     0, 0, 0, 0,
     (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.c
index 753733323e..fa114fee3a 100644
--- a/crypto/x509/v3_extku.c
+++ b/crypto/x509/v3_extku.c
@@ -21,7 +21,7 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD
                                                     *method, void *eku, STACK_OF(CONF_VALUE)
                                                     *extlist);
 
-const X509V3_EXT_METHOD v3_ext_ku = {
+const X509V3_EXT_METHOD ossl_v3_ext_ku = {
     NID_ext_key_usage, 0,
     ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
     0, 0, 0, 0,
@@ -33,7 +33,7 @@ const X509V3_EXT_METHOD v3_ext_ku = {
 };
 
 /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
-const X509V3_EXT_METHOD v3_ocsp_accresp = {
+const X509V3_EXT_METHOD ossl_v3_ocsp_accresp = {
     NID_id_pkix_OCSP_acceptableResponses, 0,
     ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
     0, 0, 0, 0,
diff --git a/crypto/x509/v3_ia5.c b/crypto/x509/v3_ia5.c
index 89eececd50..2697ef4da6 100644
--- a/crypto/x509/v3_ia5.c
+++ b/crypto/x509/v3_ia5.c
@@ -14,7 +14,7 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-const X509V3_EXT_METHOD v3_ns_ia5_list[8] = {
+const X509V3_EXT_METHOD ossl_v3_ns_ia5_list[8] = {
     EXT_IA5STRING(NID_netscape_base_url),
     EXT_IA5STRING(NID_netscape_revocation_url),
     EXT_IA5STRING(NID_netscape_ca_revocation_url),
diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c
index 053e591088..ebef011d0e 100644
--- a/crypto/x509/v3_info.c
+++ b/crypto/x509/v3_info.c
@@ -25,7 +25,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
                                                         STACK_OF(CONF_VALUE)
                                                         *nval);
 
-const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
+const X509V3_EXT_METHOD ossl_v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
     ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
     0, 0, 0, 0,
     0, 0,
@@ -35,7 +35,7 @@ const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
     NULL
 };
 
-const X509V3_EXT_METHOD v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE,
+const X509V3_EXT_METHOD ossl_v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE,
     ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
     0, 0, 0, 0,
     0, 0,
diff --git a/crypto/x509/v3_int.c b/crypto/x509/v3_int.c
index bd8debfafa..72e0fb38bf 100644
--- a/crypto/x509/v3_int.c
+++ b/crypto/x509/v3_int.c
@@ -12,7 +12,7 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-const X509V3_EXT_METHOD v3_crl_num = {
+const X509V3_EXT_METHOD ossl_v3_crl_num = {
     NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
     0, 0, 0, 0,
     (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
@@ -20,7 +20,7 @@ const X509V3_EXT_METHOD v3_crl_num = {
     0, 0, 0, 0, NULL
 };
 
-const X509V3_EXT_METHOD v3_delta_crl = {
+const X509V3_EXT_METHOD ossl_v3_delta_crl = {
     NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
     0, 0, 0, 0,
     (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
@@ -34,7 +34,7 @@ static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
     return s2i_ASN1_INTEGER(meth, value);
 }
 
-const X509V3_EXT_METHOD v3_inhibit_anyp = {
+const X509V3_EXT_METHOD ossl_v3_inhibit_anyp = {
     NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
     0, 0, 0, 0,
     (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c
index da9b4f2421..a8ccfb243f 100644
--- a/crypto/x509/v3_ist.c
+++ b/crypto/x509/v3_ist.c
@@ -134,7 +134,7 @@ static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method,
     return 1;
 }
 
-const X509V3_EXT_METHOD v3_issuer_sign_tool = {
+const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool = {
     NID_issuerSignTool,                   /* nid */
     X509V3_EXT_MULTILINE,                 /* flags */
     ASN1_ITEM_ref(ISSUER_SIGN_TOOL),      /* template */
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index 0eddfd07f6..38d077ea35 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -39,7 +39,7 @@ static int nc_email_eai(ASN1_UTF8STRING *sub, ASN1_IA5STRING *eml);
 static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
 static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base);
 
-const X509V3_EXT_METHOD v3_name_constraints = {
+const X509V3_EXT_METHOD ossl_v3_name_constraints = {
     NID_name_constraints, 0,
     ASN1_ITEM_ref(NAME_CONSTRAINTS),
     0, 0, 0, 0,
@@ -193,8 +193,8 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
     /* ip->length should be 8 or 32 and len1 == len2 == 4 or len1 == len2 == 16 */
     int len1 = ip->length >= 16 ? 16 : ip->length >= 4 ? 4 : ip->length;
     int len2 = ip->length - len1;
-    char *ip1 = ipaddr_to_asc(ip->data, len1);
-    char *ip2 = ipaddr_to_asc(ip->data + len1, len2);
+    char *ip1 = ossl_ipaddr_to_asc(ip->data, len1);
+    char *ip2 = ossl_ipaddr_to_asc(ip->data + len1, len2);
     int ret = ip1 != NULL && ip2 != NULL
         && BIO_printf(bp, "IP:%s/%s", ip1, ip2) > 0;
 
diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c
index bb9fc79ccc..6c2a20b584 100644
--- a/crypto/x509/v3_pci.c
+++ b/crypto/x509/v3_pci.c
@@ -54,7 +54,7 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
                                           X509V3_CTX *ctx, char *str);
 
-const X509V3_EXT_METHOD v3_pci =
+const X509V3_EXT_METHOD ossl_v3_pci =
     { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
     0, 0, 0, 0,
     0, 0,
diff --git a/crypto/x509/v3_pcons.c b/crypto/x509/v3_pcons.c
index a8e8ab299f..b30a8e941d 100644
--- a/crypto/x509/v3_pcons.c
+++ b/crypto/x509/v3_pcons.c
@@ -22,7 +22,7 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                     X509V3_CTX *ctx,
                                     STACK_OF(CONF_VALUE) *values);
 
-const X509V3_EXT_METHOD v3_policy_constraints = {
+const X509V3_EXT_METHOD ossl_v3_policy_constraints = {
     NID_policy_constraints, 0,
     ASN1_ITEM_ref(POLICY_CONSTRAINTS),
     0, 0, 0, 0,
diff --git a/crypto/x509/v3_pku.c b/crypto/x509/v3_pku.c
index 484dda813f..fef268472a 100644
--- a/crypto/x509/v3_pku.c
+++ b/crypto/x509/v3_pku.c
@@ -18,7 +18,7 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
                                  PKEY_USAGE_PERIOD *usage, BIO *out,
                                  int indent);
 
-const X509V3_EXT_METHOD v3_pkey_usage_period = {
+const X509V3_EXT_METHOD ossl_v3_pkey_usage_period = {
     NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
     0, 0, 0, 0,
     0, 0, 0, 0,
diff --git a/crypto/x509/v3_pmaps.c b/crypto/x509/v3_pmaps.c
index 0a76b2f38d..7d867cf6d8 100644
--- a/crypto/x509/v3_pmaps.c
+++ b/crypto/x509/v3_pmaps.c
@@ -20,7 +20,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
                                                  *method, void *pmps, STACK_OF(CONF_VALUE)
                                                  *extlist);
 
-const X509V3_EXT_METHOD v3_policy_mappings = {
+const X509V3_EXT_METHOD ossl_v3_policy_mappings = {
     NID_policy_mappings, 0,
     ASN1_ITEM_ref(POLICY_MAPPINGS),
     0, 0, 0, 0,
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index ee2d3c7289..b98fc584ff 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -83,7 +83,7 @@ int X509_check_purpose(X509 *x, int id, int require_ca)
     int idx;
     const X509_PURPOSE *pt;
 
-    if (!x509v3_cache_extensions(x))
+    if (!ossl_x509v3_cache_extensions(x))
         return -1;
     if (id == -1)
         return 1;
@@ -395,7 +395,7 @@ static int check_sig_alg_match(const EVP_PKEY *issuer_key, const X509 *subject)
  * X509_SIG_INFO_VALID is set in x->flags if x->siginf was filled successfully.
  * Set EXFLAG_INVALID and return 0 in case the certificate is invalid.
  */
-int x509v3_cache_extensions(X509 *x)
+int ossl_x509v3_cache_extensions(X509 *x)
 {
     BASIC_CONSTRAINTS *bs;
     PROXY_CERT_INFO_EXTENSION *pci;
@@ -559,7 +559,7 @@ int x509v3_cache_extensions(X509 *x)
                 /* .. and the signature alg matches the PUBKEY alg: */
                 && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK)
             x->ex_flags |= EXFLAG_SS; /* indicate self-signed */
-        /* This is very related to x509_likely_issued(x, x) == X509_V_OK */
+        /* This is very related to ossl_x509_likely_issued(x, x) == X509_V_OK */
     }
 
     /* Handle subject alternative names and various other extensions */
@@ -616,7 +616,7 @@ int x509v3_cache_extensions(X509 *x)
     }
 
     /* Set x->siginf, ignoring errors due to unsupported algos */
-    (void)x509_init_sig_info(x);
+    (void)ossl_x509_init_sig_info(x);
 
     x->ex_flags |= EXFLAG_SET; /* Indicate that cert has been processed */
 #ifdef tsan_st_rel
@@ -692,7 +692,7 @@ void X509_set_proxy_pathlen(X509 *x, long l)
 int X509_check_ca(X509 *x)
 {
     /* Note 0 normally means "not a CA" - but in this case means error. */
-    if (!x509v3_cache_extensions(x))
+    if (!ossl_x509v3_cache_extensions(x))
         return 0;
 
     return check_ca(x);
@@ -904,13 +904,13 @@ int X509_check_issued(X509 *issuer, X509 *subject)
 {
     int ret;
 
-    if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK)
+    if ((ret = ossl_x509_likely_issued(issuer, subject)) != X509_V_OK)
         return ret;
-    return x509_signing_allowed(issuer, subject);
+    return ossl_x509_signing_allowed(issuer, subject);
 }
 
-/* Do the checks 1., 2., and 3. as described above for X509_check_issued() */
-int x509_likely_issued(X509 *issuer, X509 *subject)
+/* do the checks 1., 2., and 3. as described above for X509_check_issued() */
+int ossl_x509_likely_issued(X509 *issuer, X509 *subject)
 {
     int ret;
 
@@ -918,9 +918,9 @@ int x509_likely_issued(X509 *issuer, X509 *subject)
                       X509_get_issuer_name(subject)) != 0)
         return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
 
-    /* Set issuer->skid and subject->akid */
-    if (!x509v3_cache_extensions(issuer)
-            || !x509v3_cache_extensions(subject))
+    /* set issuer->skid and subject->akid */
+    if (!ossl_x509v3_cache_extensions(issuer)
+            || !ossl_x509v3_cache_extensions(subject))
         return X509_V_ERR_UNSPECIFIED;
 
     ret = X509_check_akid(issuer, subject->akid);
@@ -938,7 +938,7 @@ int x509_likely_issued(X509 *issuer, X509 *subject)
  * Returns 0 for OK, or positive for reason for rejection
  * where reason codes match those for X509_verify_cert().
  */
-int x509_signing_allowed(const X509 *issuer, const X509 *subject)
+int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject)
 {
     if (subject->ex_flags & EXFLAG_PROXY) {
         if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index 2367c52400..ef9200cbaa 100644
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -25,7 +25,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
 static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
 
-const X509V3_EXT_METHOD v3_alt[3] = {
+const X509V3_EXT_METHOD ossl_v3_alt[3] = {
     {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
      0, 0, 0, 0,
      0, 0,
@@ -178,7 +178,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
         break;
 
     case GEN_IPADD:
-        tmp = ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length);
+        tmp = ossl_ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length);
         if (tmp == NULL || !X509V3_add_value("IP Address", tmp, &ret))
             ret = NULL;
         OPENSSL_free(tmp);
@@ -267,7 +267,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
         break;
 
     case GEN_IPADD:
-        tmp = ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length);
+        tmp = ossl_ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length);
         if (tmp == NULL)
             return 0;
         BIO_printf(out, "IP Address:%s", tmp);
@@ -298,7 +298,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
     for (i = 0; i < num; i++) {
         CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
 
-        if (!v3_name_cmp(cnf->name, "issuer")
+        if (!ossl_v3_name_cmp(cnf->name, "issuer")
             && cnf->value && strcmp(cnf->value, "copy") == 0) {
             if (!copy_issuer(ctx, gens))
                 goto err;
@@ -377,11 +377,11 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
 
     for (i = 0; i < num; i++) {
         cnf = sk_CONF_VALUE_value(nval, i);
-        if (!v3_name_cmp(cnf->name, "email")
+        if (!ossl_v3_name_cmp(cnf->name, "email")
             && cnf->value && strcmp(cnf->value, "copy") == 0) {
             if (!copy_email(ctx, gens, 0))
                 goto err;
-        } else if (!v3_name_cmp(cnf->name, "email")
+        } else if (!ossl_v3_name_cmp(cnf->name, "email")
                    && cnf->value && strcmp(cnf->value, "move") == 0) {
             if (!copy_email(ctx, gens, 1))
                 goto err;
@@ -597,19 +597,19 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
         return NULL;
     }
 
-    if (!v3_name_cmp(name, "email"))
+    if (!ossl_v3_name_cmp(name, "email"))
         type = GEN_EMAIL;
-    else if (!v3_name_cmp(name, "URI"))
+    else if (!ossl_v3_name_cmp(name, "URI"))
         type = GEN_URI;
-    else if (!v3_name_cmp(name, "DNS"))
+    else if (!ossl_v3_name_cmp(name, "DNS"))
         type = GEN_DNS;
-    else if (!v3_name_cmp(name, "RID"))
+    else if (!ossl_v3_name_cmp(name, "RID"))
         type = GEN_RID;
-    else if (!v3_name_cmp(name, "IP"))
+    else if (!ossl_v3_name_cmp(name, "IP"))
         type = GEN_IPADD;
-    else if (!v3_name_cmp(name, "dirName"))
+    else if (!ossl_v3_name_cmp(name, "dirName"))
         type = GEN_DIRNAME;
-    else if (!v3_name_cmp(name, "otherName"))
+    else if (!ossl_v3_name_cmp(name, "otherName"))
         type = GEN_OTHERNAME;
     else {
         ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_OPTION,
diff --git a/crypto/x509/v3_skid.c b/crypto/x509/v3_skid.c
index 44a28396eb..8a8718d77a 100644
--- a/crypto/x509/v3_skid.c
+++ b/crypto/x509/v3_skid.c
@@ -15,7 +15,7 @@
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_skey_id = {
+const X509V3_EXT_METHOD ossl_v3_skey_id = {
     NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
     0, 0, 0, 0,
     (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
@@ -52,7 +52,7 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
 
 }
 
-ASN1_OCTET_STRING *x509_pubkey_hash(X509_PUBKEY *pubkey)
+ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey)
 {
     ASN1_OCTET_STRING *oct;
     const unsigned char *pk;
@@ -94,7 +94,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
         return NULL;
     }
 
-    return x509_pubkey_hash(ctx->subject_req != NULL ?
-                            ctx->subject_req->req_info.pubkey :
-                            ctx->subject_cert->cert_info.key);
+    return ossl_x509_pubkey_hash(ctx->subject_req != NULL ?
+                                 ctx->subject_req->req_info.pubkey :
+                                 ctx->subject_cert->cert_info.key);
 }
diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c
index 6e2b796a38..72b8b24043 100644
--- a/crypto/x509/v3_sxnet.c
+++ b/crypto/x509/v3_sxnet.c
@@ -25,7 +25,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
 static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                         STACK_OF(CONF_VALUE) *nval);
 #endif
-const X509V3_EXT_METHOD v3_sxnet = {
+const X509V3_EXT_METHOD ossl_v3_sxnet = {
     NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
     0, 0, 0, 0,
     0, 0,
diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c
index 77904b5a1f..899d590ef2 100644
--- a/crypto/x509/v3_tlsf.c
+++ b/crypto/x509/v3_tlsf.c
@@ -29,7 +29,7 @@ static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE)
 
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
 
-const X509V3_EXT_METHOD v3_tls_feature = {
+const X509V3_EXT_METHOD ossl_v3_tls_feature = {
     NID_tlsfeature, 0,
     ASN1_ITEM_ref(TLS_FEATURE),
     0, 0, 0, 0,
diff --git a/crypto/x509/v3_utf8.c b/crypto/x509/v3_utf8.c
index 1ded239e95..1c4f79c4cd 100644
--- a/crypto/x509/v3_utf8.c
+++ b/crypto/x509/v3_utf8.c
@@ -22,7 +22,7 @@
  */
 
 
-const X509V3_EXT_METHOD v3_utf8_list[1] = {
+const X509V3_EXT_METHOD ossl_v3_utf8_list[1] = {
     EXT_UTF8STRING(NID_subjectSignTool),
 };
 
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index 4a8380d362..3cb4650027 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -398,7 +398,7 @@ static char *strip_spaces(char *name)
  * V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
  */
 
-int v3_name_cmp(const char *name, const char *cmp)
+int ossl_v3_name_cmp(const char *name, const char *cmp)
 {
     int len, ret;
     char c;
@@ -972,13 +972,13 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
 
     if (ipasc == NULL)
         return -2;
-    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc);
     if (iplen == 0)
         return -2;
     return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
 }
 
-char *ipaddr_to_asc(unsigned char *p, int len)
+char *ossl_ipaddr_to_asc(unsigned char *p, int len)
 {
     /*
      * 40 is enough space for the longest IPv6 address + nul terminator byte
@@ -1022,7 +1022,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
 
     /* If string contains a ':' assume IPv6 */
 
-    iplen = a2i_ipadd(ipout, ipasc);
+    iplen = ossl_a2i_ipadd(ipout, ipasc);
 
     if (!iplen)
         return NULL;
@@ -1053,12 +1053,12 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     p = iptmp + (p - ipasc);
     *p++ = 0;
 
-    iplen1 = a2i_ipadd(ipout, iptmp);
+    iplen1 = ossl_a2i_ipadd(ipout, iptmp);
 
     if (!iplen1)
         goto err;
 
-    iplen2 = a2i_ipadd(ipout + iplen1, p);
+    iplen2 = ossl_a2i_ipadd(ipout + iplen1, p);
 
     OPENSSL_free(iptmp);
     iptmp = NULL;
@@ -1080,7 +1080,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     return NULL;
 }
 
-int a2i_ipadd(unsigned char *ipout, const char *ipasc)
+int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc)
 {
     /* If string contains a ':' assume IPv6 */
 
diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h
index 1467aca1ff..fa9f4b8800 100644
--- a/crypto/x509/x509_local.h
+++ b/crypto/x509/x509_local.h
@@ -39,7 +39,7 @@ struct X509_VERIFY_PARAM_st {
 };
 
 /* No error callback if depth < 0 */
-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
+int ossl_x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
 
 /* a sequence of these are used */
 struct x509_attributes_st {
@@ -155,7 +155,5 @@ DEFINE_STACK_OF(BY_DIR_ENTRY)
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 
-void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
-                             const ASN1_STRING *sig);
-int x509_likely_issued(X509 *issuer, X509 *subject);
-int x509_signing_allowed(const X509 *issuer, const X509 *subject);
+int ossl_x509_likely_issued(X509 *issuer, X509 *subject);
+int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject);
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 96dfe83eef..0bd23c21b1 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -738,7 +738,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
     }
     /* If certificate matches and is currently valid all OK */
     if (ctx->check_issued(ctx, x, obj->data.x509)) {
-        if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
+        if (ossl_x509_check_cert_time(ctx, obj->data.x509, -1)) {
             *issuer = obj->data.x509;
             if (!X509_up_ref(*issuer)) {
                 *issuer = NULL;
@@ -774,7 +774,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
             if (ctx->check_issued(ctx, x, pobj->data.x509)) {
                 ret = 1;
                 /* If times check fine, exit with match, else keep looking. */
-                if (x509_check_cert_time(ctx, pobj->data.x509, -1)) {
+                if (ossl_x509_check_cert_time(ctx, pobj->data.x509, -1)) {
                     *issuer = pobj->data.x509;
                     break;
                 }
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 52b9792d8f..9dd822c223 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -61,7 +61,7 @@ int X509_set_subject_name(X509 *x, const X509_NAME *name)
     return X509_NAME_set(&x->cert_info.subject, name);
 }
 
-int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
+int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
 {
     ASN1_TIME *in;
     in = *ptm;
@@ -79,14 +79,14 @@ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
 {
     if (x == NULL)
         return 0;
-    return x509_set1_time(&x->cert_info.validity.notBefore, tm);
+    return ossl_x509_set1_time(&x->cert_info.validity.notBefore, tm);
 }
 
 int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
 {
     if (x == NULL)
         return 0;
-    return x509_set1_time(&x->cert_info.validity.notAfter, tm);
+    return ossl_x509_set1_time(&x->cert_info.validity.notAfter, tm);
 }
 
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
@@ -270,7 +270,7 @@ static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
 }
 
 /* Returns 1 on success, 0 on failure */
-int x509_init_sig_info(X509 *x)
+int ossl_x509_init_sig_info(X509 *x)
 {
     return x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
 }
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 5174a67bed..6c6d5442f2 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -85,7 +85,7 @@ static int null_callback(int ok, X509_STORE_CTX *e)
 /*-
  * Return 1 if given cert is considered self-signed, 0 if not, or -1 on error.
  * This actually verifies self-signedness only if requested.
- * It calls X509v3_cache_extensions()
+ * It calls ossl_x509v3_cache_extensions()
  * to match issuer and subject names (i.e., the cert being self-issued) and any
  * present authority key identifier to match the subject key identifier, etc.
  */
@@ -97,7 +97,7 @@ int X509_self_signed(X509 *cert, int verify_signature)
         ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
         return -1;
     }
-    if (!x509v3_cache_extensions(cert))
+    if (!ossl_x509v3_cache_extensions(cert))
         return -1;
     if ((cert->ex_flags & EXFLAG_SS) == 0)
         return 0;
@@ -329,7 +329,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
         if (ctx->check_issued(ctx, x, issuer)
             && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
                 || !sk_X509_contains(ctx->chain, issuer))) {
-            if (x509_check_cert_time(ctx, issuer, -1))
+            if (ossl_x509_check_cert_time(ctx, issuer, -1))
                 return issuer;
             if (rv == NULL || ASN1_TIME_compare(X509_get0_notAfter(issuer),
                                                 X509_get0_notAfter(rv)) > 0)
@@ -342,7 +342,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 /* Check that the given certificate 'x' is issued by the certificate 'issuer' */
 static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 {
-    int err = x509_likely_issued(issuer, x);
+    int err = ossl_x509_likely_issued(issuer, x);
 
     if (err == X509_V_OK)
         return 1;
@@ -1701,7 +1701,7 @@ static int check_policy(X509_STORE_CTX *ctx)
  *
  * Return 1 on success, 0 otherwise.
  */
-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
+int ossl_x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
 {
     time_t *ptime;
     int i;
@@ -1745,7 +1745,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
          * We report the issuer as NULL because all we have is a bare key.
          */
         xi = NULL;
-    } else if (x509_likely_issued(xi, xi) != X509_V_OK
+    } else if (ossl_x509_likely_issued(xi, xi) != X509_V_OK
                /* exceptional case: last cert in the chain is not self-issued */
                && ((ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) == 0)) {
         if (n > 0) {
@@ -1804,7 +1804,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
              * we are free to ignore any key usage restrictions on such certs.
              */
             int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0
-                ? X509_V_OK : x509_signing_allowed(xi, xs);
+                ? X509_V_OK : ossl_x509_signing_allowed(xi, xs);
 
             CB_FAIL_IF(ret != X509_V_OK, ctx, xi, issuer_depth, ret);
             if ((pkey = X509_get0_pubkey(xi)) == NULL) {
@@ -1818,7 +1818,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 
         /* in addition to RFC 5280, do also for trusted (root) cert */
         /* Calls verify callback as needed */
-        if (!x509_check_cert_time(ctx, xs, n))
+        if (!ossl_x509_check_cert_time(ctx, xs, n))
             return 0;
 
         /*
@@ -1886,7 +1886,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
      * Digit and date ranges will be verified in the conversion methods.
      */
     for (i = 0; i < ctm->length - 1; i++) {
-        if (!ascii_isdigit(ctm->data[i]))
+        if (!ossl_ascii_isdigit(ctm->data[i]))
             return 0;
     }
     if (ctm->data[ctm->length - 1] != upper_z)
@@ -3287,7 +3287,7 @@ static int build_chain(X509_STORE_CTX *ctx)
         case X509_V_ERR_CERT_NOT_YET_VALID:
         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
         case X509_V_ERR_CERT_HAS_EXPIRED:
-            return 0; /* Callback already issued by x509_check_cert_time() */
+            return 0; /* Callback already issued by ossl_x509_check_cert_time() */
         default: /* A preliminary error has become final */
             return verify_cb_cert(ctx, NULL, num - 1, ctx->error);
         case X509_V_OK:
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 07615de7d7..8914a2bd6f 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -455,7 +455,7 @@ char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param)
     size_t iplen;
     unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen);
 
-    return  ip == NULL ? NULL : ipaddr_to_asc(ip, iplen);
+    return  ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen);
 }
 
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
@@ -472,7 +472,7 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
     unsigned char ipout[16];
     size_t iplen;
 
-    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc);
     if (iplen == 0)
         return 0;
     return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 22143da65e..0c76d656c5 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -38,14 +38,14 @@ int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
 {
     if (x == NULL)
         return 0;
-    return x509_set1_time(&x->crl.lastUpdate, tm);
+    return ossl_x509_set1_time(&x->crl.lastUpdate, tm);
 }
 
 int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
 {
     if (x == NULL)
         return 0;
-    return x509_set1_time(&x->crl.nextUpdate, tm);
+    return ossl_x509_set1_time(&x->crl.nextUpdate, tm);
 }
 
 int X509_CRL_sort(X509_CRL *c)
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index d80e50219e..d21b0799f6 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -399,8 +399,8 @@ int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data,
         memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash));
         return 1;
     }
-    return (asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert, data,
-                                len, cert->libctx, cert->propq));
+    return (ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert,
+                                     data, len, cert->libctx, cert->propq));
 }
 
 /* calculate cert digest using the same hash algorithm as in its signature */
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 4bb7a880a3..dfe3da37eb 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -270,7 +270,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         {
             X509_CRL *old = exarg;
 
-            if (!x509_crl_set0_libctx(crl, old->libctx, old->propq))
+            if (!ossl_x509_crl_set0_libctx(crl, old->libctx, old->propq))
                 return 0;
         }
         break;
@@ -500,7 +500,8 @@ void *X509_CRL_get_meth_data(X509_CRL *crl)
     return crl->meth_data;
 }
 
-int x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq)
+int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx,
+                              const char *propq)
 {
     if (x != NULL) {
         x->libctx = libctx;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 8392540c73..b1268f22c9 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -438,8 +438,8 @@ static EVP_PKEY *d2i_PUBKEY_int(EVP_PKEY **a,
 }
 
 /* For the algorithm specific d2i functions further down */
-EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a,
-                            const unsigned char **pp, long length)
+EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a,
+                                 const unsigned char **pp, long length)
 {
     return d2i_PUBKEY_int(a, pp, length, NULL, NULL, 1, d2i_X509_PUBKEY);
 }
@@ -516,7 +516,7 @@ RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
     const unsigned char *q;
 
     q = *pp;
-    pkey = d2i_PUBKEY_legacy(NULL, &q, length);
+    pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
     key = EVP_PKEY_get1_RSA(pkey);
@@ -557,7 +557,7 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
     const unsigned char *q;
 
     q = *pp;
-    pkey = d2i_PUBKEY_legacy(NULL, &q, length);
+    pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
     key = EVP_PKEY_get1_DSA(pkey);
@@ -599,7 +599,7 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
     const unsigned char *q;
 
     q = *pp;
-    pkey = d2i_PUBKEY_legacy(NULL, &q, length);
+    pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
     key = EVP_PKEY_get1_EC_KEY(pkey);
@@ -693,8 +693,8 @@ int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b)
     return EVP_PKEY_eq(pA, pB);
 }
 
-int X509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
-                            const X509_PUBKEY *key)
+int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
+                                 const X509_PUBKEY *key)
 {
     if (plibctx)
         *plibctx = key->libctx;
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 8597614259..a4a169a97e 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -31,7 +31,7 @@ ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 /* X509 top level structure needs a bit of customisation */
 
-extern void policy_cache_free(X509_POLICY_CACHE *cache);
+extern void ossl_policy_cache_free(X509_POLICY_CACHE *cache);
 
 static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                    void *exarg)
@@ -46,7 +46,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         ASN1_OCTET_STRING_free(ret->skid);
         AUTHORITY_KEYID_free(ret->akid);
         CRL_DIST_POINTS_free(ret->crldp);
-        policy_cache_free(ret->policy_cache);
+        ossl_policy_cache_free(ret->policy_cache);
         GENERAL_NAMES_free(ret->altname);
         NAME_CONSTRAINTS_free(ret->nc);
 #ifndef OPENSSL_NO_RFC3779
@@ -87,7 +87,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         ASN1_OCTET_STRING_free(ret->skid);
         AUTHORITY_KEYID_free(ret->akid);
         CRL_DIST_POINTS_free(ret->crldp);
-        policy_cache_free(ret->policy_cache);
+        ossl_policy_cache_free(ret->policy_cache);
         GENERAL_NAMES_free(ret->altname);
         NAME_CONSTRAINTS_free(ret->nc);
 #ifndef OPENSSL_NO_RFC3779
@@ -102,7 +102,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         {
             X509 *old = exarg;
 
-            if (!x509_set0_libctx(ret, old->libctx, old->propq))
+            if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq))
                 return 0;
         }
         break;
@@ -130,7 +130,7 @@ X509 *d2i_X509(X509 **a, const unsigned char **in, long len)
     cert = (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, (X509_it()));
     /* Only cache the extensions if the cert object was passed in */
     if (cert != NULL && a != NULL) {
-        if (!x509v3_cache_extensions(cert)) {
+        if (!ossl_x509v3_cache_extensions(cert)) {
             if (free_on_error)
                 X509_free(cert);
             cert = NULL;
@@ -148,7 +148,7 @@ int i2d_X509(const X509 *a, unsigned char **out)
  * asn1 object and it needs a libctx to operate.
  * Use X509_new_ex() instead if possible.
  */
-int x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq)
+int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq)
 {
     if (x != NULL) {
         x->libctx = libctx;
@@ -168,7 +168,7 @@ X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
     X509 *cert = NULL;
 
     cert = (X509 *)ASN1_item_new((X509_it()));
-    if (!x509_set0_libctx(cert, libctx, propq)) {
+    if (!ossl_x509_set0_libctx(cert, libctx, propq)) {
         X509_free(cert);
         cert = NULL;
     }
diff --git a/include/crypto/aria.h b/include/crypto/aria.h
index 857cf4b623..21a9932e84 100644
--- a/include/crypto/aria.h
+++ b/include/crypto/aria.h
@@ -40,12 +40,12 @@ struct aria_key_st {
 typedef struct aria_key_st ARIA_KEY;
 
 
-int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
-                         ARIA_KEY *key);
-int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
-                         ARIA_KEY *key);
+int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                              ARIA_KEY *key);
+int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                              ARIA_KEY *key);
 
-void aria_encrypt(const unsigned char *in, unsigned char *out,
-                  const ARIA_KEY *key);
+void ossl_aria_encrypt(const unsigned char *in, unsigned char *out,
+                       const ARIA_KEY *key);
 
 #endif
diff --git a/include/crypto/asn1.h b/include/crypto/asn1.h
index 7d9dec10db..b812bdd614 100644
--- a/include/crypto/asn1.h
+++ b/include/crypto/asn1.h
@@ -92,18 +92,18 @@ struct evp_pkey_asn1_method_st {
 
 DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
 
-extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
-extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth;
-
-extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
-extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_dhx_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_dsa_asn1_meths[5];
+extern const EVP_PKEY_ASN1_METHOD ossl_eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_ecx448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_ed448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ossl_sm2_asn1_meth;
+
+extern const EVP_PKEY_ASN1_METHOD ossl_rsa_asn1_meths[2];
+extern const EVP_PKEY_ASN1_METHOD ossl_rsa_pss_asn1_meth;
 
 /*
  * These are used internally in the ASN1_OBJECT to keep track of whether the
@@ -133,15 +133,15 @@ struct asn1_pctx_st {
 
 /* ASN1 type functions */
 
-int asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
-                                  unsigned char *data, int len);
-int asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
-                                  unsigned char *data, int max_len);
+int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
+                                       unsigned char *data, int len);
+int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
+                                       unsigned char *data, int max_len);
 
-int x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md);
-const EVP_MD *x509_algor_get_md(X509_ALGOR *alg);
-X509_ALGOR *x509_algor_mgf1_decode(X509_ALGOR *alg);
-int x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md);
-int asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm);
+int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md);
+const EVP_MD *ossl_x509_algor_get_md(X509_ALGOR *alg);
+X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg);
+int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md);
+int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm);
 
 #endif /* ndef OSSL_CRYPTO_ASN1_H */
diff --git a/include/crypto/asn1_dsa.h b/include/crypto/asn1_dsa.h
index 2657dae0f4..3eadb9ec3c 100644
--- a/include/crypto/asn1_dsa.h
+++ b/include/crypto/asn1_dsa.h
@@ -13,9 +13,9 @@
 
 #include "internal/packet.h"
 
-int encode_der_length(WPACKET *pkt, size_t cont_len);
-int encode_der_integer(WPACKET *pkt, const BIGNUM *n);
-int encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s);
+int ossl_encode_der_length(WPACKET *pkt, size_t cont_len);
+int ossl_encode_der_integer(WPACKET *pkt, const BIGNUM *n);
+int ossl_encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s);
 int ossl_decode_der_length(PACKET *pkt, PACKET *subpkt);
 int ossl_decode_der_integer(PACKET *pkt, BIGNUM *n);
 size_t ossl_decode_der_dsa_sig(BIGNUM *r, BIGNUM *s, const unsigned char **ppin,
diff --git a/include/crypto/bn_srp.h b/include/crypto/bn_srp.h
index 897618cd9e..805f4a4343 100644
--- a/include/crypto/bn_srp.h
+++ b/include/crypto/bn_srp.h
@@ -9,24 +9,24 @@
 
 #ifndef OPENSSL_NO_SRP
 
-extern const BIGNUM bn_group_1024;
+extern const BIGNUM ossl_bn_group_1024;
 
-extern const BIGNUM bn_group_1536;
+extern const BIGNUM ossl_bn_group_1536;
 
-extern const BIGNUM bn_group_2048;
+extern const BIGNUM ossl_bn_group_2048;
 
-extern const BIGNUM bn_group_3072;
+extern const BIGNUM ossl_bn_group_3072;
 
-extern const BIGNUM bn_group_4096;
+extern const BIGNUM ossl_bn_group_4096;
 
-extern const BIGNUM bn_group_6144;
+extern const BIGNUM ossl_bn_group_6144;
 
-extern const BIGNUM bn_group_8192;
+extern const BIGNUM ossl_bn_group_8192;
 
-extern const BIGNUM bn_generator_19;
+extern const BIGNUM ossl_bn_generator_19;
 
-extern const BIGNUM bn_generator_5;
+extern const BIGNUM ossl_bn_generator_5;
 
-extern const BIGNUM bn_generator_2;
+extern const BIGNUM ossl_bn_generator_2;
 
 #endif
diff --git a/include/crypto/ctype.h b/include/crypto/ctype.h
index cb6e81b56e..a35c137e84 100644
--- a/include/crypto/ctype.h
+++ b/include/crypto/ctype.h
@@ -58,7 +58,7 @@ int ossl_ctype_check(int c, unsigned int mask);
 int ossl_tolower(int c);
 int ossl_toupper(int c);
 
-int ascii_isdigit(const char inchar);
+int ossl_ascii_isdigit(const char inchar);
 
 # define ossl_isalnum(c)        (ossl_ctype_check((c), CTYPE_MASK_alnum))
 # define ossl_isalpha(c)        (ossl_ctype_check((c), CTYPE_MASK_alpha))
diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h
index af03d32587..101a5748e8 100644
--- a/include/crypto/ecx.h
+++ b/include/crypto/ecx.h
@@ -83,34 +83,43 @@ unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key);
 void ossl_ecx_key_free(ECX_KEY *key);
 int ossl_ecx_key_up_ref(ECX_KEY *key);
 
-int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
-           const uint8_t peer_public_value[32]);
-void X25519_public_from_private(uint8_t out_public_value[32],
-                                const uint8_t private_key[32]);
-
-int ED25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
-                                const uint8_t private_key[32], const char *propq);
-int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
-                 const uint8_t public_key[32], const uint8_t private_key[32],
-                 OSSL_LIB_CTX *libctx, const char *propq);
-int ED25519_verify(const uint8_t *message, size_t message_len,
-                   const uint8_t signature[64], const uint8_t public_key[32],
-                   OSSL_LIB_CTX *libctx, const char *propq);
-
-int ED448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
-                              const uint8_t private_key[57], const char *propq);
-int ED448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
-               size_t message_len, const uint8_t public_key[57],
-               const uint8_t private_key[57], const uint8_t *context,
-               size_t context_len, const char *propq);
-
-int ED448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
-                 const uint8_t signature[114], const uint8_t public_key[57],
-                 const uint8_t *context, size_t context_len, const char *propq);
-
-int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
-         const uint8_t peer_public_value[56]);
-void X448_public_from_private(uint8_t out_public_value[56],
+int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+                const uint8_t peer_public_value[32]);
+void ossl_x25519_public_from_private(uint8_t out_public_value[32],
+                                     const uint8_t private_key[32]);
+
+int
+ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
+                                 const uint8_t private_key[32],
+                                 const char *propq);
+int
+ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                  const uint8_t public_key[32], const uint8_t private_key[32],
+                  OSSL_LIB_CTX *libctx, const char *propq);
+int
+ossl_ed25519_verify(const uint8_t *message, size_t message_len,
+                    const uint8_t signature[64], const uint8_t public_key[32],
+                    OSSL_LIB_CTX *libctx, const char *propq);
+
+int
+ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
+                               const uint8_t private_key[57], const char *propq);
+int
+ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
+                size_t message_len, const uint8_t public_key[57],
+                const uint8_t private_key[57], const uint8_t *context,
+                size_t context_len, const char *propq);
+
+int
+ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
+                  const uint8_t signature[114], const uint8_t public_key[57],
+                  const uint8_t *context, size_t context_len, const char *propq);
+
+int
+ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+          const uint8_t peer_public_value[56]);
+void
+ossl_x448_public_from_private(uint8_t out_public_value[56],
                               const uint8_t private_key[56]);
 
 
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 5dd0db3bae..751b330b43 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -828,10 +828,11 @@ const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx,
 const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx,
                                       const char *name);
 
-int pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
-                         const unsigned char *salt, int saltlen, int iter,
-                         const EVP_MD *digest, int keylen, unsigned char *out,
-                         OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
+                              const unsigned char *salt, int saltlen, int iter,
+                              const EVP_MD *digest, int keylen,
+                              unsigned char *out,
+                              OSSL_LIB_CTX *libctx, const char *propq);
 
 # ifndef FIPS_MODULE
 /*
diff --git a/include/crypto/lhash.h b/include/crypto/lhash.h
index f24838b10a..0f64869f54 100644
--- a/include/crypto/lhash.h
+++ b/include/crypto/lhash.h
@@ -11,6 +11,6 @@
 # define OSSL_CRYPTO_LHASH_H
 # pragma once
 
-unsigned long openssl_lh_strcasehash(const char *);
+unsigned long ossl_lh_strcasehash(const char *);
 
 #endif  /* OSSL_CRYPTO_LHASH_H */
diff --git a/include/crypto/objects.h b/include/crypto/objects.h
index 7db718f961..2a20b25f7b 100644
--- a/include/crypto/objects.h
+++ b/include/crypto/objects.h
@@ -9,4 +9,4 @@
 
 #include <openssl/objects.h>
 
-void obj_cleanup_int(void);
+void ossl_obj_cleanup_int(void);
diff --git a/include/crypto/rand.h b/include/crypto/rand.h
index f093356d9d..d9432b241d 100644
--- a/include/crypto/rand.h
+++ b/include/crypto/rand.h
@@ -71,24 +71,24 @@
 # define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
 #endif
 
-void rand_cleanup_int(void);
+void ossl_rand_cleanup_int(void);
 
 /*
  * Initialise the random pool reseeding sources.
  *
  * Returns 1 on success and 0 on failure.
  */
-int rand_pool_init(void);
+int ossl_rand_pool_init(void);
 
 /*
  * Finalise the random pool reseeding sources.
  */
-void rand_pool_cleanup(void);
+void ossl_rand_pool_cleanup(void);
 
 /*
  * Control the random pool use of open file descriptors.
  */
-void rand_pool_keep_random_devices_open(int keep);
+void ossl_rand_pool_keep_random_devices_open(int keep);
 
 /*
  * Configuration
diff --git a/include/crypto/rand_pool.h b/include/crypto/rand_pool.h
index a651d29988..f4d1d954bc 100644
--- a/include/crypto/rand_pool.h
+++ b/include/crypto/rand_pool.h
@@ -19,7 +19,7 @@
  *
  * The max_len value for the buffer provided to the rand_drbg_get_entropy()
  * callback is currently 2^31 bytes (2 gigabytes), if a derivation function
- * is used. Since this is much too large to be allocated, the rand_pool_new()
+ * is used. Since this is much too large to be allocated, the ossl_rand_pool_new()
  * function chooses more modest values as default pool length, bounded
  * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH
  *
@@ -82,28 +82,28 @@ typedef struct rand_pool_st {
     size_t entropy_requested; /* requested entropy count in bits */
 } RAND_POOL;
 
-RAND_POOL *rand_pool_new(int entropy_requested, int secure,
-                         size_t min_len, size_t max_len);
-RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
-                            size_t entropy);
-void rand_pool_free(RAND_POOL *pool);
+RAND_POOL *ossl_rand_pool_new(int entropy_requested, int secure,
+                              size_t min_len, size_t max_len);
+RAND_POOL *ossl_rand_pool_attach(const unsigned char *buffer, size_t len,
+                                 size_t entropy);
+void ossl_rand_pool_free(RAND_POOL *pool);
 
-const unsigned char *rand_pool_buffer(RAND_POOL *pool);
-unsigned char *rand_pool_detach(RAND_POOL *pool);
-void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
+const unsigned char *ossl_rand_pool_buffer(RAND_POOL *pool);
+unsigned char *ossl_rand_pool_detach(RAND_POOL *pool);
+void ossl_rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
 
-size_t rand_pool_entropy(RAND_POOL *pool);
-size_t rand_pool_length(RAND_POOL *pool);
+size_t ossl_rand_pool_entropy(RAND_POOL *pool);
+size_t ossl_rand_pool_length(RAND_POOL *pool);
 
-size_t rand_pool_entropy_available(RAND_POOL *pool);
-size_t rand_pool_entropy_needed(RAND_POOL *pool);
+size_t ossl_rand_pool_entropy_available(RAND_POOL *pool);
+size_t ossl_rand_pool_entropy_needed(RAND_POOL *pool);
 /* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
-size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
-size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+size_t ossl_rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
+size_t ossl_rand_pool_bytes_remaining(RAND_POOL *pool);
 
-int rand_pool_add(RAND_POOL *pool,
-                  const unsigned char *buffer, size_t len, size_t entropy);
-unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
-int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+int ossl_rand_pool_add(RAND_POOL *pool,
+                       const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *ossl_rand_pool_add_begin(RAND_POOL *pool, size_t len);
+int ossl_rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
 
 #endif /* OSSL_PROVIDER_RAND_POOL_H */
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index daf70c62d4..7fca88dfe4 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -86,10 +86,10 @@ int ossl_rsa_validate_public(const RSA *key);
 int ossl_rsa_validate_private(const RSA *key);
 int ossl_rsa_validate_pairwise(const RSA *key);
 
-int int_rsa_verify(int dtype, const unsigned char *m,
-                   unsigned int m_len, unsigned char *rm,
-                   size_t *prm_len, const unsigned char *sigbuf,
-                   size_t siglen, RSA *rsa);
+int ossl_rsa_verify(int dtype, const unsigned char *m,
+                    unsigned int m_len, unsigned char *rm,
+                    size_t *prm_len, const unsigned char *sigbuf,
+                    size_t siglen, RSA *rsa);
 
 const unsigned char *ossl_rsa_digestinfo_encoding(int md_nid, size_t *len);
 
@@ -102,13 +102,13 @@ int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
                         const X509_ALGOR *sigalg, EVP_PKEY *pkey);
 
 # if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
-int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);
-void rsa_acvp_test_gen_params_free(OSSL_PARAM *dst);
+int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);
+void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst);
 
-int rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]);
-int rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]);
+int ossl_rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]);
+int ossl_rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]);
 typedef struct rsa_acvp_test_st RSA_ACVP_TEST;
-void rsa_acvp_test_free(RSA_ACVP_TEST *t);
+void ossl_rsa_acvp_test_free(RSA_ACVP_TEST *t);
 # else
 # define RSA_ACVP_TEST void
 # endif
diff --git a/include/crypto/security_bits.h b/include/crypto/security_bits.h
index 3dc9e26ff3..58f49681dc 100644
--- a/include/crypto/security_bits.h
+++ b/include/crypto/security_bits.h
@@ -11,6 +11,6 @@
 # define OSSL_SECURITY_BITS_H
 # pragma once
 
-uint16_t ifc_ffc_compute_security_bits(int n);
+uint16_t ossl_ifc_ffc_compute_security_bits(int n);
 
 #endif
diff --git a/include/crypto/siv.h b/include/crypto/siv.h
index 52560e704e..ff27fe89ea 100644
--- a/include/crypto/siv.h
+++ b/include/crypto/siv.h
@@ -11,26 +11,23 @@
 
 typedef struct siv128_context SIV128_CONTEXT;
 
-SIV128_CONTEXT *CRYPTO_siv128_new(const unsigned char *key, int klen,
-                                  EVP_CIPHER *cbc, EVP_CIPHER *ctr,
-                                  OSSL_LIB_CTX *libctx, const char *propq);
-int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
-                       const EVP_CIPHER *cbc, const EVP_CIPHER *ctr,
-                       OSSL_LIB_CTX *libctx, const char *propq);
-int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
-int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad,
-                      size_t len);
-int CRYPTO_siv128_encrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_decrypt(SIV128_CONTEXT *ctx,
-                          const unsigned char *in, unsigned char *out,
-                          size_t len);
-int CRYPTO_siv128_finish(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag,
-                          size_t len);
-int CRYPTO_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
-int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx);
-int CRYPTO_siv128_speed(SIV128_CONTEXT *ctx, int arg);
+SIV128_CONTEXT *ossl_siv128_new(const unsigned char *key, int klen,
+                                EVP_CIPHER *cbc, EVP_CIPHER *ctr,
+                                OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
+                     const EVP_CIPHER *cbc, const EVP_CIPHER *ctr,
+                     OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src);
+int ossl_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, size_t len);
+int ossl_siv128_encrypt(SIV128_CONTEXT *ctx,
+                        const unsigned char *in, unsigned char *out, size_t len);
+int ossl_siv128_decrypt(SIV128_CONTEXT *ctx,
+                        const unsigned char *in, unsigned char *out, size_t len);
+int ossl_siv128_finish(SIV128_CONTEXT *ctx);
+int ossl_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag,
+                        size_t len);
+int ossl_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len);
+int ossl_siv128_cleanup(SIV128_CONTEXT *ctx);
+int ossl_siv128_speed(SIV128_CONTEXT *ctx, int arg);
 
 #endif /* OPENSSL_NO_SIV */
diff --git a/include/crypto/sm4.h b/include/crypto/sm4.h
index 8195ab165c..e21ec81ca6 100644
--- a/include/crypto/sm4.h
+++ b/include/crypto/sm4.h
@@ -29,10 +29,10 @@ typedef struct SM4_KEY_st {
     uint32_t rk[SM4_KEY_SCHEDULE];
 } SM4_KEY;
 
-int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
+int ossl_sm4_set_key(const uint8_t *key, SM4_KEY *ks);
 
-void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+void ossl_sm4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
 
-void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+void ossl_sm4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
 
 #endif
diff --git a/include/crypto/sparse_array.h b/include/crypto/sparse_array.h
index 87b5adec9c..7ef7428379 100644
--- a/include/crypto/sparse_array.h
+++ b/include/crypto/sparse_array.h
@@ -25,44 +25,48 @@ extern "C" {
     static ossl_unused ossl_inline SPARSE_ARRAY_OF(type) * \
         ossl_sa_##type##_new(void) \
     { \
-        return (SPARSE_ARRAY_OF(type) *)OPENSSL_SA_new(); \
+        return (SPARSE_ARRAY_OF(type) *)ossl_sa_new(); \
     } \
-    static ossl_unused ossl_inline void ossl_sa_##type##_free(SPARSE_ARRAY_OF(type) *sa) \
+    static ossl_unused ossl_inline void \
+    ossl_sa_##type##_free(SPARSE_ARRAY_OF(type) *sa) \
     { \
-        OPENSSL_SA_free((OPENSSL_SA *)sa); \
+        ossl_sa_free((OPENSSL_SA *)sa); \
     } \
-    static ossl_unused ossl_inline void ossl_sa_##type##_free_leaves(SPARSE_ARRAY_OF(type) *sa) \
+    static ossl_unused ossl_inline void \
+    ossl_sa_##type##_free_leaves(SPARSE_ARRAY_OF(type) *sa) \
     { \
-        OPENSSL_SA_free_leaves((OPENSSL_SA *)sa); \
+        ossl_sa_free_leaves((OPENSSL_SA *)sa); \
     } \
-    static ossl_unused ossl_inline size_t ossl_sa_##type##_num(const SPARSE_ARRAY_OF(type) *sa) \
+    static ossl_unused ossl_inline size_t \
+    ossl_sa_##type##_num(const SPARSE_ARRAY_OF(type) *sa) \
     { \
-        return OPENSSL_SA_num((OPENSSL_SA *)sa); \
+        return ossl_sa_num((OPENSSL_SA *)sa); \
     } \
-    static ossl_unused ossl_inline void ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type) *sa, \
-                                                   void (*leaf)(ossl_uintmax_t, \
-                                                                type *)) \
+    static ossl_unused ossl_inline void \
+    ossl_sa_##type##_doall(const SPARSE_ARRAY_OF(type) *sa, \
+                           void (*leaf)(ossl_uintmax_t, type *)) \
     { \
-        OPENSSL_SA_doall((OPENSSL_SA *)sa, (void (*)(ossl_uintmax_t, void *))leaf); \
+        ossl_sa_doall((OPENSSL_SA *)sa, \
+                      (void (*)(ossl_uintmax_t, void *))leaf); \
     } \
-    static ossl_unused ossl_inline \
-    void ossl_sa_##type##_doall_arg(const SPARSE_ARRAY_OF(type) *sa, \
-                                    void (*leaf)(ossl_uintmax_t, type *, void *), \
-                                    void *arg) \
+    static ossl_unused ossl_inline void \
+    ossl_sa_##type##_doall_arg(const SPARSE_ARRAY_OF(type) *sa, \
+                               void (*leaf)(ossl_uintmax_t, type *, void *), \
+                               void *arg) \
     { \
-        OPENSSL_SA_doall_arg((OPENSSL_SA *)sa, (void (*)(ossl_uintmax_t, void *, \
-                                                void *))leaf, \
-                             arg); \
+        ossl_sa_doall_arg((OPENSSL_SA *)sa, \
+                          (void (*)(ossl_uintmax_t, void *, void *))leaf, arg); \
     } \
-    static ossl_unused ossl_inline ctype *ossl_sa_##type##_get(const SPARSE_ARRAY_OF(type) *sa, \
-                                                  ossl_uintmax_t n) \
+    static ossl_unused ossl_inline ctype \
+    *ossl_sa_##type##_get(const SPARSE_ARRAY_OF(type) *sa, ossl_uintmax_t n) \
     { \
-        return (type *)OPENSSL_SA_get((OPENSSL_SA *)sa, n); \
+        return (type *)ossl_sa_get((OPENSSL_SA *)sa, n); \
     } \
-    static ossl_unused ossl_inline int ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) *sa, \
-                                                ossl_uintmax_t n, ctype *val) \
+    static ossl_unused ossl_inline int \
+    ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) *sa, \
+                         ossl_uintmax_t n, ctype *val) \
     { \
-        return OPENSSL_SA_set((OPENSSL_SA *)sa, n, (void *)val); \
+        return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val); \
     } \
     SPARSE_ARRAY_OF(type)
 
@@ -72,16 +76,15 @@ extern "C" {
     DEFINE_SPARSE_ARRAY_OF_INTERNAL(type, const type)
 
 typedef struct sparse_array_st OPENSSL_SA;
-OPENSSL_SA *OPENSSL_SA_new(void);
-void OPENSSL_SA_free(OPENSSL_SA *sa);
-void OPENSSL_SA_free_leaves(OPENSSL_SA *sa);
-size_t OPENSSL_SA_num(const OPENSSL_SA *sa);
-void OPENSSL_SA_doall(const OPENSSL_SA *sa,
-                      void (*leaf)(ossl_uintmax_t, void *));
-void OPENSSL_SA_doall_arg(const OPENSSL_SA *sa,
-                          void (*leaf)(ossl_uintmax_t, void *, void *), void *);
-void *OPENSSL_SA_get(const OPENSSL_SA *sa, ossl_uintmax_t n);
-int OPENSSL_SA_set(OPENSSL_SA *sa, ossl_uintmax_t n, void *val);
+OPENSSL_SA *ossl_sa_new(void);
+void ossl_sa_free(OPENSSL_SA *sa);
+void ossl_sa_free_leaves(OPENSSL_SA *sa);
+size_t ossl_sa_num(const OPENSSL_SA *sa);
+void ossl_sa_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t, void *));
+void ossl_sa_doall_arg(const OPENSSL_SA *sa,
+                       void (*leaf)(ossl_uintmax_t, void *, void *), void *);
+void *ossl_sa_get(const OPENSSL_SA *sa, ossl_uintmax_t n);
+int ossl_sa_set(OPENSSL_SA *sa, ossl_uintmax_t n, void *val);
 
 # ifdef  __cplusplus
 }
diff --git a/include/crypto/x509.h b/include/crypto/x509.h
index 67fd88dbc4..623b880959 100644
--- a/include/crypto/x509.h
+++ b/include/crypto/x509.h
@@ -304,30 +304,28 @@ struct x509_object_st {
     } data;
 };
 
-int a2i_ipadd(unsigned char *ipout, const char *ipasc);
-int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
-int x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
-int x509v3_cache_extensions(X509 *x);
-int x509_init_sig_info(X509 *x);
-int x509_check_issued_int(X509 *issuer, X509 *subject, OSSL_LIB_CTX *libctx,
-                          const char *propq);
-
-int x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq);
-int x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, const char *propq);
-int x509_init_sig_info(X509 *x);
-int asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type, void *data,
-                        unsigned char *md, unsigned int *len,
-                        OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags);
+int ossl_x509v3_cache_extensions(X509 *x);
+int ossl_x509_init_sig_info(X509 *x);
+
+int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq);
+int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx,
+                              const char *propq);
+int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *type,
+                             void *data, unsigned char *md, unsigned int *len,
+                             OSSL_LIB_CTX *libctx, const char *propq);
 int ossl_x509_add_cert_new(STACK_OF(X509) **sk, X509 *cert, int flags);
 int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs,
                             int flags);
 
-int X509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
-                            const X509_PUBKEY *key);
+int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq,
+                                 const X509_PUBKEY *key);
 /* Calculate default key identifier according to RFC 5280 section 4.2.1.2 (1) */
-ASN1_OCTET_STRING *x509_pubkey_hash(X509_PUBKEY *pubkey);
+ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey);
 
 /* A variant of d2i_PUBKEY() that is guaranteed to only return legacy keys */
-EVP_PKEY *d2i_PUBKEY_legacy(EVP_PKEY **a,
-                            const unsigned char **in, long length);
+EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a,
+                                 const unsigned char **in, long length);
 #endif
diff --git a/include/internal/comp.h b/include/internal/comp.h
index e585a5c374..1a005e835c 100644
--- a/include/internal/comp.h
+++ b/include/internal/comp.h
@@ -9,4 +9,4 @@
 
 #include <openssl/comp.h>
 
-void comp_zlib_cleanup_int(void);
+void ossl_comp_zlib_cleanup(void);
diff --git a/include/internal/conf.h b/include/internal/conf.h
index 81968c9885..8c6c29cd2c 100644
--- a/include/internal/conf.h
+++ b/include/internal/conf.h
@@ -24,8 +24,8 @@ struct ossl_init_settings_st {
     unsigned long flags;
 };
 
-int openssl_config_int(const OPENSSL_INIT_SETTINGS *);
-void openssl_no_config_int(void);
-void conf_modules_free_int(void);
+int ossl_config_int(const OPENSSL_INIT_SETTINGS *);
+void ossl_no_config_int(void);
+void ossl_config_modules_free(void);
 
 #endif
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index 5145178dee..fb46657dba 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -92,8 +92,8 @@ void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
 #endif
 void OPENSSL_showfatal(const char *fmta, ...);
-int do_ex_data_init(OSSL_LIB_CTX *ctx);
-void crypto_cleanup_all_ex_data_int(OSSL_LIB_CTX *ctx);
+int ossl_do_ex_data_init(OSSL_LIB_CTX *ctx);
+void ossl_crypto_cleanup_all_ex_data_int(OSSL_LIB_CTX *ctx);
 int openssl_init_fork_handlers(void);
 int openssl_get_fork_id(void);
 
@@ -187,15 +187,15 @@ int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx,
 int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn);
 const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx);
 
-OSSL_LIB_CTX *crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad);
-int crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
-                          CRYPTO_EX_DATA *ad);
-int crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
-                               long argl, void *argp,
-                               CRYPTO_EX_new *new_func,
-                               CRYPTO_EX_dup *dup_func,
-                               CRYPTO_EX_free *free_func);
-int crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx);
+OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad);
+int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
+                               CRYPTO_EX_DATA *ad);
+int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
+                                    long argl, void *argp,
+                                    CRYPTO_EX_new *new_func,
+                                    CRYPTO_EX_dup *dup_func,
+                                    CRYPTO_EX_free *free_func);
+int ossl_crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx);
 
 /* Function for simple binary search */
 
@@ -247,13 +247,13 @@ static ossl_inline void ossl_sleep(unsigned long millis)
 }
 #endif /* defined OPENSSL_SYS_UNIX */
 
-char *sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, const char *sep,
-                              size_t max_len);
-char *ipaddr_to_asc(unsigned char *p, int len);
+char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text,
+                                   const char *sep, size_t max_len);
+char *ossl_ipaddr_to_asc(unsigned char *p, int len);
 
-char *openssl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep);
-unsigned char *openssl_hexstr2buf_sep(const char *str, long *buflen,
-                                      const char sep);
+char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep);
+unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen,
+                                   const char sep);
 
 static ossl_inline int ossl_ends_with_dirsep(const char *path)
 {
diff --git a/include/internal/sm3.h b/include/internal/sm3.h
index fe84f1905e..db1d61f052 100644
--- a/include/internal/sm3.h
+++ b/include/internal/sm3.h
@@ -32,8 +32,8 @@ typedef struct SM3state_st {
    unsigned int num;
 } SM3_CTX;
 
-int sm3_init(SM3_CTX *c);
-int sm3_update(SM3_CTX *c, const void *data, size_t len);
-int sm3_final(unsigned char *md, SM3_CTX *c);
+int ossl_sm3_init(SM3_CTX *c);
+int ossl_sm3_update(SM3_CTX *c, const void *data, size_t len);
+int ossl_sm3_final(unsigned char *md, SM3_CTX *c);
 
 #endif /* OSSL_INTERNAL_SM3_H */
diff --git a/providers/baseprov.c b/providers/baseprov.c
index c63f1fb257..249d12cb63 100644
--- a/providers/baseprov.c
+++ b/providers/baseprov.c
@@ -162,7 +162,7 @@ int ossl_base_provider_init(const OSSL_CORE_HANDLE *handle,
      * create their own library context.
      */
     if ((*provctx = ossl_prov_ctx_new()) == NULL
-            || (corebiometh = bio_prov_init_bio_method()) == NULL) {
+            || (corebiometh = ossl_bio_prov_init_bio_method()) == NULL) {
         ossl_prov_ctx_free(*provctx);
         *provctx = NULL;
         return 0;
diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c
index 4db224ba05..baf923c7b3 100644
--- a/providers/common/bio_prov.c
+++ b/providers/common/bio_prov.c
@@ -203,7 +203,7 @@ static int bio_core_free(BIO *bio)
     return 1;
 }
 
-BIO_METHOD *bio_prov_init_bio_method(void)
+BIO_METHOD *ossl_bio_prov_init_bio_method(void)
 {
     BIO_METHOD *corebiometh = NULL;
 
@@ -223,7 +223,7 @@ BIO_METHOD *bio_prov_init_bio_method(void)
     return corebiometh;
 }
 
-BIO *bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio)
+BIO *ossl_bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio)
 {
     BIO *outbio;
     BIO_METHOD *corebiometh = ossl_prov_ctx_get0_core_bio_method(provctx);
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index d455d498ea..781acae8db 100644
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -214,8 +214,8 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg)
     return 1;
 }
 
-int provider_get_capabilities(void *provctx, const char *capability,
-                              OSSL_CALLBACK *cb, void *arg)
+int ossl_prov_get_capabilities(void *provctx, const char *capability,
+                               OSSL_CALLBACK *cb, void *arg)
 {
     if (strcasecmp(capability, "TLS-GROUP") == 0)
         return tls_group_capability(cb, arg);
diff --git a/providers/common/der/der_sm2.h.in b/providers/common/der/der_sm2.h.in
index 1cc330fcea..fe21095e59 100644
--- a/providers/common/der/der_sm2.h.in
+++ b/providers/common/der/der_sm2.h.in
@@ -18,7 +18,7 @@
 -}
 
 /* Subject Public Key Info */
-int DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec);
+int ossl_DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec);
 /* Signature */
-int DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont,
-                                          EC_KEY *ec, int mdnid);
+int ossl_DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont,
+                                               EC_KEY *ec, int mdnid);
diff --git a/providers/common/der/der_sm2_key.c b/providers/common/der/der_sm2_key.c
index a766bb4f3d..5889f2ba0e 100644
--- a/providers/common/der/der_sm2_key.c
+++ b/providers/common/der/der_sm2_key.c
@@ -12,7 +12,7 @@
 #include "prov/der_ec.h"
 #include "prov/der_sm2.h"
 
-int DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec)
+int ossl_DER_w_algorithmIdentifier_SM2(WPACKET *pkt, int cont, EC_KEY *ec)
 {
     return ossl_DER_w_begin_sequence(pkt, cont)
         /* No parameters (yet?) */
diff --git a/providers/common/der/der_sm2_sig.c b/providers/common/der/der_sm2_sig.c
index 7b710cfa53..1e904bb5cd 100644
--- a/providers/common/der/der_sm2_sig.c
+++ b/providers/common/der/der_sm2_sig.c
@@ -20,8 +20,8 @@
         precompiled_sz = sizeof(ossl_der_oid_id_sm2_with_##name);       \
         break;
 
-int DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont,
-                                          EC_KEY *ec, int mdnid)
+int ossl_DER_w_algorithmIdentifier_SM2_with_MD(WPACKET *pkt, int cont,
+                                               EC_KEY *ec, int mdnid)
 {
     const unsigned char *precompiled = NULL;
     size_t precompiled_sz = 0;
diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h
index 18c0f9a752..da7e7e87f5 100644
--- a/providers/common/include/prov/bio.h
+++ b/providers/common/include/prov/bio.h
@@ -28,5 +28,5 @@ int ossl_prov_bio_free(OSSL_CORE_BIO *bio);
 int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap);
 int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...);
 
-BIO_METHOD *bio_prov_init_bio_method(void);
-BIO *bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio);
+BIO_METHOD *ossl_bio_prov_init_bio_method(void);
+BIO *ossl_bio_new_from_core_bio(PROV_CTX *provctx, OSSL_CORE_BIO *corebio);
diff --git a/providers/common/include/prov/providercommon.h b/providers/common/include/prov/providercommon.h
index 33bd8bd732..6906554b0e 100644
--- a/providers/common/include/prov/providercommon.h
+++ b/providers/common/include/prov/providercommon.h
@@ -15,7 +15,7 @@ const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *ctx);
 int ossl_cipher_capable_aes_cbc_hmac_sha1(void);
 int ossl_cipher_capable_aes_cbc_hmac_sha256(void);
 
-OSSL_FUNC_provider_get_capabilities_fn provider_get_capabilities;
+OSSL_FUNC_provider_get_capabilities_fn ossl_prov_get_capabilities;
 
 /* Set the error state if this is a FIPS module */
 void ossl_set_error_state(const char *type);
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 2649972c82..63e8f67509 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -512,7 +512,8 @@ static const OSSL_DISPATCH deflt_dispatch_table[] = {
     { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))deflt_gettable_params },
     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))deflt_get_params },
     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))deflt_query },
-    { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))provider_get_capabilities },
+    { OSSL_FUNC_PROVIDER_GET_CAPABILITIES,
+      (void (*)(void))ossl_prov_get_capabilities },
     { 0, NULL }
 };
 
@@ -558,7 +559,7 @@ int ossl_default_provider_init(const OSSL_CORE_HANDLE *handle,
      * create their own library context.
      */
     if ((*provctx = ossl_prov_ctx_new()) == NULL
-            || (corebiometh = bio_prov_init_bio_method()) == NULL) {
+            || (corebiometh = ossl_bio_prov_init_bio_method()) == NULL) {
         ossl_prov_ctx_free(*provctx);
         *provctx = NULL;
         return 0;
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 70826181e5..56892aa4c8 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -477,7 +477,7 @@ static const OSSL_DISPATCH fips_dispatch_table[] = {
     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
     { OSSL_FUNC_PROVIDER_GET_CAPABILITIES,
-      (void (*)(void))provider_get_capabilities },
+      (void (*)(void))ossl_prov_get_capabilities },
     { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test },
     { 0, NULL }
 };
@@ -647,11 +647,11 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
  * the provider context of this inner instance with the same library context
  * that was used in the EVP call that initiated this recursive call.
  */
-OSSL_provider_init_fn fips_intern_provider_init;
-int fips_intern_provider_init(const OSSL_CORE_HANDLE *handle,
-                              const OSSL_DISPATCH *in,
-                              const OSSL_DISPATCH **out,
-                              void **provctx)
+OSSL_provider_init_fn ossl_fips_intern_provider_init;
+int ossl_fips_intern_provider_init(const OSSL_CORE_HANDLE *handle,
+                                   const OSSL_DISPATCH *in,
+                                   const OSSL_DISPATCH **out,
+                                   void **provctx)
 {
     OSSL_FUNC_core_get_libctx_fn *c_internal_get_libctx = NULL;
 
diff --git a/providers/implementations/ciphers/cipher_aes_siv_hw.c b/providers/implementations/ciphers/cipher_aes_siv_hw.c
index f4ad6639cf..5b2128a8cc 100644
--- a/providers/implementations/ciphers/cipher_aes_siv_hw.c
+++ b/providers/implementations/ciphers/cipher_aes_siv_hw.c
@@ -52,7 +52,7 @@ static int aes_siv_initkey(void *vctx, const unsigned char *key, size_t keylen)
      * klen is the length of the underlying cipher, not the input key,
      * which should be twice as long
      */
-    return CRYPTO_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr, libctx,
+    return ossl_siv128_init(sctx, key, klen, ctx->cbc, ctx->ctr, libctx,
                               propq);
 }
 
@@ -65,7 +65,7 @@ static int aes_siv_dupctx(void *in_vctx, void *out_vctx)
     out->siv.cipher_ctx = NULL;
     out->siv.mac_ctx_init = NULL;
     out->siv.mac = NULL;
-    if (!CRYPTO_siv128_copy_ctx(&out->siv, &in->siv))
+    if (!ossl_siv128_copy_ctx(&out->siv, &in->siv))
         return 0;
     if (out->cbc != NULL)
         EVP_CIPHER_up_ref(out->cbc);
@@ -79,7 +79,7 @@ static int aes_siv_settag(void *vctx, const unsigned char *tag, size_t tagl)
     PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
     SIV128_CONTEXT *sctx = &ctx->siv;
 
-    return CRYPTO_siv128_set_tag(sctx, tag, tagl);
+    return ossl_siv128_set_tag(sctx, tag, tagl);
 }
 
 static void aes_siv_setspeed(void *vctx, int speed)
@@ -87,7 +87,7 @@ static void aes_siv_setspeed(void *vctx, int speed)
     PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
     SIV128_CONTEXT *sctx = &ctx->siv;
 
-    CRYPTO_siv128_speed(sctx, (int)speed);
+    ossl_siv128_speed(sctx, (int)speed);
 }
 
 static void aes_siv_cleanup(void *vctx)
@@ -95,7 +95,7 @@ static void aes_siv_cleanup(void *vctx)
     PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
     SIV128_CONTEXT *sctx = &ctx->siv;
 
-    CRYPTO_siv128_cleanup(sctx);
+    ossl_siv128_cleanup(sctx);
     EVP_CIPHER_free(ctx->cbc);
     EVP_CIPHER_free(ctx->ctr);
 }
@@ -108,16 +108,16 @@ static int aes_siv_cipher(void *vctx, unsigned char *out,
 
     /* EncryptFinal or DecryptFinal */
     if (in == NULL)
-        return CRYPTO_siv128_finish(sctx) == 0;
+        return ossl_siv128_finish(sctx) == 0;
 
     /* Deal with associated data */
     if (out == NULL)
-        return (CRYPTO_siv128_aad(sctx, in, len) == 1);
+        return (ossl_siv128_aad(sctx, in, len) == 1);
 
     if (ctx->enc)
-        return CRYPTO_siv128_encrypt(sctx, in, out, len) > 0;
+        return ossl_siv128_encrypt(sctx, in, out, len) > 0;
 
-    return CRYPTO_siv128_decrypt(sctx, in, out, len) > 0;
+    return ossl_siv128_decrypt(sctx, in, out, len) > 0;
 }
 
 static const PROV_CIPHER_HW_AES_SIV aes_siv_hw =
diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c
index 5cfb22778e..dce2032986 100644
--- a/providers/implementations/ciphers/cipher_aes_xts.c
+++ b/providers/implementations/ciphers/cipher_aes_xts.c
@@ -54,7 +54,7 @@ static OSSL_FUNC_cipher_settable_ctx_params_fn aes_xts_settable_ctx_params;
 static int aes_xts_check_keys_differ(const unsigned char *key, size_t bytes,
                                      int enc)
 {
-    if ((!allow_insecure_decrypt || enc)
+    if ((!ossl_aes_xts_allow_insecure_decrypt || enc)
             && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_XTS_DUPLICATED_KEYS);
         return 0;
diff --git a/providers/implementations/ciphers/cipher_aes_xts.h b/providers/implementations/ciphers/cipher_aes_xts.h
index 95b5c9074c..8fca63bc4b 100644
--- a/providers/implementations/ciphers/cipher_aes_xts.h
+++ b/providers/implementations/ciphers/cipher_aes_xts.h
@@ -15,7 +15,7 @@
  * Available in cipher_fips.c, and compiled with different values depending
  * on we're in the FIPS module or not.
  */
-extern const int allow_insecure_decrypt;
+extern const int ossl_aes_xts_allow_insecure_decrypt;
 
 PROV_CIPHER_FUNC(void, xts_stream,
                  (const unsigned char *in, unsigned char *out, size_t len,
diff --git a/providers/implementations/ciphers/cipher_aes_xts_fips.c b/providers/implementations/ciphers/cipher_aes_xts_fips.c
index b294bdecaf..60d4d0772a 100644
--- a/providers/implementations/ciphers/cipher_aes_xts_fips.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_fips.c
@@ -17,7 +17,7 @@
 #include "cipher_aes_xts.h"
 
 #ifdef FIPS_MODULE
-const int allow_insecure_decrypt = 0;
+const int ossl_aes_xts_allow_insecure_decrypt = 0;
 #else
-const int allow_insecure_decrypt = 1;
+const int ossl_aes_xts_allow_insecure_decrypt = 1;
 #endif /* FIPS_MODULE */
diff --git a/providers/implementations/ciphers/cipher_aria_ccm_hw.c b/providers/implementations/ciphers/cipher_aria_ccm_hw.c
index 700958cbac..e56ec8fb08 100644
--- a/providers/implementations/ciphers/cipher_aria_ccm_hw.c
+++ b/providers/implementations/ciphers/cipher_aria_ccm_hw.c
@@ -18,9 +18,9 @@ static int ccm_aria_initkey(PROV_CCM_CTX *ctx,
 {
     PROV_ARIA_CCM_CTX *actx = (PROV_ARIA_CCM_CTX *)ctx;
 
-    aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks);
+    ossl_aria_set_encrypt_key(key, keylen * 8, &actx->ks.ks);
     CRYPTO_ccm128_init(&ctx->ccm_ctx, ctx->m, ctx->l, &actx->ks.ks,
-                       (block128_f)aria_encrypt);
+                       (block128_f)ossl_aria_encrypt);
     ctx->str = NULL;
     ctx->key_set = 1;
     return 1;
diff --git a/providers/implementations/ciphers/cipher_aria_gcm_hw.c b/providers/implementations/ciphers/cipher_aria_gcm_hw.c
index d5f211a484..927327c29c 100644
--- a/providers/implementations/ciphers/cipher_aria_gcm_hw.c
+++ b/providers/implementations/ciphers/cipher_aria_gcm_hw.c
@@ -19,7 +19,7 @@ static int aria_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
     PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx;
     ARIA_KEY *ks = &actx->ks.ks;
 
-    GCM_HW_SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL);
+    GCM_HW_SET_KEY_CTR_FN(ks, ossl_aria_set_encrypt_key, ossl_aria_encrypt, NULL);
     return 1;
 }
 
diff --git a/providers/implementations/ciphers/cipher_aria_hw.c b/providers/implementations/ciphers/cipher_aria_hw.c
index 8e114b3ba1..425d87a65e 100644
--- a/providers/implementations/ciphers/cipher_aria_hw.c
+++ b/providers/implementations/ciphers/cipher_aria_hw.c
@@ -18,15 +18,15 @@ static int cipher_hw_aria_initkey(PROV_CIPHER_CTX *dat,
     ARIA_KEY *ks = &adat->ks.ks;
 
     if (dat->enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
-        ret = aria_set_encrypt_key(key, keylen * 8, ks);
+        ret = ossl_aria_set_encrypt_key(key, keylen * 8, ks);
     else
-        ret = aria_set_decrypt_key(key, keylen * 8, ks);
+        ret = ossl_aria_set_decrypt_key(key, keylen * 8, ks);
     if (ret < 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;
     }
     dat->ks = ks;
-    dat->block = (block128_f)aria_encrypt;
+    dat->block = (block128_f)ossl_aria_encrypt;
     return 1;
 }
 
diff --git a/providers/implementations/ciphers/cipher_sm4_hw.c b/providers/implementations/ciphers/cipher_sm4_hw.c
index 5cfa81d46f..e370574384 100644
--- a/providers/implementations/ciphers/cipher_sm4_hw.c
+++ b/providers/implementations/ciphers/cipher_sm4_hw.c
@@ -15,14 +15,14 @@ static int cipher_hw_sm4_initkey(PROV_CIPHER_CTX *ctx,
     PROV_SM4_CTX *sctx =  (PROV_SM4_CTX *)ctx;
     SM4_KEY *ks = &sctx->ks.ks;
 
-    SM4_set_key(key, ks);
+    ossl_sm4_set_key(key, ks);
     ctx->ks = ks;
     if (ctx->enc
             || (ctx->mode != EVP_CIPH_ECB_MODE
                 && ctx->mode != EVP_CIPH_CBC_MODE))
-        ctx->block = (block128_f)SM4_encrypt;
+        ctx->block = (block128_f)ossl_sm4_encrypt;
     else
-        ctx->block = (block128_f)SM4_decrypt;
+        ctx->block = (block128_f)ossl_sm4_decrypt;
     return 1;
 }
 
diff --git a/providers/implementations/digests/sm3_prov.c b/providers/implementations/digests/sm3_prov.c
index fec3dcbef3..0de38f2e15 100644
--- a/providers/implementations/digests/sm3_prov.c
+++ b/providers/implementations/digests/sm3_prov.c
@@ -15,4 +15,4 @@
 /* ossl_sm3_functions */
 IMPLEMENT_digest_functions(sm3, SM3_CTX,
                            SM3_CBLOCK, SM3_DIGEST_LENGTH, 0,
-                           sm3_init, sm3_update, sm3_final)
+                           ossl_sm3_init, ossl_sm3_update, ossl_sm3_final)
diff --git a/providers/implementations/encode_decode/decode_der2key.c b/providers/implementations/encode_decode/decode_der2key.c
index c8a467fb5b..359116a8a9 100644
--- a/providers/implementations/encode_decode/decode_der2key.c
+++ b/providers/implementations/encode_decode/decode_der2key.c
@@ -59,7 +59,7 @@ static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
                     unsigned char **data, long *len)
 {
     BUF_MEM *mem = NULL;
-    BIO *in = bio_new_from_core_bio(provctx, cin);
+    BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
     int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
 
     if (ok) {
@@ -337,7 +337,7 @@ static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
             && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
             RESET_ERR_MARK();
             derp = der;
-            pkey = d2i_PUBKEY_legacy(NULL, &derp, der_len);
+            pkey = ossl_d2i_PUBKEY_legacy(NULL, &derp, der_len);
         }
 
         if (pkey != NULL) {
diff --git a/providers/implementations/encode_decode/decode_ms2key.c b/providers/implementations/encode_decode/decode_ms2key.c
index 5635a70960..f38717cbb3 100644
--- a/providers/implementations/encode_decode/decode_ms2key.c
+++ b/providers/implementations/encode_decode/decode_ms2key.c
@@ -30,7 +30,7 @@
 
 static EVP_PKEY *read_msblob(PROV_CTX *provctx, OSSL_CORE_BIO *cin, int *ispub)
 {
-    BIO *in = bio_new_from_core_bio(provctx, cin);
+    BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
     EVP_PKEY *pkey = ossl_b2i_bio(in, ispub);
 
     BIO_free(in);
@@ -48,7 +48,7 @@ static EVP_PKEY *read_pvk(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
     if (!ossl_pw_set_ossl_passphrase_cb(&pwdata, pw_cb, pw_cbarg))
         return NULL;
 
-    in = bio_new_from_core_bio(provctx, cin);
+    in = ossl_bio_new_from_core_bio(provctx, cin);
     pkey = b2i_PVK_bio(in, ossl_pw_pem_password, &pwdata);
     BIO_free(in);
 
diff --git a/providers/implementations/encode_decode/decode_pem2der.c b/providers/implementations/encode_decode/decode_pem2der.c
index 895015a56b..fe6839965d 100644
--- a/providers/implementations/encode_decode/decode_pem2der.c
+++ b/providers/implementations/encode_decode/decode_pem2der.c
@@ -32,7 +32,7 @@ static int read_pem(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
                     char **pem_name, char **pem_header,
                     unsigned char **data, long *len)
 {
-    BIO *in = bio_new_from_core_bio(provctx, cin);
+    BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
     int ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0);
 
     BIO_free(in);
diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
index 32d99837b2..1647b9fdb5 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -1014,7 +1014,7 @@ static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout,
         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
     } else if (writer != NULL
                && (checker == NULL || checker(key, type))) {
-        BIO *out = bio_new_from_core_bio(ctx->provctx, cout);
+        BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
 
         if (out != NULL
             && (pwcb == NULL
diff --git a/providers/implementations/encode_decode/encode_key2blob.c b/providers/implementations/encode_decode/encode_key2blob.c
index 2e5e581391..c58940b0a6 100644
--- a/providers/implementations/encode_decode/encode_key2blob.c
+++ b/providers/implementations/encode_decode/encode_key2blob.c
@@ -29,7 +29,7 @@
 static int write_blob(void *provctx, OSSL_CORE_BIO *cout,
                       void *data, int len)
 {
-    BIO *out = bio_new_from_core_bio(provctx, cout);
+    BIO *out = ossl_bio_new_from_core_bio(provctx, cout);
     int ret = BIO_write(out, data, len);
 
     BIO_free(out);
diff --git a/providers/implementations/encode_decode/encode_key2ms.c b/providers/implementations/encode_decode/encode_key2ms.c
index c2b08981a7..cbd629dfe4 100644
--- a/providers/implementations/encode_decode/encode_key2ms.c
+++ b/providers/implementations/encode_decode/encode_key2ms.c
@@ -38,7 +38,7 @@ struct key2ms_ctx_st {
 static int write_msblob(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout,
                         EVP_PKEY *pkey, int ispub)
 {
-    BIO *out = bio_new_from_core_bio(ctx->provctx, cout);
+    BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
     int ret =
         ispub ? i2b_PublicKey_bio(out, pkey) : i2b_PrivateKey_bio(out, pkey);
 
@@ -53,7 +53,7 @@ static int write_pvk(struct key2ms_ctx_st *ctx, OSSL_CORE_BIO *cout,
     BIO *out = NULL;
     int ret = 0;
 
-    out = bio_new_from_core_bio(ctx->provctx, cout);
+    out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
     ret = i2b_PVK_bio(out, pkey, ctx->pvk_encr_level,
                       ossl_pw_pem_password, &ctx->pwdata);
     BIO_free(out);
diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index 2c6c5d70db..f913a9bb14 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -833,7 +833,7 @@ static int key2text_encode(void *vctx, const void *key, int selection,
                                            int selection),
                            OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
 {
-    BIO *out = bio_new_from_core_bio(vctx, cout);
+    BIO *out = ossl_bio_new_from_core_bio(vctx, cout);
     int ret;
 
     if (out == NULL)
diff --git a/providers/implementations/exchange/ecx_exch.c b/providers/implementations/exchange/ecx_exch.c
index caa1eece89..2ba9090c8b 100644
--- a/providers/implementations/exchange/ecx_exch.c
+++ b/providers/implementations/exchange/ecx_exch.c
@@ -154,7 +154,8 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen,
             }
         } else
 #endif
-        if (X25519(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) {
+        if (ossl_x25519(secret, ecxctx->key->privkey,
+                        ecxctx->peerkey->pubkey) == 0) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION);
             return 0;
         }
@@ -169,7 +170,8 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen,
             }
         } else
 #endif
-        if (X448(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) {
+        if (ossl_x448(secret, ecxctx->key->privkey,
+                      ecxctx->peerkey->pubkey) == 0) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION);
             return 0;
         }
diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c
index d61c04354c..38631b45d1 100644
--- a/providers/implementations/exchange/kdf_exch.c
+++ b/providers/implementations/exchange/kdf_exch.c
@@ -81,7 +81,7 @@ static int kdf_init(void *vpkdfctx, void *vkdf, const OSSL_PARAM params[])
     if (!ossl_prov_is_running()
             || pkdfctx == NULL
             || vkdf == NULL
-            || !kdf_data_up_ref(vkdf))
+            || !ossl_kdf_data_up_ref(vkdf))
         return 0;
     pkdfctx->kdfdata = vkdf;
 
@@ -109,7 +109,7 @@ static void kdf_freectx(void *vpkdfctx)
     PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx;
 
     EVP_KDF_CTX_free(pkdfctx->kdfctx);
-    kdf_data_free(pkdfctx->kdfdata);
+    ossl_kdf_data_free(pkdfctx->kdfdata);
 
     OPENSSL_free(pkdfctx);
 }
@@ -133,7 +133,7 @@ static void *kdf_dupctx(void *vpkdfctx)
         OPENSSL_free(dstctx);
         return NULL;
     }
-    if (!kdf_data_up_ref(dstctx->kdfdata)) {
+    if (!ossl_kdf_data_up_ref(dstctx->kdfdata)) {
         EVP_KDF_CTX_free(dstctx->kdfctx);
         OPENSSL_free(dstctx);
         return NULL;
diff --git a/providers/implementations/include/prov/kdfexchange.h b/providers/implementations/include/prov/kdfexchange.h
index 3770487bff..b7cd4cbafd 100644
--- a/providers/implementations/include/prov/kdfexchange.h
+++ b/providers/implementations/include/prov/kdfexchange.h
@@ -19,6 +19,6 @@ struct kdf_data_st {
 
 typedef struct kdf_data_st KDF_DATA;
 
-KDF_DATA *kdf_data_new(void *provctx);
-void kdf_data_free(KDF_DATA *kdfdata);
-int kdf_data_up_ref(KDF_DATA *kdfdata);
+KDF_DATA *ossl_kdf_data_new(void *provctx);
+void ossl_kdf_data_free(KDF_DATA *kdfdata);
+int ossl_kdf_data_up_ref(KDF_DATA *kdfdata);
diff --git a/providers/implementations/include/prov/seeding.h b/providers/implementations/include/prov/seeding.h
index 448ff0366b..b7480e7c42 100644
--- a/providers/implementations/include/prov/seeding.h
+++ b/providers/implementations/include/prov/seeding.h
@@ -11,13 +11,8 @@
 #include "crypto/rand_pool.h"
 
 /* Hardware-based seeding functions. */
-size_t prov_acquire_entropy_from_tsc(RAND_POOL *pool);
-size_t prov_acquire_entropy_from_cpu(RAND_POOL *pool);
-
-/* DRBG entropy callbacks. */
-size_t prov_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
-
-void prov_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
+size_t ossl_prov_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t ossl_prov_acquire_entropy_from_cpu(RAND_POOL *pool);
 
 /*
  * Add some platform specific additional data
@@ -28,7 +23,7 @@ void prov_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
  *
  * Returns 1 on success and 0 on failure.
  */
-int rand_pool_add_additional_data(RAND_POOL *pool);
+int ossl_rand_pool_add_additional_data(RAND_POOL *pool);
 
 /*
  * External seeding functions from the core dispatch table.
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index eb7b15de59..14c78b518c 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -119,7 +119,7 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx)
         /* This is an error, but there is no way to indicate such directly */
         ossl_prov_digest_reset(&ctx->digest);
     ctx->iter = PKCS5_DEFAULT_ITER;
-    ctx->lower_bound_checks = kdf_pbkdf2_default_checks;
+    ctx->lower_bound_checks = ossl_kdf_pbkdf2_default_checks;
 }
 
 static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen,
diff --git a/providers/implementations/kdfs/pbkdf2.h b/providers/implementations/kdfs/pbkdf2.h
index c8c2e5b8a7..c0848e26fc 100644
--- a/providers/implementations/kdfs/pbkdf2.h
+++ b/providers/implementations/kdfs/pbkdf2.h
@@ -11,4 +11,4 @@
  * Available in pbkdfe_fips.c, and compiled with different values depending
  * on we're in the FIPS module or not.
  */
-extern const int kdf_pbkdf2_default_checks;
+extern const int ossl_kdf_pbkdf2_default_checks;
diff --git a/providers/implementations/kdfs/pbkdf2_fips.c b/providers/implementations/kdfs/pbkdf2_fips.c
index be60be1fa0..916d9ef078 100644
--- a/providers/implementations/kdfs/pbkdf2_fips.c
+++ b/providers/implementations/kdfs/pbkdf2_fips.c
@@ -14,7 +14,7 @@
  * Extra checks are done by default in fips mode only.
  */
 #ifdef FIPS_MODULE
-const int kdf_pbkdf2_default_checks = 1;
+const int ossl_kdf_pbkdf2_default_checks = 1;
 #else
-const int kdf_pbkdf2_default_checks = 0;
+const int ossl_kdf_pbkdf2_default_checks = 0;
 #endif /* FIPS_MODULE */
diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c
index 12c57bb1a4..2bbea0c7cc 100644
--- a/providers/implementations/kdfs/scrypt.c
+++ b/providers/implementations/kdfs/scrypt.c
@@ -493,15 +493,15 @@ static int scrypt_alg(const char *pass, size_t passlen,
     X = (uint32_t *)(B + Blen);
     T = X + 32 * r;
     V = T + 32 * r;
-    if (pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, 1, sha256, (int)Blen,
-                             B, libctx, propq) == 0)
+    if (ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, 1, sha256,
+                                  (int)Blen, B, libctx, propq) == 0)
         goto err;
 
     for (i = 0; i < p; i++)
         scryptROMix(B + 128 * r * i, r, N, X, T, V);
 
-    if (pkcs5_pbkdf2_hmac_ex(pass, passlen, B, (int)Blen, 1, sha256, keylen,
-                             key, libctx, propq) == 0)
+    if (ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, B, (int)Blen, 1, sha256,
+                                  keylen, key, libctx, propq) == 0)
         goto err;
     rv = 1;
  err:
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index 6aa947827c..6f58a1cb77 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -583,21 +583,21 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx)
         privkey[0] &= 248;
         privkey[X25519_KEYLEN - 1] &= 127;
         privkey[X25519_KEYLEN - 1] |= 64;
-        X25519_public_from_private(key->pubkey, privkey);
+        ossl_x25519_public_from_private(key->pubkey, privkey);
         break;
     case ECX_KEY_TYPE_X448:
         privkey[0] &= 252;
         privkey[X448_KEYLEN - 1] |= 128;
-        X448_public_from_private(key->pubkey, privkey);
+        ossl_x448_public_from_private(key->pubkey, privkey);
         break;
     case ECX_KEY_TYPE_ED25519:
-        if (!ED25519_public_from_private(gctx->libctx, key->pubkey, privkey,
-                                         gctx->propq))
+        if (!ossl_ed25519_public_from_private(gctx->libctx, key->pubkey, privkey,
+                                              gctx->propq))
             goto err;
         break;
     case ECX_KEY_TYPE_ED448:
-        if (!ED448_public_from_private(gctx->libctx, key->pubkey, privkey,
-                                       gctx->propq))
+        if (!ossl_ed448_public_from_private(gctx->libctx, key->pubkey, privkey,
+                                            gctx->propq))
             goto err;
         break;
     }
@@ -697,19 +697,19 @@ static int ecx_key_pairwise_check(const ECX_KEY *ecx, int type)
 
     switch (type) {
     case ECX_KEY_TYPE_X25519:
-        X25519_public_from_private(pub, ecx->privkey);
+        ossl_x25519_public_from_private(pub, ecx->privkey);
         break;
     case ECX_KEY_TYPE_X448:
-        X448_public_from_private(pub, ecx->privkey);
+        ossl_x448_public_from_private(pub, ecx->privkey);
         break;
     case ECX_KEY_TYPE_ED25519:
-        if (!ED25519_public_from_private(ecx->libctx, pub, ecx->privkey,
-                                         ecx->propq))
+        if (!ossl_ed25519_public_from_private(ecx->libctx, pub, ecx->privkey,
+                                              ecx->propq))
             return 0;
         break;
     case ECX_KEY_TYPE_ED448:
-        if (!ED448_public_from_private(ecx->libctx, pub, ecx->privkey,
-                                       ecx->propq))
+        if (!ossl_ed448_public_from_private(ecx->libctx, pub, ecx->privkey,
+                                            ecx->propq))
             return 0;
         break;
     default:
diff --git a/providers/implementations/keymgmt/kdf_legacy_kmgmt.c b/providers/implementations/keymgmt/kdf_legacy_kmgmt.c
index 16d5f971cc..698107927b 100644
--- a/providers/implementations/keymgmt/kdf_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/kdf_legacy_kmgmt.c
@@ -26,7 +26,7 @@ static OSSL_FUNC_keymgmt_new_fn kdf_newdata;
 static OSSL_FUNC_keymgmt_free_fn kdf_freedata;
 static OSSL_FUNC_keymgmt_has_fn kdf_has;
 
-KDF_DATA *kdf_data_new(void *provctx)
+KDF_DATA *ossl_kdf_data_new(void *provctx)
 {
     KDF_DATA *kdfdata;
 
@@ -48,7 +48,7 @@ KDF_DATA *kdf_data_new(void *provctx)
     return kdfdata;
 }
 
-void kdf_data_free(KDF_DATA *kdfdata)
+void ossl_kdf_data_free(KDF_DATA *kdfdata)
 {
     int ref = 0;
 
@@ -63,7 +63,7 @@ void kdf_data_free(KDF_DATA *kdfdata)
     OPENSSL_free(kdfdata);
 }
 
-int kdf_data_up_ref(KDF_DATA *kdfdata)
+int ossl_kdf_data_up_ref(KDF_DATA *kdfdata)
 {
     int ref = 0;
 
@@ -83,12 +83,12 @@ int kdf_data_up_ref(KDF_DATA *kdfdata)
 
 static void *kdf_newdata(void *provctx)
 {
-    return kdf_data_new(provctx);
+    return ossl_kdf_data_new(provctx);
 }
 
 static void kdf_freedata(void *kdfdata)
 {
-    kdf_data_free(kdfdata);
+    ossl_kdf_data_free(kdfdata);
 }
 
 static int kdf_has(const void *keydata, int selection)
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index 46962c7ab8..1c4fb3bcd5 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -489,7 +489,7 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
         return 0;
 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
     /* Any ACVP test related parameters are copied into a params[] */
-    if (!rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params))
+    if (!ossl_rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params))
         return 0;
 #endif
     return 1;
@@ -571,7 +571,7 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
 
 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
     if (gctx->acvp_test_params != NULL) {
-        if (!rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params))
+        if (!ossl_rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params))
             goto err;
     }
 #endif
@@ -603,7 +603,7 @@ static void rsa_gen_cleanup(void *genctx)
     if (gctx == NULL)
         return;
 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
-    rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
+    ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
     gctx->acvp_test_params = NULL;
 #endif
     BN_clear_free(gctx->pub_exp);
diff --git a/providers/implementations/rands/seed_src.c b/providers/implementations/rands/seed_src.c
index ad315efb9b..173c99ce17 100644
--- a/providers/implementations/rands/seed_src.c
+++ b/providers/implementations/rands/seed_src.c
@@ -104,7 +104,7 @@ static int seed_src_generate(void *vseed, unsigned char *out, size_t outlen,
         return 0;
     }
 
-    pool = rand_pool_new(strength, 1, outlen, outlen);
+    pool = ossl_rand_pool_new(strength, 1, outlen, outlen);
     if (pool == NULL) {
         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -114,9 +114,9 @@ static int seed_src_generate(void *vseed, unsigned char *out, size_t outlen,
     entropy_available = ossl_pool_acquire_entropy(pool);
 
     if (entropy_available > 0)
-        memcpy(out, rand_pool_buffer(pool), rand_pool_length(pool));
+        memcpy(out, ossl_rand_pool_buffer(pool), ossl_rand_pool_length(pool));
 
-    rand_pool_free(pool);
+    ossl_rand_pool_free(pool);
     return entropy_available > 0;
 }
 
diff --git a/providers/implementations/rands/seeding/rand_cpu_x86.c b/providers/implementations/rands/seeding/rand_cpu_x86.c
index 0b163571f1..0bdf1c302f 100644
--- a/providers/implementations/rands/seeding/rand_cpu_x86.c
+++ b/providers/implementations/rands/seeding/rand_cpu_x86.c
@@ -40,20 +40,20 @@ size_t prov_acquire_entropy_from_cpu(RAND_POOL *pool)
     size_t bytes_needed;
     unsigned char *buffer;
 
-    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
     if (bytes_needed > 0) {
-        buffer = rand_pool_add_begin(pool, bytes_needed);
+        buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
 
         if (buffer != NULL) {
             if (get_hardware_random_value(buffer, bytes_needed) == bytes_needed) {
-                rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                ossl_rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
             } else {
-                rand_pool_add_end(pool, 0, 0);
+                ossl_rand_pool_add_end(pool, 0, 0);
             }
         }
     }
 
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 }
 
 #if defined(OPENSSL_SYS_TANDEM) && defined(_TNS_X_TARGET)
diff --git a/providers/implementations/rands/seeding/rand_tsc.c b/providers/implementations/rands/seeding/rand_tsc.c
index 2777335469..76311267fc 100644
--- a/providers/implementations/rands/seeding/rand_tsc.c
+++ b/providers/implementations/rands/seeding/rand_tsc.c
@@ -30,7 +30,7 @@
  * Returns the total entropy count, if it exceeds the requested
  * entropy count. Otherwise, returns an entropy count of 0.
  */
-size_t prov_acquire_entropy_from_tsc(RAND_POOL *pool)
+size_t ossl_prov_acquire_entropy_from_tsc(RAND_POOL *pool)
 {
     unsigned char c;
     int i;
@@ -38,10 +38,10 @@ size_t prov_acquire_entropy_from_tsc(RAND_POOL *pool)
     if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
         for (i = 0; i < TSC_READ_COUNT; i++) {
             c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
-            rand_pool_add(pool, &c, 1, 4);
+            ossl_rand_pool_add(pool, &c, 1, 4);
         }
     }
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 }
 #else
 NON_EMPTY_TRANSLATION_UNIT
diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
index ec0e55bec8..fd7373a3e9 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
@@ -151,7 +151,7 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
     extern void s$sleep2(long long *_duration, short int *_code);
 #  endif
 
-    bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
+    bytes_needed = ossl_rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
 
     for (i = 0; i < bytes_needed; i++) {
         /*
@@ -174,16 +174,16 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
         /* Get wall clock time, take 8 bits. */
         clock_gettime(CLOCK_REALTIME, &ts);
         v = (unsigned char)(ts.tv_nsec & 0xFF);
-        rand_pool_add(pool, arg, &v, sizeof(v) , 2);
+        ossl_rand_pool_add(pool, arg, &v, sizeof(v) , 2);
     }
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 }
 
-void rand_pool_cleanup(void)
+void ossl_rand_pool_cleanup(void)
 {
 }
 
-void rand_pool_keep_random_devices_open(int keep)
+void ossl_rand_pool_keep_random_devices_open(int keep)
 {
 }
 
@@ -555,7 +555,7 @@ static void close_random_device(size_t n)
     rd->fd = -1;
 }
 
-int rand_pool_init(void)
+int ossl_rand_pool_init(void)
 {
     size_t i;
 
@@ -565,7 +565,7 @@ int rand_pool_init(void)
     return 1;
 }
 
-void rand_pool_cleanup(void)
+void ossl_rand_pool_cleanup(void)
 {
     size_t i;
 
@@ -573,26 +573,26 @@ void rand_pool_cleanup(void)
         close_random_device(i);
 }
 
-void rand_pool_keep_random_devices_open(int keep)
+void ossl_rand_pool_keep_random_devices_open(int keep)
 {
     if (!keep)
-        rand_pool_cleanup();
+        ossl_rand_pool_cleanup();
 
     keep_random_devices_open = keep;
 }
 
 #  else     /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
 
-int rand_pool_init(void)
+int ossl_rand_pool_init(void)
 {
     return 1;
 }
 
-void rand_pool_cleanup(void)
+void ossl_rand_pool_cleanup(void)
 {
 }
 
-void rand_pool_keep_random_devices_open(int keep)
+void ossl_rand_pool_keep_random_devices_open(int keep)
 {
 }
 
@@ -618,7 +618,7 @@ void rand_pool_keep_random_devices_open(int keep)
 size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
 {
 #  if defined(OPENSSL_RAND_SEED_NONE)
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 #  else
     size_t entropy_available = 0;
 
@@ -632,12 +632,12 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
         /* Maximum allowed number of consecutive unsuccessful attempts */
         int attempts = 3;
 
-        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
         while (bytes_needed != 0 && attempts-- > 0) {
-            buffer = rand_pool_add_begin(pool, bytes_needed);
+            buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
             bytes = syscall_random(buffer, bytes_needed);
             if (bytes > 0) {
-                rand_pool_add_end(pool, bytes, 8 * bytes);
+                ossl_rand_pool_add_end(pool, bytes, 8 * bytes);
                 bytes_needed -= bytes;
                 attempts = 3; /* reset counter after successful attempt */
             } else if (bytes < 0 && errno != EINTR) {
@@ -645,7 +645,7 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
             }
         }
     }
-    entropy_available = rand_pool_entropy_available(pool);
+    entropy_available = ossl_rand_pool_entropy_available(pool);
     if (entropy_available > 0)
         return entropy_available;
 #   endif
@@ -662,7 +662,7 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
         unsigned char *buffer;
         size_t i;
 
-        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
         for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths);
              i++) {
             ssize_t bytes = 0;
@@ -674,11 +674,11 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
                 continue;
 
             while (bytes_needed != 0 && attempts-- > 0) {
-                buffer = rand_pool_add_begin(pool, bytes_needed);
+                buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
                 bytes = read(fd, buffer, bytes_needed);
 
                 if (bytes > 0) {
-                    rand_pool_add_end(pool, bytes, 8 * bytes);
+                    ossl_rand_pool_add_end(pool, bytes, 8 * bytes);
                     bytes_needed -= bytes;
                     attempts = 3; /* reset counter on successful attempt */
                 } else if (bytes < 0 && errno != EINTR) {
@@ -688,22 +688,22 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
             if (bytes < 0 || !keep_random_devices_open)
                 close_random_device(i);
 
-            bytes_needed = rand_pool_bytes_needed(pool, 1);
+            bytes_needed = ossl_rand_pool_bytes_needed(pool, 1);
         }
-        entropy_available = rand_pool_entropy_available(pool);
+        entropy_available = ossl_rand_pool_entropy_available(pool);
         if (entropy_available > 0)
             return entropy_available;
     }
 #   endif
 
 #   if defined(OPENSSL_RAND_SEED_RDTSC)
-    entropy_available = prov_acquire_entropy_from_tsc(pool);
+    entropy_available = ossl_prov_acquire_entropy_from_tsc(pool);
     if (entropy_available > 0)
         return entropy_available;
 #   endif
 
 #   if defined(OPENSSL_RAND_SEED_RDCPU)
-    entropy_available = prov_acquire_entropy_from_cpu(pool);
+    entropy_available = ossl_prov_acquire_entropy_from_cpu(pool);
     if (entropy_available > 0)
         return entropy_available;
 #   endif
@@ -715,27 +715,27 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
         unsigned char *buffer;
         int i;
 
-        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
         for (i = 0; bytes_needed > 0 && paths[i] != NULL; i++) {
             size_t bytes = 0;
             int num;
 
-            buffer = rand_pool_add_begin(pool, bytes_needed);
+            buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
             num = RAND_query_egd_bytes(paths[i],
                                        buffer, (int)bytes_needed);
             if (num == (int)bytes_needed)
                 bytes = bytes_needed;
 
-            rand_pool_add_end(pool, bytes, 8 * bytes);
-            bytes_needed = rand_pool_bytes_needed(pool, 1);
+            ossl_rand_pool_add_end(pool, bytes, 8 * bytes);
+            bytes_needed = ossl_rand_pool_bytes_needed(pool, 1);
         }
-        entropy_available = rand_pool_entropy_available(pool);
+        entropy_available = ossl_rand_pool_entropy_available(pool);
         if (entropy_available > 0)
             return entropy_available;
     }
 #   endif
 
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 #  endif
 }
 # endif
@@ -763,10 +763,10 @@ int ossl_pool_add_nonce_data(RAND_POOL *pool)
     data.tid = CRYPTO_THREAD_get_current_id();
     data.time = get_time_stamp();
 
-    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+    return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
-int rand_pool_add_additional_data(RAND_POOL *pool)
+int ossl_rand_pool_add_additional_data(RAND_POOL *pool)
 {
     struct {
         int fork_id;
@@ -787,7 +787,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool)
     data.tid = CRYPTO_THREAD_get_current_id();
     data.time = get_timer_bits();
 
-    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+    return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
 
diff --git a/providers/implementations/rands/seeding/rand_vms.c b/providers/implementations/rands/seeding/rand_vms.c
index 3a91d24405..0f8578ca30 100644
--- a/providers/implementations/rands/seeding/rand_vms.c
+++ b/providers/implementations/rands/seeding/rand_vms.c
@@ -362,8 +362,8 @@ size_t data_collect_method(RAND_POOL *pool)
     } data;
     size_t total_elems = 0;
     size_t total_length = 0;
-    size_t bytes_needed = rand_pool_bytes_needed(pool, ENTROPY_FACTOR);
-    size_t bytes_remaining = rand_pool_bytes_remaining(pool);
+    size_t bytes_needed = ossl_rand_pool_bytes_needed(pool, ENTROPY_FACTOR);
+    size_t bytes_remaining = ossl_rand_pool_bytes_remaining(pool);
 
     /* Take all the 64-bit items first, to ensure proper alignment of data */
     total_elems +=
@@ -469,9 +469,9 @@ size_t data_collect_method(RAND_POOL *pool)
         total_length = bytes_remaining;
 
     /* We give the pessimistic value for the amount of entropy */
-    rand_pool_add(pool, (unsigned char *)data.buffer, total_length,
-                  8 * total_length / ENTROPY_FACTOR);
-    return rand_pool_entropy_available(pool);
+    ossl_rand_pool_add(pool, (unsigned char *)data.buffer, total_length,
+                       8 * total_length / ENTROPY_FACTOR);
+    return ossl_rand_pool_entropy_available(pool);
 }
 
 int ossl_pool_add_nonce_data(RAND_POOL *pool)
@@ -499,7 +499,7 @@ int ossl_pool_add_nonce_data(RAND_POOL *pool)
     sys$gettim((void*)&data.time);
 #endif
 
-    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+    return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
 /*
@@ -536,7 +536,7 @@ size_t get_entropy_method(RAND_POOL *pool)
     size_t bytes_to_get = 0;
     uint32_t status;
 
-    for (bytes_needed = rand_pool_bytes_needed(pool, 1);
+    for (bytes_needed = ossl_rand_pool_bytes_needed(pool, 1);
          bytes_needed > 0;
          bytes_needed -= bytes_to_get) {
         bytes_to_get =
@@ -555,10 +555,10 @@ size_t get_entropy_method(RAND_POOL *pool)
             return 0;
         }
 
-        rand_pool_add(pool, buffer, bytes_to_get, 8 * bytes_to_get);
+        ossl_rand_pool_add(pool, buffer, bytes_to_get, 8 * bytes_to_get);
     }
 
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 }
 
 /*
@@ -576,7 +576,7 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
 }
 
 
-int rand_pool_add_additional_data(RAND_POOL *pool)
+int ossl_rand_pool_add_additional_data(RAND_POOL *pool)
 {
     struct {
         CRYPTO_THREAD_ID tid;
@@ -598,18 +598,18 @@ int rand_pool_add_additional_data(RAND_POOL *pool)
     sys$gettim((void*)&data.time);
 #endif
 
-    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+    return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
-int rand_pool_init(void)
+int ossl_rand_pool_init(void)
 {
     return 1;
 }
 
-void rand_pool_cleanup(void)
+void ossl_rand_pool_cleanup(void)
 {
 }
 
-void rand_pool_keep_random_devices_open(int keep)
+void ossl_rand_pool_keep_random_devices_open(int keep)
 {
 }
diff --git a/providers/implementations/rands/seeding/rand_vxworks.c b/providers/implementations/rands/seeding/rand_vxworks.c
index 2629346e62..fce05a91fb 100644
--- a/providers/implementations/rands/seeding/rand_vxworks.c
+++ b/providers/implementations/rands/seeding/rand_vxworks.c
@@ -63,20 +63,20 @@ static uint64_t get_timer_bits(void)
  * empty implementation
  * vxworks does not need to init/cleanup or keep open the random lib
  */
-int rand_pool_init(void)
+int ossl_rand_pool_init(void)
 {
     return 1;
 }
 
-void rand_pool_cleanup(void)
+void ossl_rand_pool_cleanup(void)
 {
 }
 
-void rand_pool_keep_random_devices_open(int keep)
+void ossl_rand_pool_keep_random_devices_open(int keep)
 {
 }
 
-int rand_pool_add_additional_data(RAND_POOL *pool)
+int ossl_rand_pool_add_additional_data(RAND_POOL *pool)
 {
     struct {
         CRYPTO_THREAD_ID tid;
@@ -93,7 +93,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool)
     data.tid = CRYPTO_THREAD_get_current_id();
     data.time = get_timer_bits();
 
-    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+    return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
 int ossl_pool_add_nonce_data(RAND_POOL *pool)
@@ -115,7 +115,7 @@ int ossl_pool_add_nonce_data(RAND_POOL *pool)
     data.tid = CRYPTO_THREAD_get_current_id();
     data.time = get_time_stamp();
 
-    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+    return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
 size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
@@ -124,14 +124,14 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
     /* vxRandLib based entropy method */
     size_t bytes_needed;
 
-    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
     if (bytes_needed > 0)
     {
         int retryCount = 0;
         STATUS result = ERROR;
         unsigned char *buffer;
 
-        buffer = rand_pool_add_begin(pool, bytes_needed);
+        buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
         while ((result != OK) && (retryCount < 10)) {
             RANDOM_NUM_GEN_STATUS status = randStatus();
 
@@ -139,7 +139,7 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
                     || (status == RANDOM_NUM_GEN_MAX_ENTROPY) ) {
                 result = randBytes(buffer, bytes_needed);
                 if (result == OK)
-                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                    ossl_rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
                 /*
                  * no else here: randStatus said ok, if randBytes failed
                  * it will result in another loop or no entropy
@@ -156,12 +156,12 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
             retryCount++;
         }
     }
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 #else
     /*
      * SEED_NONE means none, without randlib we dont have entropy and
      * rely on it being added externally
      */
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 #endif /* defined(RAND_SEED_VXRANDLIB) */
 }
diff --git a/providers/implementations/rands/seeding/rand_win.c b/providers/implementations/rands/seeding/rand_win.c
index 39b0902e55..178532e02f 100644
--- a/providers/implementations/rands/seeding/rand_win.c
+++ b/providers/implementations/rands/seeding/rand_win.c
@@ -53,34 +53,34 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
 
 
 # ifdef OPENSSL_RAND_SEED_RDTSC
-    entropy_available = prov_acquire_entropy_from_tsc(pool);
+    entropy_available = ossl_prov_acquire_entropy_from_tsc(pool);
     if (entropy_available > 0)
         return entropy_available;
 # endif
 
 # ifdef OPENSSL_RAND_SEED_RDCPU
-    entropy_available = prov_acquire_entropy_from_cpu(pool);
+    entropy_available = ossl_prov_acquire_entropy_from_cpu(pool);
     if (entropy_available > 0)
         return entropy_available;
 # endif
 
 # ifdef USE_BCRYPTGENRANDOM
-    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
-    buffer = rand_pool_add_begin(pool, bytes_needed);
+    bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
     if (buffer != NULL) {
         size_t bytes = 0;
         if (BCryptGenRandom(NULL, buffer, bytes_needed,
                             BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
             bytes = bytes_needed;
 
-        rand_pool_add_end(pool, bytes, 8 * bytes);
-        entropy_available = rand_pool_entropy_available(pool);
+        ossl_rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = ossl_rand_pool_entropy_available(pool);
     }
     if (entropy_available > 0)
         return entropy_available;
 # else
-    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
-    buffer = rand_pool_add_begin(pool, bytes_needed);
+    bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
     if (buffer != NULL) {
         size_t bytes = 0;
         /* poll the CryptoAPI PRNG */
@@ -92,14 +92,14 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
             CryptReleaseContext(hProvider, 0);
         }
 
-        rand_pool_add_end(pool, bytes, 8 * bytes);
-        entropy_available = rand_pool_entropy_available(pool);
+        ossl_rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = ossl_rand_pool_entropy_available(pool);
     }
     if (entropy_available > 0)
         return entropy_available;
 
-    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
-    buffer = rand_pool_add_begin(pool, bytes_needed);
+    bytes_needed = ossl_rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
     if (buffer != NULL) {
         size_t bytes = 0;
         /* poll the Pentium PRG with CryptoAPI */
@@ -111,14 +111,14 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool)
 
             CryptReleaseContext(hProvider, 0);
         }
-        rand_pool_add_end(pool, bytes, 8 * bytes);
-        entropy_available = rand_pool_entropy_available(pool);
+        ossl_rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = ossl_rand_pool_entropy_available(pool);
     }
     if (entropy_available > 0)
         return entropy_available;
 # endif
 
-    return rand_pool_entropy_available(pool);
+    return ossl_rand_pool_entropy_available(pool);
 }
 
 
@@ -142,10 +142,10 @@ int ossl_pool_add_nonce_data(RAND_POOL *pool)
     data.tid = GetCurrentThreadId();
     GetSystemTimeAsFileTime(&data.time);
 
-    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+    return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
-int rand_pool_add_additional_data(RAND_POOL *pool)
+int ossl_rand_pool_add_additional_data(RAND_POOL *pool)
 {
     struct {
         DWORD tid;
@@ -162,19 +162,19 @@ int rand_pool_add_additional_data(RAND_POOL *pool)
      */
     data.tid = GetCurrentThreadId();
     QueryPerformanceCounter(&data.time);
-    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+    return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
-int rand_pool_init(void)
+int ossl_rand_pool_init(void)
 {
     return 1;
 }
 
-void rand_pool_cleanup(void)
+void ossl_rand_pool_cleanup(void)
 {
 }
 
-void rand_pool_keep_random_devices_open(int keep)
+void ossl_rand_pool_keep_random_devices_open(int keep)
 {
 }
 
diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c
index 221ccdd928..148c143cc0 100644
--- a/providers/implementations/signature/eddsa.c
+++ b/providers/implementations/signature/eddsa.c
@@ -159,8 +159,8 @@ int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret,
     if (S390X_CAN_SIGN(ED25519))
         return s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen);
 #endif /* S390X_EC_ASM */
-    if (ED25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey,
-                     peddsactx->libctx, NULL) == 0) {
+    if (ossl_ed25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey,
+                          peddsactx->libctx, NULL) == 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
         return 0;
     }
@@ -190,8 +190,8 @@ int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret,
     if (S390X_CAN_SIGN(ED448))
         return s390x_ed448_digestsign(edkey, sigret, tbs, tbslen);
 #endif /* S390X_EC_ASM */
-    if (ED448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey,
-                   edkey->privkey, NULL, 0, edkey->propq) == 0) {
+    if (ossl_ed448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey,
+                        edkey->privkey, NULL, 0, edkey->propq) == 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
         return 0;
     }
@@ -214,8 +214,8 @@ int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig,
         return s390x_ed25519_digestverify(edkey, sig, tbs, tbslen);
 #endif /* S390X_EC_ASM */
 
-    return ED25519_verify(tbs, tbslen, sig, edkey->pubkey, peddsactx->libctx,
-                          edkey->propq);
+    return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey,
+                               peddsactx->libctx, edkey->propq);
 }
 
 int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
@@ -233,8 +233,8 @@ int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
         return s390x_ed448_digestverify(edkey, sig, tbs, tbslen);
 #endif /* S390X_EC_ASM */
 
-    return ED448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey,
-                        NULL, 0, edkey->propq);
+    return ossl_ed448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey,
+                             NULL, 0, edkey->propq);
 }
 
 static void eddsa_freectx(void *vpeddsactx)
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index 0df079dc79..f521f0190d 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -691,8 +691,8 @@ static int rsa_verify_recover(void *vprsactx,
             {
                 size_t sltmp;
 
-                ret = int_rsa_verify(prsactx->mdnid, NULL, 0, rout, &sltmp,
-                                     sig, siglen, prsactx->rsa);
+                ret = ossl_rsa_verify(prsactx->mdnid, NULL, 0, rout, &sltmp,
+                                      sig, siglen, prsactx->rsa);
                 if (ret <= 0) {
                     ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
                     return 0;
diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c
index 4201e825b1..6fb0ff919b 100644
--- a/providers/implementations/signature/sm2sig.c
+++ b/providers/implementations/signature/sm2sig.c
@@ -201,7 +201,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
      */
     ctx->aid_len = 0;
     if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
-        && DER_w_algorithmIdentifier_SM2_with_MD(&pkt, -1, ctx->ec, md_nid)
+        && ossl_DER_w_algorithmIdentifier_SM2_with_MD(&pkt, -1, ctx->ec, md_nid)
         && WPACKET_finish(&pkt)) {
         WPACKET_get_total_written(&pkt, &ctx->aid_len);
         ctx->aid = WPACKET_get_curr(&pkt);
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index f4ac6e0c83..e121052545 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -294,7 +294,7 @@ static void *file_open(void *provctx, const char *uri)
 void *file_attach(void *provctx, OSSL_CORE_BIO *cin)
 {
     struct file_ctx_st *ctx;
-    BIO *new_bio = bio_new_from_core_bio(provctx, cin);
+    BIO *new_bio = ossl_bio_new_from_core_bio(provctx, cin);
 
     if (new_bio == NULL)
         return NULL;
diff --git a/providers/implementations/storemgmt/file_store_der2obj.c b/providers/implementations/storemgmt/file_store_der2obj.c
index 854a720f60..74fa40df9f 100644
--- a/providers/implementations/storemgmt/file_store_der2obj.c
+++ b/providers/implementations/storemgmt/file_store_der2obj.c
@@ -85,7 +85,7 @@ static int der2obj_decode(void *provctx, OSSL_CORE_BIO *cin, int selection,
      * We're called from file_store.c, so we know that OSSL_CORE_BIO is a
      * BIO in this case.
      */
-    BIO *in = bio_new_from_core_bio(provctx, cin);
+    BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
     BUF_MEM *mem = NULL;
     int err, ok;
 
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index c60b259e1f..e7917be4fb 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -3114,7 +3114,7 @@ static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
 }
 
 #ifndef OPENSSL_NO_GOST
-int gost18_cke_cipher_nid(const SSL *s)
+int ossl_gost18_cke_cipher_nid(const SSL *s)
 {
     if ((s->s3.tmp.new_cipher->algorithm_enc & SSL_MAGMA) != 0)
         return NID_magma_ctr;
@@ -3124,7 +3124,7 @@ int gost18_cke_cipher_nid(const SSL *s)
     return NID_undef;
 }
 
-int gost_ukm(const SSL *s, unsigned char *dgst_buf)
+int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf)
 {
     EVP_MD_CTX * hash = NULL;
     unsigned int md_len;
@@ -3159,14 +3159,14 @@ static int tls_construct_cke_gost18(SSL *s, WPACKET *pkt)
     unsigned char *pms = NULL;
     size_t pmslen = 0;
     size_t msglen;
-    int cipher_nid = gost18_cke_cipher_nid(s);
+    int cipher_nid = ossl_gost18_cke_cipher_nid(s);
 
     if (cipher_nid == NID_undef) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         return 0;
     }
 
-    if (gost_ukm(s, rnd_dgst) <= 0) {
+    if (ossl_gost_ukm(s, rnd_dgst) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }
diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h
index c277a8e9c5..61de225584 100644
--- a/ssl/statem/statem_local.h
+++ b/ssl/statem/statem_local.h
@@ -159,8 +159,8 @@ MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt);
 
 #ifndef OPENSSL_NO_GOST
 /* These functions are used in GOST18 CKE, both for client and server */
-int gost18_cke_cipher_nid(const SSL *s);
-int gost_ukm(const SSL *s, unsigned char *dgst_buf);
+int ossl_gost18_cke_cipher_nid(const SSL *s);
+int ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf);
 #endif
 
 /* Extension processing */
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 4c2ca4e6e5..aca17868b1 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3198,14 +3198,14 @@ static int tls_process_cke_gost18(SSL *s, PACKET *pkt)
     const unsigned char *start = NULL;
     size_t outlen = 32, inlen = 0;
     int ret = 0;
-    int cipher_nid = gost18_cke_cipher_nid(s);
+    int cipher_nid = ossl_gost18_cke_cipher_nid(s);
 
     if (cipher_nid == NID_undef) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         return 0;
     }
 
-    if (gost_ukm(s, rnd_dgst) <= 0) {
+    if (ossl_gost_ukm(s, rnd_dgst) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }
diff --git a/test/curve448_internal_test.c b/test/curve448_internal_test.c
index b1df82e837..bcf3f87389 100644
--- a/test/curve448_internal_test.c
+++ b/test/curve448_internal_test.c
@@ -601,40 +601,44 @@ static int test_ed448(void)
     EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
 
     if (!TEST_ptr(hashctx)
-            || !TEST_true(ED448_sign(NULL, outsig, NULL, 0, pubkey1, privkey1,
-                                     NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, NULL, 0, pubkey1,
+                                          privkey1, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0)
-            || !TEST_true(ED448_sign(NULL, outsig, msg2, sizeof(msg2), pubkey2,
-                                     privkey2, NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, msg2, sizeof(msg2),
+                                          pubkey2, privkey2, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0)
-            || !TEST_true(ED448_sign(NULL, outsig, msg3, sizeof(msg3), pubkey3,
-                                     privkey3, context3, sizeof(context3), NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, msg3, sizeof(msg3),
+                                          pubkey3, privkey3, context3,
+                                          sizeof(context3), NULL))
             || !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0)
-            || !TEST_true(ED448_sign(NULL, outsig, msg4, sizeof(msg4), pubkey4,
-                                     privkey4, NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, msg4, sizeof(msg4),
+                                          pubkey4, privkey4, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0)
-            || !TEST_true(ED448_sign(NULL, outsig, msg5, sizeof(msg5), pubkey5,
-                                     privkey5, NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, msg5, sizeof(msg5),
+                                          pubkey5, privkey5, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0)
-            || !TEST_true(ED448_sign(NULL, outsig, msg6, sizeof(msg6), pubkey6,
-                                     privkey6, NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, msg6, sizeof(msg6),
+                                          pubkey6, privkey6, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0)
-            || !TEST_true(ED448_sign(NULL, outsig, msg7, sizeof(msg7), pubkey7,
-                                     privkey7, NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, msg7, sizeof(msg7),
+                                          pubkey7, privkey7, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0)
-            || !TEST_true(ED448_sign(NULL, outsig, msg8, sizeof(msg8), pubkey8,
-                                     privkey8, NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, msg8, sizeof(msg8),
+                                          pubkey8, privkey8, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0)
-            || !TEST_true(ED448_sign(NULL, outsig, msg9, sizeof(msg9), pubkey9,
-                                     privkey9, NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig, msg9, sizeof(msg9),
+                                          pubkey9, privkey9, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0)
-            || !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg1,
-                                       sizeof(phmsg1)), phpubkey1, phprivkey1,
-                                       NULL, 0, NULL))
+            || !TEST_true(ossl_ed448ph_sign(NULL, outsig,
+                                            dohash(hashctx, phmsg1,
+                                                   sizeof(phmsg1)), phpubkey1,
+                                                   phprivkey1, NULL, 0, NULL))
             || !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0)
-            || !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg2,
-                                       sizeof(phmsg2)), phpubkey2, phprivkey2,
-                                       phcontext2, sizeof(phcontext2), NULL))
+            || !TEST_true(ossl_ed448ph_sign(NULL, outsig,
+                                            dohash(hashctx, phmsg2,
+                                                   sizeof(phmsg2)), phpubkey2,
+                                                   phprivkey2, phcontext2,
+                                                   sizeof(phcontext2), NULL))
             || !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) {
         EVP_MD_CTX_free(hashctx);
         return 0;
@@ -652,9 +656,9 @@ static int test_x448(void)
 
     /* Curve448 tests */
 
-    if (!TEST_true(X448(out, in_scalar1, in_u1))
+    if (!TEST_true(ossl_x448(out, in_scalar1, in_u1))
           || !TEST_int_eq(memcmp(out, out_u1, sizeof(out)), 0)
-          || !TEST_true(X448(out, in_scalar2, in_u2))
+          || !TEST_true(ossl_x448(out, in_scalar2, in_u2))
           || !TEST_int_eq(memcmp(out, out_u2, sizeof(out)), 0))
         return 0;
 
@@ -666,7 +670,7 @@ static int test_x448(void)
             fflush(stdout);
         }
 
-        if (!TEST_true(X448(out, k, u)))
+        if (!TEST_true(ossl_x448(out, k, u)))
             return 0;
 
         if (i == 1 || i == 1000 || i == 1000000) {
diff --git a/test/hexstr_test.c b/test/hexstr_test.c
index c03b58ef03..ffad66fe4f 100644
--- a/test/hexstr_test.c
+++ b/test/hexstr_test.c
@@ -68,9 +68,9 @@ static int test_hexstr_sep_to_from(int test_index)
     char *out = NULL;
     struct testdata *test = &tbl_testdata[test_index];
 
-    if (!TEST_ptr(buf = openssl_hexstr2buf_sep(test->in, &len, test->sep))
+    if (!TEST_ptr(buf = ossl_hexstr2buf_sep(test->in, &len, test->sep))
         || !TEST_mem_eq(buf, len, test->expected, test->expected_len)
-        || !TEST_ptr(out = openssl_buf2hexstr_sep(buf, len, test->sep))
+        || !TEST_ptr(out = ossl_buf2hexstr_sep(buf, len, test->sep))
         || !TEST_str_eq(out, test->in))
        goto err;
 
diff --git a/test/sm4_internal_test.c b/test/sm4_internal_test.c
index 0a5ea738e5..6e18b19090 100644
--- a/test/sm4_internal_test.c
+++ b/test/sm4_internal_test.c
@@ -54,21 +54,21 @@ static int test_sm4_ecb(void)
     SM4_KEY key;
     uint8_t block[SM4_BLOCK_SIZE];
 
-    SM4_set_key(k, &key);
+    ossl_sm4_set_key(k, &key);
     memcpy(block, input, SM4_BLOCK_SIZE);
 
-    SM4_encrypt(block, block, &key);
+    ossl_sm4_encrypt(block, block, &key);
     if (!TEST_mem_eq(block, SM4_BLOCK_SIZE, expected, SM4_BLOCK_SIZE))
         return 0;
 
     for (i = 0; i != 999999; ++i)
-        SM4_encrypt(block, block, &key);
+        ossl_sm4_encrypt(block, block, &key);
 
     if (!TEST_mem_eq(block, SM4_BLOCK_SIZE, expected_iter, SM4_BLOCK_SIZE))
         return 0;
 
     for (i = 0; i != 1000000; ++i)
-        SM4_decrypt(block, block, &key);
+        ossl_sm4_decrypt(block, block, &key);
 
     if (!TEST_mem_eq(block, SM4_BLOCK_SIZE, input, SM4_BLOCK_SIZE))
         return 0;


More information about the openssl-commits mailing list