Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
diff --git a/CHANGES.md b/CHANGES.md
index 203deac..a6fbb6b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -641,8 +641,8 @@
 
    *Richard Levitte*
 
- * Enhanced the documentation of EVP_PKEY_size(), EVP_PKEY_bits()
-   and EVP_PKEY_security_bits().  Especially EVP_PKEY_size() needed
+ * Enhanced the documentation of EVP_PKEY_get_size(), EVP_PKEY_get_bits()
+   and EVP_PKEY_get_security_bits().  Especially EVP_PKEY_get_size() needed
    a new formulation to include all the things it can be used for,
    as well as words of caution.
 
diff --git a/apps/cms.c b/apps/cms.c
index da00ece..81112c5 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1013,7 +1013,7 @@
 
             res = EVP_PKEY_CTX_ctrl(pctx, -1, -1,
                                     EVP_PKEY_CTRL_CIPHER,
-                                    EVP_CIPHER_nid(cipher), NULL);
+                                    EVP_CIPHER_get_nid(cipher), NULL);
             if (res <= 0 && res != -2)
                 goto end;
 
diff --git a/apps/crl.c b/apps/crl.c
index 8904cc0..ff7c314 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -347,7 +347,8 @@
                     BIO_printf(bio_err, "out of memory\n");
                     goto end;
                 }
-                BIO_printf(bio_out, "%s Fingerprint=", EVP_MD_name(digest));
+                BIO_printf(bio_out, "%s Fingerprint=",
+                           EVP_MD_get0_name(digest));
                 for (j = 0; j < (int)n; j++) {
                     BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
                                ? '\n' : ':');
diff --git a/apps/dgst.c b/apps/dgst.c
index e39d645..36a8c6f 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -287,7 +287,7 @@
              */
             goto end;
         }
-        type = EVP_PKEY_id(sigkey);
+        type = EVP_PKEY_get_id(sigkey);
         if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
             /*
              * We implement PureEdDSA for these which doesn't have a separate
@@ -381,7 +381,7 @@
             BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
             goto end;
         }
-        siglen = EVP_PKEY_size(sigkey);
+        siglen = EVP_PKEY_get_size(sigkey);
         sigbuf = app_malloc(siglen, "signature buffer");
         siglen = BIO_read(sigbio, sigbuf, siglen);
         BIO_free(sigbio);
@@ -399,10 +399,10 @@
         md = EVP_MD_CTX_get1_md(tctx);
     }
     if (md != NULL)
-        md_name = EVP_MD_name(md);
+        md_name = EVP_MD_get0_name(md);
 
     if (xoflen > 0) {
-        if (!(EVP_MD_flags(md) & EVP_MD_FLAG_XOF)) {
+        if (!(EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF)) {
             BIO_printf(bio_err, "Length can only be specified for XOF\n");
             goto end;
         }
diff --git a/apps/dsa.c b/apps/dsa.c
index abb4221..51c0284 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -269,7 +269,7 @@
 
     /* Passphrase setup */
     if (enc != NULL)
-        OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+        OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL);
 
     /* Default passphrase prompter */
     if (enc != NULL || outformat == FORMAT_PVK) {
diff --git a/apps/ec.c b/apps/ec.c
index 3a7f505..dcbef10 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -260,7 +260,7 @@
                                              output_type, output_structure,
                                              NULL);
         if (enc != NULL) {
-            OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+            OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL);
             /* Default passphrase prompter */
             OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL);
             if (passout != NULL)
diff --git a/apps/enc.c b/apps/enc.c
index cda0022..f136c3f 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -300,11 +300,11 @@
         if (!opt_cipher(ciphername, &cipher))
             goto opthelp;
     }
-    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+    if (cipher && EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
         BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
         goto end;
     }
-    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
+    if (cipher && (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE)) {
         BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
         goto end;
     }
@@ -360,7 +360,7 @@
                 char prompt[200];
 
                 BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
-                        EVP_CIPHER_name(cipher),
+                        EVP_CIPHER_get0_name(cipher),
                         (enc) ? "encryption" : "decryption");
                 strbuf[0] = '\0';
                 i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
@@ -492,8 +492,8 @@
                 * concatenated into a temporary buffer
                 */
                 unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
-                int iklen = EVP_CIPHER_key_length(cipher);
-                int ivlen = EVP_CIPHER_iv_length(cipher);
+                int iklen = EVP_CIPHER_get_key_length(cipher);
+                int ivlen = EVP_CIPHER_get_iv_length(cipher);
                 /* not needed if HASH_UPDATE() is fixed : */
                 int islen = (sptr != NULL ? sizeof(salt) : 0);
                 if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
@@ -525,7 +525,7 @@
                 OPENSSL_cleanse(str, str_len);
         }
         if (hiv != NULL) {
-            int siz = EVP_CIPHER_iv_length(cipher);
+            int siz = EVP_CIPHER_get_iv_length(cipher);
             if (siz == 0) {
                 BIO_printf(bio_err, "warning: iv not used by this cipher\n");
             } else if (!set_hex(hiv, iv, siz)) {
@@ -534,7 +534,7 @@
             }
         }
         if ((hiv == NULL) && (str == NULL)
-            && EVP_CIPHER_iv_length(cipher) != 0) {
+            && EVP_CIPHER_get_iv_length(cipher) != 0) {
             /*
              * No IV was explicitly set and no IV was generated.
              * Hence the IV is undefined, making correct decryption impossible.
@@ -543,7 +543,7 @@
             goto end;
         }
         if (hkey != NULL) {
-            if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+            if (!set_hex(hkey, key, EVP_CIPHER_get_key_length(cipher))) {
                 BIO_printf(bio_err, "invalid hex key value\n");
                 goto end;
             }
@@ -563,7 +563,7 @@
 
         if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) {
             BIO_printf(bio_err, "Error setting cipher %s\n",
-                       EVP_CIPHER_name(cipher));
+                       EVP_CIPHER_get0_name(cipher));
             ERR_print_errors(bio_err);
             goto end;
         }
@@ -573,7 +573,7 @@
 
         if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
             BIO_printf(bio_err, "Error setting cipher %s\n",
-                       EVP_CIPHER_name(cipher));
+                       EVP_CIPHER_get0_name(cipher));
             ERR_print_errors(bio_err);
             goto end;
         }
@@ -590,15 +590,15 @@
                     printf("%02X", salt[i]);
                 printf("\n");
             }
-            if (EVP_CIPHER_key_length(cipher) > 0) {
+            if (EVP_CIPHER_get_key_length(cipher) > 0) {
                 printf("key=");
-                for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
+                for (i = 0; i < EVP_CIPHER_get_key_length(cipher); i++)
                     printf("%02X", key[i]);
                 printf("\n");
             }
-            if (EVP_CIPHER_iv_length(cipher) > 0) {
+            if (EVP_CIPHER_get_iv_length(cipher) > 0) {
                 printf("iv =");
-                for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
+                for (i = 0; i < EVP_CIPHER_get_iv_length(cipher); i++)
                     printf("%02X", iv[i]);
                 printf("\n");
             }
@@ -661,8 +661,8 @@
     /* Filter out ciphers that we cannot use */
     cipher = EVP_get_cipherbyname(name->name);
     if (cipher == NULL ||
-            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
-            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+            (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE)
         return;
 
     BIO_printf(dec->bio, "-%-25s", name->name);
diff --git a/apps/gendsa.c b/apps/gendsa.c
index a7857c4..e5c9bc2 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -127,12 +127,12 @@
     if (out == NULL)
         goto end2;
 
-    nbits = EVP_PKEY_bits(pkey);
+    nbits = EVP_PKEY_get_bits(pkey);
     if (nbits > OPENSSL_DSA_MAX_MODULUS_BITS)
         BIO_printf(bio_err,
                    "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
                    "         Your key size is %d! Larger key size may behave not as expected.\n",
-                   OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_bits(pkey));
+                   OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey));
 
     ctx = EVP_PKEY_CTX_new(pkey, NULL);
     if (ctx == NULL) {
diff --git a/apps/genpkey.c b/apps/genpkey.c
index 38b1100..5cde41b 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -166,7 +166,7 @@
     if (ciphername != NULL) {
         if (!opt_cipher(ciphername, &cipher) || do_param == 1)
             goto opthelp;
-        m = EVP_CIPHER_mode(cipher);
+        m = EVP_CIPHER_get_mode(cipher);
         if (m == EVP_CIPH_GCM_MODE || m == EVP_CIPH_CCM_MODE
                 || m == EVP_CIPH_XTS_MODE || m == EVP_CIPH_OCB_MODE) {
             BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index ba88399..ef431c9 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -386,13 +386,13 @@
     if (!SSL_get_peer_tmp_key(s, &key))
         return 1;
     BIO_puts(out, "Server Temp Key: ");
-    switch (EVP_PKEY_id(key)) {
+    switch (EVP_PKEY_get_id(key)) {
     case EVP_PKEY_RSA:
-        BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
+        BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_get_bits(key));
         break;
 
     case EVP_PKEY_DH:
-        BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
+        BIO_printf(out, "DH, %d bits\n", EVP_PKEY_get_bits(key));
         break;
 #ifndef OPENSSL_NO_EC
     case EVP_PKEY_EC:
@@ -403,13 +403,13 @@
             if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,
                                                 name, sizeof(name), &name_len))
                 strcpy(name, "?");
-            BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_bits(key));
+            BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key));
         }
     break;
 #endif
     default:
-        BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)),
-                   EVP_PKEY_bits(key));
+        BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_get_id(key)),
+                   EVP_PKEY_get_bits(key));
     }
     EVP_PKEY_free(key);
     return 1;
@@ -1426,7 +1426,7 @@
                 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
                                         &algname, EVP_PKEY_get0_asn1(pkey));
                 BIO_printf(sdb->out, "%s, bits=%d",
-                           algname, EVP_PKEY_bits(pkey));
+                           algname, EVP_PKEY_get_bits(pkey));
             }
             break;
         }
diff --git a/apps/list.c b/apps/list.c
index 6ffc36b..bc21c7f 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -36,7 +36,7 @@
     {                                                           \
         TYPE *impl;                                             \
         const char *propq = app_get0_propq();                   \
-        const char *name = TYPE ## _name(alg);                  \
+        const char *name = TYPE ## _get0_name(alg);             \
                                                                 \
         ERR_set_mark();                                         \
         impl = TYPE ## _fetch(NULL, name, propq);               \
@@ -70,10 +70,10 @@
 {
     if (select_name != NULL
         && (c == NULL
-            || strcasecmp(select_name,  EVP_CIPHER_name(c)) != 0))
+            || strcasecmp(select_name,  EVP_CIPHER_get0_name(c)) != 0))
         return;
     if (c != NULL) {
-        BIO_printf(arg, "  %s\n", EVP_CIPHER_name(c));
+        BIO_printf(arg, "  %s\n", EVP_CIPHER_get0_name(c));
     } else {
         if (from == NULL)
             from = "<undefined>";
@@ -88,11 +88,11 @@
 static int cipher_cmp(const EVP_CIPHER * const *a,
                       const EVP_CIPHER * const *b)
 {
-    int ret = EVP_CIPHER_number(*a) - EVP_CIPHER_number(*b);
+    int ret = EVP_CIPHER_get_number(*a) - EVP_CIPHER_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_CIPHER_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_CIPHER_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_CIPHER_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_CIPHER_get0_provider(*b)));
 
     return ret;
 }
@@ -138,10 +138,10 @@
             print_names(bio_out, names);
 
             BIO_printf(bio_out, " @ %s\n",
-                       OSSL_PROVIDER_name(EVP_CIPHER_provider(c)));
+                       OSSL_PROVIDER_name(EVP_CIPHER_get0_provider(c)));
 
             if (verbose) {
-                const char *desc = EVP_CIPHER_description(c);
+                const char *desc = EVP_CIPHER_get0_description(c);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -163,7 +163,7 @@
                        const char *from, const char *to, void *arg)
 {
     if (m != NULL) {
-        BIO_printf(arg, "  %s\n", EVP_MD_name(m));
+        BIO_printf(arg, "  %s\n", EVP_MD_get0_name(m));
     } else {
         if (from == NULL)
             from = "<undefined>";
@@ -177,11 +177,11 @@
 DEFINE_STACK_OF(EVP_MD)
 static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b)
 {
-    int ret = EVP_MD_number(*a) - EVP_MD_number(*b);
+    int ret = EVP_MD_get_number(*a) - EVP_MD_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_MD_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_MD_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_MD_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_MD_get0_provider(*b)));
 
     return ret;
 }
@@ -226,10 +226,11 @@
             BIO_printf(bio_out, "  ");
             print_names(bio_out, names);
 
-            BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_MD_provider(m)));
+            BIO_printf(bio_out, " @ %s\n",
+                       OSSL_PROVIDER_name(EVP_MD_get0_provider(m)));
 
             if (verbose) {
-                const char *desc = EVP_MD_description(m);
+                const char *desc = EVP_MD_get0_description(m);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -249,11 +250,11 @@
 DEFINE_STACK_OF(EVP_MAC)
 static int mac_cmp(const EVP_MAC * const *a, const EVP_MAC * const *b)
 {
-    int ret = EVP_MAC_number(*a) - EVP_MAC_number(*b);
+    int ret = EVP_MAC_get_number(*a) - EVP_MAC_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_MAC_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_MAC_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_MAC_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_MAC_get0_provider(*b)));
 
     return ret;
 }
@@ -291,10 +292,11 @@
             BIO_printf(bio_out, "  ");
             print_names(bio_out, names);
 
-            BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_MAC_provider(m)));
+            BIO_printf(bio_out, " @ %s\n",
+                       OSSL_PROVIDER_name(EVP_MAC_get0_provider(m)));
 
             if (verbose) {
-                const char *desc = EVP_MAC_description(m);
+                const char *desc = EVP_MAC_get0_description(m);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -317,11 +319,11 @@
 DEFINE_STACK_OF(EVP_KDF)
 static int kdf_cmp(const EVP_KDF * const *a, const EVP_KDF * const *b)
 {
-    int ret = EVP_KDF_number(*a) - EVP_KDF_number(*b);
+    int ret = EVP_KDF_get_number(*a) - EVP_KDF_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_KDF_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_KDF_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_KDF_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_KDF_get0_provider(*b)));
 
     return ret;
 }
@@ -359,10 +361,11 @@
             BIO_printf(bio_out, "  ");
             print_names(bio_out, names);
 
-            BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_KDF_provider(k)));
+            BIO_printf(bio_out, " @ %s\n",
+                       OSSL_PROVIDER_name(EVP_KDF_get0_provider(k)));
 
             if (verbose) {
-                const char *desc = EVP_KDF_description(k);
+                const char *desc = EVP_KDF_get0_description(k);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -386,11 +389,11 @@
 
 static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b)
 {
-    int ret = strcasecmp(EVP_RAND_name(*a), EVP_RAND_name(*b));
+    int ret = strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b));
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_RAND_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_RAND_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_RAND_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_RAND_get0_provider(*b)));
 
     return ret;
 }
@@ -420,13 +423,14 @@
         const EVP_RAND *m = sk_EVP_RAND_value(rands, i);
 
         if (select_name != NULL
-            && strcasecmp(EVP_RAND_name(m), select_name) != 0)
+            && strcasecmp(EVP_RAND_get0_name(m), select_name) != 0)
             continue;
-        BIO_printf(bio_out, "  %s", EVP_RAND_name(m));
-        BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_RAND_provider(m)));
+        BIO_printf(bio_out, "  %s", EVP_RAND_get0_name(m));
+        BIO_printf(bio_out, " @ %s\n",
+                   OSSL_PROVIDER_name(EVP_RAND_get0_provider(m)));
 
         if (verbose) {
-            const char *desc = EVP_RAND_description(m);
+            const char *desc = EVP_RAND_get0_description(m);
 
             if (desc != NULL)
                 BIO_printf(bio_out, "    description: %s\n", desc);
@@ -452,13 +456,13 @@
 
     BIO_printf(bio_out, "%s:\n", name);
     if (drbg != NULL) {
-        rand = EVP_RAND_CTX_rand(drbg);
+        rand = EVP_RAND_CTX_get0_rand(drbg);
 
-        BIO_printf(bio_out, "  %s", EVP_RAND_name(rand));
+        BIO_printf(bio_out, "  %s", EVP_RAND_get0_name(rand));
         BIO_printf(bio_out, " @ %s\n",
-                   OSSL_PROVIDER_name(EVP_RAND_provider(rand)));
+                   OSSL_PROVIDER_name(EVP_RAND_get0_provider(rand)));
 
-        switch (EVP_RAND_state(drbg)) {
+        switch (EVP_RAND_get_state(drbg)) {
         case EVP_RAND_STATE_UNINITIALISED:
             p = "uninitialised";
             break;
@@ -516,11 +520,11 @@
 static int encoder_cmp(const OSSL_ENCODER * const *a,
                        const OSSL_ENCODER * const *b)
 {
-    int ret = OSSL_ENCODER_number(*a) - OSSL_ENCODER_number(*b);
+    int ret = OSSL_ENCODER_get_number(*a) - OSSL_ENCODER_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(OSSL_ENCODER_provider(*a)),
-                     OSSL_PROVIDER_name(OSSL_ENCODER_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(OSSL_ENCODER_get0_provider(*a)),
+                     OSSL_PROVIDER_name(OSSL_ENCODER_get0_provider(*b)));
     return ret;
 }
 
@@ -560,11 +564,11 @@
             print_names(bio_out, names);
 
             BIO_printf(bio_out, " @ %s (%s)\n",
-                    OSSL_PROVIDER_name(OSSL_ENCODER_provider(k)),
-                    OSSL_ENCODER_properties(k));
+                    OSSL_PROVIDER_name(OSSL_ENCODER_get0_provider(k)),
+                    OSSL_ENCODER_get0_properties(k));
 
             if (verbose) {
-                const char *desc = OSSL_ENCODER_description(k);
+                const char *desc = OSSL_ENCODER_get0_description(k);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -584,11 +588,11 @@
 static int decoder_cmp(const OSSL_DECODER * const *a,
                        const OSSL_DECODER * const *b)
 {
-    int ret = OSSL_DECODER_number(*a) - OSSL_DECODER_number(*b);
+    int ret = OSSL_DECODER_get_number(*a) - OSSL_DECODER_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(OSSL_DECODER_provider(*a)),
-                     OSSL_PROVIDER_name(OSSL_DECODER_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(OSSL_DECODER_get0_provider(*a)),
+                     OSSL_PROVIDER_name(OSSL_DECODER_get0_provider(*b)));
     return ret;
 }
 
@@ -629,11 +633,11 @@
             print_names(bio_out, names);
 
             BIO_printf(bio_out, " @ %s (%s)\n",
-                    OSSL_PROVIDER_name(OSSL_DECODER_provider(k)),
-                    OSSL_DECODER_properties(k));
+                       OSSL_PROVIDER_name(OSSL_DECODER_get0_provider(k)),
+                       OSSL_DECODER_get0_properties(k));
 
             if (verbose) {
-                const char *desc = OSSL_DECODER_description(k);
+                const char *desc = OSSL_DECODER_get0_description(k);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -650,11 +654,11 @@
 static int keymanager_cmp(const EVP_KEYMGMT * const *a,
                           const EVP_KEYMGMT * const *b)
 {
-    int ret = EVP_KEYMGMT_number(*a) - EVP_KEYMGMT_number(*b);
+    int ret = EVP_KEYMGMT_get_number(*a) - EVP_KEYMGMT_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_KEYMGMT_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_KEYMGMT_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_KEYMGMT_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_KEYMGMT_get0_provider(*b)));
     return ret;
 }
 
@@ -684,7 +688,7 @@
 
         names = sk_OPENSSL_CSTRING_new(name_cmp);
         if (names != NULL && EVP_KEYMGMT_names_do_all(k, collect_names, names)) {
-            const char *desc = EVP_KEYMGMT_description(k);
+            const char *desc = EVP_KEYMGMT_get0_description(k);
 
             BIO_printf(bio_out, "  Name: ");
             if (desc != NULL)
@@ -696,7 +700,7 @@
             BIO_printf(bio_out, "    IDs: ");
             print_names(bio_out, names);
             BIO_printf(bio_out, " @ %s\n",
-                    OSSL_PROVIDER_name(EVP_KEYMGMT_provider(k)));
+                    OSSL_PROVIDER_name(EVP_KEYMGMT_get0_provider(k)));
 
             if (verbose) {
                 print_param_types("settable key generation parameters",
@@ -716,11 +720,11 @@
 static int signature_cmp(const EVP_SIGNATURE * const *a,
                          const EVP_SIGNATURE * const *b)
 {
-    int ret = EVP_SIGNATURE_number(*a) - EVP_SIGNATURE_number(*b);
+    int ret = EVP_SIGNATURE_get_number(*a) - EVP_SIGNATURE_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_SIGNATURE_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_SIGNATURE_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_SIGNATURE_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_SIGNATURE_get0_provider(*b)));
     return ret;
 }
 
@@ -755,10 +759,10 @@
             print_names(bio_out, names);
 
             BIO_printf(bio_out, " @ %s\n",
-                    OSSL_PROVIDER_name(EVP_SIGNATURE_provider(k)));
+                    OSSL_PROVIDER_name(EVP_SIGNATURE_get0_provider(k)));
 
             if (verbose) {
-                const char *desc = EVP_SIGNATURE_description(k);
+                const char *desc = EVP_SIGNATURE_get0_description(k);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -779,11 +783,11 @@
 static int kem_cmp(const EVP_KEM * const *a,
                    const EVP_KEM * const *b)
 {
-    int ret = EVP_KEM_number(*a) - EVP_KEM_number(*b);
+    int ret = EVP_KEM_get_number(*a) - EVP_KEM_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_KEM_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_KEM_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_KEM_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_KEM_get0_provider(*b)));
     return ret;
 }
 
@@ -817,10 +821,11 @@
             BIO_printf(bio_out, "  ");
             print_names(bio_out, names);
 
-            BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_KEM_provider(k)));
+            BIO_printf(bio_out, " @ %s\n",
+                       OSSL_PROVIDER_name(EVP_KEM_get0_provider(k)));
 
             if (verbose) {
-                const char *desc = EVP_KEM_description(k);
+                const char *desc = EVP_KEM_get0_description(k);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -841,11 +846,11 @@
 static int asymcipher_cmp(const EVP_ASYM_CIPHER * const *a,
                           const EVP_ASYM_CIPHER * const *b)
 {
-    int ret = EVP_ASYM_CIPHER_number(*a) - EVP_ASYM_CIPHER_number(*b);
+    int ret = EVP_ASYM_CIPHER_get_number(*a) - EVP_ASYM_CIPHER_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_ASYM_CIPHER_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_ASYM_CIPHER_get0_provider(*b)));
     return ret;
 }
 
@@ -882,10 +887,10 @@
             print_names(bio_out, names);
 
             BIO_printf(bio_out, " @ %s\n",
-                    OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(k)));
+                    OSSL_PROVIDER_name(EVP_ASYM_CIPHER_get0_provider(k)));
 
             if (verbose) {
-                const char *desc = EVP_ASYM_CIPHER_description(k);
+                const char *desc = EVP_ASYM_CIPHER_get0_description(k);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -906,11 +911,11 @@
 static int kex_cmp(const EVP_KEYEXCH * const *a,
                    const EVP_KEYEXCH * const *b)
 {
-    int ret = EVP_KEYEXCH_number(*a) - EVP_KEYEXCH_number(*b);
+    int ret = EVP_KEYEXCH_get_number(*a) - EVP_KEYEXCH_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(EVP_KEYEXCH_provider(*a)),
-                     OSSL_PROVIDER_name(EVP_KEYEXCH_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(EVP_KEYEXCH_get0_provider(*a)),
+                     OSSL_PROVIDER_name(EVP_KEYEXCH_get0_provider(*b)));
     return ret;
 }
 
@@ -945,10 +950,10 @@
             print_names(bio_out, names);
 
             BIO_printf(bio_out, " @ %s\n",
-                    OSSL_PROVIDER_name(EVP_KEYEXCH_provider(k)));
+                    OSSL_PROVIDER_name(EVP_KEYEXCH_get0_provider(k)));
 
             if (verbose) {
-                const char *desc = EVP_KEYEXCH_description(k);
+                const char *desc = EVP_KEYEXCH_get0_description(k);
 
                 if (desc != NULL)
                     BIO_printf(bio_out, "    description: %s\n", desc);
@@ -1191,11 +1196,11 @@
 static int store_cmp(const OSSL_STORE_LOADER * const *a,
                      const OSSL_STORE_LOADER * const *b)
 {
-    int ret = OSSL_STORE_LOADER_number(*a) - OSSL_STORE_LOADER_number(*b);
+    int ret = OSSL_STORE_LOADER_get_number(*a) - OSSL_STORE_LOADER_get_number(*b);
 
     if (ret == 0)
-        ret = strcmp(OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(*a)),
-                     OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(*b)));
+        ret = strcmp(OSSL_PROVIDER_name(OSSL_STORE_LOADER_get0_provider(*a)),
+                     OSSL_PROVIDER_name(OSSL_STORE_LOADER_get0_provider(*b)));
 
     return ret;
 }
@@ -1234,7 +1239,7 @@
             print_names(bio_out, names);
 
             BIO_printf(bio_out, " @ %s\n",
-                       OSSL_PROVIDER_name(OSSL_STORE_LOADER_provider(m)));
+                       OSSL_PROVIDER_name(OSSL_STORE_LOADER_get0_provider(m)));
         }
         sk_OPENSSL_CSTRING_free(names);
     }
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 0424e55..bf9db2f 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -592,7 +592,7 @@
         if (pkey == NULL)
             goto end;
 
-        *pkeysize = EVP_PKEY_size(pkey);
+        *pkeysize = EVP_PKEY_get_size(pkey);
         if (impl != NULL)
             ctx = EVP_PKEY_CTX_new(pkey, impl);
         else
@@ -726,8 +726,8 @@
     int buf_len = 0;
 
     /* Some algorithms only support oneshot digests */
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_ED25519
-            || EVP_PKEY_id(pkey) == EVP_PKEY_ED448) {
+    if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519
+            || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) {
         if (filesize < 0) {
             BIO_printf(bio_err,
                        "Error: unable to determine file size for oneshot operation\n");
diff --git a/apps/rehash.c b/apps/rehash.c
index 65ccacc..7fe01de 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -534,7 +534,7 @@
     argv = opt_rest();
 
     evpmd = EVP_sha1();
-    evpmdsize = EVP_MD_size(evpmd);
+    evpmdsize = EVP_MD_get_size(evpmd);
 
     if (*argv != NULL) {
         while (*argv != NULL)
diff --git a/apps/req.c b/apps/req.c
index 3b0545f..284d03f 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1601,7 +1601,7 @@
         else
             gctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
                                               param, app_get0_propq());
-        *pkeylen = EVP_PKEY_bits(param);
+        *pkeylen = EVP_PKEY_get_bits(param);
         EVP_PKEY_free(param);
     } else {
         if (keygen_engine != NULL) {
diff --git a/apps/rsa.c b/apps/rsa.c
index 83fd835..5710893 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -337,7 +337,7 @@
 
     /* Passphrase setup */
     if (enc != NULL)
-        OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_name(enc), NULL);
+        OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL);
 
     /* Default passphrase prompter */
     if (enc != NULL || outformat == FORMAT_PVK) {
diff --git a/apps/rsautl.c b/apps/rsautl.c
index c2bc1af..ae02060 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -214,7 +214,7 @@
     if (out == NULL)
         goto end;
 
-    keysize = EVP_PKEY_size(pkey);
+    keysize = EVP_PKEY_get_size(pkey);
 
     rsa_in = app_malloc(keysize * 2, "hold rsa key");
     rsa_out = app_malloc(keysize, "output rsa key");
diff --git a/apps/s_client.c b/apps/s_client.c
index 85789ee..2b8f274 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3099,8 +3099,8 @@
                 public_key = X509_get_pubkey(sk_X509_value(sk, i));
                 if (public_key != NULL) {
                     BIO_printf(bio, "   a:PKEY: %s, %d (bit); sigalg: %s\n",
-                               OBJ_nid2sn(EVP_PKEY_base_id(public_key)),
-                               EVP_PKEY_bits(public_key),
+                               OBJ_nid2sn(EVP_PKEY_get_base_id(public_key)),
+                               EVP_PKEY_get_bits(public_key),
                                OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i))));
                     EVP_PKEY_free(public_key);
                 }
@@ -3180,7 +3180,7 @@
 
         pktmp = X509_get0_pubkey(peer);
         BIO_printf(bio, "Server public key is %d bit\n",
-                   EVP_PKEY_bits(pktmp));
+                   EVP_PKEY_get_bits(pktmp));
     }
     BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
                SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
diff --git a/apps/speed.c b/apps/speed.c
index 0892b60..6822b83 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1038,7 +1038,7 @@
     size_t sm2sigsize;
     int ret, count;
     EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
-    const size_t max_size = EVP_PKEY_size(sm2_pkey[testnum]);
+    const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]);
 
     for (count = 0; COND(sm2_c[testnum][0]); count++) {
         sm2sigsize = max_size;
@@ -1715,10 +1715,10 @@
         if (evp_cipher == NULL) {
             BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
             goto end;
-        } else if (!(EVP_CIPHER_flags(evp_cipher) &
+        } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
                      EVP_CIPH_FLAG_AEAD_CIPHER)) {
             BIO_printf(bio_err, "%s is not an AEAD cipher\n",
-                       EVP_CIPHER_name(evp_cipher));
+                       EVP_CIPHER_get0_name(evp_cipher));
             goto end;
         }
     }
@@ -1727,10 +1727,10 @@
             BIO_printf(bio_err, "-mb can be used only with a multi-block"
                                 " capable cipher\n");
             goto end;
-        } else if (!(EVP_CIPHER_flags(evp_cipher) &
+        } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
                      EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
             BIO_printf(bio_err, "%s is not a multi-block capable\n",
-                       EVP_CIPHER_name(evp_cipher));
+                       EVP_CIPHER_get0_name(evp_cipher));
             goto end;
         } else if (async_jobs > 0) {
             BIO_printf(bio_err, "Async mode is not supported with -mb");
@@ -2172,18 +2172,18 @@
         if (evp_cipher != NULL) {
             int (*loopfunc) (void *) = EVP_Update_loop;
 
-            if (multiblock && (EVP_CIPHER_flags(evp_cipher) &
+            if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) &
                                EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
                 multiblock_speed(evp_cipher, lengths_single, &seconds);
                 ret = 0;
                 goto end;
             }
 
-            names[D_EVP] = EVP_CIPHER_name(evp_cipher);
+            names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);
 
-            if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
+            if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
                 loopfunc = EVP_Update_loop_ccm;
-            } else if (aead && (EVP_CIPHER_flags(evp_cipher) &
+            } else if (aead && (EVP_CIPHER_get_flags(evp_cipher) &
                                 EVP_CIPH_FLAG_AEAD_CIPHER)) {
                 loopfunc = EVP_Update_loop_aead;
                 if (lengths == lengths_list) {
@@ -2211,7 +2211,7 @@
 
                     EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
 
-                    keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
+                    keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
                     loopargs[k].key = app_malloc(keylen, "evp_cipher key");
                     EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
                     if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
@@ -2223,7 +2223,7 @@
                     OPENSSL_clear_free(loopargs[k].key, keylen);
 
                     /* SIV mode only allows for a single Update operation */
-                    if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_SIV_MODE)
+                    if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE)
                         EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_SET_SPEED,
                                             1, NULL);
                 }
@@ -2261,7 +2261,7 @@
         if (!opt_cipher(evp_mac_ciphername, &cipher))
             goto end;
 
-        keylen = EVP_CIPHER_key_length(cipher);
+        keylen = EVP_CIPHER_get_key_length(cipher);
         EVP_CIPHER_free(cipher);
         if (keylen <= 0 || keylen > (int)sizeof(key32)) {
             BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
@@ -2795,7 +2795,7 @@
             st = 0; /* set back to zero */
             /* attach it sooner to rely on main final cleanup */
             loopargs[i].sm2_pkey[testnum] = sm2_pkey;
-            loopargs[i].sigsize = EVP_PKEY_size(sm2_pkey);
+            loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey);
 
             sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
             sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
@@ -3290,12 +3290,12 @@
 
             /* free signing ctx */
             if (loopargs[i].sm2_ctx[k] != NULL
-                    && (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
+                && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
                 EVP_PKEY_CTX_free(pctx);
             EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]);
             /* free verification ctx */
             if (loopargs[i].sm2_vfy_ctx[k] != NULL
-                    && (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
+                && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
                 EVP_PKEY_CTX_free(pctx);
             EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]);
             /* free pkey */
@@ -3575,7 +3575,7 @@
     if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv))
         app_bail_out("failed to initialise cipher context\n");
 
-    if ((keylen = EVP_CIPHER_CTX_key_length(ctx)) < 0) {
+    if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) {
         BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen);
         goto err;
     }
@@ -3589,7 +3589,7 @@
     if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
                              sizeof(no_key), no_key))
         app_bail_out("failed to set AEAD key\n");
-    if ((alg_name = EVP_CIPHER_name(evp_cipher)) == NULL)
+    if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
         app_bail_out("failed to get cipher name\n");
 
     for (j = 0; j < num; j++) {
diff --git a/apps/ts.c b/apps/ts.c
index db5ecb3..e65d223 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -460,7 +460,7 @@
         goto err;
     if ((algo = X509_ALGOR_new()) == NULL)
         goto err;
-    if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)
+    if ((algo->algorithm = OBJ_nid2obj(EVP_MD_get_type(md))) == NULL)
         goto err;
     if ((algo->parameter = ASN1_TYPE_new()) == NULL)
         goto err;
@@ -509,7 +509,7 @@
     int rv = 0;
     EVP_MD_CTX *md_ctx = NULL;
 
-    md_value_len = EVP_MD_size(md);
+    md_value_len = EVP_MD_get_size(md);
     if (md_value_len < 0)
         return 0;
 
@@ -529,7 +529,7 @@
         }
         if (!EVP_DigestFinal(md_ctx, *md_value, NULL))
             goto err;
-        md_value_len = EVP_MD_size(md);
+        md_value_len = EVP_MD_get_size(md);
     } else {
         long digest_len;
 
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index 9d7efcd..72cc880 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -65,15 +65,15 @@
     if (i < 0 || str == NULL)
         return 0;
 
-    if (EVP_MD_provider(md) == NULL) {
+    if (EVP_MD_get0_provider(md) == NULL) {
 #if !defined(OPENSSL_NO_ENGINE)
-        ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_type(md));
+        ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_get_type(md));
 
         if (tmpeng != NULL)
             ENGINE_finish(tmpeng);
         else
 #endif
-            fetched_md = EVP_MD_fetch(libctx, EVP_MD_name(md), propq);
+            fetched_md = EVP_MD_fetch(libctx, EVP_MD_get0_name(md), propq);
     }
     if (fetched_md == NULL)
         goto err;
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 6ead2e2..302045c 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -78,7 +78,7 @@
     }
     inll = (size_t)inl;
     buf_in = OPENSSL_malloc(inll);
-    outll = outl = EVP_PKEY_size(pkey);
+    outll = outl = EVP_PKEY_get_size(pkey);
     buf_out = OPENSSL_malloc(outll);
     if (buf_in == NULL || buf_out == NULL) {
         outl = 0;
@@ -143,7 +143,7 @@
     rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx);
 
  err:
-    EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx));
+    EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx));
     EVP_MD_CTX_free(ctx);
     return rv;
 }
@@ -160,7 +160,7 @@
     int rv, pkey_id;
 
     md = EVP_MD_CTX_get0_md(ctx);
-    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx));
 
     if (pkey == NULL) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
@@ -168,7 +168,7 @@
     }
 
     if (pkey->ameth == NULL) {
-        EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx);
+        EVP_PKEY_CTX *pctx = EVP_MD_CTX_get_pkey_ctx(ctx);
         OSSL_PARAM params[2];
         unsigned char aid[128];
         size_t aid_len = 0;
@@ -238,7 +238,7 @@
 
         pkey_id =
 #ifndef OPENSSL_NO_SM2
-            EVP_PKEY_id(pkey) == NID_sm2 ? NID_sm2 :
+            EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 :
 #endif
             pkey->ameth->pkey_id;
 
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index b7eed91..b1adaf7 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -102,7 +102,7 @@
 
     if ((ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq)) != NULL) {
         rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx);
-        EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx));
+        EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx));
         EVP_MD_CTX_free(ctx);
     }
     return rv;
@@ -118,7 +118,7 @@
     int mdnid, pknid;
     size_t inll = 0;
 
-    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx));
 
     if (pkey == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
diff --git a/crypto/asn1/d2i_param.c b/crypto/asn1/d2i_param.c
index adb394d..97f1022 100644
--- a/crypto/asn1/d2i_param.c
+++ b/crypto/asn1/d2i_param.c
@@ -26,7 +26,7 @@
     } else
         ret = *a;
 
-    if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type))
+    if (type != EVP_PKEY_get_id(ret) && !EVP_PKEY_set_type(ret, type))
         goto err;
 
     if (ret->ameth == NULL || ret->ameth->param_decode == NULL) {
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 94bd341..58b7646 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -120,7 +120,7 @@
             EVP_PKEY_free(ret);
             ret = tmp;
             ERR_pop_to_mark();
-            if (EVP_PKEY_type(keytype) != EVP_PKEY_base_id(ret))
+            if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret))
                 goto err;
         } else {
             ERR_clear_last_mark();
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index b6c7da7..5f39ab0 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -38,12 +38,12 @@
     } else
         ret = *a;
 
-    if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) {
+    if (type != EVP_PKEY_get_id(ret) && !EVP_PKEY_set_type(ret, type)) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
         goto err;
     }
 
-    switch (EVP_PKEY_id(ret)) {
+    switch (EVP_PKEY_get_id(ret)) {
     case EVP_PKEY_RSA:
         if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
             ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c
index f03dcb2..e1d5b7c 100644
--- a/crypto/asn1/i2d_evp.c
+++ b/crypto/asn1/i2d_evp.c
@@ -131,7 +131,7 @@
 
         return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp);
     }
-    switch (EVP_PKEY_id(a)) {
+    switch (EVP_PKEY_get_id(a)) {
     case EVP_PKEY_RSA:
         return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
 #ifndef OPENSSL_NO_DSA
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index 162e31d..711743a 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -50,7 +50,7 @@
     unsigned char iv[EVP_MAX_IV_LENGTH];
     PBE2PARAM *pbe2 = NULL;
 
-    alg_nid = EVP_CIPHER_type(cipher);
+    alg_nid = EVP_CIPHER_get_type(cipher);
     if (alg_nid == NID_undef) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
         goto err;
@@ -66,7 +66,7 @@
         goto merr;
 
     /* Create random IV */
-    ivlen = EVP_CIPHER_iv_length(cipher);
+    ivlen = EVP_CIPHER_get_iv_length(cipher);
     if (ivlen > 0) {
         if (aiv)
             memcpy(iv, aiv, ivlen);
@@ -101,7 +101,7 @@
     /* If its RC2 then we'd better setup the key length */
 
     if (alg_nid == NID_rc2_cbc)
-        keylen = EVP_CIPHER_key_length(cipher);
+        keylen = EVP_CIPHER_get_key_length(cipher);
     else
         keylen = -1;
 
diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index e5a1ed5..a02190d 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -60,7 +60,7 @@
         goto err;
     }
 
-    alg_nid = EVP_CIPHER_type(cipher);
+    alg_nid = EVP_CIPHER_get_type(cipher);
     if (alg_nid == NID_undef) {
         ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
         goto err;
@@ -79,10 +79,10 @@
         goto merr;
 
     /* Create random IV */
-    if (EVP_CIPHER_iv_length(cipher)) {
+    if (EVP_CIPHER_get_iv_length(cipher)) {
         if (aiv)
-            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+            memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0)
             goto err;
     }
 
@@ -103,7 +103,7 @@
     /* If its RC2 then we'd better setup the key length */
 
     if (alg_nid == NID_rc2_cbc)
-        keylen = EVP_CIPHER_key_length(cipher);
+        keylen = EVP_CIPHER_get_key_length(cipher);
 
     /* Setup keyfunc */
 
@@ -234,7 +234,7 @@
         goto err;
     }
 
-    t = EVP_CIPHER_CTX_key_length(ctx);
+    t = EVP_CIPHER_CTX_get_key_length(ctx);
     if (t < 0) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
         goto err;
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 7e7fd73..ff83ce4 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -80,7 +80,7 @@
     else
         param_type = V_ASN1_NULL;
 
-    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), param_type, NULL);
 
 }
 
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index 729d5a4..18c7fea 100644
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -96,7 +96,7 @@
 
     if (in->nlast_block == -1)
         return 0;
-    if ((bl = EVP_CIPHER_CTX_block_size(in->cctx)) < 0)
+    if ((bl = EVP_CIPHER_CTX_get_block_size(in->cctx)) < 0)
         return 0;
     if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
         return 0;
@@ -120,7 +120,7 @@
             return 0;
         if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
             return 0;
-        memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx));
+        memset(ctx->tbl, 0, EVP_CIPHER_CTX_get_block_size(ctx->cctx));
         ctx->nlast_block = 0;
         return 1;
     }
@@ -143,7 +143,7 @@
             return 0;
         if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
             return 0;
-        if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0)
+        if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0)
             return 0;
         if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0)
             return 0;
@@ -169,7 +169,7 @@
         return 0;
     if (dlen == 0)
         return 1;
-    if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0)
+    if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0)
         return 0;
     /* Copy into partial block if we need to */
     if (ctx->nlast_block > 0) {
@@ -209,7 +209,7 @@
 
     if (ctx->nlast_block == -1)
         return 0;
-    if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0)
+    if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0)
         return 0;
     if (poutlen != NULL)
         *poutlen = (size_t)bl;
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index d1f8f27..b0f6762 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -1114,9 +1114,9 @@
     case OSSL_CMP_OPT_POPO_METHOD:
         return ctx->popoMethod;
     case OSSL_CMP_OPT_DIGEST_ALGNID:
-        return EVP_MD_type(ctx->digest);
+        return EVP_MD_get_type(ctx->digest);
     case OSSL_CMP_OPT_OWF_ALGNID:
-        return EVP_MD_type(ctx->pbm_owf);
+        return EVP_MD_get_type(ctx->pbm_owf);
     case OSSL_CMP_OPT_MAC_ALGNID:
         return ctx->pbm_mac;
     case OSSL_CMP_OPT_KEEP_ALIVE:
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index 36a6597..91a66f5 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -195,7 +195,7 @@
         return 0;
 
     pbm = OSSL_CRMF_pbmp_new(ctx->libctx, ctx->pbm_slen,
-                             EVP_MD_type(ctx->pbm_owf), ctx->pbm_itercnt,
+                             EVP_MD_get_type(ctx->pbm_owf), ctx->pbm_itercnt,
                              ctx->pbm_mac);
     pbm_str = ASN1_STRING_new();
     if (pbm == NULL || pbm_str == NULL)
@@ -227,8 +227,8 @@
     int nid = 0;
     ASN1_OBJECT *algo = NULL;
 
-    if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_type(ctx->digest),
-                                EVP_PKEY_id(ctx->pkey))) {
+    if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_get_type(ctx->digest),
+                                EVP_PKEY_get_id(ctx->pkey))) {
         ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_KEY_TYPE);
         return 0;
     }
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index 3671476..fe6289b 100644
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -53,7 +53,7 @@
      * Pad to full p parameter size as that is checked by
      * EVP_PKEY_set1_encoded_public_key()
      */
-    plen = EVP_PKEY_size(pk);
+    plen = EVP_PKEY_get_size(pk);
     if ((bnpub = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL)
         goto err;
     if ((buf = OPENSSL_malloc(plen)) == NULL)
@@ -122,19 +122,20 @@
         goto err;
 
     kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery);
-    if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+    if (kekcipher == NULL 
+        || EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
         goto err;
     if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
         goto err;
     if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
         goto err;
 
-    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    keylen = EVP_CIPHER_CTX_get_key_length(kekctx);
     if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
         goto err;
     /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
     if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
-                                     OBJ_nid2obj(EVP_CIPHER_type(kekcipher)))
+                                     OBJ_nid2obj(EVP_CIPHER_get_type(kekcipher)))
         <= 0)
         goto err;
 
@@ -258,7 +259,7 @@
         kdf_md = EVP_sha1();
         if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
             goto err;
-    } else if (EVP_MD_type(kdf_md) != NID_sha1)
+    } else if (EVP_MD_get_type(kdf_md) != NID_sha1)
         /* Unsupported digest */
         goto err;
 
@@ -267,10 +268,10 @@
 
     /* Get wrap NID */
     ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
-    wrap_nid = EVP_CIPHER_CTX_type(ctx);
+    wrap_nid = EVP_CIPHER_CTX_get_type(ctx);
     if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
         goto err;
-    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    keylen = EVP_CIPHER_CTX_get_key_length(ctx);
 
     /* Package wrap algorithm in an AlgorithmIdentifier */
 
diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
index 4994260..4cf208f 100644
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@@ -182,14 +182,14 @@
         goto err;
     OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0);
     kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery);
-    if (kekcipher == NULL || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+    if (kekcipher == NULL || EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
         goto err;
     if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
         goto err;
     if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
         goto err;
 
-    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    keylen = EVP_CIPHER_CTX_get_key_length(kekctx);
     if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
         goto err;
 
@@ -313,12 +313,12 @@
 
     /* Lookup NID for KDF+cofactor+digest */
 
-    if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid))
+    if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_get_type(kdf_md), ecdh_nid))
         goto err;
     /* Get wrap NID */
     ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
-    wrap_nid = EVP_CIPHER_CTX_type(ctx);
-    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    wrap_nid = EVP_CIPHER_CTX_get_type(ctx);
+    keylen = EVP_CIPHER_CTX_get_key_length(ctx);
 
     /* Package wrap algorithm in an AlgorithmIdentifier */
 
@@ -400,7 +400,7 @@
         hnid = OBJ_obj2nid(alg1->algorithm);
         if (hnid == NID_undef)
             return -1;
-        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_get_id(pkey)))
             return -1;
         X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
     }
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 09dbb21..a896148 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -62,7 +62,8 @@
         cipher = EVP_get_cipherbyobj(calg->algorithm);
     }
     if (cipher != NULL) {
-        fetched_ciph = EVP_CIPHER_fetch(libctx, EVP_CIPHER_name(cipher), propq);
+        fetched_ciph = EVP_CIPHER_fetch(libctx, EVP_CIPHER_get0_name(cipher),
+                                        propq);
         if (fetched_ciph != NULL)
             cipher = fetched_ciph;
     }
@@ -79,9 +80,9 @@
     }
 
     if (enc) {
-        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
         /* Generate a random IV if we need one */
-        ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+        ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
         if (ivlen > 0) {
             if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
                 goto err;
@@ -92,7 +93,7 @@
             ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
             goto err;
         }
-        if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+        if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
             piv = aparams.iv;
             if (ec->taglen > 0
                     && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
@@ -102,7 +103,7 @@
             }
         }
     }
-    len = EVP_CIPHER_CTX_key_length(ctx);
+    len = EVP_CIPHER_CTX_get_key_length(ctx);
     if (len <= 0)
         goto err;
     tkeylen = (size_t)len;
@@ -160,10 +161,10 @@
             ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+        if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
             memcpy(aparams.iv, piv, ivlen);
             aparams.iv_len = ivlen;
-            aparams.tag_len = EVP_CIPHER_CTX_tag_length(ctx);
+            aparams.tag_len = EVP_CIPHER_CTX_get_tag_length(ctx);
             if (aparams.tag_len <= 0)
                 goto err;
         }
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 29bbd0c..673880f 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -557,7 +557,7 @@
         }
         (void)ERR_pop_to_mark();
 
-        fixlen = EVP_CIPHER_key_length(cipher);
+        fixlen = EVP_CIPHER_get_key_length(cipher);
         EVP_CIPHER_free(fetched_cipher);
     }
 
@@ -1108,7 +1108,7 @@
      * If the selected cipher supports unprotected attributes,
      * deal with it using special ctrl function
      */
-    if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+    if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0
          && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0,
                                 cms->d.envelopedData->unprotectedAttrs) <= 0) {
@@ -1228,7 +1228,7 @@
      * If the selected cipher supports unprotected attributes,
      * deal with it using special ctrl function
      */
-    if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+    if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
             & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
         if (env->unprotectedAttrs == NULL)
             env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null();
@@ -1261,10 +1261,10 @@
      * The tag is set only for encryption. There is nothing to do for
      * decryption.
      */
-    if (!EVP_CIPHER_CTX_encrypting(ctx))
+    if (!EVP_CIPHER_CTX_is_encrypting(ctx))
         return 1;
 
-    taglen = EVP_CIPHER_CTX_tag_length(ctx);
+    taglen = EVP_CIPHER_CTX_get_tag_length(ctx);
     if (taglen <= 0
             || (tag = OPENSSL_malloc(taglen)) == NULL
             || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 2fee478..47132fc 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -218,7 +218,7 @@
     unsigned char *out = NULL;
     int outlen;
 
-    keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
+    keklen = EVP_CIPHER_CTX_get_key_length(kari->ctx);
     if (keklen > EVP_MAX_KEY_LENGTH)
         return 0;
     /* Derive KEK */
@@ -424,14 +424,14 @@
     /* If a suitable wrap algorithm is already set nothing to do */
     kekcipher = EVP_CIPHER_CTX_get0_cipher(ctx);
     if (kekcipher != NULL) {
-        if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE)
+        if (EVP_CIPHER_CTX_get_mode(ctx) != EVP_CIPH_WRAP_MODE)
             return 0;
         return 1;
     }
     if (cipher == NULL)
         return 0;
-    keylen = EVP_CIPHER_key_length(cipher);
-    if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) {
+    keylen = EVP_CIPHER_get_key_length(cipher);
+    if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) {
         /* TODO: make this not get a method we can call directly */
         ret = EVP_CIPHER_meth_get_ctrl(cipher)(NULL, EVP_CTRL_GET_WRAP_CIPHER,
                                                0, &kekcipher);
@@ -439,9 +439,9 @@
              return 0;
 
         if (kekcipher != NULL) {
-             if (EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+             if (EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
                  return 0;
-             kekcipher_name = EVP_CIPHER_name(kekcipher);
+             kekcipher_name = EVP_CIPHER_get0_name(kekcipher);
              goto enc;
         }
     }
@@ -451,7 +451,7 @@
      * DES3 wrap otherwise use AES wrap similar to key size.
      */
 #ifndef OPENSSL_NO_DES
-    if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
+    if (EVP_CIPHER_get_type(cipher) == NID_des_ede3_cbc)
         kekcipher_name = SN_id_smime_alg_CMS3DESwrap;
     else
 #endif
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index cfde221..673a1f7 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -455,12 +455,12 @@
             return 0;
         }
         BIO_get_md_ctx(chain, &mtmp);
-        if (EVP_MD_CTX_type(mtmp) == nid
+        if (EVP_MD_CTX_get_type(mtmp) == nid
             /*
              * Workaround for broken implementations that use signature
              * algorithm OID instead of digest.
              */
-            || EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid)
+            || EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid)
             return EVP_MD_CTX_copy_ex(mctx, mtmp);
         chain = BIO_next(chain);
     }
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index d521f8c..bc2b517 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -91,7 +91,7 @@
         goto err;
     }
 
-    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
 
     if (ivlen > 0) {
         if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0)
@@ -111,7 +111,7 @@
         }
     }
 
-    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
 
     EVP_CIPHER_CTX_free(ctx);
     ctx = NULL;
@@ -182,7 +182,7 @@
                           const unsigned char *in, size_t inlen,
                           EVP_CIPHER_CTX *ctx)
 {
-    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx);
     unsigned char *tmp;
     int outl, rv = 0;
     if (inlen < 2 * blocklen) {
@@ -237,7 +237,7 @@
                         const unsigned char *in, size_t inlen,
                         EVP_CIPHER_CTX *ctx, const CMS_CTX *cms_ctx)
 {
-    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx);
     size_t olen;
     int dummy;
     /*
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index c0235b6..4fbe09c 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -469,7 +469,8 @@
                 goto err;
             if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
                 goto err;
-        } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, EVP_MD_name(md),
+        } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx,
+                                         EVP_MD_get0_name(md),
                                          ossl_cms_ctx_get0_libctx(ctx),
                                          ossl_cms_ctx_get0_propq(ctx),
                                          pk, NULL) <= 0) {
@@ -718,7 +719,7 @@
         pctx = si->pctx;
         if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
             goto err;
-        siglen = EVP_PKEY_size(si->pkey);
+        siglen = EVP_PKEY_get_size(si->pkey);
         sig = OPENSSL_malloc(siglen);
         if (sig == NULL) {
             ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
@@ -733,7 +734,7 @@
         unsigned char *sig;
         unsigned int siglen;
 
-        sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
+        sig = OPENSSL_malloc(EVP_PKEY_get_size(si->pkey));
         if (sig == NULL) {
             ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE);
             goto err;
@@ -875,7 +876,7 @@
         goto err;
     }
     mctx = si->mctx;
-    if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_name(md), libctx,
+    if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx,
                                 propq, si->pkey, NULL) <= 0)
         goto err;
 
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index d48bbcb..0c3bbd0 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -630,7 +630,7 @@
     X509 *recip;
 
 
-    cms = (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+    cms = (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
           ? CMS_AuthEnvelopedData_create_ex(cipher, libctx, propq)
           : CMS_EnvelopedData_create_ex(cipher, libctx, propq);
     if (cms == NULL)
diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c
index 5bb0f09..415df3d 100644
--- a/crypto/core_namemap.c
+++ b/crypto/core_namemap.c
@@ -409,14 +409,14 @@
 {
     const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
 
-    get_legacy_evp_names(NID_undef, EVP_CIPHER_type(cipher), NULL, arg);
+    get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
 }
 
 static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
 {
     const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
 
-    get_legacy_evp_names(0, EVP_MD_type(md), NULL, arg);
+    get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
 }
 
 static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index e26637d..f402086 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -621,7 +621,7 @@
     }
     (void)ERR_pop_to_mark();
 
-    cikeysize = EVP_CIPHER_key_length(cipher);
+    cikeysize = EVP_CIPHER_get_key_length(cipher);
     /* first the symmetric key needs to be decrypted */
     pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
     if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx)) {
@@ -646,11 +646,11 @@
     } else {
         goto end;
     }
-    if ((iv = OPENSSL_malloc(EVP_CIPHER_iv_length(cipher))) == NULL)
+    if ((iv = OPENSSL_malloc(EVP_CIPHER_get_iv_length(cipher))) == NULL)
         goto end;
     if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv,
-                                  EVP_CIPHER_iv_length(cipher))
-        != EVP_CIPHER_iv_length(cipher)) {
+                                  EVP_CIPHER_get_iv_length(cipher))
+        != EVP_CIPHER_get_iv_length(cipher)) {
         ERR_raise(ERR_LIB_CRMF, CRMF_R_MALFORMED_IV);
         goto end;
     }
@@ -660,7 +660,7 @@
      * keep the original pointer in outbuf so the memory can be freed later
      */
     if ((p = outbuf = OPENSSL_malloc(ecert->encValue->length +
-                                     EVP_CIPHER_block_size(cipher))) == NULL
+                                     EVP_CIPHER_get_block_size(cipher))) == NULL
             || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL)
         goto end;
     EVP_CIPHER_CTX_set_padding(evp_ctx, 0);
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index ecc37fa..7a234b8 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -36,7 +36,7 @@
     EVP_KDF_CTX *kctx = NULL;
     EVP_KDF *kdf = NULL;
     OSSL_PARAM params[5], *p = params;
-    const char *mdname = EVP_MD_name(md);
+    const char *mdname = EVP_MD_get0_name(md);
 
     kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF_ASN1, propq);
     kctx = EVP_KDF_CTX_new(kdf);
@@ -67,7 +67,7 @@
                  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
 {
     char key_alg[OSSL_MAX_NAME_SIZE];
-    const OSSL_PROVIDER *prov = EVP_MD_provider(md);
+    const OSSL_PROVIDER *prov = EVP_MD_get0_provider(md);
     OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
 
     if (!OBJ_obj2txt(key_alg, sizeof(key_alg), key_oid, 0))
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 78d46ab..f742bf7 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -296,7 +296,7 @@
     }
 
     if (dctx->md != NULL)
-        ossl_ffc_set_digest(&ret->params, EVP_MD_name(dctx->md), NULL);
+        ossl_ffc_set_digest(&ret->params, EVP_MD_get0_name(dctx->md), NULL);
 
 # ifndef FIPS_MODULE
     if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2)
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index d9fdc90..ffb19da 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c
@@ -83,7 +83,7 @@
     DSA_PKEY_CTX *dctx = ctx->data;
     DSA *dsa = ctx->pkey->pkey.dsa;
 
-    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md))
         return 0;
 
     ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
@@ -102,7 +102,7 @@
     DSA_PKEY_CTX *dctx = ctx->data;
     DSA *dsa = ctx->pkey->pkey.dsa;
 
-    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md))
         return 0;
 
     ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
@@ -128,9 +128,9 @@
         return 1;
 
     case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
-        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha256) {
+        if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256) {
             ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE);
             return 0;
         }
@@ -138,17 +138,17 @@
         return 1;
 
     case EVP_PKEY_CTRL_MD:
-        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) {
+        if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_dsa &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512) {
             ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE);
             return 0;
         }
@@ -217,7 +217,7 @@
         return 0;
     }
     if (dctx->md != NULL)
-        ossl_ffc_set_digest(&dsa->params, EVP_MD_name(dctx->md), NULL);
+        ossl_ffc_set_digest(&dsa->params, EVP_MD_get0_name(dctx->md), NULL);
 
     ret = ossl_ffc_params_FIPS186_4_generate(NULL, &dsa->params,
                                              FFC_PARAM_TYPE_DSA, dctx->nbits,
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 574ad51..c7fbaea 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -405,7 +405,7 @@
 {
     switch (op) {
     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-        if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) {
+        if (EVP_PKEY_get_id(pkey) == EVP_PKEY_SM2) {
             /* For SM2, the only valid digest-alg is SM3 */
             *(int *)arg2 = NID_sm3;
             return 2;            /* Make it mandatory */
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
index e4f3549..ce658e1 100644
--- a/crypto/ec/ec_pmeth.c
+++ b/crypto/ec/ec_pmeth.c
@@ -126,7 +126,7 @@
         return 0;
     }
 
-    type = (dctx->md != NULL) ? EVP_MD_type(dctx->md) : NID_sha1;
+    type = (dctx->md != NULL) ? EVP_MD_get_type(dctx->md) : NID_sha1;
 
     ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
 
@@ -145,7 +145,7 @@
     EC_KEY *ec = ctx->pkey->pkey.ec;
 
     if (dctx->md)
-        type = EVP_MD_type(dctx->md);
+        type = EVP_MD_get_type(dctx->md);
     else
         type = NID_sha1;
 
@@ -335,17 +335,17 @@
         return dctx->kdf_ukmlen;
 
     case EVP_PKEY_CTRL_MD:
-        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sm3) {
+        if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512 &&
+            EVP_MD_get_type((const EVP_MD *)p2) != NID_sm3) {
             ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE);
             return 0;
         }
diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index b8858cb..de63bf8 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -30,7 +30,7 @@
     int ret = 0;
     EVP_KDF_CTX *kctx = NULL;
     OSSL_PARAM params[4], *p = params;
-    const char *mdname = EVP_MD_name(md);
+    const char *mdname = EVP_MD_get0_name(md);
     EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X963KDF, propq);
 
     if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) {
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 9dd347d..c4bbb0a 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -265,7 +265,7 @@
     ECX_KEY *ecx = NULL;
 
     if (pkey->keymgmt != NULL)
-        libctx = ossl_provider_libctx(EVP_KEYMGMT_provider(pkey->keymgmt));
+        libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt));
 
     ecx = ossl_ecx_key_op(NULL, priv, len, pkey->ameth->pkey_id,
                           KEY_OP_PRIVATE, libctx, NULL);
@@ -283,7 +283,7 @@
     ECX_KEY *ecx = NULL;
 
     if (pkey->keymgmt != NULL)
-        libctx = ossl_provider_libctx(EVP_KEYMGMT_provider(pkey->keymgmt));
+        libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt));
 
     ecx = ossl_ecx_key_op(NULL, pub, len, pkey->ameth->pkey_id,
                           KEY_OP_PUBLIC, libctx, NULL);
@@ -806,7 +806,7 @@
                                     size_t *siglen, const unsigned char *tbs,
                                     size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
 
     if (sig == NULL) {
         *siglen = ED25519_SIGSIZE;
@@ -828,7 +828,7 @@
                                   size_t *siglen, const unsigned char *tbs,
                                   size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
 
     if (sig == NULL) {
         *siglen = ED448_SIGSIZE;
@@ -850,7 +850,7 @@
                                       size_t siglen, const unsigned char *tbs,
                                       size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
 
     if (siglen != ED25519_SIGSIZE)
         return 0;
@@ -863,7 +863,7 @@
                                     size_t siglen, const unsigned char *tbs,
                                     size_t tbslen)
 {
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
 
     if (siglen != ED448_SIGSIZE)
         return 0;
@@ -1177,7 +1177,7 @@
         } ed25519;
         unsigned long long buff[512];
     } param;
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
     int rc;
 
     if (sig == NULL) {
@@ -1217,7 +1217,7 @@
         } ed448;
         unsigned long long buff[512];
     } param;
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
     int rc;
 
     if (sig == NULL) {
@@ -1260,7 +1260,7 @@
         } ed25519;
         unsigned long long buff[512];
     } param;
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
 
     if (siglen != ED25519_SIGSIZE)
         return 0;
@@ -1287,7 +1287,7 @@
         } ed448;
         unsigned long long buff[512];
     } param;
-    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+    const ECX_KEY *edkey = EVP_MD_CTX_get_pkey_ctx(ctx)->pkey->pkey.ecx;
 
     if (siglen != ED448_SIGSIZE)
         return 0;
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index 022c1d5..ddfd90a 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -300,7 +300,7 @@
         return 0;
     }
 
-    prov = OSSL_DECODER_provider(decoder);
+    prov = OSSL_DECODER_get0_provider(decoder);
     provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
 
     if ((decoderctx = decoder->newctx(provctx)) == NULL
diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c
index 48a52c9..708b319 100644
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -401,7 +401,7 @@
  * Library of basic method functions
  */
 
-const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *decoder)
+const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *decoder)
 {
     if (!ossl_assert(decoder != NULL)) {
         ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
@@ -411,7 +411,7 @@
     return decoder->base.prov;
 }
 
-const char *OSSL_DECODER_properties(const OSSL_DECODER *decoder)
+const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder)
 {
     if (!ossl_assert(decoder != NULL)) {
         ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
@@ -421,7 +421,7 @@
     return decoder->base.propdef;
 }
 
-int OSSL_DECODER_number(const OSSL_DECODER *decoder)
+int OSSL_DECODER_get_number(const OSSL_DECODER *decoder)
 {
     if (!ossl_assert(decoder != NULL)) {
         ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
@@ -431,12 +431,12 @@
     return decoder->base.id;
 }
 
-const char *OSSL_DECODER_name(const OSSL_DECODER *decoder)
+const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder)
 {
     return decoder->base.name;
 }
 
-const char *OSSL_DECODER_description(const OSSL_DECODER *decoder)
+const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder)
 {
     return decoder->base.description;
 }
@@ -511,7 +511,7 @@
 OSSL_DECODER_gettable_params(OSSL_DECODER *decoder)
 {
     if (decoder != NULL && decoder->gettable_params != NULL) {
-        void *provctx = ossl_provider_ctx(OSSL_DECODER_provider(decoder));
+        void *provctx = ossl_provider_ctx(OSSL_DECODER_get0_provider(decoder));
 
         return decoder->gettable_params(provctx);
     }
@@ -529,7 +529,7 @@
 OSSL_DECODER_settable_ctx_params(OSSL_DECODER *decoder)
 {
     if (decoder != NULL && decoder->settable_ctx_params != NULL) {
-        void *provctx = ossl_provider_ctx(OSSL_DECODER_provider(decoder));
+        void *provctx = ossl_provider_ctx(OSSL_DECODER_get0_provider(decoder));
 
         return decoder->settable_ctx_params(provctx);
     }
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index 0bb068a..c9ccb22 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -108,8 +108,8 @@
     if (keymgmt != NULL) {
         EVP_PKEY *pkey = NULL;
         void *keydata = NULL;
-        const OSSL_PROVIDER *keymgmt_prov = EVP_KEYMGMT_provider(keymgmt);
-        const OSSL_PROVIDER *decoder_prov = OSSL_DECODER_provider(decoder);
+        const OSSL_PROVIDER *keymgmt_prov = EVP_KEYMGMT_get0_provider(keymgmt);
+        const OSSL_PROVIDER *decoder_prov = OSSL_DECODER_get0_provider(decoder);
 
         /*
          * If the EVP_KEYMGMT and the OSSL_DECODER are from the
@@ -226,7 +226,7 @@
 {
     struct collect_decoder_data_st *data = arg;
     size_t i, end_i;
-    const OSSL_PROVIDER *prov = OSSL_DECODER_provider(decoder);
+    const OSSL_PROVIDER *prov = OSSL_DECODER_get0_provider(decoder);
     void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
 
     if (data->error_occurred)
diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
index f074c9f..4481773 100644
--- a/crypto/encode_decode/encoder_lib.c
+++ b/crypto/encode_decode/encoder_lib.c
@@ -279,7 +279,7 @@
         return 0;
     }
 
-    prov = OSSL_ENCODER_provider(encoder);
+    prov = OSSL_ENCODER_get0_provider(encoder);
     provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
 
     if ((encoderctx = encoder->newctx(provctx)) == NULL
diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c
index 3b2bc2d..33655c1 100644
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -413,7 +413,7 @@
  * Library of basic method functions
  */
 
-const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder)
+const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder)
 {
     if (!ossl_assert(encoder != NULL)) {
         ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
@@ -423,7 +423,7 @@
     return encoder->base.prov;
 }
 
-const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder)
+const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder)
 {
     if (!ossl_assert(encoder != NULL)) {
         ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
@@ -433,7 +433,7 @@
     return encoder->base.propdef;
 }
 
-int OSSL_ENCODER_number(const OSSL_ENCODER *encoder)
+int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder)
 {
     if (!ossl_assert(encoder != NULL)) {
         ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
@@ -443,12 +443,12 @@
     return encoder->base.id;
 }
 
-const char *OSSL_ENCODER_name(const OSSL_ENCODER *encoder)
+const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder)
 {
     return encoder->base.name;
 }
 
-const char *OSSL_ENCODER_description(const OSSL_ENCODER *encoder)
+const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder)
 {
     return encoder->base.description;
 }
@@ -528,7 +528,7 @@
 OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder)
 {
     if (encoder != NULL && encoder->gettable_params != NULL) {
-        void *provctx = ossl_provider_ctx(OSSL_ENCODER_provider(encoder));
+        void *provctx = ossl_provider_ctx(OSSL_ENCODER_get0_provider(encoder));
 
         return encoder->gettable_params(provctx);
     }
@@ -545,7 +545,7 @@
 const OSSL_PARAM *OSSL_ENCODER_settable_ctx_params(OSSL_ENCODER *encoder)
 {
     if (encoder != NULL && encoder->settable_ctx_params != NULL) {
-        void *provctx = ossl_provider_ctx(OSSL_ENCODER_provider(encoder));
+        void *provctx = ossl_provider_ctx(OSSL_ENCODER_get0_provider(encoder));
 
         return encoder->settable_ctx_params(provctx);
     }
diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c
index 3bb0702..4a1ffb3 100644
--- a/crypto/encode_decode/encoder_pkey.c
+++ b/crypto/encode_decode/encoder_pkey.c
@@ -98,7 +98,7 @@
     end_i = sk_OPENSSL_CSTRING_num(data->names);
     for (i = 0; i < end_i; i++) {
         const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
-        const OSSL_PROVIDER *prov = OSSL_ENCODER_provider(encoder);
+        const OSSL_PROVIDER *prov = OSSL_ENCODER_get0_provider(encoder);
         void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
 
         if (!OSSL_ENCODER_is_a(encoder, name)
@@ -173,8 +173,8 @@
         OSSL_ENCODER *encoder =
             OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
         const EVP_PKEY *pk = data->pk;
-        const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_provider(pk->keymgmt);
-        const OSSL_PROVIDER *e_prov = OSSL_ENCODER_provider(encoder);
+        const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt);
+        const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);
 
         if (k_prov != e_prov) {
             data->encoder_inst = encoder_inst;
@@ -226,7 +226,7 @@
     }
 
     if (evp_pkey_is_provided(pkey)) {
-        prov = EVP_KEYMGMT_provider(pkey->keymgmt);
+        prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
         libctx = ossl_provider_libctx(prov);
     }
 
@@ -312,7 +312,7 @@
     }
 
     if (evp_pkey_is_provided(pkey)) {
-        const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt);
+        const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
 
         libctx = ossl_provider_libctx(prov);
     }
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 3ca95ab..648d333 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -205,7 +205,7 @@
 static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc)
 {
-    const int n = EVP_CIPHER_CTX_key_length(ctx);
+    const int n = EVP_CIPHER_CTX_get_key_length(ctx);
 
 # ifdef TEST_ENG_OPENSSL_RC4_P_INIT
     fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
@@ -285,9 +285,9 @@
     if (!init) {
         const EVP_CIPHER *cipher;
         if ((cipher = test_r4_cipher()) != NULL)
-            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+            cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher);
         if ((cipher = test_r4_40_cipher()) != NULL)
-            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+            cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher);
         cipher_nids[pos] = 0;
         init = 1;
     }
@@ -328,7 +328,7 @@
 # ifdef TEST_ENG_OPENSSL_SHA_P_INIT
     fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
 # endif
-    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
+    return SHA1_Init(EVP_MD_CTX_get0_md_data(ctx));
 }
 
 static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -336,7 +336,7 @@
 # ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
     fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
 # endif
-    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
+    return SHA1_Update(EVP_MD_CTX_get0_md_data(ctx), data, count);
 }
 
 static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
@@ -344,7 +344,7 @@
 # ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
     fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
 # endif
-    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+    return SHA1_Final(md, EVP_MD_CTX_get0_md_data(ctx));
 }
 
 static EVP_MD *sha1_md = NULL;
@@ -383,7 +383,7 @@
     if (!init) {
         const EVP_MD *md;
         if ((md = test_sha_md()) != NULL)
-            digest_nids[pos++] = EVP_MD_type(md);
+            digest_nids[pos++] = EVP_MD_get_type(md);
         digest_nids[pos] = 0;
         init = 1;
     }
@@ -522,7 +522,7 @@
 
 static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
-    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_get_pkey_ctx(ctx));
     if (!HMAC_Update(hctx->ctx, data, count))
         return 0;
     return 1;
@@ -540,7 +540,7 @@
 {
     unsigned int hlen;
     OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
-    int l = EVP_MD_CTX_size(mctx);
+    int l = EVP_MD_CTX_get_size(mctx);
 
     if (l < 0)
         return 0;
diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c
index 513cb7e..52be1c2 100644
--- a/crypto/evp/asymcipher.c
+++ b/crypto/evp/asymcipher.c
@@ -79,8 +79,8 @@
         EVP_ASYM_CIPHER_fetch(ctx->libctx, supported_ciph, ctx->propquery);
 
     if (cipher == NULL
-        || (EVP_KEYMGMT_provider(ctx->keymgmt)
-            != EVP_ASYM_CIPHER_provider(cipher))) {
+        || (EVP_KEYMGMT_get0_provider(ctx->keymgmt)
+            != EVP_ASYM_CIPHER_get0_provider(cipher))) {
         /*
          * We don't need to free ctx->keymgmt here, as it's not necessarily
          * tied to this operation.  It will be freed by EVP_PKEY_CTX_free().
@@ -415,7 +415,7 @@
     return 1;
 }
 
-OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher)
+OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher)
 {
     return cipher->prov;
 }
@@ -434,17 +434,17 @@
     return evp_is_a(cipher->prov, cipher->name_id, NULL, name);
 }
 
-int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher)
+int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher)
 {
     return cipher->name_id;
 }
 
-const char *EVP_ASYM_CIPHER_name(const EVP_ASYM_CIPHER *cipher)
+const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher)
 {
     return cipher->type_name;
 }
 
-const char *EVP_ASYM_CIPHER_description(const EVP_ASYM_CIPHER *cipher)
+const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher)
 {
     return cipher->description;
 }
@@ -478,7 +478,7 @@
     if (cip == NULL || cip->gettable_ctx_params == NULL)
         return NULL;
 
-    provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_provider(cip));
+    provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_get0_provider(cip));
     return cip->gettable_ctx_params(NULL, provctx);
 }
 
@@ -489,6 +489,6 @@
     if (cip == NULL || cip->settable_ctx_params == NULL)
         return NULL;
 
-    provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_provider(cip));
+    provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_get0_provider(cip));
     return cip->settable_ctx_params(NULL, provctx);
 }
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index 9d7a9ea..0483c72 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -135,7 +135,7 @@
         }
     }
 
-    blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher);
+    blocksize = EVP_CIPHER_CTX_get_block_size(ctx->cipher);
     if (blocksize == 1)
         blocksize = 0;
 
@@ -312,7 +312,7 @@
         ctx->ok = 1;
         ctx->finished = 0;
         if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
-                               EVP_CIPHER_CTX_encrypting(ctx->cipher)))
+                               EVP_CIPHER_CTX_is_encrypting(ctx->cipher)))
             return 0;
         ret = BIO_ctrl(next, cmd, num, ptr);
         break;
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
index 8e5b3e6..26a30c6 100644
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
@@ -214,7 +214,7 @@
 
     ctx = BIO_get_data(bp);
 
-    if (size < EVP_MD_CTX_size(ctx))
+    if (size < EVP_MD_CTX_get_size(ctx))
         return 0;
 
     if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0)
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index c1256c7..7e3d23f 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -443,8 +443,8 @@
     ctx = BIO_get_data(b);
     md = ctx->md;
     digest = EVP_MD_CTX_get0_md(md);
-    md_size = EVP_MD_size(digest);
-    md_data = EVP_MD_CTX_md_data(md);
+    md_size = EVP_MD_get_size(digest);
+    md_data = EVP_MD_CTX_get0_md_data(md);
 
     if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE)
         return 1;
@@ -487,8 +487,8 @@
     ctx = BIO_get_data(b);
     md = ctx->md;
     digest = EVP_MD_CTX_get0_md(md);
-    md_size = EVP_MD_size(digest);
-    md_data = EVP_MD_CTX_md_data(md);
+    md_size = EVP_MD_get_size(digest);
+    md_data = EVP_MD_CTX_get0_md_data(md);
 
     if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size)
         return 1;
@@ -533,7 +533,7 @@
     ctx = BIO_get_data(b);
     md = ctx->md;
     digest = EVP_MD_CTX_get0_md(md);
-    md_size = EVP_MD_size(digest);
+    md_size = EVP_MD_get_size(digest);
 
     tl = ctx->buf_len - OK_BLOCK_BLOCK;
     ctx->buf[0] = (unsigned char)(tl >> 24);
@@ -563,7 +563,7 @@
 
     ctx = BIO_get_data(b);
     md = ctx->md;
-    md_size = EVP_MD_size(EVP_MD_CTX_get0_md(md));
+    md_size = EVP_MD_get_size(EVP_MD_CTX_get0_md(md));
 
     assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
     tl = ctx->buf[0];
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index 7e550f8..e289c7d 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -710,12 +710,12 @@
  */
 static const char *get_cipher_name(void *cipher)
 {
-    return EVP_CIPHER_name(cipher);
+    return EVP_CIPHER_get0_name(cipher);
 }
 
 static const char *get_md_name(void *md)
 {
-    return EVP_MD_name(md);
+    return EVP_MD_get0_name(md);
 }
 
 static const void *get_cipher_by_name(OSSL_LIB_CTX *libctx, const char *name)
@@ -1456,7 +1456,7 @@
     EVP_PKEY *pkey = ctx->p2;
 
     ctx->p2 = NULL;
-    switch (EVP_PKEY_base_id(pkey)) {
+    switch (EVP_PKEY_get_base_id(pkey)) {
 #ifndef OPENSSL_NO_DH
     case EVP_PKEY_DH:
         {
@@ -1512,7 +1512,7 @@
     if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER)
         return 0;
 
-    switch (EVP_PKEY_base_id(pkey)) {
+    switch (EVP_PKEY_get_base_id(pkey)) {
 #ifndef OPENSSL_NO_DH
     case EVP_PKEY_DH:
         {
@@ -1548,7 +1548,7 @@
     int ret;
 
     ctx->p2 = NULL;
-    switch (EVP_PKEY_base_id(pkey)) {
+    switch (EVP_PKEY_get_base_id(pkey)) {
 #ifndef OPENSSL_NO_DH
     case EVP_PKEY_DH:
         switch (ctx->params->data_type) {
@@ -1618,7 +1618,7 @@
     const BIGNUM *bn = NULL;
     EVP_PKEY *pkey = ctx->p2;
 
-    switch (EVP_PKEY_base_id(pkey)) {
+    switch (EVP_PKEY_get_base_id(pkey)) {
 #ifndef OPENSSL_NO_DH
     case EVP_PKEY_DH:
         bn = DH_get0_p(EVP_PKEY_get0_DH(pkey));
@@ -1642,7 +1642,7 @@
 {
     const BIGNUM *bn = NULL;
 
-    switch (EVP_PKEY_base_id(ctx->p2)) {
+    switch (EVP_PKEY_get_base_id(ctx->p2)) {
 #ifndef OPENSSL_NO_DH
     case EVP_PKEY_DH:
         bn = DH_get0_q(EVP_PKEY_get0_DH(ctx->p2));
@@ -1664,7 +1664,7 @@
 {
     const BIGNUM *bn = NULL;
 
-    switch (EVP_PKEY_base_id(ctx->p2)) {
+    switch (EVP_PKEY_get_base_id(ctx->p2)) {
 #ifndef OPENSSL_NO_DH
     case EVP_PKEY_DH:
         bn = DH_get0_g(EVP_PKEY_get0_DH(ctx->p2));
@@ -1720,7 +1720,7 @@
 {
     const BIGNUM *bn = NULL;
 
-    if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)
+    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
         return 0;
     bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2));
 
@@ -1733,7 +1733,7 @@
 {
     const BIGNUM *bn = NULL;
 
-    if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)
+    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
         return 0;
     bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2));
 
@@ -1746,7 +1746,7 @@
 {
     const BIGNUM *bn = NULL;
 
-    if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)
+    if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)
         return 0;
     bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2));
 
@@ -1846,7 +1846,7 @@
                          const struct translation_st *translation,      \
                          struct translation_ctx_st *ctx)                \
     {                                                                   \
-        if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)                  \
+        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)              \
             return 0;                                                   \
         return get_rsa_payload_factor(state, translation, ctx, n - 1);  \
     }
@@ -1857,7 +1857,7 @@
                          const struct translation_st *translation,      \
                          struct translation_ctx_st *ctx)                \
     {                                                                   \
-        if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)                  \
+        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)              \
             return 0;                                                   \
         return get_rsa_payload_exponent(state, translation, ctx,        \
                                         n - 1);                         \
@@ -1869,7 +1869,7 @@
                          const struct translation_st *translation,      \
                          struct translation_ctx_st *ctx)                \
     {                                                                   \
-        if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)                  \
+        if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA)              \
             return 0;                                                   \
         return get_rsa_payload_coefficient(state, translation, ctx,     \
                                            n - 1);                      \
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index b202d46..00806ae 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -411,7 +411,7 @@
     if (ctx->digest == NULL)
         return 0;
 
-    sz = EVP_MD_size(ctx->digest);
+    sz = EVP_MD_get_size(ctx->digest);
     if (sz < 0)
         return 0;
     mdsize = sz;
@@ -654,7 +654,7 @@
 {
     if (digest != NULL && digest->gettable_params != NULL)
         return digest->gettable_params(
-                           ossl_provider_ctx(EVP_MD_provider(digest)));
+                           ossl_provider_ctx(EVP_MD_get0_provider(digest)));
     return NULL;
 }
 
@@ -682,7 +682,7 @@
     void *provctx;
 
     if (md != NULL && md->settable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_MD_provider(md));
+        provctx = ossl_provider_ctx(EVP_MD_get0_provider(md));
         return md->settable_ctx_params(NULL, provctx);
     }
     return NULL;
@@ -707,7 +707,7 @@
                    pctx->op.sig.algctx);
 
     if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) {
-        alg = ossl_provider_ctx(EVP_MD_provider(ctx->digest));
+        alg = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest));
         return ctx->digest->settable_ctx_params(ctx->algctx, alg);
     }
 
@@ -738,7 +738,7 @@
     void *provctx;
 
     if (md != NULL && md->gettable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_MD_provider(md));
+        provctx = ossl_provider_ctx(EVP_MD_get0_provider(md));
         return md->gettable_ctx_params(NULL, provctx);
     }
     return NULL;
@@ -763,7 +763,7 @@
                     pctx->op.sig.algctx);
 
     if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_MD_provider(ctx->digest));
+        provctx = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest));
         return ctx->digest->gettable_ctx_params(ctx->algctx, provctx);
     }
     return NULL;
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 7e8f8ec..2c2a4ba 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -147,16 +147,18 @@
     int ret, mode;
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    mode = EVP_CIPHER_CTX_mode(ctx);
+    mode = EVP_CIPHER_CTX_get_mode(ctx);
     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
         && !enc) {
-        ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = aesni_set_decrypt_key(key,
+                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                     &dat->ks.ks);
         dat->block = (block128_f) aesni_decrypt;
         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
             (cbc128_f) aesni_cbc_encrypt : NULL;
     } else {
-        ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = aesni_set_encrypt_key(key,
+                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                     &dat->ks.ks);
         dat->block = (block128_f) aesni_encrypt;
         if (mode == EVP_CIPH_CBC_MODE)
@@ -179,7 +181,7 @@
                             const unsigned char *in, size_t len)
 {
     aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
-                      ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));
+                      ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));
 
     return 1;
 }
@@ -187,13 +189,13 @@
 static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                             const unsigned char *in, size_t len)
 {
-    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t bl = EVP_CIPHER_CTX_get_block_size(ctx);
 
     if (len < bl)
         return 1;
 
     aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
-                      EVP_CIPHER_CTX_encrypting(ctx));
+                      EVP_CIPHER_CTX_is_encrypting(ctx));
 
     return 1;
 }
@@ -225,7 +227,7 @@
     if (!iv && !key)
         return 1;
     if (key) {
-        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                               &gctx->ks.ks);
         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
         gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
@@ -265,7 +267,7 @@
 
     if (key) {
         /* The key is two half length keys in reality */
-        const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
+        const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
         const int bits = bytes * 8;
 
         /*
@@ -316,7 +318,7 @@
     if (!iv && !key)
         return 1;
     if (key) {
-        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                               &cctx->ks.ks);
         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                            &cctx->ks, (block128_f) aesni_encrypt);
@@ -349,9 +351,9 @@
              * needs both. We could possibly optimise to remove setting the
              * decrypt for an encryption operation.
              */
-            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                   &octx->ksenc.ks);
-            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                   &octx->ksdec.ks);
             if (!CRYPTO_ocb128_init(&octx->ocb,
                                     &octx->ksenc.ks, &octx->ksdec.ks,
@@ -448,8 +450,8 @@
     int ret, mode, bits;
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    mode = EVP_CIPHER_CTX_mode(ctx);
-    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    mode = EVP_CIPHER_CTX_get_mode(ctx);
+    bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
         && !enc) {
         ret = 0;
@@ -548,7 +550,7 @@
     if (!iv && !key)
         return 1;
     if (key) {
-        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+        int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
         aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                            (block128_f) aes_t4_encrypt);
@@ -601,7 +603,7 @@
 
     if (key) {
         /* The key is two half length keys in reality */
-        const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
+        const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
         const int bits = bytes * 8;
 
         /*
@@ -671,7 +673,7 @@
     if (!iv && !key)
         return 1;
     if (key) {
-        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+        int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
         aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                            &cctx->ks, (block128_f) aes_t4_encrypt);
@@ -703,9 +705,9 @@
              * needs both. We could possibly optimise to remove setting the
              * decrypt for an encryption operation.
              */
-            aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                    &octx->ksenc.ks);
-            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                    &octx->ksdec.ks);
             if (!CRYPTO_ocb128_init(&octx->ocb,
                                     &octx->ksenc.ks, &octx->ksdec.ks,
@@ -969,7 +971,7 @@
                                   const unsigned char *iv, int enc)
 {
     S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
-    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
 
     cctx->fc = S390X_AES_FC(keylen);
     if (!enc)
@@ -994,8 +996,8 @@
 {
     S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
     const unsigned char *iv = ctx->oiv;
-    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
-    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
 
     memcpy(cctx->kmo.param.cv, iv, ivlen);
     memcpy(cctx->kmo.param.k, key, keylen);
@@ -1049,8 +1051,8 @@
 {
     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
     const unsigned char *iv = ctx->oiv;
-    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
-    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
 
     cctx->fc = S390X_AES_FC(keylen);
     cctx->fc |= 16 << 24;   /* 16 bytes cipher feedback */
@@ -1067,8 +1069,8 @@
                                 const unsigned char *in, size_t len)
 {
     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
-    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
-    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
+    const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
     int n = cctx->res;
     int rem;
     unsigned char tmp;
@@ -1115,8 +1117,8 @@
 {
     S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
     const unsigned char *iv = ctx->oiv;
-    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
-    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
 
     cctx->fc = S390X_AES_FC(keylen);
     cctx->fc |= 1 << 24;   /* 1 byte cipher feedback */
@@ -1345,7 +1347,7 @@
 
     switch (type) {
     case EVP_CTRL_INIT:
-        ivlen = EVP_CIPHER_iv_length(c->cipher);
+        ivlen = EVP_CIPHER_get_iv_length(c->cipher);
         gctx->key_set = 0;
         gctx->iv_set = 0;
         gctx->ivlen = ivlen;
@@ -1385,7 +1387,7 @@
 
     case EVP_CTRL_AEAD_SET_TAG:
         buf = EVP_CIPHER_CTX_buf_noconst(c);
-        enc = EVP_CIPHER_CTX_encrypting(c);
+        enc = EVP_CIPHER_CTX_is_encrypting(c);
         if (arg <= 0 || arg > 16 || enc)
             return 0;
 
@@ -1394,7 +1396,7 @@
         return 1;
 
     case EVP_CTRL_AEAD_GET_TAG:
-        enc = EVP_CIPHER_CTX_encrypting(c);
+        enc = EVP_CIPHER_CTX_is_encrypting(c);
         if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0)
             return 0;
 
@@ -1418,7 +1420,7 @@
         if (arg)
             memcpy(gctx->iv, ptr, arg);
 
-        enc = EVP_CIPHER_CTX_encrypting(c);
+        enc = EVP_CIPHER_CTX_is_encrypting(c);
         if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
             return 0;
 
@@ -1444,7 +1446,7 @@
         return 1;
 
     case EVP_CTRL_GCM_SET_IV_INV:
-        enc = EVP_CIPHER_CTX_encrypting(c);
+        enc = EVP_CIPHER_CTX_is_encrypting(c);
         if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc)
             return 0;
 
@@ -1470,7 +1472,7 @@
         len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
 
         /* If decrypting correct for tag too. */
-        enc = EVP_CIPHER_CTX_encrypting(c);
+        enc = EVP_CIPHER_CTX_is_encrypting(c);
         if (!enc) {
             if (len < EVP_GCM_TLS_TAG_LEN)
                 return 0;
@@ -1518,7 +1520,7 @@
         return 1;
 
     if (key != NULL) {
-        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        keylen = EVP_CIPHER_CTX_get_key_length(ctx);
         memcpy(&gctx->kma.param.k, key, keylen);
 
         gctx->fc = S390X_AES_FC(keylen);
@@ -1554,7 +1556,7 @@
 {
     S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
     const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
-    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
     int rv = -1;
 
     if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
@@ -1643,7 +1645,7 @@
         OPENSSL_cleanse(tmp, gctx->mreslen);
         gctx->iv_set = 0;
 
-        enc = EVP_CIPHER_CTX_encrypting(ctx);
+        enc = EVP_CIPHER_CTX_is_encrypting(ctx);
         if (enc) {
             gctx->taglen = 16;
         } else {
@@ -1866,7 +1868,7 @@
     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
     unsigned char *ivec = ctx->iv;
     unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
-    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
 
     if (out != in
             || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
@@ -1924,7 +1926,7 @@
         return 1;
 
     if (key != NULL) {
-        keylen = EVP_CIPHER_CTX_key_length(ctx);
+        keylen = EVP_CIPHER_CTX_get_key_length(ctx);
         cctx->aes.ccm.fc = S390X_AES_FC(keylen);
         memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
 
@@ -1957,7 +1959,7 @@
                                 const unsigned char *in, size_t len)
 {
     S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
-    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    const int enc = EVP_CIPHER_CTX_is_encrypting(ctx);
     int rv;
     unsigned char *buf;
 
@@ -2079,7 +2081,7 @@
         /* Correct length for explicit iv. */
         len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
 
-        enc = EVP_CIPHER_CTX_encrypting(c);
+        enc = EVP_CIPHER_CTX_is_encrypting(c);
         if (!enc) {
             if (len < cctx->aes.ccm.m)
                 return 0;
@@ -2117,7 +2119,7 @@
         if ((arg & 1) || arg < 4 || arg > 16)
             return 0;
 
-        enc = EVP_CIPHER_CTX_encrypting(c);
+        enc = EVP_CIPHER_CTX_is_encrypting(c);
         if (enc && ptr)
             return 0;
 
@@ -2131,7 +2133,7 @@
         return 1;
 
     case EVP_CTRL_AEAD_GET_TAG:
-        enc = EVP_CIPHER_CTX_encrypting(c);
+        enc = EVP_CIPHER_CTX_is_encrypting(c);
         if (!enc || !cctx->aes.ccm.tag_set)
             return 0;
 
@@ -2302,13 +2304,13 @@
     int ret, mode;
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    mode = EVP_CIPHER_CTX_mode(ctx);
+    mode = EVP_CIPHER_CTX_get_mode(ctx);
     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
         && !enc) {
 #ifdef HWAES_CAPABLE
         if (HWAES_CAPABLE) {
             ret = HWAES_set_decrypt_key(key,
-                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                         &dat->ks.ks);
             dat->block = (block128_f) HWAES_decrypt;
             dat->stream.cbc = NULL;
@@ -2320,7 +2322,8 @@
 #endif
 #ifdef BSAES_CAPABLE
         if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
-            ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            ret = AES_set_decrypt_key(key,
+                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                       &dat->ks.ks);
             dat->block = (block128_f) AES_decrypt;
             dat->stream.cbc = (cbc128_f) ossl_bsaes_cbc_encrypt;
@@ -2329,7 +2332,7 @@
 #ifdef VPAES_CAPABLE
         if (VPAES_CAPABLE) {
             ret = vpaes_set_decrypt_key(key,
-                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                         &dat->ks.ks);
             dat->block = (block128_f) vpaes_decrypt;
             dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
@@ -2338,7 +2341,7 @@
 #endif
         {
             ret = AES_set_decrypt_key(key,
-                                      EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                       &dat->ks.ks);
             dat->block = (block128_f) AES_decrypt;
             dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
@@ -2347,7 +2350,8 @@
     } else
 #ifdef HWAES_CAPABLE
     if (HWAES_CAPABLE) {
-        ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = HWAES_set_encrypt_key(key,
+                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                     &dat->ks.ks);
         dat->block = (block128_f) HWAES_encrypt;
         dat->stream.cbc = NULL;
@@ -2366,7 +2370,7 @@
 #endif
 #ifdef BSAES_CAPABLE
     if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
-        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                   &dat->ks.ks);
         dat->block = (block128_f) AES_encrypt;
         dat->stream.ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks;
@@ -2374,7 +2378,8 @@
 #endif
 #ifdef VPAES_CAPABLE
     if (VPAES_CAPABLE) {
-        ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = vpaes_set_encrypt_key(key,
+                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                     &dat->ks.ks);
         dat->block = (block128_f) vpaes_encrypt;
         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
@@ -2382,7 +2387,7 @@
     } else
 #endif
     {
-        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                   &dat->ks.ks);
         dat->block = (block128_f) AES_encrypt;
         dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
@@ -2408,8 +2413,8 @@
 
     if (dat->stream.cbc)
         (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv,
-                            EVP_CIPHER_CTX_encrypting(ctx));
-    else if (EVP_CIPHER_CTX_encrypting(ctx))
+                            EVP_CIPHER_CTX_is_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_is_encrypting(ctx))
         CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv,
                               dat->block);
     else
@@ -2422,7 +2427,7 @@
 static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t bl = EVP_CIPHER_CTX_get_block_size(ctx);
     size_t i;
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
@@ -2440,7 +2445,7 @@
 {
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    int num = EVP_CIPHER_CTX_num(ctx);
+    int num = EVP_CIPHER_CTX_get_num(ctx);
     CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
                           ctx->iv, &num, dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
@@ -2452,10 +2457,10 @@
 {
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    int num = EVP_CIPHER_CTX_num(ctx);
+    int num = EVP_CIPHER_CTX_get_num(ctx);
     CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
                           ctx->iv, &num,
-                          EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                          EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -2465,10 +2470,10 @@
 {
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
-    int num = EVP_CIPHER_CTX_num(ctx);
+    int num = EVP_CIPHER_CTX_get_num(ctx);
     CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
                             ctx->iv, &num,
-                            EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                            EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -2479,29 +2484,29 @@
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
                                 ctx->iv, &num,
-                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                                EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
         return 1;
     }
 
     while (len >= MAXBITCHUNK) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
                                 ctx->iv, &num,
-                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                                EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
         len -= MAXBITCHUNK;
         out += MAXBITCHUNK;
         in  += MAXBITCHUNK;
     }
     if (len) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
                                 ctx->iv, &num,
-                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                                EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
 
@@ -2511,7 +2516,7 @@
 static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    unsigned int num = EVP_CIPHER_CTX_get_num(ctx);
     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
 
     if (dat->stream.ctr)
@@ -2550,7 +2555,7 @@
     case EVP_CTRL_INIT:
         gctx->key_set = 0;
         gctx->iv_set = 0;
-        gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);
+        gctx->ivlen = EVP_CIPHER_get_iv_length(c->cipher);
         gctx->iv = c->iv;
         gctx->taglen = -1;
         gctx->iv_gen = 0;
@@ -3112,7 +3117,7 @@
     if (key) {
         do {
             /* The key is two half length keys in reality */
-            const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
+            const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2;
             const int bits = bytes * 8;
 
             /*
@@ -3241,7 +3246,7 @@
                          xctx->xts.key1, xctx->xts.key2,
                          ctx->iv);
     else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
-                                   EVP_CIPHER_CTX_encrypting(ctx)))
+                                   EVP_CIPHER_CTX_is_encrypting(ctx)))
         return 0;
     return 1;
 }
@@ -3288,7 +3293,7 @@
                 return 0;
             len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
             /* If decrypting correct for tag too */
-            if (!EVP_CIPHER_CTX_encrypting(c)) {
+            if (!EVP_CIPHER_CTX_is_encrypting(c)) {
                 if (len < cctx->M)
                     return 0;
                 len -= cctx->M;
@@ -3319,7 +3324,7 @@
     case EVP_CTRL_AEAD_SET_TAG:
         if ((arg & 1) || arg < 4 || arg > 16)
             return 0;
-        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+        if (EVP_CIPHER_CTX_is_encrypting(c) && ptr)
             return 0;
         if (ptr) {
             cctx->tag_set = 1;
@@ -3329,7 +3334,7 @@
         return 1;
 
     case EVP_CTRL_AEAD_GET_TAG:
-        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+        if (!EVP_CIPHER_CTX_is_encrypting(c) || !cctx->tag_set)
             return 0;
         if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
             return 0;
@@ -3366,7 +3371,8 @@
         do {
 #ifdef HWAES_CAPABLE
             if (HWAES_CAPABLE) {
-                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                HWAES_set_encrypt_key(key,
+                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                       &cctx->ks.ks);
 
                 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
@@ -3378,7 +3384,8 @@
 #endif
 #ifdef VPAES_CAPABLE
             if (VPAES_CAPABLE) {
-                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                vpaes_set_encrypt_key(key,
+                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                       &cctx->ks.ks);
                 CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                    &cctx->ks, (block128_f) vpaes_encrypt);
@@ -3387,7 +3394,7 @@
                 break;
             }
 #endif
-            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                 &cctx->ks.ks);
             CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                &cctx->ks, (block128_f) AES_encrypt);
@@ -3410,7 +3417,7 @@
     if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
         return -1;
     /* If encrypting set explicit IV from sequence number (start of AAD) */
-    if (EVP_CIPHER_CTX_encrypting(ctx))
+    if (EVP_CIPHER_CTX_is_encrypting(ctx))
         memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
                EVP_CCM_TLS_EXPLICIT_IV_LEN);
     /* Get rest of IV from explicit IV */
@@ -3422,11 +3429,12 @@
                             len))
             return -1;
     /* Use saved AAD */
-    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                      cctx->tls_aad_len);
     /* Fix buffer to point to payload */
     in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
     out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
                                                     cctx->str) :
             CRYPTO_ccm128_encrypt(ccm, in, out, len))
@@ -3484,7 +3492,7 @@
     }
 
     /* The tag must be set before actually decrypting data */
-    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+    if (!EVP_CIPHER_CTX_is_encrypting(ctx) && !cctx->tag_set)
         return -1;
 
     /* If not set length yet do it */
@@ -3493,7 +3501,7 @@
             return -1;
         cctx->len_set = 1;
     }
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
                                                     cctx->str) :
             CRYPTO_ccm128_encrypt(ccm, in, out, len))
@@ -3546,17 +3554,17 @@
     if (!iv && !key)
         return 1;
     if (key) {
-        if (EVP_CIPHER_CTX_encrypting(ctx))
-            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        if (EVP_CIPHER_CTX_is_encrypting(ctx))
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                 &wctx->ks.ks);
         else
-            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                 &wctx->ks.ks);
         if (!iv)
             wctx->iv = NULL;
     }
     if (iv) {
-        memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+        memcpy(ctx->iv, iv, EVP_CIPHER_CTX_get_iv_length(ctx));
         wctx->iv = ctx->iv;
     }
     return 1;
@@ -3568,7 +3576,7 @@
     EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
     size_t rv;
     /* AES wrap with padding has IV length of 4, without padding 8 */
-    int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;
+    int pad = EVP_CIPHER_CTX_get_iv_length(ctx) == 4;
     /* No final operation so always return zero length */
     if (!in)
         return 0;
@@ -3576,7 +3584,7 @@
     if (!inlen)
         return -1;
     /* If decrypting need at least 16 bytes and multiple of 8 */
-    if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
+    if (!EVP_CIPHER_CTX_is_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
         return -1;
     /* If not padding input must be multiple of 8 */
     if (!pad && inlen & 0x7)
@@ -3586,7 +3594,7 @@
         return 0;
     }
     if (!out) {
-        if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
             /* If padding round up to multiple of 8 */
             if (pad)
                 inlen = (inlen + 7) / 8 * 8;
@@ -3602,7 +3610,7 @@
         }
     }
     if (pad) {
-        if (EVP_CIPHER_CTX_encrypting(ctx))
+        if (EVP_CIPHER_CTX_is_encrypting(ctx))
             rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
                                      out, in, inlen,
                                      (block128_f) AES_encrypt);
@@ -3611,7 +3619,7 @@
                                        out, in, inlen,
                                        (block128_f) AES_decrypt);
     } else {
-        if (EVP_CIPHER_CTX_encrypting(ctx))
+        if (EVP_CIPHER_CTX_is_encrypting(ctx))
             rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
                                  out, in, inlen, (block128_f) AES_encrypt);
         else
@@ -3720,7 +3728,7 @@
     case EVP_CTRL_INIT:
         octx->key_set = 0;
         octx->iv_set = 0;
-        octx->ivlen = EVP_CIPHER_iv_length(c->cipher);
+        octx->ivlen = EVP_CIPHER_get_iv_length(c->cipher);
         octx->iv = c->iv;
         octx->taglen = 16;
         octx->data_buf_len = 0;
@@ -3748,13 +3756,13 @@
             octx->taglen = arg;
             return 1;
         }
-        if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c))
+        if (arg != octx->taglen || EVP_CIPHER_CTX_is_encrypting(c))
             return 0;
         memcpy(octx->tag, ptr, arg);
         return 1;
 
     case EVP_CTRL_AEAD_GET_TAG:
-        if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c))
+        if (arg != octx->taglen || !EVP_CIPHER_CTX_is_encrypting(c))
             return 0;
 
         memcpy(ptr, octx->tag, arg);
@@ -3788,9 +3796,9 @@
              */
 # ifdef HWAES_CAPABLE
             if (HWAES_CAPABLE) {
-                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                       &octx->ksenc.ks);
-                HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                       &octx->ksdec.ks);
                 if (!CRYPTO_ocb128_init(&octx->ocb,
                                         &octx->ksenc.ks, &octx->ksdec.ks,
@@ -3804,9 +3812,11 @@
 # endif
 # ifdef VPAES_CAPABLE
             if (VPAES_CAPABLE) {
-                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                vpaes_set_encrypt_key(key,
+                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                       &octx->ksenc.ks);
-                vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                vpaes_set_decrypt_key(key,
+                                      EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                       &octx->ksdec.ks);
                 if (!CRYPTO_ocb128_init(&octx->ocb,
                                         &octx->ksenc.ks, &octx->ksdec.ks,
@@ -3817,9 +3827,9 @@
                 break;
             }
 # endif
-            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                 &octx->ksenc.ks);
-            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                 &octx->ksdec.ks);
             if (!CRYPTO_ocb128_init(&octx->ocb,
                                     &octx->ksenc.ks, &octx->ksdec.ks,
@@ -3914,7 +3924,7 @@
             if (out == NULL) {
                 if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE))
                     return -1;
-            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out,
                                            AES_BLOCK_SIZE))
                     return -1;
@@ -3939,7 +3949,7 @@
             if (out == NULL) {
                 if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len))
                     return -1;
-            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 if (!CRYPTO_ocb128_encrypt
                     (&octx->ocb, in, out, len - trailing_len))
                     return -1;
@@ -3965,7 +3975,7 @@
          * have been provided - both for data and AAD
          */
         if (octx->data_buf_len > 0) {
-            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out,
                                            octx->data_buf_len))
                     return -1;
@@ -3984,7 +3994,7 @@
             octx->aad_buf_len = 0;
         }
         /* If decrypting then verify */
-        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (!EVP_CIPHER_CTX_is_encrypting(ctx)) {
             if (octx->taglen < 0)
                 return -1;
             if (CRYPTO_ocb128_finish(&octx->ocb,
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 91357f8..4941f98 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -75,11 +75,11 @@
 
     if (enc)
         ret = aesni_set_encrypt_key(inkey,
-                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                     &key->ks);
     else
         ret = aesni_set_decrypt_key(inkey,
-                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                     &key->ks);
 
     SHA1_Init(&key->head);      /* handy when benchmarking */
@@ -424,7 +424,7 @@
     if (len % AES_BLOCK_SIZE)
         return 0;
 
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (plen == NO_PAYLOAD_LENGTH)
             plen = len;
         else if (len !=
@@ -813,7 +813,7 @@
 
             len = p[arg - 2] << 8 | p[arg - 1];
 
-            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 key->payload_length = len;
                 if ((key->aux.tls_ver =
                      p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
@@ -851,7 +851,7 @@
 
             inp_len = param->inp[11] << 8 | param->inp[12];
 
-            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
                     return -1;
 
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 82613cb..3a5f757 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -71,11 +71,11 @@
 
     if (enc)
         ret = aesni_set_encrypt_key(inkey,
-                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                     &key->ks);
     else
         ret = aesni_set_decrypt_key(inkey,
-                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                     &key->ks);
 
     SHA256_Init(&key->head);    /* handy when benchmarking */
@@ -439,7 +439,7 @@
     if (len % AES_BLOCK_SIZE)
         return 0;
 
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (plen == NO_PAYLOAD_LENGTH)
             plen = len;
         else if (len !=
@@ -794,7 +794,7 @@
 
             len = p[arg - 2] << 8 | p[arg - 1];
 
-            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 key->payload_length = len;
                 if ((key->aux.tls_ver =
                      p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
@@ -835,7 +835,7 @@
 
             inp_len = param->inp[11] << 8 | param->inp[12];
 
-            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
                     return -1;
 
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index e7ba2df..b57661d 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -60,13 +60,15 @@
                             const unsigned char *iv, int enc)
 {
     int ret;
-    int mode = EVP_CIPHER_CTX_mode(ctx);
+    int mode = EVP_CIPHER_CTX_get_mode(ctx);
 
     if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
-        ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = ossl_aria_set_encrypt_key(key,
+                                        EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                         EVP_CIPHER_CTX_get_cipher_data(ctx));
     else
-        ret = ossl_aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = ossl_aria_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                         EVP_CIPHER_CTX_get_cipher_data(ctx));
     if (ret < 0) {
         ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED);
@@ -171,7 +173,7 @@
 static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    unsigned int num = EVP_CIPHER_CTX_get_num(ctx);
     EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY, ctx);
 
     CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
@@ -212,7 +214,8 @@
     if (!iv && !key)
         return 1;
     if (key) {
-        ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = ossl_aria_set_encrypt_key(key,
+                                        EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                         &gctx->ks.ks);
         CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
                            (block128_f) ossl_aria_encrypt);
@@ -251,7 +254,7 @@
     case EVP_CTRL_INIT:
         gctx->key_set = 0;
         gctx->iv_set = 0;
-        gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);
+        gctx->ivlen = EVP_CIPHER_get_iv_length(c->cipher);
         gctx->iv = c->iv;
         gctx->taglen = -1;
         gctx->iv_gen = 0;
@@ -278,14 +281,14 @@
         return 1;
 
     case EVP_CTRL_AEAD_SET_TAG:
-        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
+        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_is_encrypting(c))
             return 0;
         memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
         gctx->taglen = arg;
         return 1;
 
     case EVP_CTRL_AEAD_GET_TAG:
-        if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
+        if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_is_encrypting(c)
             || gctx->taglen < 0)
             return 0;
         memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
@@ -306,7 +309,7 @@
             return 0;
         if (arg)
             memcpy(gctx->iv, ptr, arg);
-        if (EVP_CIPHER_CTX_encrypting(c)
+        if (EVP_CIPHER_CTX_is_encrypting(c)
             && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
             return 0;
         gctx->iv_gen = 1;
@@ -329,7 +332,7 @@
 
     case EVP_CTRL_GCM_SET_IV_INV:
         if (gctx->iv_gen == 0 || gctx->key_set == 0
-            || EVP_CIPHER_CTX_encrypting(c))
+            || EVP_CIPHER_CTX_is_encrypting(c))
             return 0;
         memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
         CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
@@ -351,7 +354,7 @@
                 return 0;
             len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
             /* If decrypting correct for tag too */
-            if (!EVP_CIPHER_CTX_encrypting(c)) {
+            if (!EVP_CIPHER_CTX_is_encrypting(c)) {
                 if (len < EVP_GCM_TLS_TAG_LEN)
                     return 0;
                 len -= EVP_GCM_TLS_TAG_LEN;
@@ -403,7 +406,7 @@
      * Set IV from start of buffer or generate IV and write to start of
      * buffer.
      */
-    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_is_encrypting(ctx) ?
                             EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
                             EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
         goto err;
@@ -415,7 +418,7 @@
     in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
     out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
     len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         /* Encrypt payload */
         if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
             goto err;
@@ -463,7 +466,7 @@
         if (out == NULL) {
             if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
                 return -1;
-        } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
             if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
                 return -1;
         } else {
@@ -472,7 +475,7 @@
         }
         return len;
     }
-    if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (!EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (gctx->taglen < 0)
             return -1;
         if (CRYPTO_gcm128_finish(&gctx->gcm,
@@ -509,7 +512,8 @@
         return 1;
 
     if (key) {
-        ret = ossl_aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+        ret = ossl_aria_set_encrypt_key(key,
+                                        EVP_CIPHER_CTX_get_key_length(ctx) * 8,
                                         &cctx->ks.ks);
         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                            &cctx->ks, (block128_f) ossl_aria_encrypt);
@@ -561,7 +565,7 @@
                 return 0;
             len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
             /* If decrypting correct for tag too */
-            if (!EVP_CIPHER_CTX_encrypting(c)) {
+            if (!EVP_CIPHER_CTX_is_encrypting(c)) {
                 if (len < cctx->M)
                     return 0;
                 len -= cctx->M;
@@ -591,7 +595,7 @@
     case EVP_CTRL_AEAD_SET_TAG:
         if ((arg & 1) || arg < 4 || arg > 16)
             return 0;
-        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+        if (EVP_CIPHER_CTX_is_encrypting(c) && ptr)
             return 0;
         if (ptr) {
             cctx->tag_set = 1;
@@ -601,7 +605,7 @@
         return 1;
 
     case EVP_CTRL_AEAD_GET_TAG:
-        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+        if (!EVP_CIPHER_CTX_is_encrypting(c) || !cctx->tag_set)
             return 0;
         if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
             return 0;
@@ -637,7 +641,7 @@
     if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
         return -1;
     /* If encrypting set explicit IV from sequence number (start of AAD) */
-    if (EVP_CIPHER_CTX_encrypting(ctx))
+    if (EVP_CIPHER_CTX_is_encrypting(ctx))
         memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
                EVP_CCM_TLS_EXPLICIT_IV_LEN);
     /* Get rest of IV from explicit IV */
@@ -649,11 +653,12 @@
                             len))
             return -1;
     /* Use saved AAD */
-    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                      cctx->tls_aad_len);
     /* Fix buffer to point to payload */
     in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
     out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
                       : CRYPTO_ccm128_encrypt(ccm, in, out, len))
             return -1;
@@ -709,7 +714,7 @@
     }
 
     /* The tag must be set before actually decrypting data */
-    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+    if (!EVP_CIPHER_CTX_is_encrypting(ctx) && !cctx->tag_set)
         return -1;
 
     /* If not set length yet do it */
@@ -718,7 +723,7 @@
             return -1;
         cctx->len_set = 1;
     }
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
                       : CRYPTO_ccm128_encrypt(ccm, in, out, len))
             return -1;
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index 9e240d1..734e77f 100644
--- a/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
@@ -38,7 +38,7 @@
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc)
 {
-    BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx), key);
     return 1;
 }
 
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index db2057a..b2f5984 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -56,8 +56,8 @@
     EVP_CAMELLIA_KEY *dat =
         (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
 
-    mode = EVP_CIPHER_CTX_mode(ctx);
-    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    mode = EVP_CIPHER_CTX_get_mode(ctx);
+    bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
 
     cmll_t4_set_key(key, bits, &dat->ks);
 
@@ -196,13 +196,14 @@
     int ret, mode;
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
-    ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks);
+    ret = Camellia_set_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8,
+                           &dat->ks);
     if (ret < 0) {
         ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
         return 0;
     }
 
-    mode = EVP_CIPHER_CTX_mode(ctx);
+    mode = EVP_CIPHER_CTX_get_mode(ctx);
     if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
         && !enc) {
         dat->block = (block128_f) Camellia_decrypt;
@@ -224,8 +225,8 @@
 
     if (dat->stream.cbc)
         (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv,
-                            EVP_CIPHER_CTX_encrypting(ctx));
-    else if (EVP_CIPHER_CTX_encrypting(ctx))
+                            EVP_CIPHER_CTX_is_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_is_encrypting(ctx))
         CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
     else
         CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block);
@@ -236,7 +237,7 @@
 static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t bl = EVP_CIPHER_CTX_get_block_size(ctx);
     size_t i;
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
@@ -254,7 +255,7 @@
 {
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
-    int num = EVP_CIPHER_CTX_num(ctx);
+    int num = EVP_CIPHER_CTX_get_num(ctx);
     CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
@@ -265,9 +266,9 @@
 {
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
-    int num = EVP_CIPHER_CTX_num(ctx);
+    int num = EVP_CIPHER_CTX_get_num(ctx);
     CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
-                          EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                          EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -277,9 +278,9 @@
 {
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
-    int num = EVP_CIPHER_CTX_num(ctx);
+    int num = EVP_CIPHER_CTX_get_num(ctx);
     CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
-                            EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                            EVP_CIPHER_CTX_is_encrypting(ctx), dat->block);
     EVP_CIPHER_CTX_set_num(ctx, num);
     return 1;
 }
@@ -290,26 +291,31 @@
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num,
-                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                                EVP_CIPHER_CTX_is_encrypting(ctx),
+                                dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
         return 1;
     }
 
     while (len >= MAXBITCHUNK) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
-                                ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                                ctx->iv, &num,
+                                EVP_CIPHER_CTX_is_encrypting(ctx),
+                                dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
         len -= MAXBITCHUNK;
         out += MAXBITCHUNK;
         in  += MAXBITCHUNK;
     }
     if (len) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
-                                ctx->iv, &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+                                ctx->iv, &num,
+                                EVP_CIPHER_CTX_is_encrypting(ctx),
+                                dat->block);
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
 
@@ -319,7 +325,7 @@
 static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                const unsigned char *in, size_t len)
 {
-    int snum = EVP_CIPHER_CTX_num(ctx);
+    int snum = EVP_CIPHER_CTX_get_num(ctx);
     unsigned int num;
     EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
 
@@ -328,7 +334,8 @@
     num = snum;
     if (dat->stream.ctr)
         CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv,
-                                    EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                    EVP_CIPHER_CTX_buf_noconst(ctx),
+                                    &num,
                                     dat->stream.ctr);
     else
         CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index fd9dd0d..5e9be2d 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -40,7 +40,7 @@
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc)
 {
-    int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
 
     if (keylen <= 0)
         return 0;
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index d3b2206..491d451 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -65,7 +65,7 @@
     BLOCK_CIPHER_ecb_loop()
         DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
                         EVP_CIPHER_CTX_get_cipher_data(ctx),
-                        EVP_CIPHER_CTX_encrypting(ctx));
+                        EVP_CIPHER_CTX_is_encrypting(ctx));
     return 1;
 }
 
@@ -73,7 +73,7 @@
                           const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
                           (DES_cblock *)ctx->iv, &num);
@@ -83,7 +83,7 @@
         out += EVP_MAXCHUNK;
     }
     if (inl) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         DES_ofb64_encrypt(in, out, (long)inl,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
                           (DES_cblock *)ctx->iv, &num);
@@ -105,7 +105,7 @@
         DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                          EVP_CIPHER_CTX_get_cipher_data(ctx),
                          (DES_cblock *)ctx->iv,
-                         EVP_CIPHER_CTX_encrypting(ctx));
+                         EVP_CIPHER_CTX_is_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
@@ -114,7 +114,7 @@
         DES_ncbc_encrypt(in, out, (long)inl,
                          EVP_CIPHER_CTX_get_cipher_data(ctx),
                          (DES_cblock *)ctx->iv,
-                         EVP_CIPHER_CTX_encrypting(ctx));
+                         EVP_CIPHER_CTX_is_encrypting(ctx));
     return 1;
 }
 
@@ -122,22 +122,22 @@
                             const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
                           (DES_cblock *)ctx->iv, &num,
-                          EVP_CIPHER_CTX_encrypting(ctx));
+                          EVP_CIPHER_CTX_is_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
     if (inl) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         DES_cfb64_encrypt(in, out, (long)inl,
                           EVP_CIPHER_CTX_get_cipher_data(ctx),
                           (DES_cblock *)ctx->iv, &num,
-                          EVP_CIPHER_CTX_encrypting(ctx));
+                          EVP_CIPHER_CTX_is_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
     return 1;
@@ -161,7 +161,7 @@
             c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
             DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
                             (DES_cblock *)ctx->iv,
-                            EVP_CIPHER_CTX_encrypting(ctx));
+                            EVP_CIPHER_CTX_is_encrypting(ctx));
             out[n / 8] =
                 (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
                 ((d[0] & 0x80) >> (unsigned int)(n % 8));
@@ -183,7 +183,7 @@
         DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
                         EVP_CIPHER_CTX_get_cipher_data(ctx),
                         (DES_cblock *)ctx->iv,
-                        EVP_CIPHER_CTX_encrypting(ctx));
+                        EVP_CIPHER_CTX_is_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
@@ -192,7 +192,7 @@
         DES_cfb_encrypt(in, out, 8, (long)inl,
                         EVP_CIPHER_CTX_get_cipher_data(ctx),
                         (DES_cblock *)ctx->iv,
-                        EVP_CIPHER_CTX_encrypting(ctx));
+                        EVP_CIPHER_CTX_is_encrypting(ctx));
     return 1;
 }
 
@@ -217,7 +217,7 @@
     dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
     if (SPARC_DES_CAPABLE) {
-        int mode = EVP_CIPHER_CTX_mode(ctx);
+        int mode = EVP_CIPHER_CTX_get_mode(ctx);
 
         if (mode == EVP_CIPH_CBC_MODE) {
             des_t4_key_expand(key, &dat->ks.ks);
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 9043f3f..746709f 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -75,7 +75,7 @@
         DES_ecb3_encrypt((const_DES_cblock *)(in + i),
                          (DES_cblock *)(out + i),
                          &data(ctx)->ks1, &data(ctx)->ks2,
-                         &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx));
+                         &data(ctx)->ks3, EVP_CIPHER_CTX_is_encrypting(ctx));
     return 1;
 }
 
@@ -83,7 +83,7 @@
                               const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2,
                                &data(ctx)->ks3,
@@ -95,7 +95,7 @@
         out += EVP_MAXCHUNK;
     }
     if (inl) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         DES_ede3_ofb64_encrypt(in, out, (long)inl,
                                &data(ctx)->ks1, &data(ctx)->ks2,
                                &data(ctx)->ks3,
@@ -121,7 +121,7 @@
         DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                              &dat->ks1, &dat->ks2, &dat->ks3,
                              (DES_cblock *)ctx->iv,
-                             EVP_CIPHER_CTX_encrypting(ctx));
+                             EVP_CIPHER_CTX_is_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
@@ -130,7 +130,7 @@
         DES_ede3_cbc_encrypt(in, out, (long)inl,
                              &dat->ks1, &dat->ks2, &dat->ks3,
                              (DES_cblock *)ctx->iv,
-                             EVP_CIPHER_CTX_encrypting(ctx));
+                             EVP_CIPHER_CTX_is_encrypting(ctx));
     return 1;
 }
 
@@ -138,22 +138,22 @@
                                 const unsigned char *in, size_t inl)
 {
     while (inl >= EVP_MAXCHUNK) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2,
                                &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+                               &num, EVP_CIPHER_CTX_is_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
     }
     if (inl) {
-        int num = EVP_CIPHER_CTX_num(ctx);
+        int num = EVP_CIPHER_CTX_get_num(ctx);
         DES_ede3_cfb64_encrypt(in, out, (long)inl,
                                &data(ctx)->ks1, &data(ctx)->ks2,
                                &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+                               &num, EVP_CIPHER_CTX_is_encrypting(ctx));
         EVP_CIPHER_CTX_set_num(ctx, num);
     }
     return 1;
@@ -176,7 +176,7 @@
         DES_ede3_cfb_encrypt(c, d, 1, 1,
                              &data(ctx)->ks1, &data(ctx)->ks2,
                              &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                             EVP_CIPHER_CTX_encrypting(ctx));
+                             EVP_CIPHER_CTX_is_encrypting(ctx));
         out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
             | ((d[0] & 0x80) >> (unsigned int)(n % 8));
     }
@@ -191,7 +191,7 @@
         DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
                              &data(ctx)->ks1, &data(ctx)->ks2,
                              &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                             EVP_CIPHER_CTX_encrypting(ctx));
+                             EVP_CIPHER_CTX_is_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
@@ -200,7 +200,7 @@
         DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
                              &data(ctx)->ks1, &data(ctx)->ks2,
                              &data(ctx)->ks3, (DES_cblock *)ctx->iv,
-                             EVP_CIPHER_CTX_encrypting(ctx));
+                             EVP_CIPHER_CTX_is_encrypting(ctx));
     return 1;
 }
 
@@ -232,7 +232,7 @@
     dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
     if (SPARC_DES_CAPABLE) {
-        int mode = EVP_CIPHER_CTX_mode(ctx);
+        int mode = EVP_CIPHER_CTX_get_mode(ctx);
 
         if (mode == EVP_CIPH_CBC_MODE) {
             des_t4_key_expand(&deskey[0], &dat->ks1);
@@ -259,7 +259,7 @@
     dat->stream.cbc = NULL;
 # if defined(SPARC_DES_CAPABLE)
     if (SPARC_DES_CAPABLE) {
-        int mode = EVP_CIPHER_CTX_mode(ctx);
+        int mode = EVP_CIPHER_CTX_get_mode(ctx);
 
         if (mode == EVP_CIPH_CBC_MODE) {
             des_t4_key_expand(&deskey[0], &dat->ks1);
@@ -285,7 +285,7 @@
 
     switch (type) {
     case EVP_CTRL_RAND_KEY:
-        kl = EVP_CIPHER_CTX_key_length(ctx);
+        kl = EVP_CIPHER_CTX_get_key_length(ctx);
         if (kl < 0 || RAND_priv_bytes(ptr, kl) <= 0)
             return 0;
         DES_set_odd_parity(deskey);
@@ -401,7 +401,7 @@
         return 0;
     }
 
-    if (EVP_CIPHER_CTX_encrypting(ctx))
+    if (EVP_CIPHER_CTX_is_encrypting(ctx))
         return des_ede3_wrap(ctx, out, in, inl);
     else
         return des_ede3_unwrap(ctx, out, in, inl);
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index a4778a2..cf8746d 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -58,9 +58,9 @@
                          const unsigned char *iv, int enc)
 {
     if (!enc) {
-        if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+        if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE)
             enc = 1;
-        else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
+        else if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_CFB_MODE)
             enc = 1;
     }
     if (enc)
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index c935a49..ffeb17f 100644
--- a/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
@@ -92,7 +92,7 @@
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         const unsigned char *iv, int enc)
 {
-    RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+    RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx),
                 key, data(ctx)->key_bits);
     return 1;
 }
@@ -136,7 +136,7 @@
     unsigned char iv[EVP_MAX_IV_LENGTH];
 
     if (type != NULL) {
-        l = EVP_CIPHER_CTX_iv_length(c);
+        l = EVP_CIPHER_CTX_get_iv_length(c);
         OPENSSL_assert(l <= sizeof(iv));
         i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
         if (i != (int)l)
@@ -161,7 +161,7 @@
 
     if (type != NULL) {
         num = rc2_meth_to_magic(c);
-        j = EVP_CIPHER_CTX_iv_length(c);
+        j = EVP_CIPHER_CTX_get_iv_length(c);
         i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
     }
     return i;
@@ -171,7 +171,7 @@
 {
     switch (type) {
     case EVP_CTRL_INIT:
-        data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+        data(c)->key_bits = EVP_CIPHER_CTX_get_key_length(c) * 8;
         return 1;
 
     case EVP_CTRL_GET_RC2_KEY_BITS:
diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index ec07f02..e22e81d 100644
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -79,7 +79,7 @@
 {
     int keylen;
 
-    if ((keylen = EVP_CIPHER_CTX_key_length(ctx)) <= 0)
+    if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) <= 0)
         return 0;
     RC4_set_key(&data(ctx)->ks, keylen, key);
     return 1;
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index c8b6da2..183ecef 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -46,7 +46,7 @@
                                  const unsigned char *iv, int enc)
 {
     EVP_RC4_HMAC_MD5 *key = data(ctx);
-    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int keylen = EVP_CIPHER_CTX_get_key_length(ctx);
 
     if (keylen <= 0)
         return 0;
@@ -88,7 +88,7 @@
     if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
         return 0;
 
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         if (plen == NO_PAYLOAD_LENGTH)
             plen = len;
 # if defined(STITCHED_CALL)
@@ -228,7 +228,7 @@
 
             len = p[arg - 2] << 8 | p[arg - 1];
 
-            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (!EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 if (len < MD5_DIGEST_LENGTH)
                     return -1;
                 len -= MD5_DIGEST_LENGTH;
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index aa5e902..20098a9 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -72,11 +72,11 @@
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                                const unsigned char *iv, int enc)
 {
-    if (EVP_CIPHER_CTX_key_length(ctx) > 255) {
+    if (EVP_CIPHER_CTX_get_key_length(ctx) > 255) {
         ERR_raise(ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH);
         return 0;
     }
-    return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+    return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx),
                           key, data(ctx)->rounds);
 }
 
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
index a376757..a3ccc49 100644
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
@@ -72,7 +72,7 @@
 static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                           const unsigned char *in, size_t len)
 {
-    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    unsigned int num = EVP_CIPHER_CTX_get_num(ctx);
     EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
 
     CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv,
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
index b1e6c2a..f930941 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -76,7 +76,7 @@
         DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
                          (DES_cblock *)ctx->iv,
                          &data(ctx)->inw, &data(ctx)->outw,
-                         EVP_CIPHER_CTX_encrypting(ctx));
+                         EVP_CIPHER_CTX_is_encrypting(ctx));
         inl -= EVP_MAXCHUNK;
         in += EVP_MAXCHUNK;
         out += EVP_MAXCHUNK;
@@ -85,7 +85,7 @@
         DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
                          (DES_cblock *)ctx->iv,
                          &data(ctx)->inw, &data(ctx)->outw,
-                         EVP_CIPHER_CTX_encrypting(ctx));
+                         EVP_CIPHER_CTX_is_encrypting(ctx));
     return 1;
 }
 #endif
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 3569510..f39e9b8 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -216,10 +216,10 @@
         return ctx->cipher->einit(ctx->algctx,
                                   key,
                                   key == NULL ? 0
-                                              : EVP_CIPHER_CTX_key_length(ctx),
+                                              : EVP_CIPHER_CTX_get_key_length(ctx),
                                   iv,
                                   iv == NULL ? 0
-                                             : EVP_CIPHER_CTX_iv_length(ctx),
+                                             : EVP_CIPHER_CTX_get_iv_length(ctx),
                                   params);
     }
 
@@ -231,10 +231,10 @@
     return ctx->cipher->dinit(ctx->algctx,
                               key,
                               key == NULL ? 0
-                                          : EVP_CIPHER_CTX_key_length(ctx),
+                                          : EVP_CIPHER_CTX_get_key_length(ctx),
                               iv,
                               iv == NULL ? 0
-                                         : EVP_CIPHER_CTX_iv_length(ctx),
+                                         : EVP_CIPHER_CTX_get_iv_length(ctx),
                                   params);
 
     /* Code below to be removed when legacy support is dropped. */
@@ -321,14 +321,14 @@
                    || ctx->cipher->block_size == 16);
 
     if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
-        && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
+        && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) {
         ERR_raise(ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED);
         return 0;
     }
 
-    if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+    if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
                 & EVP_CIPH_CUSTOM_IV) == 0) {
-        switch (EVP_CIPHER_CTX_mode(ctx)) {
+        switch (EVP_CIPHER_CTX_get_mode(ctx)) {
 
         case EVP_CIPH_STREAM_CIPHER:
         case EVP_CIPH_ECB_MODE:
@@ -341,19 +341,19 @@
             /* fall-through */
 
         case EVP_CIPH_CBC_MODE:
-            n = EVP_CIPHER_CTX_iv_length(ctx);
+            n = EVP_CIPHER_CTX_get_iv_length(ctx);
             if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
                     return 0;
             if (iv)
-                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_get_iv_length(ctx));
+            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_get_iv_length(ctx));
             break;
 
         case EVP_CIPH_CTR_MODE:
             ctx->num = 0;
             /* Don't reuse IV for CTR mode */
             if (iv)
-                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_get_iv_length(ctx));
             break;
 
         default:
@@ -674,7 +674,7 @@
     if (ctx->cipher->prov == NULL)
         goto legacy;
 
-    blocksize = EVP_CIPHER_CTX_block_size(ctx);
+    blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
 
     if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
@@ -761,7 +761,7 @@
     if (ctx->cipher->prov == NULL)
         goto legacy;
 
-    blocksize = EVP_CIPHER_CTX_block_size(ctx);
+    blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
 
     if (ctx->cipher->cupdate == NULL || blocksize < 1) {
         ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
@@ -896,7 +896,7 @@
     if (ctx->cipher->prov == NULL)
         goto legacy;
 
-    blocksize = EVP_CIPHER_CTX_block_size(ctx);
+    blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
 
     if (blocksize < 1 || ctx->cipher->cfinal == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
@@ -976,7 +976,7 @@
         OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
         size_t len = keylen;
 
-        if (EVP_CIPHER_CTX_key_length(c) == keylen)
+        if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
             return 1;
 
         /* Check the cipher actually understands this parameter */
@@ -998,7 +998,7 @@
      */
     if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
         return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
-    if (EVP_CIPHER_CTX_key_length(c) == keylen)
+    if (EVP_CIPHER_CTX_get_key_length(c) == keylen)
         return 1;
     if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
         c->key_len = keylen;
@@ -1257,7 +1257,7 @@
 {
     if (cipher != NULL && cipher->gettable_params != NULL)
         return cipher->gettable_params(
-                   ossl_provider_ctx(EVP_CIPHER_provider(cipher)));
+                   ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)));
     return NULL;
 }
 
@@ -1266,7 +1266,7 @@
     void *provctx;
 
     if (cipher != NULL && cipher->settable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_CIPHER_provider(cipher));
+        provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
         return cipher->settable_ctx_params(NULL, provctx);
     }
     return NULL;
@@ -1277,7 +1277,7 @@
     void *provctx;
 
     if (cipher != NULL && cipher->gettable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_CIPHER_provider(cipher));
+        provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher));
         return cipher->gettable_ctx_params(NULL, provctx);
     }
     return NULL;
@@ -1288,7 +1288,7 @@
     void *alg;
 
     if (cctx != NULL && cctx->cipher->settable_ctx_params != NULL) {
-        alg = ossl_provider_ctx(EVP_CIPHER_provider(cctx->cipher));
+        alg = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
         return cctx->cipher->settable_ctx_params(cctx->algctx, alg);
     }
     return NULL;
@@ -1299,7 +1299,7 @@
     void *provctx;
 
     if (cctx != NULL && cctx->cipher->gettable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_CIPHER_provider(cctx->cipher));
+        provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher));
         return cctx->cipher->gettable_ctx_params(cctx->algctx, provctx);
     }
     return NULL;
@@ -1314,7 +1314,7 @@
     if (cipher == NULL)
         return NULL;
 
-    prov = EVP_CIPHER_provider(cipher);
+    prov = EVP_CIPHER_get0_provider(cipher);
     return ossl_provider_libctx(prov);
 }
 #endif
@@ -1331,7 +1331,7 @@
         int kl;
         OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx);
 
-        kl = EVP_CIPHER_CTX_key_length(ctx);
+        kl = EVP_CIPHER_CTX_get_key_length(ctx);
         if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0)
             return 0;
         return 1;
@@ -1442,7 +1442,7 @@
         return;
     if (legacy_method == NULL)
         return;
-    nid = EVP_CIPHER_nid(legacy_method);
+    nid = EVP_CIPHER_get_nid(legacy_method);
     if (*legacy_nid != NID_undef && *legacy_nid != nid) {
         *legacy_nid = -1;
         return;
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 3aa49aa..acbe92d 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -85,8 +85,8 @@
     int niv, nkey, addmd = 0;
     unsigned int mds = 0, i;
     int rv = 0;
-    nkey = EVP_CIPHER_key_length(type);
-    niv = EVP_CIPHER_iv_length(type);
+    nkey = EVP_CIPHER_get_key_length(type);
+    niv = EVP_CIPHER_get_iv_length(type);
     OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
     OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
@@ -146,7 +146,7 @@
         if ((nkey == 0) && (niv == 0))
             break;
     }
-    rv = EVP_CIPHER_key_length(type);
+    rv = EVP_CIPHER_get_key_length(type);
  err:
     EVP_MD_CTX_free(c);
     OPENSSL_cleanse(md_buf, sizeof(md_buf));
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index bc872c0..8a03c44 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -49,7 +49,7 @@
     if (type != NULL) {
         unsigned char iv[EVP_MAX_IV_LENGTH];
 
-        l = EVP_CIPHER_CTX_iv_length(ctx);
+        l = EVP_CIPHER_CTX_get_iv_length(ctx);
         if (!ossl_assert(l <= sizeof(iv)))
             return -1;
         i = ASN1_TYPE_get_octetstring(type, iv, l);
@@ -70,7 +70,7 @@
 
     if (type != NULL) {
         oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c);
-        j = EVP_CIPHER_CTX_iv_length(c);
+        j = EVP_CIPHER_CTX_get_iv_length(c);
         OPENSSL_assert(j <= sizeof(c->iv));
         i = ASN1_TYPE_set_octetstring(type, oiv, j);
     }
@@ -101,8 +101,8 @@
      */
     if (cipher->set_asn1_parameters != NULL) {
         ret = cipher->set_asn1_parameters(c, type);
-    } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
-        switch (EVP_CIPHER_mode(cipher)) {
+    } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
+        switch (EVP_CIPHER_get_mode(cipher)) {
         case EVP_CIPH_WRAP_MODE:
             if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap))
                 ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
@@ -192,8 +192,8 @@
      */
     if (cipher->get_asn1_parameters != NULL) {
         ret = cipher->get_asn1_parameters(c, type);
-    } else if ((EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
-        switch (EVP_CIPHER_mode(cipher)) {
+    } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) {
+        switch (EVP_CIPHER_get_mode(cipher)) {
         case EVP_CIPH_WRAP_MODE:
             ret = 1;
             break;
@@ -273,10 +273,10 @@
 #endif /* !defined(FIPS_MODULE) */
 
 /* Convert the various cipher NIDs and dummies to a proper OID NID */
-int EVP_CIPHER_type(const EVP_CIPHER *cipher)
+int EVP_CIPHER_get_type(const EVP_CIPHER *cipher)
 {
     int nid;
-    nid = EVP_CIPHER_nid(cipher);
+    nid = EVP_CIPHER_get_nid(cipher);
 
     switch (nid) {
 
@@ -381,14 +381,14 @@
     return ok;
 }
 
-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher)
+int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher)
 {
     return cipher->block_size;
 }
 
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
 {
-    return EVP_CIPHER_block_size(ctx->cipher);
+    return EVP_CIPHER_get_block_size(ctx->cipher);
 }
 
 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
@@ -409,7 +409,7 @@
          */
         int ret = -1;
         size_t outl = 0;
-        size_t blocksize = EVP_CIPHER_CTX_block_size(ctx);
+        size_t blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
 
         if (ctx->cipher->ccipher != NULL)
             ret =  ctx->cipher->ccipher(ctx->algctx, out, &outl,
@@ -458,12 +458,12 @@
     return cipher;
 }
 
-int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
+int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx)
 {
     return ctx->encrypt;
 }
 
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
+unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher)
 {
     return cipher->flags;
 }
@@ -493,14 +493,14 @@
     return old_cipher_data;
 }
 
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
+int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher)
 {
     return cipher->iv_len;
 }
 
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx)
 {
-    int rv, len = EVP_CIPHER_iv_length(ctx->cipher);
+    int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher);
     size_t v = len;
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
 
@@ -511,7 +511,7 @@
     return rv != 0 ? (int)v : -1;
     /* Code below to be removed when legacy support is dropped. */
 legacy:
-    if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
+    if ((EVP_CIPHER_get_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
         rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
                                  0, &len);
         return (rv == 1) ? len : -1;
@@ -519,7 +519,7 @@
     return len;
 }
 
-int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx)
+int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx)
 {
     int ret;
     size_t v = 0;
@@ -600,7 +600,7 @@
     return ctx->buf;
 }
 
-int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
+int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx)
 {
     int ok;
     unsigned int v = (unsigned int)ctx->num;
@@ -626,12 +626,12 @@
     return ok != 0;
 }
 
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
+int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher)
 {
     return cipher->key_len;
 }
 
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
+int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx)
 {
     int ok;
     size_t v = ctx->key_len;
@@ -643,12 +643,12 @@
     return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED;
 }
 
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher)
 {
     return cipher->nid;
 }
 
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
+int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx)
 {
     return ctx->cipher->nid;
 }
@@ -657,31 +657,31 @@
 {
     if (cipher->prov != NULL)
         return evp_is_a(cipher->prov, cipher->name_id, NULL, name);
-    return evp_is_a(NULL, 0, EVP_CIPHER_name(cipher), name);
+    return evp_is_a(NULL, 0, EVP_CIPHER_get0_name(cipher), name);
 }
 
-int EVP_CIPHER_number(const EVP_CIPHER *cipher)
+int EVP_CIPHER_get_number(const EVP_CIPHER *cipher)
 {
     return cipher->name_id;
 }
 
-const char *EVP_CIPHER_name(const EVP_CIPHER *cipher)
+const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher)
 {
     if (cipher->type_name != NULL)
         return cipher->type_name;
 #ifndef FIPS_MODULE
-    return OBJ_nid2sn(EVP_CIPHER_nid(cipher));
+    return OBJ_nid2sn(EVP_CIPHER_get_nid(cipher));
 #else
     return NULL;
 #endif
 }
 
-const char *EVP_CIPHER_description(const EVP_CIPHER *cipher)
+const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher)
 {
     if (cipher->description != NULL)
         return cipher->description;
 #ifndef FIPS_MODULE
-    return OBJ_nid2ln(EVP_CIPHER_nid(cipher));
+    return OBJ_nid2ln(EVP_CIPHER_get_nid(cipher));
 #else
     return NULL;
 #endif
@@ -697,29 +697,29 @@
     return 1;
 }
 
-const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher)
+const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher)
 {
     return cipher->prov;
 }
 
-int EVP_CIPHER_mode(const EVP_CIPHER *cipher)
+int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher)
 {
-    return EVP_CIPHER_flags(cipher) & EVP_CIPH_MODE;
+    return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE;
 }
 
 int EVP_MD_is_a(const EVP_MD *md, const char *name)
 {
     if (md->prov != NULL)
         return evp_is_a(md->prov, md->name_id, NULL, name);
-    return evp_is_a(NULL, 0, EVP_MD_name(md), name);
+    return evp_is_a(NULL, 0, EVP_MD_get0_name(md), name);
 }
 
-int EVP_MD_number(const EVP_MD *md)
+int EVP_MD_get_number(const EVP_MD *md)
 {
     return md->name_id;
 }
 
-const char *EVP_MD_description(const EVP_MD *md)
+const char *EVP_MD_get0_description(const EVP_MD *md)
 {
     if (md->description != NULL)
         return md->description;
@@ -730,7 +730,7 @@
 #endif
 }
 
-const char *EVP_MD_name(const EVP_MD *md)
+const char *EVP_MD_get0_name(const EVP_MD *md)
 {
     if (md == NULL)
         return NULL;
@@ -753,22 +753,22 @@
     return 1;
 }
 
-const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md)
+const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md)
 {
     return md->prov;
 }
 
-int EVP_MD_type(const EVP_MD *md)
+int EVP_MD_get_type(const EVP_MD *md)
 {
     return md->type;
 }
 
-int EVP_MD_pkey_type(const EVP_MD *md)
+int EVP_MD_get_pkey_type(const EVP_MD *md)
 {
     return md->pkey_type;
 }
 
-int EVP_MD_block_size(const EVP_MD *md)
+int EVP_MD_get_block_size(const EVP_MD *md)
 {
     if (md == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
@@ -777,7 +777,7 @@
     return md->block_size;
 }
 
-int EVP_MD_size(const EVP_MD *md)
+int EVP_MD_get_size(const EVP_MD *md)
 {
     if (md == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL);
@@ -786,7 +786,7 @@
     return md->md_size;
 }
 
-unsigned long EVP_MD_flags(const EVP_MD *md)
+unsigned long EVP_MD_get_flags(const EVP_MD *md)
 {
     return md->flags;
 }
@@ -999,7 +999,7 @@
     return md;
 }
 
-EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
+EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx)
 {
     return ctx->pctx;
 }
@@ -1025,7 +1025,7 @@
 }
 #endif /* !defined(FIPS_MODULE) */
 
-void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
+void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx)
 {
     return ctx->md_data;
 }
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h
index a0f3638..137e458 100644
--- a/crypto/evp/evp_local.h
+++ b/crypto/evp/evp_local.h
@@ -325,7 +325,7 @@
 
 #define M_check_autoarg(ctx, arg, arglen, err) \
     if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {           \
-        size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey);         \
+        size_t pksize = (size_t)EVP_PKEY_get_size(ctx->pkey);         \
                                                                   \
         if (pksize == 0) {                                        \
             ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index 129888f..e19b781 100644
--- a/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
@@ -226,11 +226,11 @@
     int cipher_nid, md_nid;
 
     if (cipher)
-        cipher_nid = EVP_CIPHER_nid(cipher);
+        cipher_nid = EVP_CIPHER_get_nid(cipher);
     else
         cipher_nid = -1;
     if (md)
-        md_nid = EVP_MD_type(md);
+        md_nid = EVP_MD_get_type(md);
     else
         md_nid = -1;
 
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index f82d6f8..420b693 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -225,7 +225,7 @@
     const char *name = NULL;
 
     if (key->keymgmt != NULL)
-        return EVP_KEYMGMT_name(key->keymgmt);
+        return EVP_KEYMGMT_get0_name(key->keymgmt);
 
     /* Otherwise fallback to legacy */
     ameth = EVP_PKEY_get0_asn1(key);
diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c
index c886d9a..1e41fe0 100644
--- a/crypto/evp/evp_rand.c
+++ b/crypto/evp/evp_rand.c
@@ -293,17 +293,17 @@
     evp_rand_free(rand);
 }
 
-int EVP_RAND_number(const EVP_RAND *rand)
+int EVP_RAND_get_number(const EVP_RAND *rand)
 {
     return rand->name_id;
 }
 
-const char *EVP_RAND_name(const EVP_RAND *rand)
+const char *EVP_RAND_get0_name(const EVP_RAND *rand)
 {
     return rand->type_name;
 }
 
-const char *EVP_RAND_description(const EVP_RAND *rand)
+const char *EVP_RAND_get0_description(const EVP_RAND *rand)
 {
     return rand->description;
 }
@@ -313,7 +313,7 @@
     return evp_is_a(rand->prov, rand->name_id, NULL, name);
 }
 
-const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand)
+const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand)
 {
     return rand->prov;
 }
@@ -395,7 +395,7 @@
     EVP_RAND_CTX_free(parent);
 }
 
-EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx)
+EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx)
 {
     return ctx->meth;
 }
@@ -440,7 +440,7 @@
 {
     if (rand->gettable_params == NULL)
         return NULL;
-    return rand->gettable_params(ossl_provider_ctx(EVP_RAND_provider(rand)));
+    return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand)));
 }
 
 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
@@ -449,7 +449,7 @@
 
     if (rand->gettable_ctx_params == NULL)
         return NULL;
-    provctx = ossl_provider_ctx(EVP_RAND_provider(rand));
+    provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
     return rand->gettable_ctx_params(NULL, provctx);
 }
 
@@ -459,7 +459,7 @@
 
     if (rand->settable_ctx_params == NULL)
         return NULL;
-    provctx = ossl_provider_ctx(EVP_RAND_provider(rand));
+    provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
     return rand->settable_ctx_params(NULL, provctx);
 }
 
@@ -469,7 +469,7 @@
 
     if (ctx->meth->gettable_ctx_params == NULL)
         return NULL;
-    provctx = ossl_provider_ctx(EVP_RAND_provider(ctx->meth));
+    provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
     return ctx->meth->gettable_ctx_params(ctx->algctx, provctx);
 }
 
@@ -479,7 +479,7 @@
 
     if (ctx->meth->settable_ctx_params == NULL)
         return NULL;
-    provctx = ossl_provider_ctx(EVP_RAND_provider(ctx->meth));
+    provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
     return ctx->meth->settable_ctx_params(ctx->algctx, provctx);
 }
 
@@ -622,7 +622,7 @@
     return strength;
 }
 
-unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx)
+unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx)
 {
     unsigned int res;
 
@@ -656,7 +656,7 @@
     return res;
 }
 
-int EVP_RAND_state(EVP_RAND_CTX *ctx)
+int EVP_RAND_get_state(EVP_RAND_CTX *ctx)
 {
     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
     int state;
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c
index fb55216..2a06608 100644
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -166,7 +166,7 @@
     return 1;
 }
 
-OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange)
+OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange)
 {
     return exchange->prov;
 }
@@ -264,8 +264,8 @@
     exchange = EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery);
 
     if (exchange == NULL
-        || (EVP_KEYMGMT_provider(ctx->keymgmt)
-            != EVP_KEYEXCH_provider(exchange))) {
+        || (EVP_KEYMGMT_get0_provider(ctx->keymgmt)
+            != EVP_KEYEXCH_get0_provider(exchange))) {
         /*
          * We don't need to free ctx->keymgmt here, as it's not necessarily
          * tied to this operation.  It will be freed by EVP_PKEY_CTX_free().
@@ -464,17 +464,17 @@
         return ctx->pmeth->derive(ctx, key, pkeylen);
 }
 
-int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch)
+int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *keyexch)
 {
     return keyexch->name_id;
 }
 
-const char *EVP_KEYEXCH_name(const EVP_KEYEXCH *keyexch)
+const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch)
 {
     return keyexch->type_name;
 }
 
-const char *EVP_KEYEXCH_description(const EVP_KEYEXCH *keyexch)
+const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch)
 {
     return keyexch->description;
 }
@@ -511,7 +511,7 @@
     if (keyexch == NULL || keyexch->gettable_ctx_params == NULL)
         return NULL;
 
-    provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch));
+    provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch));
     return keyexch->gettable_ctx_params(NULL, provctx);
 }
 
@@ -521,6 +521,6 @@
 
     if (keyexch == NULL || keyexch->settable_ctx_params == NULL)
         return NULL;
-    provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(keyexch));
+    provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch));
     return keyexch->settable_ctx_params(NULL, provctx);
 }
diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
index 55f5c50..65b1617 100644
--- a/crypto/evp/kdf_lib.c
+++ b/crypto/evp/kdf_lib.c
@@ -83,17 +83,17 @@
     return dst;
 }
 
-int EVP_KDF_number(const EVP_KDF *kdf)
+int EVP_KDF_get_number(const EVP_KDF *kdf)
 {
     return kdf->name_id;
 }
 
-const char *EVP_KDF_name(const EVP_KDF *kdf)
+const char *EVP_KDF_get0_name(const EVP_KDF *kdf)
 {
     return kdf->type_name;
 }
 
-const char *EVP_KDF_description(const EVP_KDF *kdf)
+const char *EVP_KDF_get0_description(const EVP_KDF *kdf)
 {
     return kdf->description;
 }
@@ -103,7 +103,7 @@
     return evp_is_a(kdf->prov, kdf->name_id, NULL, name);
 }
 
-const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf)
+const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf)
 {
     return kdf->prov;
 }
diff --git a/crypto/evp/kdf_meth.c b/crypto/evp/kdf_meth.c
index 9cf0ca1..8759021 100644
--- a/crypto/evp/kdf_meth.c
+++ b/crypto/evp/kdf_meth.c
@@ -179,7 +179,7 @@
 {
     if (kdf->gettable_params == NULL)
         return NULL;
-    return kdf->gettable_params(ossl_provider_ctx(EVP_KDF_provider(kdf)));
+    return kdf->gettable_params(ossl_provider_ctx(EVP_KDF_get0_provider(kdf)));
 }
 
 const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf)
@@ -188,7 +188,7 @@
 
     if (kdf->gettable_ctx_params == NULL)
         return NULL;
-    alg = ossl_provider_ctx(EVP_KDF_provider(kdf));
+    alg = ossl_provider_ctx(EVP_KDF_get0_provider(kdf));
     return kdf->gettable_ctx_params(NULL, alg);
 }
 
@@ -198,7 +198,7 @@
 
     if (kdf->settable_ctx_params == NULL)
         return NULL;
-    alg = ossl_provider_ctx(EVP_KDF_provider(kdf));
+    alg = ossl_provider_ctx(EVP_KDF_get0_provider(kdf));
     return kdf->settable_ctx_params(NULL, alg);
 }
 
@@ -208,7 +208,7 @@
 
     if (ctx->meth->gettable_ctx_params == NULL)
         return NULL;
-    alg = ossl_provider_ctx(EVP_KDF_provider(ctx->meth));
+    alg = ossl_provider_ctx(EVP_KDF_get0_provider(ctx->meth));
     return ctx->meth->gettable_ctx_params(ctx->algctx, alg);
 }
 
@@ -218,7 +218,7 @@
 
     if (ctx->meth->settable_ctx_params == NULL)
         return NULL;
-    alg = ossl_provider_ctx(EVP_KDF_provider(ctx->meth));
+    alg = ossl_provider_ctx(EVP_KDF_get0_provider(ctx->meth));
     return ctx->meth->settable_ctx_params(ctx->algctx, alg);
 }
 
diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c
index 493eabf..594633c 100644
--- a/crypto/evp/kem.c
+++ b/crypto/evp/kem.c
@@ -60,7 +60,7 @@
 
     kem = EVP_KEM_fetch(ctx->libctx, supported_kem, ctx->propquery);
     if (kem == NULL
-        || (EVP_KEYMGMT_provider(ctx->keymgmt) != EVP_KEM_provider(kem))) {
+        || (EVP_KEYMGMT_get0_provider(ctx->keymgmt) != EVP_KEM_get0_provider(kem))) {
         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
         ret = -2;
         goto err;
@@ -324,7 +324,7 @@
     return 1;
 }
 
-OSSL_PROVIDER *EVP_KEM_provider(const EVP_KEM *kem)
+OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem)
 {
     return kem->prov;
 }
@@ -343,17 +343,17 @@
     return evp_is_a(kem->prov, kem->name_id, NULL, name);
 }
 
-int EVP_KEM_number(const EVP_KEM *kem)
+int EVP_KEM_get_number(const EVP_KEM *kem)
 {
     return kem->name_id;
 }
 
-const char *EVP_KEM_name(const EVP_KEM *kem)
+const char *EVP_KEM_get0_name(const EVP_KEM *kem)
 {
     return kem->type_name;
 }
 
-const char *EVP_KEM_description(const EVP_KEM *kem)
+const char *EVP_KEM_get0_description(const EVP_KEM *kem)
 {
     return kem->description;
 }
@@ -384,7 +384,7 @@
     if (kem == NULL || kem->gettable_ctx_params == NULL)
         return NULL;
 
-    provctx = ossl_provider_ctx(EVP_KEM_provider(kem));
+    provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem));
     return kem->gettable_ctx_params(NULL, provctx);
 }
 
@@ -395,6 +395,6 @@
     if (kem == NULL || kem->settable_ctx_params == NULL)
         return NULL;
 
-    provctx = ossl_provider_ctx(EVP_KEM_provider(kem));
+    provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem));
     return kem->settable_ctx_params(NULL, provctx);
 }
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index d2d60fa..bbca3dd 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -22,7 +22,7 @@
  */
 static int match_type(const EVP_KEYMGMT *keymgmt1, const EVP_KEYMGMT *keymgmt2)
 {
-    const char *name2 = EVP_KEYMGMT_name(keymgmt2);
+    const char *name2 = EVP_KEYMGMT_get0_name(keymgmt2);
 
     return EVP_KEYMGMT_is_a(keymgmt1, name2);
 }
@@ -278,7 +278,7 @@
     /*
      * Cache information about the provider "origin" key.
      *
-     * This services functions like EVP_PKEY_size, EVP_PKEY_bits, etc
+     * This services functions like EVP_PKEY_get_size, EVP_PKEY_get_bits, etc
      */
     if (pk->keydata != NULL) {
         int bits = 0;
diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c
index 94f0133..841eae1 100644
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -246,22 +246,22 @@
     OPENSSL_free(keymgmt);
 }
 
-const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt)
+const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt)
 {
     return keymgmt->prov;
 }
 
-int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt)
+int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt)
 {
     return keymgmt->name_id;
 }
 
-const char *EVP_KEYMGMT_description(const EVP_KEYMGMT *keymgmt)
+const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt)
 {
     return keymgmt->description;
 }
 
-const char *EVP_KEYMGMT_name(const EVP_KEYMGMT *keymgmt)
+const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt)
 {
     return keymgmt->type_name;
 }
@@ -296,7 +296,7 @@
  */
 void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt)
 {
-    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
+    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
 
     /*
      * 'new' is currently mandatory on its own, but when new
@@ -317,7 +317,7 @@
 void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection,
                            const OSSL_PARAM params[])
 {
-    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
+    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
 
     if (keymgmt->gen_init == NULL)
         return NULL;
@@ -348,7 +348,7 @@
 
 const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt)
 {
-    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
+    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
 
     if (keymgmt->gen_settable_params == NULL)
         return NULL;
@@ -387,7 +387,7 @@
 
 const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt)
 {
-    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
+    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
 
     if (keymgmt->gettable_params == NULL)
         return NULL;
@@ -404,7 +404,7 @@
 
 const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt)
 {
-    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
+    void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
 
     if (keymgmt->settable_params == NULL)
         return NULL;
diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c
index f2d4c0b..b84bf3d 100644
--- a/crypto/evp/legacy_md5_sha1.c
+++ b/crypto/evp/legacy_md5_sha1.c
@@ -21,7 +21,7 @@
 IMPLEMENT_LEGACY_EVP_MD_METH_LC(md5_sha1_int, ossl_md5_sha1)
 static int md5_sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
 {
-    return ossl_md5_sha1_ctrl(EVP_MD_CTX_md_data(ctx), cmd, mslen, ms);
+    return ossl_md5_sha1_ctrl(EVP_MD_CTX_get0_md_data(ctx), cmd, mslen, ms);
 }
 
 static const EVP_MD md5_sha1_md = {
diff --git a/crypto/evp/legacy_meth.h b/crypto/evp/legacy_meth.h
index 0a23efd..d32f20a 100644
--- a/crypto/evp/legacy_meth.h
+++ b/crypto/evp/legacy_meth.h
@@ -10,29 +10,29 @@
 #define IMPLEMENT_LEGACY_EVP_MD_METH(nm, fn)                                   \
 static int nm##_init(EVP_MD_CTX *ctx)                                          \
 {                                                                              \
-    return fn##_Init(EVP_MD_CTX_md_data(ctx));                                 \
+    return fn##_Init(EVP_MD_CTX_get0_md_data(ctx));                            \
 }                                                                              \
 static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count)        \
 {                                                                              \
-    return fn##_Update(EVP_MD_CTX_md_data(ctx), data, count);                  \
+    return fn##_Update(EVP_MD_CTX_get0_md_data(ctx), data, count);             \
 }                                                                              \
 static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md)                      \
 {                                                                              \
-    return fn##_Final(md, EVP_MD_CTX_md_data(ctx));                            \
+    return fn##_Final(md, EVP_MD_CTX_get0_md_data(ctx));                       \
 }
 
 #define IMPLEMENT_LEGACY_EVP_MD_METH_LC(nm, fn)                                \
 static int nm##_init(EVP_MD_CTX *ctx)                                          \
 {                                                                              \
-    return fn##_init(EVP_MD_CTX_md_data(ctx));                                 \
+    return fn##_init(EVP_MD_CTX_get0_md_data(ctx));                            \
 }                                                                              \
 static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count)        \
 {                                                                              \
-    return fn##_update(EVP_MD_CTX_md_data(ctx), data, count);                  \
+    return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count);             \
 }                                                                              \
 static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md)                      \
 {                                                                              \
-    return fn##_final(md, EVP_MD_CTX_md_data(ctx));                            \
+    return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx));                       \
 }
 
 
diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c
index 9ab839e..3859286 100644
--- a/crypto/evp/legacy_sha.c
+++ b/crypto/evp/legacy_sha.c
@@ -29,20 +29,20 @@
 #define IMPLEMENT_LEGACY_EVP_MD_METH_SHA3(nm, fn, tag)                         \
 static int nm##_init(EVP_MD_CTX *ctx)                                          \
 {                                                                              \
-    return fn##_init(EVP_MD_CTX_md_data(ctx), tag, ctx->digest->md_size * 8);  \
+    return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \
 }                                                                              \
 static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count)        \
 {                                                                              \
-    return fn##_update(EVP_MD_CTX_md_data(ctx), data, count);                  \
+    return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count);             \
 }                                                                              \
 static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md)                      \
 {                                                                              \
-    return fn##_final(md, EVP_MD_CTX_md_data(ctx));                            \
+    return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx));                       \
 }
 #define IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(nm, fn, tag)                        \
 static int nm##_init(EVP_MD_CTX *ctx)                                          \
 {                                                                              \
-    return fn##_init(EVP_MD_CTX_md_data(ctx), tag, ctx->digest->md_size * 8);  \
+    return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \
 }                                                                              \
 
 #define sha512_224_Init    sha512_224_init
@@ -65,7 +65,7 @@
 
 static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
 {
-    return ossl_sha1_ctrl(ctx != NULL ? EVP_MD_CTX_md_data(ctx) : NULL,
+    return ossl_sha1_ctrl(ctx != NULL ? EVP_MD_CTX_get0_md_data(ctx) : NULL,
                           cmd, p1, p2);
 }
 
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 296269a..dba5495 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -122,8 +122,8 @@
                                     locpctx->propquery);
 
     if (signature == NULL
-        || (EVP_KEYMGMT_provider(locpctx->keymgmt)
-            != EVP_SIGNATURE_provider(signature))) {
+        || (EVP_KEYMGMT_get0_provider(locpctx->keymgmt)
+            != EVP_SIGNATURE_get0_provider(signature))) {
         /*
          * We don't need to free ctx->keymgmt here, as it's not necessarily
          * tied to this operation.  It will be freed by EVP_PKEY_CTX_free().
@@ -156,7 +156,7 @@
     if (type != NULL) {
         ctx->reqdigest = type;
         if (mdname == NULL)
-            mdname = canon_mdname(EVP_MD_name(type));
+            mdname = canon_mdname(EVP_MD_get0_name(type));
     } else {
         if (mdname == NULL) {
             if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey,
@@ -475,7 +475,7 @@
             if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
                 return 0;
         } else {
-            int s = EVP_MD_size(ctx->digest);
+            int s = EVP_MD_get_size(ctx->digest);
 
             if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
                 return 0;
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 9356595..bd8543b 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -77,7 +77,7 @@
     return dst;
 }
 
-EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx)
+EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx)
 {
     return ctx->meth;
 }
@@ -203,17 +203,17 @@
     return 1;
 }
 
-int EVP_MAC_number(const EVP_MAC *mac)
+int EVP_MAC_get_number(const EVP_MAC *mac)
 {
     return mac->name_id;
 }
 
-const char *EVP_MAC_name(const EVP_MAC *mac)
+const char *EVP_MAC_get0_name(const EVP_MAC *mac)
 {
     return mac->type_name;
 }
 
-const char *EVP_MAC_description(const EVP_MAC *mac)
+const char *EVP_MAC_get0_description(const EVP_MAC *mac)
 {
     return mac->description;
 }
diff --git a/crypto/evp/mac_meth.c b/crypto/evp/mac_meth.c
index 6396eb3..74cfecb 100644
--- a/crypto/evp/mac_meth.c
+++ b/crypto/evp/mac_meth.c
@@ -175,7 +175,7 @@
     evp_mac_free(mac);
 }
 
-const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac)
+const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac)
 {
     return mac->prov;
 }
@@ -184,7 +184,7 @@
 {
     if (mac->gettable_params == NULL)
         return NULL;
-    return mac->gettable_params(ossl_provider_ctx(EVP_MAC_provider(mac)));
+    return mac->gettable_params(ossl_provider_ctx(EVP_MAC_get0_provider(mac)));
 }
 
 const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac)
@@ -193,7 +193,7 @@
 
     if (mac->gettable_ctx_params == NULL)
         return NULL;
-    alg = ossl_provider_ctx(EVP_MAC_provider(mac));
+    alg = ossl_provider_ctx(EVP_MAC_get0_provider(mac));
     return mac->gettable_ctx_params(NULL, alg);
 }
 
@@ -203,7 +203,7 @@
 
     if (mac->settable_ctx_params == NULL)
         return NULL;
-    alg = ossl_provider_ctx(EVP_MAC_provider(mac));
+    alg = ossl_provider_ctx(EVP_MAC_get0_provider(mac));
     return mac->settable_ctx_params(NULL, alg);
 }
 
@@ -213,7 +213,7 @@
 
     if (ctx->meth->gettable_ctx_params == NULL)
         return NULL;
-    alg = ossl_provider_ctx(EVP_MAC_provider(ctx->meth));
+    alg = ossl_provider_ctx(EVP_MAC_get0_provider(ctx->meth));
     return ctx->meth->gettable_ctx_params(ctx->algctx, alg);
 }
 
@@ -223,7 +223,7 @@
 
     if (ctx->meth->settable_ctx_params == NULL)
         return NULL;
-    alg = ossl_provider_ctx(EVP_MAC_provider(ctx->meth));
+    alg = ossl_provider_ctx(EVP_MAC_get0_provider(ctx->meth));
     return ctx->meth->settable_ctx_params(ctx->algctx, alg);
 }
 
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index abf153c..d8442a8 100644
--- a/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
@@ -54,12 +54,12 @@
         return 0;
     }
 
-    ivl = EVP_CIPHER_iv_length(cipher);
+    ivl = EVP_CIPHER_get_iv_length(cipher);
     if (ivl < 0 || ivl > 16) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH);
         goto err;
     }
-    kl = EVP_CIPHER_key_length(cipher);
+    kl = EVP_CIPHER_get_key_length(cipher);
     if (kl < 0 || kl > (int)sizeof(md_tmp)) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
         goto err;
@@ -77,7 +77,7 @@
     else if (passlen == -1)
         passlen = strlen(pass);
 
-    mdsize = EVP_MD_size(md);
+    mdsize = EVP_MD_get_size(md);
     if (mdsize < 0)
         goto err;
 
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 5477330..7088875 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -28,7 +28,7 @@
     int rv = 1, mode = 1;
     EVP_KDF *kdf;
     EVP_KDF_CTX *kctx;
-    const char *mdname = EVP_MD_name(digest);
+    const char *mdname = EVP_MD_get0_name(digest);
     OSSL_PARAM params[6], *p = params;
 
     /* Keep documented behaviour. */
@@ -193,7 +193,7 @@
         ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET);
         goto err;
     }
-    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    keylen = EVP_CIPHER_CTX_get_key_length(ctx);
     OPENSSL_assert(keylen <= sizeof(key));
 
     /* Decode parameter */
@@ -205,7 +205,7 @@
         goto err;
     }
 
-    t = EVP_CIPHER_CTX_key_length(ctx);
+    t = EVP_CIPHER_CTX_get_key_length(ctx);
     if (t < 0) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
         goto err;
diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
index 822c214..7b33ede 100644
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
@@ -23,7 +23,7 @@
 {
     int ret = -1;
 
-    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
+    if (EVP_PKEY_get_id(priv) != EVP_PKEY_RSA) {
         ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA);
         goto err;
     }
diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
index f1a7a83..d4db595 100644
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -23,7 +23,7 @@
 {
     int ret = 0;
 
-    if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) {
+    if (EVP_PKEY_get_id(pubk) != EVP_PKEY_RSA) {
         ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA);
         goto err;
     }
diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c
index c1d813f..6c65e7e 100644
--- a/crypto/evp/p_legacy.c
+++ b/crypto/evp/p_legacy.c
@@ -68,7 +68,7 @@
 
 EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey)
 {
-    if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
+    if (EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC) {
         ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY);
         return NULL;
     }
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index d2c8711..07be888 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -58,7 +58,7 @@
 /* The type of parameters selected in key parameter functions */
 # define SELECT_PARAMETERS OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
 
-int EVP_PKEY_bits(const EVP_PKEY *pkey)
+int EVP_PKEY_get_bits(const EVP_PKEY *pkey)
 {
     int size = 0;
 
@@ -70,7 +70,7 @@
     return size < 0 ? 0 : size;
 }
 
-int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
+int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey)
 {
     int size = 0;
 
@@ -616,7 +616,7 @@
     EVP_PKEY_CTX *ctx;
 
     if (cipher != NULL)
-        cipher_name = EVP_CIPHER_name(cipher);
+        cipher_name = EVP_CIPHER_get0_name(cipher);
 
     if (cipher_name == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED);
@@ -865,7 +865,7 @@
 # ifndef OPENSSL_NO_EC
 static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type)
 {
-    if (EVP_PKEY_base_id(pkey) != type) {
+    if (EVP_PKEY_get_base_id(pkey) != type) {
         ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_ECX_KEY);
         return NULL;
     }
@@ -970,12 +970,12 @@
     return ret;
 }
 
-int EVP_PKEY_id(const EVP_PKEY *pkey)
+int EVP_PKEY_get_id(const EVP_PKEY *pkey)
 {
     return pkey->type;
 }
 
-int EVP_PKEY_base_id(const EVP_PKEY *pkey)
+int EVP_PKEY_get_base_id(const EVP_PKEY *pkey)
 {
     return EVP_PKEY_type(pkey->type);
 }
@@ -1052,7 +1052,7 @@
         return 0;
 
     if (!evp_pkey_is_provided(pkey)) {
-        const char *name = OBJ_nid2sn(EVP_PKEY_id(pkey));
+        const char *name = OBJ_nid2sn(EVP_PKEY_get_id(pkey));
 
         fn(name, data);
         return 1;
@@ -1063,7 +1063,7 @@
 int EVP_PKEY_can_sign(const EVP_PKEY *pkey)
 {
     if (pkey->keymgmt == NULL) {
-        switch (EVP_PKEY_base_id(pkey)) {
+        switch (EVP_PKEY_get_base_id(pkey)) {
         case EVP_PKEY_RSA:
             return 1;
 # ifndef OPENSSL_NO_DSA
@@ -1081,12 +1081,12 @@
             break;
         }
     } else {
-        const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt);
+        const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
         OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
         const char *supported_sig =
             pkey->keymgmt->query_operation_name != NULL
             ? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE)
-            : EVP_KEYMGMT_name(pkey->keymgmt);
+            : EVP_KEYMGMT_get0_name(pkey->keymgmt);
         EVP_SIGNATURE *signature = NULL;
 
         signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL);
@@ -1767,7 +1767,7 @@
     OPENSSL_free(x);
 }
 
-int EVP_PKEY_size(const EVP_PKEY *pkey)
+int EVP_PKEY_get_size(const EVP_PKEY *pkey)
 {
     int size = 0;
 
@@ -1781,7 +1781,7 @@
     return size < 0 ? 0 : size;
 }
 
-const char *EVP_PKEY_description(const EVP_PKEY *pkey)
+const char *EVP_PKEY_get0_description(const EVP_PKEY *pkey)
 {
     if (!evp_pkey_is_assigned(pkey))
         return NULL;
@@ -1971,7 +1971,7 @@
         int type = src->type;
         const char *keytype = NULL;
 
-        keytype = EVP_KEYMGMT_name(keymgmt);
+        keytype = EVP_KEYMGMT_get0_name(keymgmt);
 
         /*
          * If the type is EVP_PKEY_NONE, then we have a problem somewhere
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index bafafd6..475082d 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -35,7 +35,7 @@
             return 0;
     }
     if ((cipher = EVP_CIPHER_CTX_get0_cipher(ctx)) != NULL
-            && (prov = EVP_CIPHER_provider(cipher)) != NULL)
+            && (prov = EVP_CIPHER_get0_provider(cipher)) != NULL)
         libctx = ossl_provider_libctx(prov);
     if ((npubk <= 0) || !pubk)
         return 1;
@@ -43,11 +43,11 @@
     if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
         return 0;
 
-    len = EVP_CIPHER_CTX_iv_length(ctx);
+    len = EVP_CIPHER_CTX_get_iv_length(ctx);
     if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len, 0) <= 0)
         goto err;
 
-    len = EVP_CIPHER_CTX_key_length(ctx);
+    len = EVP_CIPHER_CTX_get_key_length(ctx);
     if (len < 0)
         goto err;
 
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index fed9471..8e430f4 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -44,7 +44,7 @@
             return 0;
     }
 
-    sltmp = (size_t)EVP_PKEY_size(pkey);
+    sltmp = (size_t)EVP_PKEY_get_size(pkey);
     i = 0;
     pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
     if (pkctx == NULL)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 47062c0..bcc601e 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -192,7 +192,7 @@
         /* If we have an engine, something went wrong somewhere... */
         if (!ossl_assert(e == NULL))
             return NULL;
-        keytype = EVP_KEYMGMT_name(pkey->keymgmt);
+        keytype = EVP_KEYMGMT_get0_name(pkey->keymgmt);
         goto common;
     }
 
@@ -742,7 +742,7 @@
     if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
             && ctx->op.kex.exchange != NULL
             && ctx->op.kex.exchange->gettable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange));
+        provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange));
         return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.algctx,
                                                          provctx);
     }
@@ -750,7 +750,7 @@
             && ctx->op.sig.signature != NULL
             && ctx->op.sig.signature->gettable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(
-                      EVP_SIGNATURE_provider(ctx->op.sig.signature));
+                      EVP_SIGNATURE_get0_provider(ctx->op.sig.signature));
         return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.algctx,
                                                           provctx);
     }
@@ -758,14 +758,14 @@
             && ctx->op.ciph.cipher != NULL
             && ctx->op.ciph.cipher->gettable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(
-                      EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher));
+                      EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher));
         return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.algctx,
                                                         provctx);
     }
     if (EVP_PKEY_CTX_IS_KEM_OP(ctx)
         && ctx->op.encap.kem != NULL
         && ctx->op.encap.kem->gettable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem));
+        provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem));
         return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx,
                                                       provctx);
     }
@@ -779,7 +779,7 @@
     if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
             && ctx->op.kex.exchange != NULL
             && ctx->op.kex.exchange->settable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_KEYEXCH_provider(ctx->op.kex.exchange));
+        provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange));
         return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.algctx,
                                                          provctx);
     }
@@ -787,7 +787,7 @@
             && ctx->op.sig.signature != NULL
             && ctx->op.sig.signature->settable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(
-                      EVP_SIGNATURE_provider(ctx->op.sig.signature));
+                      EVP_SIGNATURE_get0_provider(ctx->op.sig.signature));
         return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.algctx,
                                                           provctx);
     }
@@ -795,21 +795,21 @@
             && ctx->op.ciph.cipher != NULL
             && ctx->op.ciph.cipher->settable_ctx_params != NULL) {
         provctx = ossl_provider_ctx(
-                      EVP_ASYM_CIPHER_provider(ctx->op.ciph.cipher));
+                      EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher));
         return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.algctx,
                                                         provctx);
     }
     if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
             && ctx->keymgmt != NULL
             && ctx->keymgmt->gen_settable_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(ctx->keymgmt));
+        provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt));
         return ctx->keymgmt->gen_settable_params(ctx->op.keymgmt.genctx,
                                                  provctx);
     }
     if (EVP_PKEY_CTX_IS_KEM_OP(ctx)
         && ctx->op.encap.kem != NULL
         && ctx->op.encap.kem->settable_ctx_params != NULL) {
-        provctx = ossl_provider_ctx(EVP_KEM_provider(ctx->op.encap.kem));
+        provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem));
         return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.algctx,
                                                       provctx);
     }
@@ -931,7 +931,7 @@
     if (md == NULL) {
         name = "";
     } else {
-        name = EVP_MD_name(md);
+        name = EVP_MD_get0_name(md);
     }
 
     *p++ = OSSL_PARAM_construct_utf8_string(param,
@@ -1051,7 +1051,7 @@
                                           info, infolen);
 }
 
-int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode)
+int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode)
 {
     OSSL_PARAM int_params[2], *p = int_params;
 
diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index b4e0ff2..698adff 100644
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -300,7 +300,7 @@
     return 1;
 }
 
-OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
+OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature)
 {
     return signature->prov;
 }
@@ -319,17 +319,17 @@
     return evp_is_a(signature->prov, signature->name_id, NULL, name);
 }
 
-int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature)
+int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature)
 {
     return signature->name_id;
 }
 
-const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature)
+const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature)
 {
     return signature->type_name;
 }
 
-const char *EVP_SIGNATURE_description(const EVP_SIGNATURE *signature)
+const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature)
 {
     return signature->description;
 }
@@ -363,7 +363,7 @@
     if (sig == NULL || sig->gettable_ctx_params == NULL)
         return NULL;
 
-    provctx = ossl_provider_ctx(EVP_SIGNATURE_provider(sig));
+    provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
     return sig->gettable_ctx_params(NULL, provctx);
 }
 
@@ -374,7 +374,7 @@
     if (sig == NULL || sig->settable_ctx_params == NULL)
         return NULL;
 
-    provctx = ossl_provider_ctx(EVP_SIGNATURE_provider(sig));
+    provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig));
     return sig->settable_ctx_params(NULL, provctx);
 }
 
@@ -439,8 +439,8 @@
         EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
 
     if (signature == NULL
-        || (EVP_KEYMGMT_provider(ctx->keymgmt)
-            != EVP_SIGNATURE_provider(signature))) {
+        || (EVP_KEYMGMT_get0_provider(ctx->keymgmt)
+            != EVP_SIGNATURE_get0_provider(signature))) {
         /*
          * We don't need to free ctx->keymgmt here, as it's not necessarily
          * tied to this operation.  It will be freed by EVP_PKEY_CTX_free().
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 85ae524..36b5a87 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -140,7 +140,7 @@
     EVP_MD_CTX *mctx = NULL;
     int mdsize;
 
-    mdsize = EVP_MD_size(evpmd);
+    mdsize = EVP_MD_get_size(evpmd);
     if (mdsize <= 0)
         return 0;
 
@@ -211,7 +211,7 @@
     if (!BN_lshift(test, BN_value_one(), L - 1))
         goto err;
 
-    mdsize = EVP_MD_size(evpmd);
+    mdsize = EVP_MD_get_size(evpmd);
     if (mdsize <= 0)
         goto err;
 
@@ -318,7 +318,7 @@
     int ret = 0, r;
     int m = *retm;
     unsigned char md[EVP_MAX_MD_SIZE];
-    int mdsize = EVP_MD_size(evpmd);
+    int mdsize = EVP_MD_get_size(evpmd);
     unsigned char *pmd;
     OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx);
 
@@ -547,7 +547,7 @@
     }
     if (md == NULL)
         goto err;
-    mdsize = EVP_MD_size(md);
+    mdsize = EVP_MD_get_size(md);
     if (mdsize <= 0)
         goto err;
 
@@ -843,7 +843,7 @@
     if (md == NULL)
         goto err;
     if (N == 0)
-        N = EVP_MD_size(md) * 8;
+        N = EVP_MD_get_size(md) * 8;
     qsize = N >> 3;
 
     /*
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 86cdb7b..618b0a6 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -46,13 +46,13 @@
      * The HMAC construction is not allowed to be used with the
      * extendable-output functions (XOF) shake128 and shake256.
      */
-    if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0)
+    if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0)
         return 0;
 
     if (key != NULL) {
         reset = 1;
 
-        j = EVP_MD_block_size(md);
+        j = EVP_MD_get_block_size(md);
         if (!ossl_assert(j <= (int)sizeof(keytmp)))
             return 0;
         if (j < 0)
@@ -76,13 +76,15 @@
         for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
             pad[i] = 0x36 ^ keytmp[i];
         if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
-                || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
+                || !EVP_DigestUpdate(ctx->i_ctx, pad,
+                                     EVP_MD_get_block_size(md)))
             goto err;
 
         for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
             pad[i] = 0x5c ^ keytmp[i];
         if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
-                || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
+                || !EVP_DigestUpdate(ctx->o_ctx, pad,
+                                     EVP_MD_get_block_size(md)))
             goto err;
     }
     if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
@@ -135,7 +137,7 @@
 
 size_t HMAC_size(const HMAC_CTX *ctx)
 {
-    int size = EVP_MD_size((ctx)->md);
+    int size = EVP_MD_get_size((ctx)->md);
 
     return (size < 0) ? 0 : size;
 }
@@ -221,11 +223,11 @@
                     unsigned char *md, unsigned int *md_len)
 {
     static unsigned char static_md[EVP_MAX_MD_SIZE];
-    int size = EVP_MD_size(evp_md);
+    int size = EVP_MD_get_size(evp_md);
 
     if (size < 0)
         return NULL;
-    return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_name(evp_md), NULL,
+    return EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL,
                      key, key_len, data, data_len,
                      md == NULL ? static_md : md, size, md_len);
 }
diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c
index 07c3f4a..e6348a8 100644
--- a/crypto/modes/siv128.c
+++ b/crypto/modes/siv128.c
@@ -184,7 +184,7 @@
     if (key == NULL || cbc == NULL || ctr == NULL)
         return 0;
 
-    cbc_name = EVP_CIPHER_name(cbc);
+    cbc_name = EVP_CIPHER_get0_name(cbc);
     params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
                                                  (char *)cbc_name, 0);
     params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 336372f..285634d 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -55,7 +55,7 @@
 
     alg = &cid->hashAlgorithm;
     ASN1_OBJECT_free(alg->algorithm);
-    if ((nid = EVP_MD_type(dgst)) == NID_undef) {
+    if ((nid = EVP_MD_get_type(dgst)) == NID_undef) {
         ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID);
         goto err;
     }
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index 1475bb0..dbb6e76 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -171,12 +171,12 @@
     OCSP_RESPID *rid;
     EVP_PKEY *pkey;
 
-    if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) {
+    if (ctx == NULL || EVP_MD_CTX_get_pkey_ctx(ctx) == NULL) {
         ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY);
         goto err;
     }
 
-    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx));
     if (pkey == NULL || !X509_check_private_key(signer, pkey)) {
         ERR_raise(ERR_LIB_OCSP, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
         goto err;
@@ -223,7 +223,7 @@
     if (ctx == NULL)
         return 0;
 
-    if (!EVP_DigestSignInit_ex(ctx, &pkctx, EVP_MD_name(dgst),
+    if (!EVP_DigestSignInit_ex(ctx, &pkctx, EVP_MD_get0_name(dgst),
                                signer->libctx, signer->propq, key, NULL)) {
         EVP_MD_CTX_free(ctx);
         return 0;
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 4231c3f..5e829fa 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -327,7 +327,7 @@
         }
         (void)ERR_pop_to_mark();
 
-        mdlen = EVP_MD_size(dgst);
+        mdlen = EVP_MD_get_size(dgst);
         if (mdlen < 0) {
             ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR);
             goto end;
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index cd75a95..061c9b9 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -232,14 +232,14 @@
     const unsigned char *iv = NULL;
 
     if (enc != NULL) {
-        objstr = EVP_CIPHER_name(enc);
+        objstr = EVP_CIPHER_get0_name(enc);
         if (objstr == NULL
-                   /*
-                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
-                    * fits into buf
-                    */
-                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
-                   > sizeof(buf)) {
+               /*
+                * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                * fits into buf
+                */
+            || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13
+               > sizeof(buf)) {
             ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
         }
@@ -267,7 +267,7 @@
              * than what the user has passed us ... as we have to match
              * exactly for some strange reason
              */
-            objstr = EVP_CIPHER_name(xi->enc_cipher.cipher);
+            objstr = EVP_CIPHER_get0_name(xi->enc_cipher.cipher);
             if (objstr == NULL) {
                 ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
                 goto err;
@@ -276,7 +276,7 @@
             /* Create the right magic header stuff */
             buf[0] = '\0';
             PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
-            PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
+            PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc),
                          (const char *)iv);
 
             /* use the normal code to write things out */
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index d0516bc..3948021 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -323,14 +323,14 @@
     unsigned char iv[EVP_MAX_IV_LENGTH];
 
     if (enc != NULL) {
-        objstr = EVP_CIPHER_name(enc);
-        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0
-                || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv)
+        objstr = EVP_CIPHER_get0_name(enc);
+        if (objstr == NULL || EVP_CIPHER_get_iv_length(enc) == 0
+                || EVP_CIPHER_get_iv_length(enc) > (int)sizeof(iv)
                    /*
                     * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
                     * fits into buf
                     */
-                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13
                    > sizeof(buf)) {
             ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
             goto err;
@@ -368,7 +368,8 @@
 #endif
             kstr = (unsigned char *)buf;
         }
-        if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */
+        /* Generate a salt */
+        if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(enc)) <= 0)
             goto err;
         /*
          * The 'iv' is used as the iv and as a salt.  It is NOT taken from
@@ -382,7 +383,7 @@
 
         buf[0] = '\0';
         PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
-        PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv);
+        PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc), (char *)iv);
         /* k=strlen(buf); */
 
         ret = 1;
@@ -548,7 +549,7 @@
         ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_ENCRYPTION);
         return 0;
     }
-    ivlen = EVP_CIPHER_iv_length(enc);
+    ivlen = EVP_CIPHER_get_iv_length(enc);
     if (ivlen > 0 && *header++ != ',') {
         ERR_raise(ERR_LIB_PEM, PEM_R_MISSING_DEK_IV);
         return 0;
@@ -557,7 +558,7 @@
         return 0;
     }
 
-    if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
+    if (!load_iv(&header, cipher->iv, EVP_CIPHER_get_iv_length(enc)))
         return 0;
 
     return 1;
diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h
index 628a669..a84ca80 100644
--- a/crypto/pem/pem_local.h
+++ b/crypto/pem/pem_local.h
@@ -62,7 +62,7 @@
     }                                                                   \
     if (enc != NULL) {                                                  \
         ret = 0;                                                        \
-        if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_name(enc),      \
+        if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc), \
                                         NULL)) {                        \
             ret = 1;                                                    \
             if (kstr != NULL                                            \
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 5e28907..ab86448 100644
--- a/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
@@ -103,7 +103,8 @@
         ret = 1;
         if (enc != NULL) {
             ret = 0;
-            if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_name(enc), NULL)) {
+            if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc),
+                                            NULL)) {
                 const unsigned char *ukstr = (const unsigned char *)kstr;
 
                 /*
diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c
index b52764e..8a147db 100644
--- a/crypto/pem/pem_sign.c
+++ b/crypto/pem/pem_sign.c
@@ -32,7 +32,7 @@
     int i, ret = 0;
     unsigned int m_len;
 
-    m = OPENSSL_malloc(EVP_PKEY_size(pkey));
+    m = OPENSSL_malloc(EVP_PKEY_get_size(pkey));
     if (m == NULL) {
         ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE);
         goto err;
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
index 1ff68e2..11ac0a7 100644
--- a/crypto/pem/pvkfmt.c
+++ b/crypto/pem/pvkfmt.c
@@ -1027,7 +1027,7 @@
 
     write_ledword(&p, MS_PVKMAGIC);
     write_ledword(&p, 0);
-    if (EVP_PKEY_id(pk) == EVP_PKEY_RSA)
+    if (EVP_PKEY_get_id(pk) == EVP_PKEY_RSA)
         write_ledword(&p, MS_KEYTYPE_KEYX);
 #ifndef OPENSSL_NO_DSA
     else
diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 777bc93..57d1cae 100644
--- a/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
@@ -49,15 +49,17 @@
     salt = pbe->salt->data;
     saltlen = pbe->salt->length;
     if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
-                                iter, EVP_CIPHER_key_length(cipher), key, md,
+                                iter, EVP_CIPHER_get_key_length(cipher),
+                                key, md,
                                 libctx, propq)) {
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR);
         PBEPARAM_free(pbe);
         return 0;
     }
-    if (EVP_CIPHER_iv_length(cipher) > 0) {
+    if (EVP_CIPHER_get_iv_length(cipher) > 0) {
         if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_IV_ID,
-                                    iter, EVP_CIPHER_iv_length(cipher), iv, md,
+                                    iter, EVP_CIPHER_get_iv_length(cipher),
+                                    iv, md,
                                     libctx, propq)) {
             ERR_raise(ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR);
             PBEPARAM_free(pbe);
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index ef316d0..87232e7 100644
--- a/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
@@ -43,15 +43,15 @@
      * It's appended to encrypted text on encrypting
      * MAC should be processed on decrypting separately from plain text
      */
-    max_out_len = inlen + EVP_CIPHER_CTX_block_size(ctx);
-    if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+    max_out_len = inlen + EVP_CIPHER_CTX_get_block_size(ctx);
+    if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
         if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) {
             ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
             goto err;
         }
 
-        if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
             max_out_len += mac_len;
         } else {
             if (inlen < mac_len) {
@@ -89,9 +89,9 @@
         goto err;
     }
     outlen += i;
-    if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
+    if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))
                 & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) {
-        if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
             if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
                 (int)mac_len, out+outlen) < 0) {
                 ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index a4ed0e5..41a2d72 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -98,7 +98,8 @@
         return 0;
 
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
-                                            (char *)EVP_MD_name(md_type), 0);
+                                            (char *)EVP_MD_get0_name(md_type),
+                                            0);
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
                                              pass, passlen);
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index be4ed16..8865565 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -117,8 +117,8 @@
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
         return 0;
     }
-    md_size = EVP_MD_size(md);
-    md_nid = EVP_MD_type(md);
+    md_size = EVP_MD_get_size(md);
+    md_nid = EVP_MD_get_type(md);
     if (md_size < 0)
         goto err;
     if ((md_nid == NID_id_GostR3411_94
@@ -267,7 +267,7 @@
     } else
         memcpy(p12->mac->salt->data, salt, saltlen);
     X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
-    if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
+    if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_get_type(md_type)),
                          V_ASN1_NULL, NULL)) {
         ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE);
         return 0;
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 8d4e95a..441bf78 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -296,16 +296,16 @@
             goto err;
         }
         BIO_get_cipher_ctx(btmp, &ctx);
-        keylen = EVP_CIPHER_key_length(evp_cipher);
-        ivlen = EVP_CIPHER_iv_length(evp_cipher);
-        xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+        keylen = EVP_CIPHER_get_key_length(evp_cipher);
+        ivlen = EVP_CIPHER_get_iv_length(evp_cipher);
+        xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_get_type(evp_cipher));
         if (ivlen > 0)
             if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
                 goto err;
 
         (void)ERR_set_mark();
         fetched_cipher = EVP_CIPHER_fetch(libctx,
-                                          EVP_CIPHER_name(evp_cipher),
+                                          EVP_CIPHER_get0_name(evp_cipher),
                                           propq);
         (void)ERR_pop_to_mark();
         if (fetched_cipher != NULL)
@@ -572,7 +572,7 @@
                 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
                 ri->ctx = p7_ctx;
                 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey,
-                        EVP_CIPHER_key_length(cipher)) < 0)
+                        EVP_CIPHER_get_key_length(cipher)) < 0)
                     goto err;
                 ERR_clear_error();
             }
@@ -591,7 +591,7 @@
         if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
             goto err;
         /* Generate random key as MMA defence */
-        len = EVP_CIPHER_CTX_key_length(evp_ctx);
+        len = EVP_CIPHER_CTX_get_key_length(evp_ctx);
         if (len <= 0)
             goto err;
         tkeylen = (size_t)len;
@@ -606,7 +606,7 @@
             tkey = NULL;
         }
 
-        if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+        if (eklen != EVP_CIPHER_CTX_get_key_length(evp_ctx)) {
             /*
              * Some S/MIME clients don't use the same key and effective key
              * length. The key length is determined by the size of the
@@ -679,7 +679,7 @@
             ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR);
             return NULL;
         }
-        if (EVP_MD_CTX_type(*pmd) == nid)
+        if (EVP_MD_CTX_get_type(*pmd) == nid)
             return bio;
         bio = BIO_next(bio);
     }
@@ -837,7 +837,7 @@
             } else {
                 unsigned char *abuf = NULL;
                 unsigned int abuflen;
-                abuflen = EVP_PKEY_size(si->pkey);
+                abuflen = EVP_PKEY_get_size(si->pkey);
                 abuf = OPENSSL_malloc(abuflen);
                 if (abuf == NULL)
                     goto err;
@@ -915,7 +915,7 @@
         goto err;
     }
 
-    if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md),
+    if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_get0_name(md),
                               ossl_pkcs7_ctx_get0_libctx(ctx),
                               ossl_pkcs7_ctx_get0_propq(ctx), si->pkey,
                               NULL) <= 0)
@@ -1044,13 +1044,13 @@
             ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR);
             goto err;
         }
-        if (EVP_MD_CTX_type(mdc) == md_type)
+        if (EVP_MD_CTX_get_type(mdc) == md_type)
             break;
         /*
          * Workaround for some broken clients that put the signature OID
          * instead of the digest OID in digest_alg->algorithm
          */
-        if (EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type)
+        if (EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type)
             break;
         btmp = BIO_next(btmp);
     }
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index a4b62f4..c32a666 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -316,7 +316,7 @@
         hnid = OBJ_obj2nid(alg1->algorithm);
         if (hnid == NID_undef)
             return -1;
-        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+        if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_get_id(pkey)))
             return -1;
         X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
     }
@@ -362,7 +362,7 @@
 
     /* Set the algorithms */
 
-    X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
+    X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_get_type(dgst)),
                     V_ASN1_NULL, NULL);
 
     if (EVP_PKEY_is_a(pkey, "EC") || EVP_PKEY_is_a(pkey, "DSA"))
@@ -689,7 +689,7 @@
     }
 
     /* Check cipher OID exists and has data in it */
-    i = EVP_CIPHER_type(cipher);
+    i = EVP_CIPHER_get_type(cipher);
     if (i == NID_undef) {
         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
         return 0;
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 56e615f..a7a8c70 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -298,7 +298,7 @@
 
     if ((rand = RAND_get0_primary(NULL)) == NULL)
         return 0;
-    return EVP_RAND_state(rand) == EVP_RAND_STATE_READY;
+    return EVP_RAND_get_state(rand) == EVP_RAND_STATE_READY;
 }
 # else  /* !FIPS_MODULE */
 
diff --git a/crypto/rand/rand_meth.c b/crypto/rand/rand_meth.c
index c048482..49bf0ac 100644
--- a/crypto/rand/rand_meth.c
+++ b/crypto/rand/rand_meth.c
@@ -36,7 +36,7 @@
     if (drbg == NULL)
         return 0;
 
-    return  EVP_RAND_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0;
+    return  EVP_RAND_get_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0;
 }
 
 /* Implements the default OpenSSL RAND_bytes() method */
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index f2283d8..1d3b868 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -427,7 +427,7 @@
                 ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
                 return 0;
             }
-            *(int *)arg2 = EVP_MD_type(md);
+            *(int *)arg2 = EVP_MD_get_type(md);
             /* Return of 2 indicates this MD is mandatory */
             return 2;
         }
@@ -457,10 +457,10 @@
     if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
         return NULL;
     if (saltlen == -1) {
-        saltlen = EVP_MD_size(sigmd);
+        saltlen = EVP_MD_get_size(sigmd);
     } else if (saltlen == -2 || saltlen == -3) {
-        saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
-        if ((EVP_PKEY_bits(pk) & 0x7) == 1)
+        saltlen = EVP_PKEY_get_size(pk) - EVP_MD_get_size(sigmd) - 2;
+        if ((EVP_PKEY_get_bits(pk) & 0x7) == 1)
             saltlen--;
         if (saltlen < 0)
             return NULL;
@@ -545,7 +545,7 @@
         const EVP_MD *checkmd;
         if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
             goto err;
-        if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
+        if (EVP_MD_get_type(md) != EVP_MD_get_type(checkmd)) {
             ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_DOES_NOT_MATCH);
             goto err;
         }
@@ -629,7 +629,7 @@
                          ASN1_BIT_STRING *sig)
 {
     int pad_mode;
-    EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
+    EVP_PKEY_CTX *pkctx = EVP_MD_CTX_get_pkey_ctx(ctx);
 
     if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
         return 0;
@@ -674,18 +674,19 @@
     pss = ossl_rsa_pss_decode(sigalg);
     if (!ossl_rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
         goto err;
-    mdnid = EVP_MD_type(md);
+    mdnid = EVP_MD_get_type(md);
     /*
      * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
      * match and salt length must equal digest size
      */
     if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
-            && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
+            && mdnid == EVP_MD_get_type(mgf1md)
+            && saltlen == EVP_MD_get_size(md))
         flags = X509_SIG_INFO_TLS;
     else
         flags = 0;
     /* Note: security bits half number of digest bits */
-    secbits = EVP_MD_size(md) * 4;
+    secbits = EVP_MD_get_size(md) * 4;
     /*
      * SHA1 and MD5 are known to be broken. Reduce security bits so that
      * they're no longer accepted at security level 1. The real values don't
@@ -763,8 +764,8 @@
         if (!ossl_rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md,
                                                &saltlen, &trailerfield))
             goto err;
-        md_nid = EVP_MD_type(md);
-        mgf1md_nid = EVP_MD_type(mgf1md);
+        md_nid = EVP_MD_get_type(md);
+        mgf1md_nid = EVP_MD_get_type(mgf1md);
         if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
             || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
             || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index 4a0ad28..5b7d60d 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -480,8 +480,8 @@
         if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md,
                                                &saltlen, &trailerField))
             return 0;
-        md_nid = EVP_MD_type(md);
-        mgf1md_nid = EVP_MD_type(mgf1md);
+        md_nid = EVP_MD_get_type(md);
+        mgf1md_nid = EVP_MD_get_type(mgf1md);
         if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
             || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
             || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 0064664..d9be1a4 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -76,7 +76,7 @@
     if (mgf1md == NULL)
         mgf1md = md;
 
-    mdlen = EVP_MD_size(md);
+    mdlen = EVP_MD_get_size(md);
     if (mdlen <= 0) {
         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
         return 0;
@@ -184,7 +184,7 @@
     if (mgf1md == NULL)
         mgf1md = md;
 
-    mdlen = EVP_MD_size(md);
+    mdlen = EVP_MD_get_size(md);
 
     if (tlen <= 0 || flen <= 0)
         return -1;
@@ -341,7 +341,7 @@
 
     if (c == NULL)
         goto err;
-    mdlen = EVP_MD_size(dgst);
+    mdlen = EVP_MD_get_size(dgst);
     if (mdlen < 0)
         goto err;
     /* step 4 */
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 6e7e7a2..110d998 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -138,12 +138,12 @@
     RSA *rsa = ctx->pkey->pkey.rsa;
 
     if (rctx->md) {
-        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+        if (tbslen != (size_t)EVP_MD_get_size(rctx->md)) {
             ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH);
             return -1;
         }
 
-        if (EVP_MD_type(rctx->md) == NID_mdc2) {
+        if (EVP_MD_get_type(rctx->md) == NID_mdc2) {
             unsigned int sltmp;
             if (rctx->pad_mode != RSA_PKCS1_PADDING)
                 return -1;
@@ -163,12 +163,12 @@
                 return -1;
             }
             memcpy(rctx->tbuf, tbs, tbslen);
-            rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
+            rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_get_type(rctx->md));
             ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
                                       sig, rsa, RSA_X931_PADDING);
         } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
             unsigned int sltmp;
-            ret = RSA_sign(EVP_MD_type(rctx->md),
+            ret = RSA_sign(EVP_MD_get_type(rctx->md),
                            tbs, tbslen, sig, &sltmp, rsa);
             if (ret <= 0)
                 return ret;
@@ -213,11 +213,11 @@
             if (ret < 1)
                 return 0;
             ret--;
-            if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
+            if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_get_type(rctx->md))) {
                 ERR_raise(ERR_LIB_RSA, RSA_R_ALGORITHM_MISMATCH);
                 return 0;
             }
-            if (ret != EVP_MD_size(rctx->md)) {
+            if (ret != EVP_MD_get_size(rctx->md)) {
                 ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH);
                 return 0;
             }
@@ -225,7 +225,7 @@
                 memcpy(rout, rctx->tbuf, ret);
         } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
             size_t sltmp;
-            ret = ossl_rsa_verify(EVP_MD_type(rctx->md),
+            ret = ossl_rsa_verify(EVP_MD_get_type(rctx->md),
                                   NULL, 0, rout, &sltmp,
                                   sig, siglen, ctx->pkey->pkey.rsa);
             if (ret <= 0)
@@ -254,9 +254,9 @@
 
     if (rctx->md) {
         if (rctx->pad_mode == RSA_PKCS1_PADDING)
-            return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+            return RSA_verify(EVP_MD_get_type(rctx->md), tbs, tbslen,
                               sig, siglen, rsa);
-        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+        if (tbslen != (size_t)EVP_MD_get_size(rctx->md)) {
             ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH);
             return -1;
         }
@@ -360,7 +360,7 @@
     if (!md)
         return 1;
 
-    mdnid = EVP_MD_type(md);
+    mdnid = EVP_MD_get_type(md);
 
     if (padding == RSA_NO_PADDING) {
         ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE);
@@ -457,7 +457,7 @@
                     return -2;
                 }
                 if ((p1 == RSA_PSS_SALTLEN_DIGEST
-                     && rctx->min_saltlen > EVP_MD_size(rctx->md))
+                     && rctx->min_saltlen > EVP_MD_get_size(rctx->md))
                     || (p1 >= 0 && p1 < rctx->min_saltlen)) {
                     ERR_raise(ERR_LIB_RSA, RSA_R_PSS_SALTLEN_TOO_SMALL);
                     return 0;
@@ -508,7 +508,7 @@
         if (!check_padding_md(p2, rctx->pad_mode))
             return 0;
         if (rsa_pss_restricted(rctx)) {
-            if (EVP_MD_type(rctx->md) == EVP_MD_type(p2))
+            if (EVP_MD_get_type(rctx->md) == EVP_MD_get_type(p2))
                 return 1;
             ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
             return 0;
@@ -534,7 +534,7 @@
                 *(const EVP_MD **)p2 = rctx->md;
         } else {
             if (rsa_pss_restricted(rctx)) {
-                if (EVP_MD_type(rctx->mgf1md) == EVP_MD_type(p2))
+                if (EVP_MD_get_type(rctx->mgf1md) == EVP_MD_get_type(p2))
                     return 1;
                 ERR_raise(ERR_LIB_RSA, RSA_R_MGF1_DIGEST_NOT_ALLOWED);
                 return 0;
@@ -823,7 +823,7 @@
         return 0;
 
     /* See if minimum salt length exceeds maximum possible */
-    max_saltlen = RSA_size(rsa) - EVP_MD_size(md);
+    max_saltlen = RSA_size(rsa) - EVP_MD_get_size(md);
     if ((RSA_bits(rsa) & 0x7) == 1)
         max_saltlen--;
     if (min_saltlen > max_saltlen) {
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index bca2083..33874bf 100644
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@@ -53,7 +53,7 @@
     if (mgf1Hash == NULL)
         mgf1Hash = Hash;
 
-    hLen = EVP_MD_size(Hash);
+    hLen = EVP_MD_get_size(Hash);
     if (hLen < 0)
         goto err;
     /*-
@@ -164,7 +164,7 @@
     if (mgf1Hash == NULL)
         mgf1Hash = Hash;
 
-    hLen = EVP_MD_size(Hash);
+    hLen = EVP_MD_get_size(Hash);
     if (hLen < 0)
         goto err;
     /*-
diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c
index d2052c5..82b87cc 100644
--- a/crypto/rsa/rsa_sp800_56b_gen.c
+++ b/crypto/rsa/rsa_sp800_56b_gen.c
@@ -195,7 +195,7 @@
 {
     if (rng == NULL)
         return 0;
-    if (EVP_RAND_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) {
+    if (EVP_RAND_get_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) {
         ERR_raise(ERR_LIB_RSA,
                   RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT);
         return 0;
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index f2771db..105dd4c 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -71,7 +71,7 @@
                             size_t msg_len, size_t *pt_size)
 {
     const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
-    const int md_size = EVP_MD_size(digest);
+    const int md_size = EVP_MD_get_size(digest);
     size_t overhead;
 
     if (md_size < 0) {
@@ -97,7 +97,7 @@
                              size_t msg_len, size_t *ct_size)
 {
     const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
-    const int md_size = EVP_MD_size(digest);
+    const int md_size = EVP_MD_get_size(digest);
     size_t sz;
 
     if (field_size == 0 || md_size < 0)
@@ -137,7 +137,7 @@
     uint8_t *x2y2 = NULL;
     uint8_t *C3 = NULL;
     size_t field_size;
-    const int C3_size = EVP_MD_size(digest);
+    const int C3_size = EVP_MD_get_size(digest);
     EVP_MD *fetched_digest = NULL;
     OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
     const char *propq = ossl_ec_key_get0_propq(key);
@@ -222,7 +222,7 @@
     for (i = 0; i != msg_len; ++i)
         msg_mask[i] ^= msg[i];
 
-    fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq);
+    fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(digest), propq);
     if (fetched_digest == NULL) {
         ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
         goto done;
@@ -291,7 +291,7 @@
     uint8_t *x2y2 = NULL;
     uint8_t *computed_C3 = NULL;
     const size_t field_size = ec_field_size(group);
-    const int hash_size = EVP_MD_size(digest);
+    const int hash_size = EVP_MD_get_size(digest);
     uint8_t *msg_mask = NULL;
     const uint8_t *C2 = NULL;
     const uint8_t *C3 = NULL;
diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c
index 907d658..72be1c0 100644
--- a/crypto/sm2/sm2_sign.c
+++ b/crypto/sm2/sm2_sign.c
@@ -145,7 +145,7 @@
                                     const uint8_t *msg, size_t msg_len)
 {
     EVP_MD_CTX *hash = EVP_MD_CTX_new();
-    const int md_size = EVP_MD_size(digest);
+    const int md_size = EVP_MD_get_size(digest);
     uint8_t *z = NULL;
     BIGNUM *e = NULL;
     EVP_MD *fetched_digest = NULL;
@@ -163,7 +163,7 @@
         goto done;
     }
 
-    fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(digest), propq);
+    fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(digest), propq);
     if (fetched_digest == NULL) {
         ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
         goto done;
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 1409f3a..f7939ea 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -124,7 +124,7 @@
             && (fetched_loader =
                 OSSL_STORE_LOADER_fetch(schemes[i], libctx, propq)) != NULL) {
             const OSSL_PROVIDER *provider =
-                OSSL_STORE_LOADER_provider(fetched_loader);
+                OSSL_STORE_LOADER_get0_provider(fetched_loader);
             void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
 
             loader_ctx = fetched_loader->p_open(provctx, uri);
@@ -351,7 +351,8 @@
             break;
         case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
             if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST,
-                                                EVP_MD_name(search->digest), 0)
+                                                EVP_MD_get0_name(search->digest),
+                                                0)
                 && OSSL_PARAM_BLD_push_octet_string(bld,
                                                     OSSL_STORE_PARAM_FINGERPRINT,
                                                     search->string,
@@ -790,7 +791,7 @@
 
     if (ctx->fetched_loader != NULL) {
         void *provctx =
-            ossl_provider_ctx(OSSL_STORE_LOADER_provider(ctx->fetched_loader));
+            ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader));
         const OSSL_PARAM *params;
         const OSSL_PARAM *p_subject = NULL;
         const OSSL_PARAM *p_issuer = NULL;
@@ -879,11 +880,11 @@
         return NULL;
     }
 
-    if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
+    if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
         ERR_raise_data(ERR_LIB_OSSL_STORE,
                        OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
                        "%s size is %d, fingerprint size is %zu",
-                       EVP_MD_name(digest), EVP_MD_size(digest), len);
+                       EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
         OPENSSL_free(search);
         return NULL;
     }
@@ -976,7 +977,7 @@
         && (fetched_loader =
             OSSL_STORE_LOADER_fetch(scheme, libctx, propq)) != NULL) {
         const OSSL_PROVIDER *provider =
-            OSSL_STORE_LOADER_provider(fetched_loader);
+            OSSL_STORE_LOADER_get0_provider(fetched_loader);
         void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider);
         OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp);
 
diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c
index 7bf0a32..7f11d4f 100644
--- a/crypto/store/store_meth.c
+++ b/crypto/store/store_meth.c
@@ -373,7 +373,7 @@
  * Library of basic method functions
  */
 
-const OSSL_PROVIDER *OSSL_STORE_LOADER_provider(const OSSL_STORE_LOADER *loader)
+const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER *loader)
 {
     if (!ossl_assert(loader != NULL)) {
         ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
@@ -383,7 +383,7 @@
     return loader->prov;
 }
 
-const char *OSSL_STORE_LOADER_properties(const OSSL_STORE_LOADER *loader)
+const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader)
 {
     if (!ossl_assert(loader != NULL)) {
         ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
@@ -393,7 +393,7 @@
     return loader->propdef;
 }
 
-int OSSL_STORE_LOADER_number(const OSSL_STORE_LOADER *loader)
+int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader)
 {
     if (!ossl_assert(loader != NULL)) {
         ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
@@ -403,7 +403,7 @@
     return loader->scheme_id;
 }
 
-const char *OSSL_STORE_LOADER_description(const OSSL_STORE_LOADER *loader)
+const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader)
 {
     return loader->description;
 }
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 7c48d18..c78d96d 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -88,7 +88,7 @@
     OSSL_STORE_INFO **v = &cbdata->v;
     OSSL_STORE_CTX *ctx = cbdata->ctx;
     const OSSL_PROVIDER *provider =
-        OSSL_STORE_LOADER_provider(ctx->fetched_loader);
+        OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader);
     OSSL_LIB_CTX *libctx = ossl_provider_libctx(provider);
     const char *propq = ctx->properties;
     const OSSL_PARAM *p;
@@ -206,7 +206,7 @@
          * 2.  The keymgmt is from another provider, then we must
          *     do the export/import dance.
          */
-        if (EVP_KEYMGMT_provider(keymgmt) == provider) {
+        if (EVP_KEYMGMT_get0_provider(keymgmt) == provider) {
             keydata = evp_keymgmt_load(keymgmt, data->ref, data->ref_size);
         } else {
             struct evp_keymgmt_util_try_import_data_st import_data;
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 172d444..8937bb2 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -484,7 +484,7 @@
         return 0;
     }
     digest = msg_imprint->hashed_msg;
-    if (digest->length != EVP_MD_size(md)) {
+    if (digest->length != EVP_MD_get_size(md)) {
         TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
                                     "Bad message digest.");
         TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
@@ -711,8 +711,8 @@
 
     if (ctx->signer_md == NULL)
         signer_md = EVP_MD_fetch(ctx->libctx, "SHA256", ctx->propq);
-    else if (EVP_MD_provider(ctx->signer_md) == NULL)
-        signer_md = EVP_MD_fetch(ctx->libctx, EVP_MD_name(ctx->signer_md),
+    else if (EVP_MD_get0_provider(ctx->signer_md) == NULL)
+        signer_md = EVP_MD_fetch(ctx->libctx, EVP_MD_get0_name(ctx->signer_md),
                                  ctx->propq);
     else
         signer_md = (EVP_MD *)ctx->signer_md;
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 03e7312..792a27c 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -447,7 +447,7 @@
     }
     (void)ERR_pop_to_mark();
 
-    length = EVP_MD_size(md);
+    length = EVP_MD_get_size(md);
     if (length < 0)
         goto err;
     *imprint_len = length;
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 8b2d8cc..d8ddde8 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -255,7 +255,7 @@
             ERR_raise(ERR_LIB_X509, X509_R_ERROR_GETTING_MD_BY_NID);
             return 0;
         }
-        siginf->secbits = EVP_MD_size(md) * 4;
+        siginf->secbits = EVP_MD_get_size(md) * 4;
         break;
     }
     switch (mdnid) {
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index edf3c51..278b8b6 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3389,7 +3389,7 @@
     if (level > NUM_AUTH_LEVELS)
         level = NUM_AUTH_LEVELS;
 
-    return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1];
+    return EVP_PKEY_get_security_bits(pkey) >= minbits_table[level - 1];
 }
 
 /*-
@@ -3406,7 +3406,7 @@
     if (pkey == NULL)
         return -1;
 
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
+    if (EVP_PKEY_get_id(pkey) == EVP_PKEY_EC) {
         int ret, val;
 
         ret = EVP_PKEY_get_int_param(pkey,
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index ca4310d..b0ed93c 100644
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -29,7 +29,7 @@
     if (pk == NULL)
         return 0;
 
-    switch (EVP_PKEY_id(pk)) {
+    switch (EVP_PKEY_get_id(pk)) {
     case EVP_PKEY_RSA:
         ret = EVP_PK_RSA | EVP_PKT_SIGN;
 /*              if (!sign only extension) */
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 966a1a5..7ae35f2 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -557,7 +557,7 @@
     pkey = d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_DH)
+    if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DH)
         key = EVP_PKEY_get1_DH(pkey);
     EVP_PKEY_free(pkey);
     if (key == NULL)
@@ -598,7 +598,7 @@
     pkey = d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_DHX)
+    if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DHX)
         key = EVP_PKEY_get1_DH(pkey);
     EVP_PKEY_free(pkey);
     if (key == NULL)
@@ -684,7 +684,7 @@
     pkey = d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
-    type = EVP_PKEY_id(pkey);
+    type = EVP_PKEY_get_id(pkey);
     if (type == EVP_PKEY_EC || type == EVP_PKEY_SM2)
         key = EVP_PKEY_get1_EC_KEY(pkey);
     EVP_PKEY_free(pkey);
@@ -768,7 +768,7 @@
     pkey = d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_ED448)
+    if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448)
         key = ossl_evp_pkey_get1_ED448(pkey);
     EVP_PKEY_free(pkey);
     if (key == NULL)
@@ -810,7 +810,7 @@
     pkey = d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_X25519)
+    if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X25519)
         key = ossl_evp_pkey_get1_X25519(pkey);
     EVP_PKEY_free(pkey);
     if (key == NULL)
@@ -852,7 +852,7 @@
     pkey = d2i_PUBKEY_legacy(NULL, &q, length);
     if (pkey == NULL)
         return NULL;
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_X448)
+    if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X448)
         key = ossl_evp_pkey_get1_X448(pkey);
     EVP_PKEY_free(pkey);
     if (key == NULL)
diff --git a/demos/digest/BIO_f_md.c b/demos/digest/BIO_f_md.c
index ce1dfcc..2ecc53e 100755
--- a/demos/digest/BIO_f_md.c
+++ b/demos/digest/BIO_f_md.c
@@ -68,7 +68,7 @@
         fprintf(stderr, "EVP_MD_fetch did not find SHA3-512.\n");
         goto cleanup;
     }
-    digest_size = EVP_MD_size(md);
+    digest_size = EVP_MD_get_size(md);
     digest_value = OPENSSL_malloc(digest_size);
     if (digest_value == NULL) {
         fprintf(stderr, "Can't allocate %lu bytes for the digest value.\n", (unsigned long)digest_size);
diff --git a/demos/digest/EVP_MD_demo.c b/demos/digest/EVP_MD_demo.c
index 77146e3..99589bd 100644
--- a/demos/digest/EVP_MD_demo.c
+++ b/demos/digest/EVP_MD_demo.c
@@ -105,9 +105,9 @@
         goto cleanup;
     }
     /* Determine the length of the fetched digest type */
-    digest_length = EVP_MD_size(message_digest);
+    digest_length = EVP_MD_get_size(message_digest);
     if (digest_length <= 0) {
-        fprintf(stderr, "EVP_MD_size returned invalid size.\n");
+        fprintf(stderr, "EVP_MD_get_size returned invalid size.\n");
         goto cleanup;
     }
 
diff --git a/demos/digest/EVP_MD_stdin.c b/demos/digest/EVP_MD_stdin.c
index 3e24f34..71a3d32 100755
--- a/demos/digest/EVP_MD_stdin.c
+++ b/demos/digest/EVP_MD_stdin.c
@@ -63,9 +63,9 @@
         return 0;
     }
     /* Determine the length of the fetched digest type */
-    digest_length = EVP_MD_size(message_digest);
+    digest_length = EVP_MD_get_size(message_digest);
     if (digest_length <= 0) {
-        fprintf(stderr, "EVP_MD_size returned invalid size.\n");
+        fprintf(stderr, "EVP_MD_get_size returned invalid size.\n");
         goto cleanup;
     }
 
diff --git a/doc/build.info b/doc/build.info
index 42c1804..b77dac2 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -1227,6 +1227,10 @@
 GENERATE[html/man3/EVP_PKEY_get_group_name.html]=man3/EVP_PKEY_get_group_name.pod
 DEPEND[man/man3/EVP_PKEY_get_group_name.3]=man3/EVP_PKEY_get_group_name.pod
 GENERATE[man/man3/EVP_PKEY_get_group_name.3]=man3/EVP_PKEY_get_group_name.pod
+DEPEND[html/man3/EVP_PKEY_get_size.html]=man3/EVP_PKEY_get_size.pod
+GENERATE[html/man3/EVP_PKEY_get_size.html]=man3/EVP_PKEY_get_size.pod
+DEPEND[man/man3/EVP_PKEY_get_size.3]=man3/EVP_PKEY_get_size.pod
+GENERATE[man/man3/EVP_PKEY_get_size.3]=man3/EVP_PKEY_get_size.pod
 DEPEND[html/man3/EVP_PKEY_gettable_params.html]=man3/EVP_PKEY_gettable_params.pod
 GENERATE[html/man3/EVP_PKEY_gettable_params.html]=man3/EVP_PKEY_gettable_params.pod
 DEPEND[man/man3/EVP_PKEY_gettable_params.3]=man3/EVP_PKEY_gettable_params.pod
@@ -1275,10 +1279,6 @@
 GENERATE[html/man3/EVP_PKEY_sign.html]=man3/EVP_PKEY_sign.pod
 DEPEND[man/man3/EVP_PKEY_sign.3]=man3/EVP_PKEY_sign.pod
 GENERATE[man/man3/EVP_PKEY_sign.3]=man3/EVP_PKEY_sign.pod
-DEPEND[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod
-GENERATE[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod
-DEPEND[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod
-GENERATE[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod
 DEPEND[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod
 GENERATE[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod
 DEPEND[man/man3/EVP_PKEY_todata.3]=man3/EVP_PKEY_todata.pod
@@ -3014,6 +3014,7 @@
 html/man3/EVP_PKEY_get_default_digest_nid.html \
 html/man3/EVP_PKEY_get_field_type.html \
 html/man3/EVP_PKEY_get_group_name.html \
+html/man3/EVP_PKEY_get_size.html \
 html/man3/EVP_PKEY_gettable_params.html \
 html/man3/EVP_PKEY_is_a.html \
 html/man3/EVP_PKEY_keygen.html \
@@ -3026,7 +3027,6 @@
 html/man3/EVP_PKEY_set_type.html \
 html/man3/EVP_PKEY_settable_params.html \
 html/man3/EVP_PKEY_sign.html \
-html/man3/EVP_PKEY_size.html \
 html/man3/EVP_PKEY_todata.html \
 html/man3/EVP_PKEY_verify.html \
 html/man3/EVP_PKEY_verify_recover.html \
@@ -3603,6 +3603,7 @@
 man/man3/EVP_PKEY_get_default_digest_nid.3 \
 man/man3/EVP_PKEY_get_field_type.3 \
 man/man3/EVP_PKEY_get_group_name.3 \
+man/man3/EVP_PKEY_get_size.3 \
 man/man3/EVP_PKEY_gettable_params.3 \
 man/man3/EVP_PKEY_is_a.3 \
 man/man3/EVP_PKEY_keygen.3 \
@@ -3615,7 +3616,6 @@
 man/man3/EVP_PKEY_set_type.3 \
 man/man3/EVP_PKEY_settable_params.3 \
 man/man3/EVP_PKEY_sign.3 \
-man/man3/EVP_PKEY_size.3 \
 man/man3/EVP_PKEY_todata.3 \
 man/man3/EVP_PKEY_verify.3 \
 man/man3/EVP_PKEY_verify_recover.3 \
diff --git a/doc/man3/BIO_f_md.pod b/doc/man3/BIO_f_md.pod
index 8ad6948..aa60ff4 100644
--- a/doc/man3/BIO_f_md.pod
+++ b/doc/man3/BIO_f_md.pod
@@ -128,7 +128,7 @@
      if (!mdtmp)
          break;
      BIO_get_md(mdtmp, &md);
-     printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+     printf("%s digest", OBJ_nid2sn(EVP_MD_get_type(md)));
      mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
      for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
      printf("\n");
diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod
index e4b7e42..75cdc97 100644
--- a/doc/man3/DH_size.pod
+++ b/doc/man3/DH_size.pod
@@ -22,8 +22,8 @@
 =head1 DESCRIPTION
 
 The functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_bits(3)>,
-L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+Applications should instead use L<EVP_PKEY_get_bits(3)>,
+L<EVP_PKEY_get_security_bits(3)> and L<EVP_PKEY_get_size(3)>.
 
 DH_bits() returns the number of significant bits.
 
@@ -49,7 +49,7 @@
 
 =head1 SEE ALSO
 
-L<EVP_PKEY_bits(3)>,
+L<EVP_PKEY_get_bits(3)>,
 L<DH_new(3)>, L<DH_generate_key(3)>,
 L<BN_num_bits(3)>
 
diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod
index b904845..0d0d1e5 100644
--- a/doc/man3/DSA_size.pod
+++ b/doc/man3/DSA_size.pod
@@ -21,8 +21,8 @@
 =head1 DESCRIPTION
 
 All of the functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_bits(3)>,
-L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+Applications should instead use L<EVP_PKEY_get_bits(3)>,
+L<EVP_PKEY_get_security_bits(3)> and L<EVP_PKEY_get_size(3)>.
 
 DSA_bits() returns the number of bits in key I<dsa>: this is the number
 of bits in the I<p> parameter.
@@ -47,9 +47,9 @@
 
 =head1 SEE ALSO
 
-L<EVP_PKEY_bits(3)>,
-L<EVP_PKEY_security_bits(3)>,
-L<EVP_PKEY_size(3)>,
+L<EVP_PKEY_get_bits(3)>,
+L<EVP_PKEY_get_security_bits(3)>,
+L<EVP_PKEY_get_size(3)>,
 L<DSA_new(3)>, L<DSA_sign(3)>
 
 =head1 HISTORY
diff --git a/doc/man3/EVP_ASYM_CIPHER_free.pod b/doc/man3/EVP_ASYM_CIPHER_free.pod
index 93df44e..2b34eb4 100644
--- a/doc/man3/EVP_ASYM_CIPHER_free.pod
+++ b/doc/man3/EVP_ASYM_CIPHER_free.pod
@@ -3,9 +3,9 @@
 =head1 NAME
 
 EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref,
-EVP_ASYM_CIPHER_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_provider,
+EVP_ASYM_CIPHER_get_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_get0_provider,
 EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all,
-EVP_ASYM_CIPHER_name, EVP_ASYM_CIPHER_description,
+EVP_ASYM_CIPHER_get0_name, EVP_ASYM_CIPHER_get0_description,
 EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params
 - Functions to manage EVP_ASYM_CIPHER algorithm objects
 
@@ -17,10 +17,10 @@
                                         const char *properties);
  void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher);
  int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher);
- int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher);
- const char *EVP_ASYM_CIPHER_name(const EVP_ASYM_CIPHER *cipher);
+ int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher);
+ const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher);
  int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name);
- OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher);
+ OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher);
  void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
                                       void (*fn)(EVP_ASYM_CIPHER *cipher,
                                                  void *arg),
@@ -28,7 +28,7 @@
  int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
                                   void (*fn)(const char *name, void *data),
                                   void *data);
- const char *EVP_ASYM_CIPHER_description(const EVP_ASYM_CIPHER *cipher);
+ const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher);
  const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip);
  const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip);
 
@@ -54,17 +54,18 @@
 EVP_ASYM_CIPHER_is_a() returns 1 if I<cipher> is an implementation of an
 algorithm that's identifiable with I<name>, otherwise 0.
 
-EVP_ASYM_CIPHER_provider() returns the provider that I<cipher> was fetched from.
+EVP_ASYM_CIPHER_get0_provider() returns the provider that I<cipher> was
+fetched from.
 
 EVP_ASYM_CIPHER_do_all_provided() traverses all EVP_ASYM_CIPHERs implemented by
 all activated providers in the given library context I<libctx>, and for each of
 the implementations, calls the given function I<fn> with the implementation
 method and the given I<arg> as argument.
 
-EVP_ASYM_CIPHER_number() returns the internal dynamic number assigned to
+EVP_ASYM_CIPHER_get_number() returns the internal dynamic number assigned to
 I<cipher>.
 
-EVP_ASYM_CIPHER_name() returns the algorithm name from the provided
+EVP_ASYM_CIPHER_get0_name() returns the algorithm name from the provided
 implementation for the given I<cipher>. Note that the I<cipher> may have
 multiple synonyms associated with it. In this case the first name from the
 algorithm definition is returned. Ownership of the returned string is retained
@@ -73,9 +74,9 @@
 EVP_ASYM_CIPHER_names_do_all() traverses all names for I<cipher>, and calls
 I<fn> with each name and I<data>.
 
-EVP_ASYM_CIPHER_description() returns a description of the I<cipher>, meant
-for display and human consumption.  The description is at the discretion of
-the I<cipher> implementation.
+EVP_ASYM_CIPHER_get0_description() returns a description of the I<cipher>,
+meant for display and human consumption.  The description is at the
+discretion of the I<cipher> implementation.
 
 EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params()
 return a constant B<OSSL_PARAM> array that describes the names and types of key
diff --git a/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod b/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod
index c5995a5..f5021b8 100644
--- a/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod
+++ b/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod
@@ -25,11 +25,12 @@
 
 EVP_CIPHER_CTX_get_original_iv() and EVP_CIPHER_CTX_get_updated_iv() copy
 initialization vector (IV) information from the B<EVP_CIPHER_CTX> into the
-caller-supplied buffer. L<EVP_CIPHER_CTX_iv_length(3)> can be used to determine
-an appropriate buffer size, and if the supplied buffer is too small, an error
-will be returned (and no data copied).  EVP_CIPHER_CTX_get_original_iv()
-accesses the ("original") IV that was supplied when the B<EVP_CIPHER_CTX> was
-initialized, and EVP_CIPHER_CTX_get_updated_iv() accesses the current "IV state"
+caller-supplied buffer. L<EVP_CIPHER_CTX_get_iv_length(3)> can be used to
+determine an appropriate buffer size, and if the supplied buffer is too small,
+an error will be returned (and no data copied).
+EVP_CIPHER_CTX_get_original_iv() accesses the ("original") IV that was
+supplied when the B<EVP_CIPHER_CTX> was initialized, and
+EVP_CIPHER_CTX_get_updated_iv() accesses the current "IV state"
 of the cipher, which is updated during cipher operation for certain cipher modes
 (e.g., CBC and OFB).
 
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 4b6aaee..9c9403c 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -12,16 +12,16 @@
 EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
 EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit,
 EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,
-EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number,
-EVP_MD_names_do_all, EVP_MD_provider,
-EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags,
-EVP_MD_CTX_name,
+EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, EVP_MD_get_number,
+EVP_MD_names_do_all, EVP_MD_get0_provider,
+EVP_MD_get_type, EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags,
+EVP_MD_CTX_get0_name,
 EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md,
-EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size,
-EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn,
+EVP_MD_CTX_get_type, EVP_MD_CTX_get_size, EVP_MD_CTX_get_block_size,
+EVP_MD_CTX_get0_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn,
 EVP_md_null,
 EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj,
-EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx,
+EVP_MD_CTX_get_pkey_ctx, EVP_MD_CTX_set_pkey_ctx,
 EVP_MD_do_all_provided
 - EVP digest routines
 
@@ -68,27 +68,27 @@
 
  int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in);
 
- const char *EVP_MD_name(const EVP_MD *md);
- const char *EVP_MD_description(const EVP_MD *md);
- int EVP_MD_number(const EVP_MD *md);
+ const char *EVP_MD_get0_name(const EVP_MD *md);
+ const char *EVP_MD_get0_description(const EVP_MD *md);
+ int EVP_MD_get_number(const EVP_MD *md);
  int EVP_MD_is_a(const EVP_MD *md, const char *name);
  int EVP_MD_names_do_all(const EVP_MD *md,
                          void (*fn)(const char *name, void *data),
                          void *data);
- const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md);
- int EVP_MD_type(const EVP_MD *md);
- int EVP_MD_pkey_type(const EVP_MD *md);
- int EVP_MD_size(const EVP_MD *md);
- int EVP_MD_block_size(const EVP_MD *md);
- unsigned long EVP_MD_flags(const EVP_MD *md);
+ const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md);
+ int EVP_MD_get_type(const EVP_MD *md);
+ int EVP_MD_get_pkey_type(const EVP_MD *md);
+ int EVP_MD_get_size(const EVP_MD *md);
+ int EVP_MD_get_block_size(const EVP_MD *md);
+ unsigned long EVP_MD_get_flags(const EVP_MD *md);
 
  const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
  EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx);
- const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx);
- int EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
- int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
- int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
- void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+ const char *EVP_MD_CTX_get0_name(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_get_block_size(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_get_type(const EVP_MD_CTX *ctx);
+ void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx);
 
  const EVP_MD *EVP_md_null(void);
 
@@ -96,7 +96,7 @@
  const EVP_MD *EVP_get_digestbynid(int type);
  const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o);
 
- EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+ EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx);
  void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
 
  void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
@@ -312,13 +312,13 @@
 names registered with the default library context (see
 L<OSSL_LIB_CTX(3)>) will be considered.
 
-=item EVP_MD_number()
+=item EVP_MD_get_number()
 
 Returns the internal dynamic number assigned to the I<md>.  This is
 only useful with fetched B<EVP_MD>s.
 
-=item EVP_MD_name(),
-EVP_MD_CTX_name()
+=item EVP_MD_get0_name(),
+EVP_MD_CTX_get0_name()
 
 Return the name of the given message digest.  For fetched message
 digests with multiple names, only one of them is returned; it's
@@ -329,36 +329,36 @@
 Traverses all names for the I<md>, and calls I<fn> with each name and
 I<data>.  This is only useful with fetched B<EVP_MD>s.
 
-=item EVP_MD_description()
+=item EVP_MD_get0_description()
 
 Returns a description of the digest, meant for display and human consumption.
 The description is at the discretion of the digest implementation.
 
-=item EVP_MD_provider()
+=item EVP_MD_get0_provider()
 
 Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given
 B<EVP_MD>.
 
-=item EVP_MD_size(),
-EVP_MD_CTX_size()
+=item EVP_MD_get_size(),
+EVP_MD_CTX_get_size()
 
 Return the size of the message digest when passed an B<EVP_MD> or an
 B<EVP_MD_CTX> structure, i.e. the size of the hash.
 
-=item EVP_MD_block_size(),
-EVP_MD_CTX_block_size()
+=item EVP_MD_get_block_size(),
+EVP_MD_CTX_get_block_size()
 
 Return the block size of the message digest when passed an B<EVP_MD> or an
 B<EVP_MD_CTX> structure.
 
-=item EVP_MD_type(),
-EVP_MD_CTX_type()
+=item EVP_MD_get_type(),
+EVP_MD_CTX_get_type()
 
 Return the NID of the OBJECT IDENTIFIER representing the given message digest
-when passed an B<EVP_MD> structure.  For example, C<EVP_MD_type(EVP_sha1())>
+when passed an B<EVP_MD> structure.  For example, C<EVP_MD_get_type(EVP_sha1())>
 returns B<NID_sha1>. This function is normally used when setting ASN1 OIDs.
 
-=item EVP_MD_CTX_md_data()
+=item EVP_MD_CTX_get0_md_data()
 
 Return the digest method private data for the passed B<EVP_MD_CTX>.
 The space is allocated by OpenSSL and has the size originally set with
@@ -386,12 +386,12 @@
 
 Returns the update function for I<ctx>.
 
-=item EVP_MD_flags()
+=item EVP_MD_get_flags()
 
 Returns the I<md> flags. Note that these are different from the B<EVP_MD_CTX>
 ones. See L<EVP_MD_meth_set_flags(3)> for more information.
 
-=item EVP_MD_pkey_type()
+=item EVP_MD_get_pkey_type()
 
 Returns the NID of the public key signing algorithm associated with this
 digest. For example EVP_sha1() is associated with RSA so this will return
@@ -410,7 +410,7 @@
 Returns an B<EVP_MD> structure when passed a digest name, a digest B<NID> or an
 B<ASN1_OBJECT> structure respectively.
 
-=item EVP_MD_CTX_pkey_ctx()
+=item EVP_MD_CTX_get_pkey_ctx()
 
 Returns the B<EVP_PKEY_CTX> assigned to I<ctx>. The returned pointer should not
 be freed by the caller.
@@ -568,16 +568,16 @@
 
 Returns 1 if successful or 0 for failure.
 
-=item EVP_MD_type(),
-EVP_MD_pkey_type()
+=item EVP_MD_get_type(),
+EVP_MD_get_pkey_type()
 
 Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none
 exists.
 
-=item EVP_MD_size(),
-EVP_MD_block_size(),
-EVP_MD_CTX_size(),
-EVP_MD_CTX_block_size()
+=item EVP_MD_get_size(),
+EVP_MD_get_block_size(),
+EVP_MD_CTX_get_size(),
+EVP_MD_CTX_get_block_size()
 
 Returns the digest or block size in bytes.
 
@@ -625,9 +625,9 @@
 If digest contexts are not cleaned up after use,
 memory leaks will occur.
 
-EVP_MD_CTX_name(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size(),
-EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined
-as macros.
+EVP_MD_CTX_get0_name(), EVP_MD_CTX_get_size(), EVP_MD_CTX_get_block_size(),
+EVP_MD_CTX_get_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are
+defined as macros.
 
 EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration
 or control.
diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod
index a24db53..86d4270 100644
--- a/doc/man3/EVP_DigestSignInit.pod
+++ b/doc/man3/EVP_DigestSignInit.pod
@@ -165,9 +165,9 @@
 be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak
 will occur.
 
-The use of EVP_PKEY_size() with these functions is discouraged because some
+The use of EVP_PKEY_get_size() with these functions is discouraged because some
 signature operations may have a signature length which depends on the
-parameters set. As a result EVP_PKEY_size() would have to return a value
+parameters set. As a result EVP_PKEY_get_size() would have to return a value
 which indicates the maximum possible signature for any set of parameters.
 
 =head1 SEE ALSO
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 0fc7b1e..ea43e26 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -33,43 +33,46 @@
 EVP_get_cipherbynid,
 EVP_get_cipherbyobj,
 EVP_CIPHER_is_a,
-EVP_CIPHER_name,
-EVP_CIPHER_description,
-EVP_CIPHER_number,
+EVP_CIPHER_get0_name,
+EVP_CIPHER_get0_description,
+EVP_CIPHER_get_number,
 EVP_CIPHER_names_do_all,
-EVP_CIPHER_provider,
-EVP_CIPHER_nid,
+EVP_CIPHER_get0_provider,
+EVP_CIPHER_get_nid,
 EVP_CIPHER_get_params,
 EVP_CIPHER_gettable_params,
-EVP_CIPHER_block_size,
-EVP_CIPHER_key_length,
-EVP_CIPHER_iv_length,
-EVP_CIPHER_flags,
-EVP_CIPHER_mode,
-EVP_CIPHER_type,
+EVP_CIPHER_get_block_size,
+EVP_CIPHER_get_key_length,
+EVP_CIPHER_get_iv_length,
+EVP_CIPHER_get_flags,
+EVP_CIPHER_get_mode,
+EVP_CIPHER_get_type,
 EVP_CIPHER_CTX_cipher,
 EVP_CIPHER_CTX_get0_cipher,
 EVP_CIPHER_CTX_get1_cipher,
-EVP_CIPHER_CTX_name,
-EVP_CIPHER_CTX_nid,
+EVP_CIPHER_CTX_get0_name,
+EVP_CIPHER_CTX_get_nid,
 EVP_CIPHER_CTX_get_params,
 EVP_CIPHER_gettable_ctx_params,
 EVP_CIPHER_CTX_gettable_params,
 EVP_CIPHER_CTX_set_params,
 EVP_CIPHER_settable_ctx_params,
 EVP_CIPHER_CTX_settable_params,
-EVP_CIPHER_CTX_block_size,
-EVP_CIPHER_CTX_key_length,
-EVP_CIPHER_CTX_iv_length,
-EVP_CIPHER_CTX_tag_length,
+EVP_CIPHER_CTX_get_block_size,
+EVP_CIPHER_CTX_get_key_length,
+EVP_CIPHER_CTX_get_iv_length,
+EVP_CIPHER_CTX_get_tag_length,
 EVP_CIPHER_CTX_get_app_data,
 EVP_CIPHER_CTX_set_app_data,
-EVP_CIPHER_CTX_type,
 EVP_CIPHER_CTX_flags,
 EVP_CIPHER_CTX_set_flags,
 EVP_CIPHER_CTX_clear_flags,
 EVP_CIPHER_CTX_test_flags,
-EVP_CIPHER_CTX_mode,
+EVP_CIPHER_CTX_get_type,
+EVP_CIPHER_CTX_get_mode,
+EVP_CIPHER_CTX_get_num,
+EVP_CIPHER_CTX_set_num,
+EVP_CIPHER_CTX_is_encrypting,
 EVP_CIPHER_param_to_asn1,
 EVP_CIPHER_asn1_to_param,
 EVP_CIPHER_CTX_set_padding,
@@ -145,26 +148,26 @@
  const EVP_CIPHER *EVP_get_cipherbynid(int nid);
  const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a);
 
- int EVP_CIPHER_nid(const EVP_CIPHER *e);
- int EVP_CIPHER_number(const EVP_CIPHER *e);
+ int EVP_CIPHER_get_nid(const EVP_CIPHER *e);
+ int EVP_CIPHER_get_number(const EVP_CIPHER *e);
  int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name);
  int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
                              void (*fn)(const char *name, void *data),
                              void *data);
- const char *EVP_CIPHER_name(const EVP_CIPHER *cipher);
- const char *EVP_CIPHER_description(const EVP_CIPHER *cipher);
- const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher);
- int EVP_CIPHER_block_size(const EVP_CIPHER *e);
- int EVP_CIPHER_key_length(const EVP_CIPHER *e);
- int EVP_CIPHER_iv_length(const EVP_CIPHER *e);
- unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e);
- unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e);
- int EVP_CIPHER_type(const EVP_CIPHER *cipher);
+ const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher);
+ const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher);
+ const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher);
+ int EVP_CIPHER_get_block_size(const EVP_CIPHER *e);
+ int EVP_CIPHER_get_key_length(const EVP_CIPHER *e);
+ int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e);
+ unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e);
+ unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e);
+ int EVP_CIPHER_get_type(const EVP_CIPHER *cipher);
 
  const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx);
  EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
- const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx);
+ const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx);
 
  int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
  int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
@@ -174,14 +177,17 @@
  const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher);
  const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx);
  const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx);
  void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
  void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data);
- int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx);
- int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx);
+ int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
+ int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx);
 
  int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
  int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
@@ -196,6 +202,12 @@
 
  const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
 
+Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
+
 =head1 DESCRIPTION
 
 The EVP cipher routines are a high-level interface to certain
@@ -390,7 +402,7 @@
 
 For legacy ciphers - If the cipher doesn't have the flag
 B<EVP_CIPH_FLAG_CUSTOM_CIPHER> set, then I<inl> must be a multiple of
-EVP_CIPHER_block_size().  If it isn't, the result is undefined.  If the cipher
+EVP_CIPHER_get_block_size().  If it isn't, the result is undefined.  If the cipher
 has that flag set, then I<inl> can be any size.
 
 Due to the constraints of the API contract of this function it shouldn't be used
@@ -402,7 +414,7 @@
 Return an EVP_CIPHER structure when passed a cipher name, a NID or an
 ASN1_OBJECT structure.
 
-=item EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid()
+=item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid()
 
 Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
 structure.  The actual NID value is an internal value which may not have a
@@ -426,12 +438,12 @@
 performed, the total amount of data encrypted or decrypted must then
 be a multiple of the block size or an error will occur.
 
-=item EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length()
+=item EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length()
 
 Return the key length of a cipher when passed an B<EVP_CIPHER> or
 B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum
-key length for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for
-a given cipher, the value of EVP_CIPHER_CTX_key_length() may be different for
+key length for all ciphers. Note: although EVP_CIPHER_get_key_length() is fixed for
+a given cipher, the value of EVP_CIPHER_CTX_get_key_length() may be different for
 variable key length ciphers.
 
 =item EVP_CIPHER_CTX_set_key_length()
@@ -440,25 +452,25 @@
 If the cipher is a fixed length cipher then attempting to set the key
 length to any value other than the fixed value is an error.
 
-=item EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length()
+=item EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length()
 
 Return the IV length of a cipher when passed an B<EVP_CIPHER> or
 B<EVP_CIPHER_CTX>. It will return zero if the cipher does not use an IV.
 The constant B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
 
-=item EVP_CIPHER_CTX_tag_length()
+=item EVP_CIPHER_CTX_get_tag_length()
 
 Returns the tag length of an AEAD cipher when passed a B<EVP_CIPHER_CTX>. It will
 return zero if the cipher does not support a tag. It returns a default value if
 the tag length has not been set.
 
-=item EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size()
+=item EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size()
 
 Return the block size of a cipher when passed an B<EVP_CIPHER> or
 B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the
 maximum block length for all ciphers.
 
-=item EVP_CIPHER_type() and EVP_CIPHER_CTX_type()
+=item EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type()
 
 Return the type of the passed cipher or context. This "type" is the actual NID
 of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters
@@ -474,12 +486,12 @@
 EVP_CIPHER_fetch()), only cipher names registered with the default library
 context (see L<OSSL_LIB_CTX(3)>) will be considered.
 
-=item EVP_CIPHER_number()
+=item EVP_CIPHER_get_number()
 
 Returns the internal dynamic number assigned to the I<cipher>.  This is only
 useful with fetched B<EVP_CIPHER>s.
 
-=item EVP_CIPHER_name() and EVP_CIPHER_CTX_name()
+=item EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name()
 
 Return the name of the passed cipher or context.  For fetched ciphers with
 multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all().
@@ -489,12 +501,12 @@
 Traverses all names for the I<cipher>, and calls I<fn> with each name and
 I<data>.  This is only useful with fetched B<EVP_CIPHER>s.
 
-=item EVP_CIPHER_description()
+=item EVP_CIPHER_get0_description()
 
 Returns a description of the cipher, meant for display and human consumption.
 The description is at the discretion of the cipher implementation.
 
-=item EVP_CIPHER_provider()
+=item EVP_CIPHER_get0_provider()
 
 Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given
 B<EVP_CIPHER>.
@@ -505,7 +517,7 @@
 EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to
 the caller.
 
-=item EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode()
+=item EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()
 
 Return the block cipher mode:
 EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE,
@@ -513,11 +525,26 @@
 EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE.
 If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned.
 
-=item EVP_CIPHER_flags()
+=item EVP_CIPHER_get_flags()
 
 Returns any flags associated with the cipher. See L</FLAGS>
 for a list of currently defined flags.
 
+=item EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num()
+
+Gets or sets the cipher specific "num" parameter for the associated I<ctx>.
+Built-in ciphers typically use this to track how much of the current underlying block
+has been "used" already.
+
+=item EVP_CIPHER_CTX_is_encrypting()
+
+Reports whether the I<ctx> is being used for encryption or decryption.
+
+=item EVP_CIPHER_CTX_flags()
+
+A deprecated macro calling C<EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))>.
+Do not use.
+
 =item EVP_CIPHER_param_to_asn1()
 
 Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will
@@ -544,7 +571,7 @@
 Generates a random key of the appropriate length based on the cipher context.
 The B<EVP_CIPHER> can provide its own random key generation routine to support
 keys of a specific form. I<key> must point to a buffer at least as big as the
-value returned by EVP_CIPHER_CTX_key_length().
+value returned by EVP_CIPHER_CTX_get_key_length().
 
 =item EVP_CIPHER_do_all_provided()
 
@@ -570,18 +597,18 @@
 =item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer>
 
 Gets the mode for the associated cipher algorithm I<cipher>.
-See L</EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode()> for a list of valid modes.
-Use EVP_CIPHER_mode() to retrieve the cached value.
+See L</EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()> for a list of valid modes.
+Use EVP_CIPHER_get_mode() to retrieve the cached value.
 
 =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
 
 Gets the key length for the associated cipher algorithm I<cipher>.
-Use EVP_CIPHER_key_length() to retrieve the cached value.
+Use EVP_CIPHER_get_key_length() to retrieve the cached value.
 
 =item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer>
 
 Gets the IV length for the associated cipher algorithm I<cipher>.
-Use EVP_CIPHER_iv_length() to retrieve the cached value.
+Use EVP_CIPHER_get_iv_length() to retrieve the cached value.
 
 =item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer>
 
@@ -591,12 +618,12 @@
 the underlying encryption/decryption primitive.
 For example AES in CTR mode has a block size of 1 (because it operates like a
 stream cipher), even though AES has a block size of 16.
-Use EVP_CIPHER_block_size() to retreive the cached value.
+Use EVP_CIPHER_get_block_size() to retreive the cached value.
 
 =item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer>
 
 Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0.
-Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the
+Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the
 cached value.
 
 =item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer>
@@ -604,7 +631,7 @@
 Gets 1 if the cipher algorithm I<cipher> has a custom IV, otherwise it gets 0.
 Storing and initializing the IV is left entirely to the implementation, if a
 custom IV is used.
-Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the
+Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the
 cached value.
 
 =item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer>
@@ -613,7 +640,7 @@
 otherwise it gets 0.
 This is currently used to indicate that the cipher is a one shot that only
 allows a single call to EVP_CipherUpdate().
-Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the
+Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the
 cached value.
 
 =item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer>
@@ -621,7 +648,7 @@
 Gets 1 if the cipher algorithm I<cipher> supports interleaving of crypto blocks,
 otherwise it gets 0. The interleaving is an optimization only applicable to certain
 TLS ciphers.
-Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the
+Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the
 cached value.
 
 =back
@@ -644,13 +671,13 @@
 Gets or sets the cipher specific "num" parameter for the cipher context I<ctx>.
 Built-in ciphers typically use this to track how much of the current underlying
 block has been "used" already.
-See also EVP_CIPHER_CTX_num() and EVP_CIPHER_CTX_set_num().
+See also EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num().
 
 =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer>
 
 Gets or sets the key length for the cipher context I<ctx>.
 The length of the "keylen" parameter should not exceed that of a B<size_t>.
-See also EVP_CIPHER_CTX_key_length() and EVP_CIPHER_CTX_set_key_length().
+See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length().
 
 =item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string>
 
@@ -723,7 +750,7 @@
 
 Gets the IV length for the cipher context I<ctx>.
 The length of the "ivlen" parameter should not exceed that of a B<size_t>.
-See also EVP_CIPHER_CTX_iv_length().
+See also EVP_CIPHER_CTX_get_iv_length().
 
 =item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr>
 
@@ -749,7 +776,7 @@
 Gets the tag length to be used for an AEAD cipher for the associated cipher
 context I<ctx>. It gets a default value if it has not been set.
 The length of the "taglen" parameter should not exceed that of a B<size_t>.
-See also EVP_CIPHER_CTX_tag_length().
+See also EVP_CIPHER_CTX_get_tag_length().
 
 =item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer>
 
@@ -1116,27 +1143,38 @@
 EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
 return an B<EVP_CIPHER> structure or NULL on error.
 
-EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
+EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() return a NID.
 
-EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
-size.
+EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() return the
+block size.
 
-EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() return the key
 length.
 
 EVP_CIPHER_CTX_set_padding() always returns 1.
 
-EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return the IV
 length or zero if the cipher does not use an IV.
 
-EVP_CIPHER_CTX_tag_length() return the tag length or zero if the cipher does not
-use a tag.
+EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the cipher
+does not use a tag.
 
-EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
-OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
+EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() return the NID of the
+cipher's OBJECT IDENTIFIER or NID_undef if it has no defined
+OBJECT IDENTIFIER.
 
 EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
 
+EVP_CIPHER_CTX_get_num() returns a nonnegative num value or
+B<EVP_CTRL_RET_UNSUPPORTED> if the implementation does not support the call
+or on any other error.
+
+EVP_CIPHER_CTX_set_num() returns 1 on success and 0 if the implementation
+does not support the call or on any other error.
+
+EVP_CIPHER_CTX_is_encrypting() returns 1 if the I<ctx> is set up for encryption
+0 otherwise.
+
 EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater
 than zero for success and zero or a negative number on failure.
 
@@ -1463,8 +1501,8 @@
      ctx = EVP_CIPHER_CTX_new();
      EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL,
                         do_encrypt, NULL);
-     OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16);
-     OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
+     OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16);
+     OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16);
 
      /* Now we can set key and IV */
      EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL);
@@ -1577,6 +1615,8 @@
 EVP_CIPHER_CTX_settable_params() and EVP_CIPHER_CTX_gettable_params()
 functions were added in 3.0.
 
+The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod
index 08b15f0..2fd6651 100644
--- a/doc/man3/EVP_KDF.pod
+++ b/doc/man3/EVP_KDF.pod
@@ -5,8 +5,9 @@
 EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref,
 EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup,
 EVP_KDF_CTX_reset, EVP_KDF_derive,
-EVP_KDF_CTX_get_kdf_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a,
-EVP_KDF_number, EVP_KDF_name, EVP_KDF_names_do_all, EVP_KDF_description,
+EVP_KDF_CTX_get_kdf_size,
+EVP_KDF_get0_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, EVP_KDF_get_number,
+EVP_KDF_get0_name, EVP_KDF_names_do_all, EVP_KDF_get0_description,
 EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided,
 EVP_KDF_get_params, EVP_KDF_gettable_params,
 EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params,
@@ -31,11 +32,11 @@
  void EVP_KDF_free(EVP_KDF *kdf);
  EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
                         const char *properties);
- int EVP_KDF_number(const EVP_KDF *kdf);
+ int EVP_KDF_get_number(const EVP_KDF *kdf);
  int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name);
- const char *EVP_KDF_name(const EVP_KDF *kdf);
- const char *EVP_KDF_description(const EVP_KDF *kdf);
- const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
+ const char *EVP_KDF_get0_name(const EVP_KDF *kdf);
+ const char *EVP_KDF_get0_description(const EVP_KDF *kdf);
+ const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf);
  void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx,
                               void (*fn)(EVP_KDF *kdf, void *arg),
                               void *arg);
@@ -50,7 +51,7 @@
  const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf);
  const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf);
  const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf);
- const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
+ const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf);
 
 =head1 DESCRIPTION
 
@@ -162,7 +163,7 @@
 EVP_KDF_is_a() returns 1 if I<kdf> is an implementation of an
 algorithm that's identifiable with I<name>, otherwise 0.
 
-EVP_KDF_provider() returns the provider that holds the implementation
+EVP_KDF_get0_provider() returns the provider that holds the implementation
 of the given I<kdf>.
 
 EVP_KDF_do_all_provided() traverses all KDF implemented by all activated
@@ -170,19 +171,19 @@
 implementations, calls the given function I<fn> with the implementation method
 and the given I<arg> as argument.
 
-EVP_KDF_number() returns the internal dynamic number assigned to
+EVP_KDF_get_number() returns the internal dynamic number assigned to
 I<kdf>.
 
-EVP_KDF_name() return the name of the given KDF.  For fetched KDFs
+EVP_KDF_get0_name() return the name of the given KDF.  For fetched KDFs
 with multiple names, only one of them is returned; it's
 recommended to use EVP_KDF_names_do_all() instead.
 
 EVP_KDF_names_do_all() traverses all names for I<kdf>, and calls
 I<fn> with each name and I<data>.
 
-EVP_KDF_description() returns a description of the I<kdf>, meant for display
-and human consumption.  The description is at the discretion of the I<kdf>
-implementation.
+EVP_KDF_get0_description() returns a description of the I<kdf>, meant for
+display and human consumption.  The description is at the discretion of
+the I<kdf> implementation.
 
 =head1 PARAMETERS
 
@@ -262,7 +263,7 @@
 EVP_KDF_fetch() returns a pointer to a newly fetched B<EVP_KDF>, or
 NULL if allocation failed.
 
-EVP_KDF_provider() returns a pointer to the provider for the KDF, or
+EVP_KDF_get0_provider() returns a pointer to the provider for the KDF, or
 NULL on error.
 
 EVP_KDF_up_ref() returns 1 on success, 0 on error.
@@ -275,7 +276,7 @@
 EVP_KDF_CTX_get_kdf_size() returns the output size.  B<SIZE_MAX> is returned to indicate
 that the algorithm produces a variable amount of output; 0 to indicate failure.
 
-EVP_KDF_name() returns the name of the KDF, or NULL on error.
+EVP_KDF_get0_name() returns the name of the KDF, or NULL on error.
 
 EVP_KDF_names_do_all() returns 1 if the callback was called for all names. A
 return value of 0 means that the callback was not called for any names.
diff --git a/doc/man3/EVP_KEM_free.pod b/doc/man3/EVP_KEM_free.pod
index 13600c5..7668258 100644
--- a/doc/man3/EVP_KEM_free.pod
+++ b/doc/man3/EVP_KEM_free.pod
@@ -3,8 +3,8 @@
 =head1 NAME
 
 EVP_KEM_fetch, EVP_KEM_free, EVP_KEM_up_ref,
-EVP_KEM_number, EVP_KEM_name, EVP_KEM_is_a, EVP_KEM_provider,
-EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_description,
+EVP_KEM_get_number, EVP_KEM_get0_name, EVP_KEM_is_a, EVP_KEM_get0_provider,
+EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_get0_description,
 EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params
 - Functions to manage EVP_KEM algorithm objects
 
@@ -16,15 +16,15 @@
                         const char *properties);
  void EVP_KEM_free(EVP_KEM *kem);
  int EVP_KEM_up_ref(EVP_KEM *kem);
- int EVP_KEM_number(const EVP_KEM *kem);
- const char *EVP_KEM_name(const EVP_KEM *kem);
+ int EVP_KEM_get_number(const EVP_KEM *kem);
+ const char *EVP_KEM_get0_name(const EVP_KEM *kem);
  int EVP_KEM_is_a(const EVP_KEM *kem, const char *name);
- OSSL_PROVIDER *EVP_KEM_provider(const EVP_KEM *kem);
+ OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem);
  void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx,
                               void (*fn)(EVP_KEM *kem, void *arg), void *arg);
  int EVP_KEM_names_do_all(const EVP_KEM *kem,
                           void (*fn)(const char *name, void *data), void *data);
- const char *EVP_KEM_description(const EVP_KEM *kem);
+ const char *EVP_KEM_get0_description(const EVP_KEM *kem);
  const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem);
  const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem);
 
@@ -48,16 +48,16 @@
 EVP_KEM_is_a() returns 1 if I<kem> is an implementation of an
 algorithm that's identifiable with I<name>, otherwise 0.
 
-EVP_KEM_provider() returns the provider that I<kem> was fetched from.
+EVP_KEM_get0_provider() returns the provider that I<kem> was fetched from.
 
 EVP_KEM_do_all_provided() traverses all EVP_KEMs implemented by all activated
 providers in the given library context I<libctx>, and for each of the
 implementations, calls the given function I<fn> with the implementation method
 and the given I<arg> as argument.
 
-EVP_KEM_number() returns the internal dynamic number assigned to I<kem>.
+EVP_KEM_get_number() returns the internal dynamic number assigned to I<kem>.
 
-EVP_KEM_name() returns the algorithm name from the provided
+EVP_KEM_get0_name() returns the algorithm name from the provided
 implementation for the given I<kem>. Note that the I<kem> may have
 multiple synonyms associated with it. In this case the first name from the
 algorithm definition is returned. Ownership of the returned string is retained
@@ -66,9 +66,9 @@
 EVP_KEM_names_do_all() traverses all names for I<kem>, and calls I<fn> with
 each name and I<data>.
 
-EVP_KEM_description() returns a description of the I<kem>, meant for display
-and human consumption.  The description is at the discretion of the I<kem>
-implementation.
+EVP_KEM_get0_description() returns a description of the I<kem>, meant for
+display and human consumption.  The description is at the discretion of
+the I<kem> implementation.
 
 EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() return
 a constant B<OSSL_PARAM> array that describes the names and types of key
diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod
index d0a0b6e..28eaf52 100644
--- a/doc/man3/EVP_KEYEXCH_free.pod
+++ b/doc/man3/EVP_KEYEXCH_free.pod
@@ -2,10 +2,10 @@
 
 =head1 NAME
 
-EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_provider,
-EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided,
-EVP_KEYEXCH_number, EVP_KEYEXCH_names_do_all,
-EVP_KEYEXCH_name, EVP_KEYEXCH_description,
+EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref,
+EVP_KEYEXCH_get0_provider, EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided,
+EVP_KEYEXCH_get_number, EVP_KEYEXCH_names_do_all,
+EVP_KEYEXCH_get0_name, EVP_KEYEXCH_get0_description,
 EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params
 - Functions to manage EVP_KEYEXCH algorithm objects
 
@@ -17,17 +17,17 @@
                                 const char *properties);
  void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange);
  int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange);
- OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange);
+ OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange);
  int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name);
- int EVP_KEYEXCH_number(const EVP_KEYEXCH *exchange);
- const char *EVP_KEYEXCH_name(const EVP_KEYEXCH *exchange);
+ int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *exchange);
+ const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *exchange);
  void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx,
                                   void (*fn)(EVP_KEYEXCH *exchange, void *arg),
                                   void *arg);
  int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange,
                               void (*fn)(const char *name, void *data),
                               void *data);
- const char *EVP_KEYEXCH_description(const EVP_KEYEXCH *keyexch);
+ const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch);
  const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch);
  const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch);
 
@@ -48,15 +48,16 @@
 EVP_KEYEXCH_up_ref() increments the reference count for an B<EVP_KEYEXCH>
 structure.
 
-EVP_KEYEXCH_provider() returns the provider that I<exchange> was fetched from.
+EVP_KEYEXCH_get0_provider() returns the provider that I<exchange> was
+fetched from.
 
 EVP_KEYEXCH_is_a() checks if I<exchange> is an implementation of an
 algorithm that's identifiable with I<name>.
 
-EVP_KEYEXCH_number() returns the internal dynamic number assigned to
+EVP_KEYEXCH_get_number() returns the internal dynamic number assigned to
 the I<exchange>.
 
-EVP_KEYEXCH_name() returns the algorithm name from the provided
+EVP_KEYEXCH_get0_name() returns the algorithm name from the provided
 implementation for the given I<exchange>. Note that the I<exchange> may have
 multiple synonyms associated with it. In this case the first name from the
 algorithm definition is returned. Ownership of the returned string is retained
@@ -65,9 +66,9 @@
 EVP_KEYEXCH_names_do_all() traverses all names for the I<exchange>, and
 calls I<fn> with each name and I<data>.
 
-EVP_KEYEXCH_description() returns a description of the I<keyexch>, meant for
-display and human consumption.  The description is at the discretion of the
-I<keyexch> implementation.
+EVP_KEYEXCH_get0_description() returns a description of the I<keyexch>, meant
+for display and human consumption.  The description is at the discretion of
+the I<keyexch> implementation.
 
 EVP_KEYEXCH_do_all_provided() traverses all key exchange implementations by
 all activated providers in the library context I<libctx>, and for each
@@ -92,7 +93,7 @@
 EVP_KEYEXCH_is_a() returns 1 of I<exchange> was identifiable,
 otherwise 0.
 
-EVP_KEYEXCH_number() returns an integer.
+EVP_KEYEXCH_get_number() returns an integer.
 
 EVP_KEYEXCH_gettable_ctx_params() and EVP_KEYEXCH_settable_ctx_params() return
 a constant B<OSSL_PARAM> array or NULL on error.
diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod
index 9f143cd..de5a925 100644
--- a/doc/man3/EVP_KEYMGMT.pod
+++ b/doc/man3/EVP_KEYMGMT.pod
@@ -6,11 +6,11 @@
 EVP_KEYMGMT_fetch,
 EVP_KEYMGMT_up_ref,
 EVP_KEYMGMT_free,
-EVP_KEYMGMT_provider,
+EVP_KEYMGMT_get0_provider,
 EVP_KEYMGMT_is_a,
-EVP_KEYMGMT_number,
-EVP_KEYMGMT_description,
-EVP_KEYMGMT_name,
+EVP_KEYMGMT_get_number,
+EVP_KEYMGMT_get0_description,
+EVP_KEYMGMT_get0_name,
 EVP_KEYMGMT_do_all_provided,
 EVP_KEYMGMT_names_do_all,
 EVP_KEYMGMT_gettable_params,
@@ -28,11 +28,11 @@
                                 const char *properties);
  int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
  void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt);
- const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt);
+ const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt);
  int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name);
- int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt);
- const char *EVP_KEYMGMT_name(const EVP_KEYMGMT *keymgmt);
- const char *EVP_KEYMGMT_description(const EVP_KEYMGMT *keymgmt);
+ int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt);
+ const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt);
+ const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt);
 
  void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx,
                                   void (*fn)(EVP_KEYMGMT *keymgmt, void *arg),
@@ -65,27 +65,27 @@
 EVP_KEYMGMT_free() decrements the reference count for the given
 B<EVP_KEYMGMT> I<keymgmt>, and when the count reaches zero, frees it.
 
-EVP_KEYMGMT_provider() returns the provider that has this particular
+EVP_KEYMGMT_get0_provider() returns the provider that has this particular
 implementation.
 
 EVP_KEYMGMT_is_a() checks if I<keymgmt> is an implementation of an
 algorithm that's identifiable with I<name>.
 
-EVP_KEYMGMT_number() returns the internal dynamic number assigned to
+EVP_KEYMGMT_get_number() returns the internal dynamic number assigned to
 the I<keymgmt>.
 
-EVP_KEYMGMT_name() returns the algorithm name from the provided implementation
-for the given I<keymgmt>. Note that the I<keymgmt> may have multiple synonyms
-associated with it. In this case the first name from the algorithm
-definition is returned. Ownership of the returned string is retained by the
-I<keymgmt> object and should not be freed by the caller.
+EVP_KEYMGMT_get0_name() returns the algorithm name from the provided
+implementation for the given I<keymgmt>. Note that the I<keymgmt> may have
+multiple synonyms associated with it. In this case the first name from the
+algorithm definition is returned. Ownership of the returned string is
+retained by the I<keymgmt> object and should not be freed by the caller.
 
 EVP_KEYMGMT_names_do_all() traverses all names for the I<keymgmt>, and
 calls I<fn> with each name and I<data>.
 
-EVP_KEYMGMT_description() returns a description of the I<keymgmt>, meant for
-display and human consumption.  The description is at the discretion of the
-I<keymgmt> implementation.
+EVP_KEYMGMT_get0_description() returns a description of the I<keymgmt>, meant
+for display and human consumption.  The description is at the discretion
+of the I<keymgmt> implementation.
 
 EVP_KEYMGMT_do_all_provided() traverses all key keymgmt implementations by
 all activated providers in the library context I<libctx>, and for each
@@ -121,17 +121,17 @@
 
 EVP_KEYMGMT_free() doesn't return any value.
 
-EVP_KEYMGMT_provider() returns a pointer to a provider object, or NULL
+EVP_KEYMGMT_get0_provider() returns a pointer to a provider object, or NULL
 on error.
 
 EVP_KEYMGMT_is_a() returns 1 of I<keymgmt> was identifiable,
 otherwise 0.
 
-EVP_KEYMGMT_number() returns an integer.
+EVP_KEYMGMT_get_number() returns an integer.
 
-EVP_KEYMGMT_name() returns the algorithm name, or NULL on error.
+EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error.
 
-EVP_KEYMGMT_description() returns a pointer to a decription, or NULL if
+EVP_KEYMGMT_get0_description() returns a pointer to a decription, or NULL if
 there isn't one.
 
 EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and
diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod
index 0fc3400..6468e22 100644
--- a/doc/man3/EVP_MAC.pod
+++ b/doc/man3/EVP_MAC.pod
@@ -3,10 +3,11 @@
 =head1 NAME
 
 EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a,
-EVP_MAC_number, EVP_MAC_name, EVP_MAC_names_do_all, EVP_MAC_description,
-EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params,
+EVP_MAC_get_number, EVP_MAC_get0_name, EVP_MAC_names_do_all,
+EVP_MAC_get0_description,
+EVP_MAC_get0_provider, EVP_MAC_get_params, EVP_MAC_gettable_params,
 EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup,
-EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
+EVP_MAC_CTX_get0_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
 EVP_MAC_CTX_get_mac_size, EVP_MAC_CTX_get_block_size, EVP_Q_mac,
 EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF,
 EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params,
@@ -25,19 +26,19 @@
  int EVP_MAC_up_ref(EVP_MAC *mac);
  void EVP_MAC_free(EVP_MAC *mac);
  int EVP_MAC_is_a(const EVP_MAC *mac, const char *name);
- int EVP_MAC_number(const EVP_MAC *mac);
- const char *EVP_MAC_name(const EVP_MAC *mac);
+ int EVP_MAC_get_number(const EVP_MAC *mac);
+ const char *EVP_MAC_get0_name(const EVP_MAC *mac);
  int EVP_MAC_names_do_all(const EVP_MAC *mac,
                           void (*fn)(const char *name, void *data),
                           void *data);
- const char *EVP_MAC_description(const EVP_MAC *mac);
- const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac);
+ const char *EVP_MAC_get0_description(const EVP_MAC *mac);
+ const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac);
  int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
 
  EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
  void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
  EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
- EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
+ EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx);
  int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
  int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
 
@@ -121,7 +122,7 @@
 EVP_MAC_CTX_dup() duplicates the I<src> context and returns a newly allocated
 context.
 
-EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context
+EVP_MAC_CTX_get0_mac() returns the B<EVP_MAC> associated with the context
 I<ctx>.
 
 =head2 Computing functions
@@ -219,7 +220,7 @@
 EVP_MAC_is_a() checks if the given I<mac> is an implementation of an
 algorithm that's identifiable with I<name>.
 
-EVP_MAC_provider() returns the provider that holds the implementation
+EVP_MAC_get0_provider() returns the provider that holds the implementation
 of the given I<mac>.
 
 EVP_MAC_do_all_provided() traverses all MAC implemented by all activated
@@ -227,19 +228,19 @@
 implementations, calls the given function I<fn> with the implementation method
 and the given I<arg> as argument.
 
-EVP_MAC_number() returns the internal dynamic number assigned to
+EVP_MAC_get_number() returns the internal dynamic number assigned to
 I<mac>.
 
-EVP_MAC_name() return the name of the given MAC.  For fetched MACs
+EVP_MAC_get0_name() return the name of the given MAC.  For fetched MACs
 with multiple names, only one of them is returned; it's
 recommended to use EVP_MAC_names_do_all() instead.
 
 EVP_MAC_names_do_all() traverses all names for I<mac>, and calls
 I<fn> with each name and I<data>.
 
-EVP_MAC_description() returns a description of the I<mac>, meant for display
-and human consumption.  The description is at the discretion of the mac
-implementation.
+EVP_MAC_get0_description() returns a description of the I<mac>, meant
+for display and human consumption.  The description is at the discretion
+of the mac implementation.
 
 =head1 PARAMETERS
 
@@ -364,9 +365,9 @@
 EVP_MAC_is_a() returns 1 if the given method can be identified with
 the given name, otherwise 0.
 
-EVP_MAC_name() returns a name of the MAC, or NULL on error.
+EVP_MAC_get0_name() returns a name of the MAC, or NULL on error.
 
-EVP_MAC_provider() returns a pointer to the provider for the MAC, or
+EVP_MAC_get0_provider() returns a pointer to the provider for the MAC, or
 NULL on error.
 
 EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly
diff --git a/doc/man3/EVP_MD_meth_new.pod b/doc/man3/EVP_MD_meth_new.pod
index e2db3fc..698216a 100644
--- a/doc/man3/EVP_MD_meth_new.pod
+++ b/doc/man3/EVP_MD_meth_new.pod
@@ -144,7 +144,7 @@
 from one B<EVP_MD_CTX> to another.  If all that's needed is to copy
 the data, there is no need for this copy function.
 Note that the copy function is passed two B<EVP_MD_CTX *>, the private
-data structure is then available with EVP_MD_CTX_md_data().
+data structure is then available with EVP_MD_CTX_get0_md_data().
 This copy function is called by EVP_MD_CTX_copy() and
 EVP_MD_CTX_copy_ex().
 
@@ -152,7 +152,7 @@
 cleanup before the method's private data structure is cleaned out and
 freed.
 Note that the cleanup function is passed a B<EVP_MD_CTX *>, the
-private data structure is then available with EVP_MD_CTX_md_data().
+private data structure is then available with EVP_MD_CTX_get0_md_data().
 This cleanup function is called by EVP_MD_CTX_reset() and
 EVP_MD_CTX_free().
 
diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
index 4a51559..cc50d36 100644
--- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod
+++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
@@ -197,10 +197,10 @@
  int (*pkey_security_bits) (const EVP_PKEY *pk);
 
 The pkey_size() method returns the key size in bytes.
-It's called by L<EVP_PKEY_size(3)>.
+It's called by L<EVP_PKEY_get_size(3)>.
 
 The pkey_bits() method returns the key size in bits.
-It's called by L<EVP_PKEY_bits(3)>.
+It's called by L<EVP_PKEY_get_bits(3)>.
 
  int (*param_decode) (EVP_PKEY *pkey,
                       const unsigned char **pder, int derlen);
diff --git a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
index aae31710..f169636 100644
--- a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
+++ b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod
@@ -4,14 +4,14 @@
 
 EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt,
 EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info,
-EVP_PKEY_CTX_hkdf_mode -
+EVP_PKEY_CTX_set_hkdf_mode -
 HMAC-based Extract-and-Expand key derivation algorithm
 
 =head1 SYNOPSIS
 
  #include <openssl/kdf.h>
 
- int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode);
+ int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *pctx, int mode);
 
  int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md);
 
@@ -33,8 +33,8 @@
 "expands" the key K into several additional pseudorandom keys (the output
 of the KDF).
 
-EVP_PKEY_CTX_hkdf_mode() sets the mode for the HKDF operation. There are three
-modes that are currently defined:
+EVP_PKEY_CTX_set_hkdf_mode() sets the mode for the HKDF operation. There
+are three modes that are currently defined:
 
 =over 4
 
diff --git a/doc/man3/EVP_PKEY_size.pod b/doc/man3/EVP_PKEY_get_size.pod
similarity index 71%
rename from doc/man3/EVP_PKEY_size.pod
rename to doc/man3/EVP_PKEY_get_size.pod
index 786c503..0af189e 100644
--- a/doc/man3/EVP_PKEY_size.pod
+++ b/doc/man3/EVP_PKEY_get_size.pod
@@ -2,20 +2,20 @@
 
 =head1 NAME
 
-EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits
+EVP_PKEY_get_size, EVP_PKEY_get_bits, EVP_PKEY_get_security_bits
 - EVP_PKEY information functions
 
 =head1 SYNOPSIS
 
  #include <openssl/evp.h>
 
- int EVP_PKEY_size(const EVP_PKEY *pkey);
- int EVP_PKEY_bits(const EVP_PKEY *pkey);
- int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+ int EVP_PKEY_get_size(const EVP_PKEY *pkey);
+ int EVP_PKEY_get_bits(const EVP_PKEY *pkey);
+ int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey);
 
 =head1 DESCRIPTION
 
-EVP_PKEY_size() returns the maximum suitable size for the output
+EVP_PKEY_get_size() returns the maximum suitable size for the output
 buffers for almost all operations that can be done with I<pkey>.
 The primary documented use is with L<EVP_SignFinal(3)> and
 L<EVP_SealInit(3)>, but it isn't limited there.  The returned size is
@@ -24,38 +24,38 @@
 
 It must be stressed that, unless the documentation for the operation
 that's being performed says otherwise, the size returned by
-EVP_PKEY_size() is only preliminary and not exact, so the final
+EVP_PKEY_get_size() is only preliminary and not exact, so the final
 contents of the target buffer may be smaller.  It is therefore crucial
 to take note of the size given back by the function that performs the
 operation, such as L<EVP_PKEY_sign(3)> (the I<siglen> argument will
 receive that length), to avoid bugs.
 
-EVP_PKEY_bits() returns the cryptographic length of the cryptosystem
+EVP_PKEY_get_bits() returns the cryptographic length of the cryptosystem
 to which the key in I<pkey> belongs, in bits.  Note that the definition
 of cryptographic length is specific to the key cryptosystem.
 
-EVP_PKEY_security_bits() returns the number of security bits of the given
+EVP_PKEY_get_security_bits() returns the number of security bits of the given
 I<pkey>, bits of security is defined in NIST SP800-57.
 
 =head1 RETURN VALUES
 
-EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a
-positive number, or 0 if this size isn't available.
+EVP_PKEY_get_size(), EVP_PKEY_get_bits() and EVP_PKEY_get_security_bits()
+return a positive number, or 0 if this size isn't available.
 
 =head1 NOTES
 
 Most functions that have an output buffer and are mentioned with
-EVP_PKEY_size() have a functionality where you can pass NULL for the
+EVP_PKEY_get_size() have a functionality where you can pass NULL for the
 buffer and still pass a pointer to an integer and get the exact size
 that this function call delivers in the context that it's called in.
 This allows those functions to be called twice, once to find out the
 exact buffer size, then allocate the buffer in between, and call that
 function again actually output the data.  For those functions, it
-isn't strictly necessary to call EVP_PKEY_size() to find out the
+isn't strictly necessary to call EVP_PKEY_get_size() to find out the
 buffer size, but may be useful in cases where it's desirable to know
 the upper limit in advance.
 
-It should also be especially noted that EVP_PKEY_size() shouldn't be
+It should also be especially noted that EVP_PKEY_get_size() shouldn't be
 used to get the output size for EVP_DigestSignFinal(), according to
 L<EVP_DigestSignFinal(3)/NOTES>.
 
diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod
index d98d7c2..89b93c9 100644
--- a/doc/man3/EVP_PKEY_new.pod
+++ b/doc/man3/EVP_PKEY_new.pod
@@ -7,7 +7,7 @@
 EVP_PKEY_up_ref,
 EVP_PKEY_dup,
 EVP_PKEY_free,
-EVP_PKEY_description,
+EVP_PKEY_get0_description,
 EVP_PKEY_new_raw_private_key_ex,
 EVP_PKEY_new_raw_private_key,
 EVP_PKEY_new_raw_public_key_ex,
@@ -28,7 +28,7 @@
  int EVP_PKEY_up_ref(EVP_PKEY *key);
  EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *key);
  void EVP_PKEY_free(EVP_PKEY *key);
- const char *EVP_PKEY_description(const EVP_PKEY *key);
+ const char *EVP_PKEY_get0_description(const EVP_PKEY *key);
 
  EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx,
                                            const char *keytype,
@@ -92,9 +92,9 @@
 EVP_PKEY_free() decrements the reference count of I<key> and, if the reference
 count is zero, frees it up. If I<key> is NULL, nothing is done.
 
-EVP_PKEY_description() returns a description of the type of B<EVP_PKEY>, meant
-for display and human consumption.  The description is at the discretion of the
-key type implementation.
+EVP_PKEY_get0_description() returns a description of the type of B<EVP_PKEY>,
+meant for display and human consumption.  The description is at the
+discretion of the key type implementation.
 
 EVP_PKEY_new_raw_private_key_ex() allocates a new B<EVP_PKEY>. Unless an
 engine should be used for the key type, a provider for the key is found using
diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod
index e905024..e3b81a5 100644
--- a/doc/man3/EVP_PKEY_set1_RSA.pod
+++ b/doc/man3/EVP_PKEY_set1_RSA.pod
@@ -8,7 +8,7 @@
 EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
 EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
 EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
-EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id,
+EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_get_id, EVP_PKEY_get_base_id,
 EVP_PKEY_set1_engine, EVP_PKEY_get0_engine -
 EVP_PKEY assignment functions
 
@@ -16,8 +16,8 @@
 
  #include <openssl/evp.h>
 
- int EVP_PKEY_id(const EVP_PKEY *pkey);
- int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_get_id(const EVP_PKEY *pkey);
+ int EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
  int EVP_PKEY_type(int type);
 
 Deprecated since OpenSSL 3.0, can be hidden entirely by defining
@@ -55,13 +55,14 @@
 
 =head1 DESCRIPTION
 
-EVP_PKEY_base_id() returns the type of I<pkey>. For example
+EVP_PKEY_get_base_id() returns the type of I<pkey>. For example
 an RSA key will return B<EVP_PKEY_RSA>.
 
-EVP_PKEY_id() returns the actual OID associated with I<pkey>. Historically keys
-using the same algorithm could use different OIDs. For example an RSA key could
-use the OIDs corresponding to the NIDs B<NID_rsaEncryption> (equivalent to
-B<EVP_PKEY_RSA>) or B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
+EVP_PKEY_get_id() returns the actual OID associated with I<pkey>.
+Historically keys using the same algorithm could use different OIDs.
+For example an RSA key could use the OIDs corresponding to
+the NIDs B<NID_rsaEncryption> (equivalent to B<EVP_PKEY_RSA>) or
+B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
 alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not
 often seen in practice.
 
@@ -133,7 +134,7 @@
 The following functions are only reliable with B<EVP_PKEY>s that have
 been assigned an internal key with EVP_PKEY_assign_*():
 
-EVP_PKEY_id(), EVP_PKEY_base_id(), EVP_PKEY_type()
+EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type()
 
 For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic.
 
@@ -163,12 +164,12 @@
 type to B<EVP_PKEY_SM2> in that case, instead of B<EVP_PKEY_EC>.
 
 Most applications wishing to know a key type will simply call
-EVP_PKEY_base_id() and will not care about the actual type:
+EVP_PKEY_get_base_id() and will not care about the actual type:
 which will be identical in almost all cases.
 
 Previous versions of this document suggested using EVP_PKEY_type(pkey->type)
 to determine the type of a key. Since B<EVP_PKEY> is now opaque this
-is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).
+is no longer possible: the equivalent is EVP_PKEY_get_base_id(pkey).
 
 EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM
 key as part of its routine to load a private key.
@@ -186,7 +187,7 @@
 EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
 and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
 
-EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
+EVP_PKEY_get_base_id(), EVP_PKEY_get_id() and EVP_PKEY_type() return a key
 type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
 
 EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.
diff --git a/doc/man3/EVP_PKEY_set_type.pod b/doc/man3/EVP_PKEY_set_type.pod
index e5111a5..9ba460c 100644
--- a/doc/man3/EVP_PKEY_set_type.pod
+++ b/doc/man3/EVP_PKEY_set_type.pod
@@ -35,7 +35,7 @@
 I<type>.
 
 For both EVP_PKEY_set_type() and EVP_PKEY_set_type_str(), I<pkey> gets
-a numeric type, which can be retrieved with L<EVP_PKEY_id(3)>.  This
+a numeric type, which can be retrieved with L<EVP_PKEY_get_id(3)>.  This
 numeric type is taken from the L<EVP_PKEY_ASN1_METHOD(3)> that was
 found, and is equal to or closely related to I<type> in the case of
 EVP_PKEY_set_type(), or related to I<str> in the case of
@@ -44,7 +44,7 @@
 EVP_PKEY_set_type_by_keymgmt() initialises I<pkey> to contain an
 internal provider side key.  When doing this, it associates I<pkey>
 with I<keymgmt>.  For keys initialised like this, the numeric type
-retrieved with L<EVP_PKEY_id(3)> will always be B<EVP_PKEY_NONE>.
+retrieved with L<EVP_PKEY_get_id(3)> will always be B<EVP_PKEY_NONE>.
 
 =head1 RETURN VALUES
 
@@ -52,7 +52,7 @@
 
 =head1 SEE ALSO
 
-L<EVP_PKEY_assign(3)>, L<EVP_PKEY_id(3)>, L<EVP_PKEY_get0_RSA(3)>,
+L<EVP_PKEY_assign(3)>, L<EVP_PKEY_get_id(3)>, L<EVP_PKEY_get0_RSA(3)>,
 L<EVP_PKEY_copy_parameters(3)>, L<EVP_PKEY_ASN1_METHOD(3)>,
 L<EVP_KEYMGMT(3)>
 
diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod
index b2d1e18..bcee801 100644
--- a/doc/man3/EVP_RAND.pod
+++ b/doc/man3/EVP_RAND.pod
@@ -5,10 +5,11 @@
 EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX,
 EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_instantiate,
 EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce,
-EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_strength,
-EVP_RAND_state,
-EVP_RAND_provider, EVP_RAND_CTX_rand, EVP_RAND_is_a, EVP_RAND_number,
-EVP_RAND_name, EVP_RAND_names_do_all, EVP_RAND_description,
+EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength,
+EVP_RAND_get_state,
+EVP_RAND_get0_provider, EVP_RAND_CTX_get0_rand, EVP_RAND_is_a,
+EVP_RAND_get_number, EVP_RAND_get0_name, EVP_RAND_names_do_all,
+EVP_RAND_get0_description,
 EVP_RAND_CTX_get_params,
 EVP_RAND_CTX_set_params, EVP_RAND_do_all_provided, EVP_RAND_get_params,
 EVP_RAND_gettable_ctx_params, EVP_RAND_settable_ctx_params,
@@ -29,7 +30,7 @@
  void EVP_RAND_free(EVP_RAND *rand);
  EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent);
  void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx);
- EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx);
+ EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx);
  int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]);
  int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]);
  int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]);
@@ -38,11 +39,11 @@
  const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand);
  const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx);
  const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx);
- int EVP_RAND_number(const EVP_RAND *rand);
- const char *EVP_RAND_name(const EVP_RAND *rand);
- const char *EVP_RAND_description(const EVP_RAND *rand);
+ int EVP_RAND_get_number(const EVP_RAND *rand);
+ const char *EVP_RAND_get0_name(const EVP_RAND *rand);
+ const char *EVP_RAND_get0_description(const EVP_RAND *rand);
  int EVP_RAND_is_a(const EVP_RAND *rand, const char *name);
- const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand);
+ const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand);
  void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
                                void (*fn)(EVP_RAND *rand, void *arg),
                                void *arg);
@@ -64,8 +65,8 @@
  int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen);
  int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx);
  int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx);
- unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx);
- int EVP_RAND_state(EVP_RAND_CTX *ctx);
+ unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx);
+ int EVP_RAND_get_state(EVP_RAND_CTX *ctx);
 
  #define EVP_RAND_STATE_UNINITIALISED    0
  #define EVP_RAND_STATE_READY            1
@@ -121,7 +122,7 @@
 EVP_RAND_CTX_free() frees up the context I<ctx>.  If I<ctx> is NULL, nothing
 is done.
 
-EVP_RAND_CTX_rand() returns the B<EVP_RAND> associated with the context
+EVP_RAND_CTX_get0_rand() returns the B<EVP_RAND> associated with the context
 I<ctx>.
 
 =head2 Random Number Generator Functions
@@ -209,9 +210,9 @@
 
 =head2 Information functions
 
-EVP_RAND_strength() returns the security strength of the RAND I<ctx>.
+EVP_RAND_get_strength() returns the security strength of the RAND I<ctx>.
 
-EVP_RAND_state() returns the current state of the RAND I<ctx>.
+EVP_RAND_get_state() returns the current state of the RAND I<ctx>.
 States defined by the OpenSSL RNGs are:
 
 =over 4
@@ -234,7 +235,7 @@
 EVP_RAND_is_a() returns 1 if I<rand> is an implementation of an
 algorithm that's identifiable with I<name>, otherwise 0.
 
-EVP_RAND_provider() returns the provider that holds the implementation
+EVP_RAND_get0_provider() returns the provider that holds the implementation
 of the given I<rand>.
 
 EVP_RAND_do_all_provided() traverses all RAND implemented by all activated
@@ -242,17 +243,17 @@
 implementations, calls the given function I<fn> with the implementation method
 and the given I<arg> as argument.
 
-EVP_RAND_number() returns the internal dynamic number assigned to
+EVP_RAND_get_number() returns the internal dynamic number assigned to
 I<rand>.
 
-EVP_RAND_name() returns the canonical name of I<rand>.
+EVP_RAND_get0_name() returns the canonical name of I<rand>.
 
 EVP_RAND_names_do_all() traverses all names for I<rand>, and calls
 I<fn> with each name and I<data>.
 
-EVP_RAND_description() returns a description of the rand, meant for display
-and human consumption.  The description is at the discretion of the rand
-implementation.
+EVP_RAND_get0_description() returns a description of the rand, meant for
+display and human consumption.  The description is at the discretion of
+the rand implementation.
 
 EVP_RAND_verify_zeroization() confirms if the internal DRBG state is
 currently zeroed.  This is used by the FIPS provider to support the mandatory
@@ -351,15 +352,16 @@
 EVP_RAND_fetch() returns a pointer to a newly fetched B<EVP_RAND>, or
 NULL if allocation failed.
 
-EVP_RAND_provider() returns a pointer to the provider for the RAND, or
+EVP_RAND_get0_provider() returns a pointer to the provider for the RAND, or
 NULL on error.
 
-EVP_RAND_CTX_rand() returns a pointer to the B<EVP_RAND> associated with the
-context.
+EVP_RAND_CTX_get0_rand() returns a pointer to the B<EVP_RAND> associated
+with the context.
 
-EVP_RAND_name() returns the name of the random number generation algorithm.
+EVP_RAND_get0_name() returns the name of the random number generation
+algorithm.
 
-EVP_RAND_number() returns the provider specific identification number
+EVP_RAND_get_number() returns the provider specific identification number
 for the specified algorithm.
 
 EVP_RAND_up_ref() returns 1 on success, 0 on error.
@@ -374,7 +376,8 @@
 
 EVP_RAND_nonce() returns the length of the nonce.
 
-EVP_RAND_strength() returns the strength of the random number generator in bits.
+EVP_RAND_get_strength() returns the strength of the random number generator
+in bits.
 
 EVP_RAND_gettable_params(), EVP_RAND_gettable_ctx_params() and
 EVP_RAND_settable_ctx_params() return an array of OSSL_PARAMs.
diff --git a/doc/man3/EVP_SIGNATURE_free.pod b/doc/man3/EVP_SIGNATURE_free.pod
index a1897bb..5c506dc 100644
--- a/doc/man3/EVP_SIGNATURE_free.pod
+++ b/doc/man3/EVP_SIGNATURE_free.pod
@@ -3,9 +3,9 @@
 =head1 NAME
 
 EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref,
-EVP_SIGNATURE_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_provider,
+EVP_SIGNATURE_get_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_get0_provider,
 EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all,
-EVP_SIGNATURE_name, EVP_SIGNATURE_description,
+EVP_SIGNATURE_get0_name, EVP_SIGNATURE_get0_description,
 EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params
 - Functions to manage EVP_SIGNATURE algorithm objects
 
@@ -17,10 +17,10 @@
                                     const char *properties);
  void EVP_SIGNATURE_free(EVP_SIGNATURE *signature);
  int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature);
- int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature);
- const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature);
+ int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature);
+ const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature);
  int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name);
- OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature);
+ OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature);
  void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
                                     void (*fn)(EVP_SIGNATURE *signature,
                                                void *arg),
@@ -28,8 +28,8 @@
  int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
                                 void (*fn)(const char *name, void *data),
                                 void *data);
- const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature);
- const char *EVP_SIGNATURE_description(const EVP_SIGNATURE *signature);
+ const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature);
+ const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature);
  const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig);
  const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig);
 
@@ -55,17 +55,18 @@
 EVP_SIGNATURE_is_a() returns 1 if I<signature> is an implementation of an
 algorithm that's identifiable with I<name>, otherwise 0.
 
-EVP_SIGNATURE_provider() returns the provider that I<signature> was fetched from.
+EVP_SIGNATURE_get0_provider() returns the provider that I<signature> was
+fetched from.
 
 EVP_SIGNATURE_do_all_provided() traverses all SIGNATURE implemented by all
 activated roviders in the given library context I<libctx>, and for each of the
 implementations, calls the given function I<fn> with the implementation method
 and the given I<arg> as argument.
 
-EVP_SIGNATURE_number() returns the internal dynamic number assigned to
+EVP_SIGNATURE_get_number() returns the internal dynamic number assigned to
 I<signature>.
 
-EVP_SIGNATURE_name() returns the algorithm name from the provided
+EVP_SIGNATURE_get0_name() returns the algorithm name from the provided
 implementation for the given I<signature>. Note that the I<signature> may have
 multiple synonyms associated with it. In this case the first name from the
 algorithm definition is returned. Ownership of the returned string is retained
@@ -74,9 +75,9 @@
 EVP_SIGNATURE_names_do_all() traverses all names for I<signature>, and calls
 I<fn> with each name and I<data>.
 
-EVP_SIGNATURE_description() returns a description of the I<signature>, meant
-for display and human consumption.  The description is at the discretion of
-the I<signature> implementation.
+EVP_SIGNATURE_get0_description() returns a description of the I<signature>,
+meant for display and human consumption.  The description is at the
+discretion of the I<signature> implementation.
 
 EVP_SIGNATURE_gettable_ctx_params() and EVP_SIGNATURE_settable_ctx_params()
 return a constant B<OSSL_PARAM> array that describes the names and types of key
diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod
index d2652f5..8427fcc 100644
--- a/doc/man3/EVP_SealInit.pod
+++ b/doc/man3/EVP_SealInit.pod
@@ -29,13 +29,13 @@
 decrypted using any of the corresponding private keys. B<ek> is an array of
 buffers where the public key encrypted secret key will be written, each buffer
 must contain enough room for the corresponding encrypted key: that is
-B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+B<ek[i]> must have room for B<EVP_PKEY_get_size(pubk[i])> bytes. The actual
 size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
 an array of B<npubk> public keys.
 
 The B<iv> parameter is a buffer where the generated IV is written to. It must
 contain enough room for the corresponding cipher's IV, as determined by (for
-example) EVP_CIPHER_iv_length(type).
+example) EVP_CIPHER_get_iv_length(type).
 
 If the cipher does not require an IV then the B<iv> parameter is ignored
 and can be B<NULL>.
diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod
index e98d1fa..cf0663c 100644
--- a/doc/man3/EVP_SignInit.pod
+++ b/doc/man3/EVP_SignInit.pod
@@ -35,11 +35,11 @@
 EVP_SignFinal_ex() signs the data in I<ctx> using the private key
 I<pkey> and places the signature in I<sig>. The library context I<libctx> and
 property query I<propq> are used when creating a context to use with the key
-I<pkey>. I<sig> must be at least C<EVP_PKEY_size(pkey)> bytes in size. I<s> is
-an OUT parameter, and not used as an IN parameter.
+I<pkey>. I<sig> must be at least C<EVP_PKEY_get_size(pkey)> bytes in size.
+I<s> is an OUT parameter, and not used as an IN parameter.
 The number of bytes of data written (i.e. the length of the signature)
-will be written to the integer at I<s>, at most C<EVP_PKEY_size(pkey)> bytes
-will be written.
+will be written to the integer at I<s>, at most C<EVP_PKEY_get_size(pkey)>
+bytes will be written.
 
 EVP_SignFinal() is similar to EVP_SignFinal_ex() but uses default
 values of NULL for the library context I<libctx> and the property query I<propq>.
@@ -89,7 +89,8 @@
 
 =head1 SEE ALSO
 
-L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)>,
+L<EVP_PKEY_get_size(3)>, L<EVP_PKEY_get_bits(3)>,
+L<EVP_PKEY_get_security_bits(3)>,
 L<EVP_VerifyInit(3)>,
 L<EVP_DigestInit(3)>,
 L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod
index fed0da2..039f778 100644
--- a/doc/man3/OSSL_DECODER.pod
+++ b/doc/man3/OSSL_DECODER.pod
@@ -6,12 +6,12 @@
 OSSL_DECODER_fetch,
 OSSL_DECODER_up_ref,
 OSSL_DECODER_free,
-OSSL_DECODER_provider,
-OSSL_DECODER_properties,
+OSSL_DECODER_get0_provider,
+OSSL_DECODER_get0_properties,
 OSSL_DECODER_is_a,
-OSSL_DECODER_number,
-OSSL_DECODER_name,
-OSSL_DECODER_description,
+OSSL_DECODER_get_number,
+OSSL_DECODER_get0_name,
+OSSL_DECODER_get0_description,
 OSSL_DECODER_do_all_provided,
 OSSL_DECODER_names_do_all,
 OSSL_DECODER_gettable_params,
@@ -28,12 +28,12 @@
                                   const char *properties);
  int OSSL_DECODER_up_ref(OSSL_DECODER *decoder);
  void OSSL_DECODER_free(OSSL_DECODER *decoder);
- const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *decoder);
- const char *OSSL_DECODER_properties(const OSSL_DECODER *decoder);
+ const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *decoder);
+ const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder);
  int OSSL_DECODER_is_a(const OSSL_DECODER *decoder, const char *name);
- int OSSL_DECODER_number(const OSSL_DECODER *decoder);
- const char *OSSL_DECODER_name(const OSSL_DECODER *decoder);
- const char *OSSL_DECODER_description(const OSSL_DECODER *decoder);
+ int OSSL_DECODER_get_number(const OSSL_DECODER *decoder);
+ const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder);
+ const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder);
  void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx,
                                    void (*fn)(OSSL_DECODER *decoder, void *arg),
                                    void *arg);
@@ -64,21 +64,21 @@
 OSSL_DECODER_free() decrements the reference count for the given
 I<decoder>, and when the count reaches zero, frees it.
 
-OSSL_DECODER_provider() returns the provider of the given
+OSSL_DECODER_get0_provider() returns the provider of the given
 I<decoder>.
 
-OSSL_DECODER_properties() returns the property definition associated
+OSSL_DECODER_get0_properties() returns the property definition associated
 with the given I<decoder>.
 
 OSSL_DECODER_is_a() checks if I<decoder> is an implementation
 of an algorithm that's identifiable with I<name>.
 
-OSSL_DECODER_number() returns the internal dynamic number assigned
+OSSL_DECODER_get_number() returns the internal dynamic number assigned
 to the given I<decoder>.
 
-OSSL_DECODER_number() returns the name used to fetch the given I<decoder>.
+OSSL_DECODER_get_number() returns the name used to fetch the given I<decoder>.
 
-OSSL_DECODER_description() returns a description of the I<decoder>, meant
+OSSL_DECODER_get0_description() returns a description of the I<decoder>, meant
 for display and human consumption.  The description is at the discretion
 of the I<decoder> implementation.
 
@@ -106,24 +106,24 @@
 
 OSSL_DECODER_free() doesn't return any value.
 
-OSSL_DECODER_provider() returns a pointer to a provider object, or
+OSSL_DECODER_get0_provider() returns a pointer to a provider object, or
 NULL on error.
 
-OSSL_DECODER_properties() returns a pointer to a property
+OSSL_DECODER_get0_properties() returns a pointer to a property
 definition string, or NULL on error.
 
 OSSL_DECODER_is_a() returns 1 if I<decoder> was identifiable,
 otherwise 0.
 
-OSSL_DECODER_number() returns an integer.
+OSSL_DECODER_get_number() returns an integer.
 
-OSSL_DECODER_name() returns the algorithm name from the provided
+OSSL_DECODER_get0_name() returns the algorithm name from the provided
 implementation for the given I<decoder>. Note that the I<decoder> may have
 multiple synonyms associated with it. In this case the first name from the
 algorithm definition is returned. Ownership of the returned string is retained
 by the I<decoder> object and should not be freed by the caller.
 
-OSSL_DECODER_description() returns a pointer to a decription, or NULL if
+OSSL_DECODER_get0_description() returns a pointer to a decription, or NULL if
 there isn't one.
 
 OSSL_DECODER_names_do_all() returns 1 if the callback was called for all
@@ -167,7 +167,7 @@
  for (i = 0; i < sk_OSSL_DECODER_num(decoders); i++) {
      OSSL_DECODER *decoder = sk_OSSL_DECODER_value(decoders, i);
 
-     if (strcmp(OSSL_PROVIDER_name(OSSL_DECODER_provider(decoder)),
+     if (strcmp(OSSL_PROVIDER_name(OSSL_DECODER_get0_provider(decoder)),
                 provider) != 0)
          continue;
 
diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod
index 9ad3356..0ff37a3 100644
--- a/doc/man3/OSSL_ENCODER.pod
+++ b/doc/man3/OSSL_ENCODER.pod
@@ -6,12 +6,12 @@
 OSSL_ENCODER_fetch,
 OSSL_ENCODER_up_ref,
 OSSL_ENCODER_free,
-OSSL_ENCODER_provider,
-OSSL_ENCODER_properties,
+OSSL_ENCODER_get0_provider,
+OSSL_ENCODER_get0_properties,
 OSSL_ENCODER_is_a,
-OSSL_ENCODER_number,
-OSSL_ENCODER_name,
-OSSL_ENCODER_description,
+OSSL_ENCODER_get_number,
+OSSL_ENCODER_get0_name,
+OSSL_ENCODER_get0_description,
 OSSL_ENCODER_do_all_provided,
 OSSL_ENCODER_names_do_all,
 OSSL_ENCODER_gettable_params,
@@ -28,12 +28,12 @@
                                   const char *properties);
  int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder);
  void OSSL_ENCODER_free(OSSL_ENCODER *encoder);
- const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder);
- const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder);
+ const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder);
+ const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder);
  int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name);
- int OSSL_ENCODER_number(const OSSL_ENCODER *encoder);
- const char *OSSL_ENCODER_name(const OSSL_ENCODER *encoder);
- const char *OSSL_ENCODER_description(const OSSL_ENCODER *encoder);
+ int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder);
+ const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder);
+ const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder);
  void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx,
                                    void (*fn)(OSSL_ENCODER *encoder, void *arg),
                                    void *arg);
@@ -64,21 +64,21 @@
 OSSL_ENCODER_free() decrements the reference count for the given
 I<encoder>, and when the count reaches zero, frees it.
 
-OSSL_ENCODER_provider() returns the provider of the given
+OSSL_ENCODER_get0_provider() returns the provider of the given
 I<encoder>.
 
-OSSL_ENCODER_properties() returns the property definition associated
+OSSL_ENCODER_get0_properties() returns the property definition associated
 with the given I<encoder>.
 
 OSSL_ENCODER_is_a() checks if I<encoder> is an implementation of an
 algorithm that's identifiable with I<name>.
 
-OSSL_ENCODER_number() returns the internal dynamic number assigned to
+OSSL_ENCODER_get_number() returns the internal dynamic number assigned to
 the given I<encoder>.
 
-OSSL_ENCODER_number() returns the name used to fetch the given I<encoder>.
+OSSL_ENCODER_get_number() returns the name used to fetch the given I<encoder>.
 
-OSSL_ENCODER_description() returns a description of the I<loader>, meant
+OSSL_ENCODER_get0_description() returns a description of the I<loader>, meant
 for display and human consumption.  The description is at the discretion of the
 I<loader> implementation.
 
@@ -107,24 +107,24 @@
 
 OSSL_ENCODER_free() doesn't return any value.
 
-OSSL_ENCODER_provider() returns a pointer to a provider object, or
+OSSL_ENCODER_get0_provider() returns a pointer to a provider object, or
 NULL on error.
 
-OSSL_ENCODER_properties() returns a pointer to a property
+OSSL_ENCODER_get0_properties() returns a pointer to a property
 definition string, or NULL on error.
 
 OSSL_ENCODER_is_a() returns 1 of I<encoder> was identifiable,
 otherwise 0.
 
-OSSL_ENCODER_number() returns an integer.
+OSSL_ENCODER_get_number() returns an integer.
 
-OSSL_ENCODER_name() returns the algorithm name from the provided
+OSSL_ENCODER_get0_name() returns the algorithm name from the provided
 implementation for the given I<encoder>. Note that the I<encoder> may have
 multiple synonyms associated with it. In this case the first name from the
 algorithm definition is returned. Ownership of the returned string is retained
 by the I<encoder> object and should not be freed by the caller.
 
-OSSL_ENCODER_description() returns a pointer to a decription, or NULL if
+OSSL_ENCODER_get0_description() returns a pointer to a decription, or NULL if
 there isn't one.
 
 OSSL_ENCODER_names_do_all() returns 1 if the callback was called for all
diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod
index 7413104..1d790fa 100644
--- a/doc/man3/OSSL_STORE_LOADER.pod
+++ b/doc/man3/OSSL_STORE_LOADER.pod
@@ -6,11 +6,11 @@
 OSSL_STORE_LOADER_fetch,
 OSSL_STORE_LOADER_up_ref,
 OSSL_STORE_LOADER_free,
-OSSL_STORE_LOADER_provider,
-OSSL_STORE_LOADER_properties,
+OSSL_STORE_LOADER_get0_provider,
+OSSL_STORE_LOADER_get0_properties,
 OSSL_STORE_LOADER_is_a,
-OSSL_STORE_LOADER_number,
-OSSL_STORE_LOADER_description,
+OSSL_STORE_LOADER_get_number,
+OSSL_STORE_LOADER_get0_description,
 OSSL_STORE_LOADER_do_all_provided,
 OSSL_STORE_LOADER_names_do_all,
 OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new,
@@ -39,11 +39,11 @@
                                             const char *properties);
  int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader);
  void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader);
- const OSSL_PROVIDER *OSSL_STORE_LOADER_provider(const OSSL_STORE_LOADER *
+ const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER *
                                                  loader);
- const char *OSSL_STORE_LOADER_properties(const OSSL_STORE_LOADER *loader);
- int OSSL_STORE_LOADER_number(const OSSL_STORE_LOADER *loader);
- const char *OSSL_STORE_LOADER_description(const OSSL_STORE_LOADER *loader);
+ const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader);
+ int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader);
+ const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader);
  int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader,
                             const char *scheme);
  void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx,
@@ -129,19 +129,19 @@
 OSSL_STORE_LOADER_free() decrements the reference count for the given
 I<loader>, and when the count reaches zero, frees it.
 
-OSSL_STORE_LOADER_provider() returns the provider of the given
+OSSL_STORE_LOADER_get0_provider() returns the provider of the given
 I<loader>.
 
-OSSL_STORE_LOADER_properties() returns the property definition associated
+OSSL_STORE_LOADER_get0_properties() returns the property definition associated
 with the given I<loader>.
 
 OSSL_STORE_LOADER_is_a() checks if I<loader> is an implementation
 of an algorithm that's identifiable with I<scheme>.
 
-OSSL_STORE_LOADER_number() returns the internal dynamic number assigned
+OSSL_STORE_LOADER_get_number() returns the internal dynamic number assigned
 to the given I<loader>.
 
-OSSL_STORE_LOADER_description() returns a description of the I<loader>, meant
+OSSL_STORE_LOADER_get0_description() returns a description of the I<loader>, meant
 for display and human consumption.  The description is at the discretion of the
 I<loader> implementation.
 
@@ -323,18 +323,18 @@
 
 OSSL_STORE_LOADER_free() doesn't return any value.
 
-OSSL_STORE_LOADER_provider() returns a pointer to a provider object, or
+OSSL_STORE_LOADER_get0_provider() returns a pointer to a provider object, or
 NULL on error.
 
-OSSL_STORE_LOADER_properties() returns a pointer to a property
+OSSL_STORE_LOADER_get0_properties() returns a pointer to a property
 definition string, or NULL on error.
 
 OSSL_STORE_LOADER_is_a() returns 1 if I<loader> was identifiable,
 otherwise 0.
 
-OSSL_STORE_LOADER_number() returns an integer.
+OSSL_STORE_LOADER_get_number() returns an integer.
 
-OSSL_STORE_LOADER_description() returns a pointer to a decription, or NULL if
+OSSL_STORE_LOADER_get0_description() returns a pointer to a decription, or NULL if
 there isn't one.
 
 The functions with the types B<OSSL_STORE_open_fn>,
@@ -365,9 +365,9 @@
 =head1 HISTORY
 
 OSSL_STORE_LOADER_fetch(), OSSL_STORE_LOADER_up_ref(),
-OSSL_STORE_LOADER_free(), OSSL_STORE_LOADER_provider(),
-OSSL_STORE_LOADER_properties(), OSSL_STORE_LOADER_is_a(),
-OSSL_STORE_LOADER_number(), OSSL_STORE_LOADER_do_all_provided() and
+OSSL_STORE_LOADER_free(), OSSL_STORE_LOADER_get0_provider(),
+OSSL_STORE_LOADER_get0_properties(), OSSL_STORE_LOADER_is_a(),
+OSSL_STORE_LOADER_get_number(), OSSL_STORE_LOADER_do_all_provided() and
 OSSL_STORE_LOADER_names_do_all() were added in OpenSSL 3.0.
 
 OSSL_STORE_open_ex_fn() was added in OpenSSL 3.0.
diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod
index c053d03..9df6189 100644
--- a/doc/man3/PEM_read_bio_PrivateKey.pod
+++ b/doc/man3/PEM_read_bio_PrivateKey.pod
@@ -420,8 +420,8 @@
  EVP_CIPHER* cipher = EVP_des_ede3_cbc();
  EVP_MD* md = EVP_md5();
 
- unsigned int nkey = EVP_CIPHER_key_length(cipher);
- unsigned int niv = EVP_CIPHER_iv_length(cipher);
+ unsigned int nkey = EVP_CIPHER_get_key_length(cipher);
+ unsigned int niv = EVP_CIPHER_get_iv_length(cipher);
  unsigned char key[nkey];
  unsigned char iv[niv];
 
diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod
index 6e3451f..bed8810 100644
--- a/doc/man3/RSA_size.pod
+++ b/doc/man3/RSA_size.pod
@@ -25,8 +25,8 @@
 B<rsa> and B<rsa-E<gt>n> must not be B<NULL>.
 
 The remaining functions described on this page are deprecated.
-Applications should instead use L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>
-and L<EVP_PKEY_security_bits(3)>.
+Applications should instead use L<EVP_PKEY_get_size(3)>, L<EVP_PKEY_get_bits(3)>
+and L<EVP_PKEY_get_security_bits(3)>.
 
 RSA_size() returns the RSA modulus size in bytes. It can be used to
 determine how much memory must be allocated for an RSA encrypted
diff --git a/doc/man7/EVP_MD-common.pod b/doc/man7/EVP_MD-common.pod
index 58d8ed5..4e0dbb6 100644
--- a/doc/man7/EVP_MD-common.pod
+++ b/doc/man7/EVP_MD-common.pod
@@ -18,14 +18,14 @@
 The length of the "blocksize" parameter should not exceed that of a
 B<size_t>.
 
-This value can also be retrieved with L<EVP_MD_block_size(3)>.
+This value can also be retrieved with L<EVP_MD_get_block_size(3)>.
 
 =item "size" (B<OSSL_DIGEST_PARAM_SIZE>) <unsigned integer>
 
 The digest output size.
 The length of the "size" parameter should not exceed that of a B<size_t>.
 
-This value can also be retrieved with L<EVP_MD_size(3)>.
+This value can also be retrieved with L<EVP_MD_get_size(3)>.
 
 =item "flags" (B<OSSL_DIGEST_PARAM_FLAGS>) <unsigned integer>
 
@@ -42,7 +42,7 @@
 
 =end comment
 
-This value can also be retrieved with L<EVP_MD_flags(3)>.
+This value can also be retrieved with L<EVP_MD_get_flags(3)>.
 
 =back
 
diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod
index b45404c..78fb8f8 100644
--- a/doc/man7/crypto.pod
+++ b/doc/man7/crypto.pod
@@ -390,7 +390,7 @@
          goto err;
 
      /* Allocate the output buffer */
-     outdigest = OPENSSL_malloc(EVP_MD_size(sha256));
+     outdigest = OPENSSL_malloc(EVP_MD_get_size(sha256));
      if (outdigest == NULL)
          goto err;
 
diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod
index 3fdbfc0..82d245a 100644
--- a/doc/man7/fips_module.pod
+++ b/doc/man7/fips_module.pod
@@ -445,7 +445,8 @@
 example of a digest is used.
 
 To go from an B<EVP_MD_CTX> to an B<EVP_MD>, use L<EVP_MD_CTX_md(3)> .
-To go from the B<EVP_MD> to its B<OSSL_PROVIDER>, use L<EVP_MD_provider(3)>.
+To go from the B<EVP_MD> to its B<OSSL_PROVIDER>,
+use L<EVP_MD_get0_provider(3)>.
 To extract the name from the B<OSSL_PROVIDER>, use L<OSSL_PROVIDER_name(3)>.
 
 =head1 SEE ALSO
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index b230eb7..e2d21a9 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -1203,7 +1203,8 @@
 
 DH_bits(), DH_security_bits(), DH_size()
 
-Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
+L<EVP_PKEY_get_size(3)>.
 
 =item -
 
@@ -1284,7 +1285,8 @@
 
 DSA_bits(), DSA_security_bits(), DSA_size()
 
-Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
+L<EVP_PKEY_get_size(3)>.
 
 =item -
 
@@ -1376,7 +1378,7 @@
 
 ECDSA_size()
 
-Applications should use L<EVP_PKEY_size(3)>.
+Applications should use L<EVP_PKEY_get_size(3)>.
 
 =item -
 
@@ -1900,7 +1902,8 @@
 
 RSA_bits(), RSA_security_bits(), RSA_size()
 
-Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>.
+Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and
+L<EVP_PKEY_get_size(3)>.
 
 =item -
 
diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index db73873..93b3b3f 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -564,7 +564,7 @@
         return 0;
     }
 
-    ciphertype = EVP_CIPHER_CTX_nid(ctx);
+    ciphertype = EVP_CIPHER_CTX_get_nid(ctx);
     switch (ciphertype) {
     case NID_aes_128_cbc:
     case NID_aes_192_cbc:
@@ -577,9 +577,9 @@
         return 0;
     }
 
-    if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
+    if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_get_iv_length(ctx)) {
         ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__,
-                 EVP_CIPHER_CTX_iv_length(ctx));
+                 EVP_CIPHER_CTX_get_iv_length(ctx));
         return 0;
     }
 
@@ -589,7 +589,7 @@
         return 0;
 
 
-    ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
+    ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_get_key_length(ctx));
     if (ret < 1)
         goto err;
 
@@ -635,14 +635,14 @@
      * set iv now for decrypt operation as the input buffer can be
      * overwritten for inplace operation where in = out.
      */
-    if (EVP_CIPHER_CTX_encrypting(ctx) == 0) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx) == 0) {
         memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN);
     }
 
     /* Send input data to kernel space */
     ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl,
                                 EVP_CIPHER_CTX_iv(ctx),
-                                EVP_CIPHER_CTX_encrypting(ctx));
+                                EVP_CIPHER_CTX_is_encrypting(ctx));
     if (ret < 1) {
         return 0;
     }
@@ -652,7 +652,7 @@
     if (ret < 1)
         return 0;
 
-    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+    if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
         memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN),
                ALG_AES_IV_LEN);
     } else {
diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index 4eb50d0..9866459 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -96,7 +96,7 @@
     if (!init) {
         const EVP_MD *md;
         if ((md = dasync_sha1()) != NULL)
-            digest_nids[pos++] = EVP_MD_type(md);
+            digest_nids[pos++] = EVP_MD_get_type(md);
         digest_nids[pos] = 0;
         init = 1;
     }
@@ -627,7 +627,7 @@
 
             len = p[arg - 2] << 8 | p[arg - 1];
 
-            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 if ((p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
                     if (len < AES_BLOCK_SIZE)
                         return 0;
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index d279b60..fa01317 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -207,7 +207,7 @@
     struct cipher_ctx *cipher_ctx =
         (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
     const struct cipher_data_st *cipher_d =
-        get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
+        get_cipher_data(EVP_CIPHER_CTX_get_nid(ctx));
     int ret;
 
     /* cleanup a previous session */
@@ -260,12 +260,12 @@
 #if !defined(COP_FLAG_WRITE_IV)
     cryp.flags = 0;
 
-    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
     if (ivlen > 0)
         switch (cipher_ctx->mode) {
         case EVP_CIPH_CBC_MODE:
             assert(inl >= ivlen);
-            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (!EVP_CIPHER_CTX_is_encrypting(ctx)) {
                 ivptr = in + inl - ivlen;
                 memcpy(saved_iv, ivptr, ivlen);
             }
@@ -291,7 +291,7 @@
         switch (cipher_ctx->mode) {
         case EVP_CIPH_CBC_MODE:
             assert(inl >= ivlen);
-            if (EVP_CIPHER_CTX_encrypting(ctx))
+            if (EVP_CIPHER_CTX_is_encrypting(ctx))
                 ivptr = out + inl - ivlen;
             else
                 ivptr = saved_iv;
@@ -610,7 +610,7 @@
     EVP = EVP_get_cipherbyname(name);
     if (EVP == NULL)
         fprintf(stderr, "devcrypto: unknown cipher %s\n", name);
-    else if ((i = find_cipher_data_index(EVP_CIPHER_nid(EVP))) != (size_t)-1)
+    else if ((i = find_cipher_data_index(EVP_CIPHER_get_nid(EVP))) != (size_t)-1)
         cipher_list[i] = 1;
     else
         fprintf(stderr, "devcrypto: cipher %s not available\n", name);
@@ -746,9 +746,9 @@
 static int digest_init(EVP_MD_CTX *ctx)
 {
     struct digest_ctx *digest_ctx =
-        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+        (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx);
     const struct digest_data_st *digest_d =
-        get_digest_data(EVP_MD_CTX_type(ctx));
+        get_digest_data(EVP_MD_CTX_get_type(ctx));
 
     digest_ctx->init_called = 1;
 
@@ -779,7 +779,7 @@
 static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
     struct digest_ctx *digest_ctx =
-        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+        (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx);
 
     if (count == 0)
         return 1;
@@ -801,13 +801,13 @@
 static int digest_final(EVP_MD_CTX *ctx, unsigned char *md)
 {
     struct digest_ctx *digest_ctx =
-        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+        (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx);
 
     if (md == NULL || digest_ctx == NULL)
         return 0;
 
     if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT)) {
-        memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_size(ctx));
+        memcpy(md, digest_ctx->digest_res, EVP_MD_CTX_get_size(ctx));
     } else if (digest_op(digest_ctx, NULL, 0, md, COP_FLAG_FINAL) < 0) {
         ERR_raise_data(ERR_LIB_SYS, errno, "calling ioctl()");
         return 0;
@@ -819,9 +819,9 @@
 static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
 {
     struct digest_ctx *digest_from =
-        (struct digest_ctx *)EVP_MD_CTX_md_data(from);
+        (struct digest_ctx *)EVP_MD_CTX_get0_md_data(from);
     struct digest_ctx *digest_to =
-        (struct digest_ctx *)EVP_MD_CTX_md_data(to);
+        (struct digest_ctx *)EVP_MD_CTX_get0_md_data(to);
     struct cphash_op cphash;
 
     if (digest_from == NULL || digest_from->init_called != 1)
@@ -844,7 +844,7 @@
 static int digest_cleanup(EVP_MD_CTX *ctx)
 {
     struct digest_ctx *digest_ctx =
-        (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+        (struct digest_ctx *)EVP_MD_CTX_get0_md_data(ctx);
 
     if (digest_ctx == NULL)
         return 1;
@@ -1040,7 +1040,7 @@
     EVP = EVP_get_digestbyname(name);
     if (EVP == NULL)
         fprintf(stderr, "devcrypto: unknown digest %s\n", name);
-    else if ((i = find_digest_data_index(EVP_MD_type(EVP))) != (size_t)-1)
+    else if ((i = find_digest_data_index(EVP_MD_get_type(EVP))) != (size_t)-1)
         digest_list[i] = 1;
     else
         fprintf(stderr, "devcrypto: digest %s not available\n", name);
diff --git a/engines/e_ossltest.c b/engines/e_ossltest.c
index 15a7d75..57dfb13 100644
--- a/engines/e_ossltest.c
+++ b/engines/e_ossltest.c
@@ -226,15 +226,15 @@
     if (!init) {
         const EVP_MD *md;
         if ((md = digest_md5()) != NULL)
-            digest_nids[pos++] = EVP_MD_type(md);
+            digest_nids[pos++] = EVP_MD_get_type(md);
         if ((md = digest_sha1()) != NULL)
-            digest_nids[pos++] = EVP_MD_type(md);
+            digest_nids[pos++] = EVP_MD_get_type(md);
         if ((md = digest_sha256()) != NULL)
-            digest_nids[pos++] = EVP_MD_type(md);
+            digest_nids[pos++] = EVP_MD_get_type(md);
         if ((md = digest_sha384()) != NULL)
-            digest_nids[pos++] = EVP_MD_type(md);
+            digest_nids[pos++] = EVP_MD_get_type(md);
         if ((md = digest_sha512()) != NULL)
-            digest_nids[pos++] = EVP_MD_type(md);
+            digest_nids[pos++] = EVP_MD_get_type(md);
         digest_nids[pos] = 0;
         init = 1;
     }
@@ -279,7 +279,7 @@
             || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_128_cbc,
                                               ossltest_aes128_cbc_cipher)
             || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_cbc,
-                                                  EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
+                    EVP_CIPHER_impl_ctx_size(EVP_aes_128_cbc())))) {
         EVP_CIPHER_meth_free(_hidden_aes_128_cbc);
         _hidden_aes_128_cbc = NULL;
     }
@@ -308,7 +308,7 @@
             || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_128_gcm,
                                               ossltest_aes128_gcm_ctrl)
             || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_128_gcm,
-                              EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
+                    EVP_CIPHER_impl_ctx_size(EVP_aes_128_gcm())))) {
         EVP_CIPHER_meth_free(_hidden_aes_128_gcm);
         _hidden_aes_128_gcm = NULL;
     }
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
index 572ff90..a22fc47 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -324,13 +324,13 @@
     struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
     size_t chunk;
 
-    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+    if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) {   /* borrow chunk variable */
         unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
 
         if (chunk >= AES_BLOCK_SIZE)
             return 0;           /* bogus value */
 
-        if (EVP_CIPHER_CTX_encrypting(ctx))
+        if (EVP_CIPHER_CTX_is_encrypting(ctx))
             while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
                 ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
                 chunk++, nbytes--;
@@ -398,7 +398,7 @@
     /*
      * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
      */
-    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+    if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) {   /* borrow chunk variable */
         unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
 
         if (chunk >= AES_BLOCK_SIZE)
@@ -457,7 +457,7 @@
                    const unsigned char *in_arg, size_t nbytes)
 {
     struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
-    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    unsigned int num = EVP_CIPHER_CTX_get_num(ctx);
 
     CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes,
                                 cdata, EVP_CIPHER_CTX_iv_noconst(ctx),
@@ -600,8 +600,8 @@
                      const unsigned char *iv, int enc)
 {
     struct padlock_cipher_data *cdata;
-    int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
-    unsigned long mode = EVP_CIPHER_CTX_mode(ctx);
+    int key_len = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
+    unsigned long mode = EVP_CIPHER_CTX_get_mode(ctx);
 
     if (key == NULL)
         return 0;               /* ERROR */
@@ -613,7 +613,7 @@
     if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE)
         cdata->cword.b.encdec = 0;
     else
-        cdata->cword.b.encdec = (EVP_CIPHER_CTX_encrypting(ctx) == 0);
+        cdata->cword.b.encdec = (EVP_CIPHER_CTX_is_encrypting(ctx) == 0);
     cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
     cdata->cword.b.ksize = (key_len - 128) / 64;
 
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index ea61b83..ce772db 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -371,7 +371,7 @@
 static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
         BLOCK_CIPHER_ecb_loop() \
-            cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \
+            cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \
         return 1;\
 }
 
@@ -381,7 +381,7 @@
     static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
 {\
         while(inl>=EVP_MAXCHUNK) {\
-            int num = EVP_CIPHER_CTX_num(ctx);\
+            int num = EVP_CIPHER_CTX_get_num(ctx);\
             cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
             EVP_CIPHER_CTX_set_num(ctx, num);\
             inl-=EVP_MAXCHUNK;\
@@ -389,7 +389,7 @@
             out+=EVP_MAXCHUNK;\
         }\
         if (inl) {\
-            int num = EVP_CIPHER_CTX_num(ctx);\
+            int num = EVP_CIPHER_CTX_get_num(ctx);\
             cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
             EVP_CIPHER_CTX_set_num(ctx, num);\
         }\
@@ -401,13 +401,13 @@
 {\
         while(inl>=EVP_MAXCHUNK) \
             {\
-            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
             inl-=EVP_MAXCHUNK;\
             in +=EVP_MAXCHUNK;\
             out+=EVP_MAXCHUNK;\
             }\
         if (inl)\
-            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_encrypting(ctx));\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
         return 1;\
 }
 
@@ -419,13 +419,13 @@
     if (inl < chunk) chunk = inl;\
     while (inl && inl >= chunk)\
     {\
-        int num = EVP_CIPHER_CTX_num(ctx);\
+        int num = EVP_CIPHER_CTX_get_num(ctx);\
         cprefix##_cfb##cbits##_encrypt(in, out, (long) \
             ((cbits == 1) \
                 && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
                 ? chunk*8 : chunk), \
             &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\
-            &num, EVP_CIPHER_CTX_encrypting(ctx));\
+            &num, EVP_CIPHER_CTX_is_encrypting(ctx));\
         EVP_CIPHER_CTX_set_num(ctx, num);\
         inl -= chunk;\
         in += chunk;\
diff --git a/include/internal/packet.h b/include/internal/packet.h
index 108c65a..170997d 100644
--- a/include/internal/packet.h
+++ b/include/internal/packet.h
@@ -800,7 +800,7 @@
  * signature may not be known in advance. We can use WPACKET_reserve_bytes() to
  * handle this:
  *
- *  if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_size(pkey), &sigbytes1)
+ *  if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_get_size(pkey), &sigbytes1)
  *          || EVP_SignFinal(md_ctx, sigbytes1, &siglen, pkey) <= 0
  *          || !WPACKET_sub_allocate_bytes_u16(&pkt, siglen, &sigbytes2)
  *          || sigbytes1 != sigbytes2)
diff --git a/include/openssl/decoder.h b/include/openssl/decoder.h
index afe4988..a939d0d 100644
--- a/include/openssl/decoder.h
+++ b/include/openssl/decoder.h
@@ -31,11 +31,11 @@
 int OSSL_DECODER_up_ref(OSSL_DECODER *encoder);
 void OSSL_DECODER_free(OSSL_DECODER *encoder);
 
-const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *encoder);
-const char *OSSL_DECODER_properties(const OSSL_DECODER *encoder);
-int OSSL_DECODER_number(const OSSL_DECODER *encoder);
-const char *OSSL_DECODER_name(const OSSL_DECODER *decoder);
-const char *OSSL_DECODER_description(const OSSL_DECODER *decoder);
+const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *encoder);
+const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *encoder);
+int OSSL_DECODER_get_number(const OSSL_DECODER *encoder);
+const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder);
+const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder);
 int OSSL_DECODER_is_a(const OSSL_DECODER *encoder, const char *name);
 
 void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx,
diff --git a/include/openssl/encoder.h b/include/openssl/encoder.h
index 4e2c5fe..62560ba 100644
--- a/include/openssl/encoder.h
+++ b/include/openssl/encoder.h
@@ -31,11 +31,11 @@
 int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder);
 void OSSL_ENCODER_free(OSSL_ENCODER *encoder);
 
-const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder);
-const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder);
-int OSSL_ENCODER_number(const OSSL_ENCODER *encoder);
-const char *OSSL_ENCODER_name(const OSSL_ENCODER *kdf);
-const char *OSSL_ENCODER_description(const OSSL_ENCODER *kdf);
+const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder);
+const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder);
+int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder);
+const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *kdf);
+const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *kdf);
 int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name);
 
 void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx,
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index ee91810..3f56938 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -528,20 +528,26 @@
 # define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
 # define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
 
-int EVP_MD_type(const EVP_MD *md);
-# define EVP_MD_nid(e)                   EVP_MD_type(e)
-const char *EVP_MD_name(const EVP_MD *md);
-const char *EVP_MD_description(const EVP_MD *md);
-int EVP_MD_number(const EVP_MD *md);
+int EVP_MD_get_type(const EVP_MD *md);
+# define EVP_MD_type EVP_MD_get_type
+# define EVP_MD_nid EVP_MD_get_type
+const char *EVP_MD_get0_name(const EVP_MD *md);
+# define EVP_MD_name EVP_MD_get0_name
+const char *EVP_MD_get0_description(const EVP_MD *md);
+int EVP_MD_get_number(const EVP_MD *md);
 int EVP_MD_is_a(const EVP_MD *md, const char *name);
 int EVP_MD_names_do_all(const EVP_MD *md,
                         void (*fn)(const char *name, void *data),
                         void *data);
-const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md);
-int EVP_MD_pkey_type(const EVP_MD *md);
-int EVP_MD_size(const EVP_MD *md);
-int EVP_MD_block_size(const EVP_MD *md);
-unsigned long EVP_MD_flags(const EVP_MD *md);
+const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md);
+int EVP_MD_get_pkey_type(const EVP_MD *md);
+# define EVP_MD_pkey_type EVP_MD_get_pkey_type
+int EVP_MD_get_size(const EVP_MD *md);
+# define EVP_MD_size EVP_MD_get_size
+int EVP_MD_get_block_size(const EVP_MD *md);
+# define EVP_MD_block_size EVP_MD_get_block_size
+unsigned long EVP_MD_get_flags(const EVP_MD *md);
+# define EVP_MD_flags EVP_MD_get_flags
 
 const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx);
 EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx);
@@ -556,29 +562,43 @@
                               int (*update) (EVP_MD_CTX *ctx,
                                              const void *data, size_t count));
 # endif
-# define EVP_MD_CTX_name(e)            EVP_MD_name(EVP_MD_CTX_get0_md(e))
-# define EVP_MD_CTX_size(e)            EVP_MD_size(EVP_MD_CTX_get0_md(e))
-# define EVP_MD_CTX_block_size(e)      EVP_MD_block_size(EVP_MD_CTX_get0_md(e))
-# define EVP_MD_CTX_type(e)            EVP_MD_type(EVP_MD_CTX_get0_md(e))
-EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+# define EVP_MD_CTX_get0_name(e)       EVP_MD_get0_name(EVP_MD_CTX_get0_md(e))
+# define EVP_MD_CTX_get_size(e)        EVP_MD_get_size(EVP_MD_CTX_get0_md(e))
+# define EVP_MD_CTX_size               EVP_MD_CTX_get_size
+# define EVP_MD_CTX_get_block_size(e)  EVP_MD_get_block_size(EVP_MD_CTX_get0_md(e))
+# define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size
+# define EVP_MD_CTX_get_type(e)            EVP_MD_get_type(EVP_MD_CTX_get0_md(e))
+# define EVP_MD_CTX_type EVP_MD_CTX_get_type
+EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx);
+# define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx
 void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
-void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx);
+# define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data
 
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
-const char *EVP_CIPHER_name(const EVP_CIPHER *cipher);
-const char *EVP_CIPHER_description(const EVP_CIPHER *cipher);
-int EVP_CIPHER_number(const EVP_CIPHER *cipher);
+int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_nid EVP_CIPHER_get_nid
+const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_name EVP_CIPHER_get0_name
+const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher);
+int EVP_CIPHER_get_number(const EVP_CIPHER *cipher);
 int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name);
 int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher,
                             void (*fn)(const char *name, void *data),
                             void *data);
-const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher);
-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
+const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher);
+int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_block_size EVP_CIPHER_get_block_size
 int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher);
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
-int EVP_CIPHER_mode(const EVP_CIPHER *cipher);
+int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_key_length EVP_CIPHER_get_key_length
+int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_iv_length EVP_CIPHER_get_iv_length
+unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_flags EVP_CIPHER_get_flags
+int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_mode EVP_CIPHER_get_mode
+int EVP_CIPHER_get_type(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_type EVP_CIPHER_get_type
 EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
                              const char *properties);
 int EVP_CIPHER_up_ref(EVP_CIPHER *cipher);
@@ -586,12 +606,18 @@
 
 const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx);
 EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx);
+# define EVP_CIPHER_CTX_encrypting EVP_CIPHER_CTX_is_encrypting
+int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx);
+# define EVP_CIPHER_CTX_nid EVP_CIPHER_CTX_get_nid
+int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
+# define EVP_CIPHER_CTX_block_size EVP_CIPHER_CTX_get_block_size
+int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx);
+# define EVP_CIPHER_CTX_key_length EVP_CIPHER_CTX_get_key_length
+int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx);
+# define EVP_CIPHER_CTX_iv_length EVP_CIPHER_CTX_get_iv_length
+int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx);
+# define EVP_CIPHER_CTX_tag_length EVP_CIPHER_CTX_get_tag_length
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
 OSSL_DEPRECATEDIN_3_0 const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
@@ -601,19 +627,22 @@
 int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
 int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len);
 unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx);
+# define EVP_CIPHER_CTX_num EVP_CIPHER_CTX_get_num
 int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
 int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
 void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
 void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
-# define EVP_CIPHER_CTX_name(c)         EVP_CIPHER_name(EVP_CIPHER_CTX_get0_cipher(c))
-# define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_get0_cipher(c))
+# define EVP_CIPHER_CTX_get0_name(c) EVP_CIPHER_get0_name(EVP_CIPHER_CTX_get0_cipher(c))
+# define EVP_CIPHER_CTX_get_type(c)  EVP_CIPHER_get_type(EVP_CIPHER_CTX_get0_cipher(c))
+# define EVP_CIPHER_CTX_type         EVP_CIPHER_CTX_get_type
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
-#  define EVP_CIPHER_CTX_flags(c)       EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(c))
+#  define EVP_CIPHER_CTX_flags(c)    EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(c))
 # endif
-# define EVP_CIPHER_CTX_mode(c)         EVP_CIPHER_mode(EVP_CIPHER_CTX_get0_cipher(c))
+# define EVP_CIPHER_CTX_get_mode(c)  EVP_CIPHER_get_mode(EVP_CIPHER_CTX_get0_cipher(c))
+# define EVP_CIPHER_CTX_mode         EVP_CIPHER_CTX_get_mode
 
 # define EVP_ENCODE_LENGTH(l)    ((((l)+2)/3*4)+((l)/48+1)*2+80)
 # define EVP_DECODE_LENGTH(l)    (((l)+3)/4*3+80)
@@ -1164,17 +1193,17 @@
                        const char *properties);
 int EVP_MAC_up_ref(EVP_MAC *mac);
 void EVP_MAC_free(EVP_MAC *mac);
-int EVP_MAC_number(const EVP_MAC *mac);
-const char *EVP_MAC_name(const EVP_MAC *mac);
-const char *EVP_MAC_description(const EVP_MAC *mac);
+int EVP_MAC_get_number(const EVP_MAC *mac);
+const char *EVP_MAC_get0_name(const EVP_MAC *mac);
+const char *EVP_MAC_get0_description(const EVP_MAC *mac);
 int EVP_MAC_is_a(const EVP_MAC *mac, const char *name);
-const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac);
+const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac);
 int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]);
 
 EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac);
 void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx);
 EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src);
-EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx);
+EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx);
 int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]);
 int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]);
 
@@ -1209,16 +1238,16 @@
                          const char *properties);
 int EVP_RAND_up_ref(EVP_RAND *rand);
 void EVP_RAND_free(EVP_RAND *rand);
-int EVP_RAND_number(const EVP_RAND *rand);
-const char *EVP_RAND_name(const EVP_RAND *rand);
-const char *EVP_RAND_description(const EVP_RAND *md);
+int EVP_RAND_get_number(const EVP_RAND *rand);
+const char *EVP_RAND_get0_name(const EVP_RAND *rand);
+const char *EVP_RAND_get0_description(const EVP_RAND *md);
 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name);
-const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand);
+const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand);
 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]);
 
 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent);
 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx);
-EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx);
+EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx);
 int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]);
 int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]);
 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand);
@@ -1250,15 +1279,15 @@
 __owur int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx);
 
 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx);
-unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx);
-int EVP_RAND_state(EVP_RAND_CTX *ctx);
+unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx);
+int EVP_RAND_get_state(EVP_RAND_CTX *ctx);
 
-#define EVP_RAND_STATE_UNINITIALISED    0
-#define EVP_RAND_STATE_READY            1
-#define EVP_RAND_STATE_ERROR            2
+# define EVP_RAND_STATE_UNINITIALISED    0
+# define EVP_RAND_STATE_READY            1
+# define EVP_RAND_STATE_ERROR            2
 
 /* PKEY stuff */
-#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_decrypt_old(unsigned char *dec_key,
                                           const unsigned char *enc_key,
                                           int enc_key_len,
@@ -1266,17 +1295,22 @@
 OSSL_DEPRECATEDIN_3_0 int EVP_PKEY_encrypt_old(unsigned char *enc_key,
                                           const unsigned char *key,
                                           int key_len, EVP_PKEY *pub_key);
-#endif
+# endif
 int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name);
 int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey,
                                void (*fn)(const char *name, void *data),
                                void *data);
 int EVP_PKEY_type(int type);
-int EVP_PKEY_id(const EVP_PKEY *pkey);
-int EVP_PKEY_base_id(const EVP_PKEY *pkey);
-int EVP_PKEY_bits(const EVP_PKEY *pkey);
-int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
-int EVP_PKEY_size(const EVP_PKEY *pkey);
+int EVP_PKEY_get_id(const EVP_PKEY *pkey);
+# define EVP_PKEY_id EVP_PKEY_get_id
+int EVP_PKEY_get_base_id(const EVP_PKEY *pkey);
+# define EVP_PKEY_base_id EVP_PKEY_get_base_id
+int EVP_PKEY_get_bits(const EVP_PKEY *pkey);
+# define EVP_PKEY_bits EVP_PKEY_get_bits
+int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey);
+# define EVP_PKEY_security_bits EVP_PKEY_get_security_bits
+int EVP_PKEY_get_size(const EVP_PKEY *pkey);
+# define EVP_PKEY_size EVP_PKEY_get_size
 int EVP_PKEY_can_sign(const EVP_PKEY *pkey);
 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
@@ -1343,7 +1377,7 @@
 int EVP_PKEY_up_ref(EVP_PKEY *pkey);
 EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey);
 void EVP_PKEY_free(EVP_PKEY *pkey);
-const char *EVP_PKEY_description(const EVP_PKEY *pkey);
+const char *EVP_PKEY_get0_description(const EVP_PKEY *pkey);
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
                         long length);
@@ -1425,8 +1459,6 @@
 
 size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub);
 
-int EVP_CIPHER_type(const EVP_CIPHER *cipher);
-
 /* calls methods */
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
@@ -1722,10 +1754,10 @@
                                const char *properties);
 int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
 void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt);
-const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt);
-const char *EVP_KEYMGMT_name(const EVP_KEYMGMT *keymgmt);
-const char *EVP_KEYMGMT_description(const EVP_KEYMGMT *keymgmt);
-int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt);
+const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt);
+const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt);
+const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt);
+int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt);
 int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name);
 void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx,
                                  void (*fn)(EVP_KEYMGMT *keymgmt, void *arg),
@@ -1804,13 +1836,13 @@
 
 void EVP_SIGNATURE_free(EVP_SIGNATURE *signature);
 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature);
-OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature);
+OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature);
 EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
                                    const char *properties);
 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name);
-int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature);
-const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature);
-const char *EVP_SIGNATURE_description(const EVP_SIGNATURE *signature);
+int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature);
+const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature);
+const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature);
 void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx,
                                    void (*fn)(EVP_SIGNATURE *signature,
                                               void *data),
@@ -1823,13 +1855,13 @@
 
 void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher);
 int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher);
-OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher);
+OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher);
 EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
                                        const char *properties);
 int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name);
-int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher);
-const char *EVP_ASYM_CIPHER_name(const EVP_ASYM_CIPHER *cipher);
-const char *EVP_ASYM_CIPHER_description(const EVP_ASYM_CIPHER *cipher);
+int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher);
+const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher);
+const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher);
 void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
                                      void (*fn)(EVP_ASYM_CIPHER *cipher,
                                                 void *arg),
@@ -1842,13 +1874,13 @@
 
 void EVP_KEM_free(EVP_KEM *wrap);
 int EVP_KEM_up_ref(EVP_KEM *wrap);
-OSSL_PROVIDER *EVP_KEM_provider(const EVP_KEM *wrap);
+OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *wrap);
 EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
                        const char *properties);
 int EVP_KEM_is_a(const EVP_KEM *wrap, const char *name);
-int EVP_KEM_number(const EVP_KEM *wrap);
-const char *EVP_KEM_name(const EVP_KEM *wrap);
-const char *EVP_KEM_description(const EVP_KEM *wrap);
+int EVP_KEM_get_number(const EVP_KEM *wrap);
+const char *EVP_KEM_get0_name(const EVP_KEM *wrap);
+const char *EVP_KEM_get0_description(const EVP_KEM *wrap);
 void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx,
                              void (*fn)(EVP_KEM *wrap, void *arg), void *arg);
 int EVP_KEM_names_do_all(const EVP_KEM *wrap,
@@ -2109,11 +2141,11 @@
 int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange);
 EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
                                const char *properties);
-OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange);
+OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange);
 int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name);
-int EVP_KEYEXCH_number(const EVP_KEYEXCH *keyexch);
-const char *EVP_KEYEXCH_name(const EVP_KEYEXCH *keyexch);
-const char *EVP_KEYEXCH_description(const EVP_KEYEXCH *keyexch);
+int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *keyexch);
+const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch);
+const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch);
 void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx,
                                  void (*fn)(EVP_KEYEXCH *keyexch, void *data),
                                  void *data);
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
index 96a25ff..2cc4fc4 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -33,11 +33,11 @@
 EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf);
 void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
 EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src);
-int EVP_KDF_number(const EVP_KDF *kdf);
-const char *EVP_KDF_description(const EVP_KDF *kdf);
+int EVP_KDF_get_number(const EVP_KDF *kdf);
+const char *EVP_KDF_get0_description(const EVP_KDF *kdf);
 int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name);
-const char *EVP_KDF_name(const EVP_KDF *kdf);
-const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf);
+const char *EVP_KDF_get0_name(const EVP_KDF *kdf);
+const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf);
 const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
 
 void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx);
@@ -114,7 +114,8 @@
 int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
                                 const unsigned char *info, int infolen);
 
-int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode);
+int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode);
+# define EVP_PKEY_CTX_hkdf_mode EVP_PKEY_CTX_set_hkdf_mode
 
 int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass,
                                int passlen);
diff --git a/include/openssl/store.h b/include/openssl/store.h
index d5703d5..746bb03 100644
--- a/include/openssl/store.h
+++ b/include/openssl/store.h
@@ -258,11 +258,11 @@
                                            const char *properties);
 int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader);
 void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader);
-const OSSL_PROVIDER *OSSL_STORE_LOADER_provider(const OSSL_STORE_LOADER *
+const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER *
                                                 loader);
-const char *OSSL_STORE_LOADER_properties(const OSSL_STORE_LOADER *loader);
-int OSSL_STORE_LOADER_number(const OSSL_STORE_LOADER *loader);
-const char *OSSL_STORE_LOADER_description(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader);
+int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader);
 int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader,
                            const char *scheme);
 void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx,
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 1b89cc8..d411767 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -285,7 +285,7 @@
     if (drbg == NULL)
         goto err;
 
-    strength = EVP_RAND_strength(drbg);
+    strength = EVP_RAND_get_strength(drbg);
 
     drbg_params[0] = OSSL_PARAM_construct_utf8_string(t->param_name,
                                                       t->param_value, 0);
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
index 354c234..7b534e7 100644
--- a/providers/implementations/asymciphers/rsa_enc.c
+++ b/providers/implementations/asymciphers/rsa_enc.c
@@ -371,7 +371,7 @@
     p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST);
     if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->oaep_md == NULL
                                                     ? ""
-                                                    : EVP_MD_name(prsactx->oaep_md)))
+                                                    : EVP_MD_get0_name(prsactx->oaep_md)))
         return 0;
 
     p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST);
@@ -381,7 +381,7 @@
 
         if (!OSSL_PARAM_set_utf8_string(p, mgf1_md == NULL
                                            ? ""
-                                           : EVP_MD_name(mgf1_md)))
+                                           : EVP_MD_get0_name(mgf1_md)))
         return 0;
     }
 
diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c
index a855a36..c9dba32 100644
--- a/providers/implementations/asymciphers/sm2_enc.c
+++ b/providers/implementations/asymciphers/sm2_enc.c
@@ -164,7 +164,7 @@
         const EVP_MD *md = ossl_prov_digest_md(&psm2ctx->md);
 
         if (!OSSL_PARAM_set_utf8_string(p, md == NULL ? ""
-                                                      : EVP_MD_name(md)))
+                                                      : EVP_MD_get0_name(md)))
             return 0;
     }
 
diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c
index 67a73d3..1dffc8d 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -461,7 +461,7 @@
     if (p != NULL
             && !OSSL_PARAM_set_utf8_string(p, pdhctx->kdf_md == NULL
                                            ? ""
-                                           : EVP_MD_name(pdhctx->kdf_md))){
+                                           : EVP_MD_get0_name(pdhctx->kdf_md))){
         return 0;
     }
 
diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
index 7748340..35d665f 100644
--- a/providers/implementations/exchange/ecdh_exch.c
+++ b/providers/implementations/exchange/ecdh_exch.c
@@ -377,7 +377,7 @@
     if (p != NULL
             && !OSSL_PARAM_set_utf8_string(p, pectx->kdf_md == NULL
                                            ? ""
-                                           : EVP_MD_name(pectx->kdf_md))){
+                                           : EVP_MD_get0_name(pectx->kdf_md))){
         return 0;
     }
 
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index ce0c81c..83d9d1e 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -116,7 +116,7 @@
         ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
         return 0;
     }
-    sz = EVP_MD_size(md);
+    sz = EVP_MD_get_size(md);
     if (sz < 0)
         return 0;
 
@@ -326,7 +326,7 @@
     int ret, sz;
     size_t prk_len;
 
-    sz = EVP_MD_size(evp_md);
+    sz = EVP_MD_get_size(evp_md);
     if (sz < 0)
         return 0;
     prk_len = (size_t)sz;
@@ -372,7 +372,7 @@
                         const unsigned char *ikm, size_t ikm_len,
                         unsigned char *prk, size_t prk_len)
 {
-    int sz = EVP_MD_size(evp_md);
+    int sz = EVP_MD_get_size(evp_md);
 
     if (sz < 0)
         return 0;
@@ -382,8 +382,8 @@
     }
     /* calc: PRK = HMAC-Hash(salt, IKM) */
     return
-        EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_name(evp_md), NULL, salt,
-                  salt_len, ikm, ikm_len, prk, EVP_MD_size(evp_md), NULL)
+        EVP_Q_mac(libctx, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, salt,
+                  salt_len, ikm, ikm_len, prk, EVP_MD_get_size(evp_md), NULL)
         != NULL;
 }
 
@@ -437,7 +437,7 @@
     unsigned char prev[EVP_MAX_MD_SIZE];
     size_t done_len = 0, dig_len, n;
 
-    sz = EVP_MD_size(evp_md);
+    sz = EVP_MD_get_size(evp_md);
     if (sz <= 0)
         return 0;
     dig_len = (size_t)sz;
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index e22d541..01f7f0d 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -289,9 +289,9 @@
                                            NULL, NULL, libctx))
         return 0;
     else if (ctx->ctx_init != NULL
-             && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init),
+             && !EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init),
                               OSSL_MAC_NAME_HMAC)
-             && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init),
+             && !EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init),
                               OSSL_MAC_NAME_CMAC)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC);
         return 0;
diff --git a/providers/implementations/kdfs/krb5kdf.c b/providers/implementations/kdfs/krb5kdf.c
index 4bf9ce7..f8d4baa 100644
--- a/providers/implementations/kdfs/krb5kdf.c
+++ b/providers/implementations/kdfs/krb5kdf.c
@@ -176,7 +176,7 @@
 
     cipher = ossl_prov_cipher_cipher(&ctx->cipher);
     if (cipher)
-        len = EVP_CIPHER_key_length(cipher);
+        len = EVP_CIPHER_get_key_length(cipher);
     else
         len = EVP_MAX_KEY_LENGTH;
 
@@ -332,7 +332,7 @@
     if (!ret)
         goto out;
     /* set the key len for the odd variable key len cipher */
-    klen = EVP_CIPHER_CTX_key_length(ctx);
+    klen = EVP_CIPHER_CTX_get_key_length(ctx);
     if (key_len != (size_t)klen) {
         ret = EVP_CIPHER_CTX_set_key_length(ctx, key_len);
         if (!ret)
@@ -369,7 +369,7 @@
 #ifndef OPENSSL_NO_DES
         /* special case for 3des, where the caller may be requesting
          * the random raw key, instead of the fixed up key  */
-        if (EVP_CIPHER_nid(cipher) == NID_des_ede3_cbc &&
+        if (EVP_CIPHER_get_nid(cipher) == NID_des_ede3_cbc &&
             key_len == 24 && okey_len == 21) {
                 des3_no_fixup = 1;
         } else {
@@ -390,7 +390,7 @@
         goto out;
 
     /* Initialize input block */
-    blocksize = EVP_CIPHER_CTX_block_size(ctx);
+    blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
 
     if (constant_len > blocksize) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONSTANT_LENGTH);
@@ -445,7 +445,7 @@
     }
 
 #ifndef OPENSSL_NO_DES
-    if (EVP_CIPHER_nid(cipher) == NID_des_ede3_cbc && !des3_no_fixup) {
+    if (EVP_CIPHER_get_nid(cipher) == NID_des_ede3_cbc && !des3_no_fixup) {
         ret = fixup_des3_key(okey);
         if (!ret) {
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
index 14c78b5..fe24702 100644
--- a/providers/implementations/kdfs/pbkdf2.c
+++ b/providers/implementations/kdfs/pbkdf2.c
@@ -281,7 +281,7 @@
     unsigned long i = 1;
     HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
 
-    mdlen = EVP_MD_size(digest);
+    mdlen = EVP_MD_get_size(digest);
     if (mdlen <= 0)
         return 0;
 
diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c
index d003644..0ca83dd 100644
--- a/providers/implementations/kdfs/pkcs12kdf.c
+++ b/providers/implementations/kdfs/pkcs12kdf.c
@@ -62,8 +62,8 @@
         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
         goto end;
     }
-    vi = EVP_MD_block_size(md_type);
-    ui = EVP_MD_size(md_type);
+    vi = EVP_MD_get_block_size(md_type);
+    ui = EVP_MD_get_size(md_type);
     if (ui < 0 || vi <= 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE);
         goto end;
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
index c281997..56ac1e6 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -108,7 +108,7 @@
             || derived_key_len == 0)
         return 0;
 
-    hlen = EVP_MD_size(kdf_md);
+    hlen = EVP_MD_get_size(kdf_md);
     if (hlen <= 0)
         return 0;
     out_len = (size_t)hlen;
@@ -338,7 +338,7 @@
         ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
         return 0;
     }
-    len = EVP_MD_size(md);
+    len = EVP_MD_get_size(md);
     return (len <= 0) ? 0 : (size_t)len;
 }
 
@@ -362,7 +362,7 @@
         const unsigned char *custom = NULL;
         size_t custom_len = 0;
         int default_salt_len;
-        EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx);
+        EVP_MAC *mac = EVP_MAC_CTX_get0_mac(ctx->macctx);
 
         if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_HMAC)) {
             /* H(x) = HMAC(x, salt, hash) */
@@ -370,7 +370,7 @@
                 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
                 return 0;
             }
-            default_salt_len = EVP_MD_size(md);
+            default_salt_len = EVP_MD_get_size(md);
             if (default_salt_len <= 0)
                 return 0;
         } else if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_KMAC128)
diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c
index c469d48..c2cc94a 100644
--- a/providers/implementations/kdfs/x942kdf.c
+++ b/providers/implementations/kdfs/x942kdf.c
@@ -281,7 +281,7 @@
         return 0;
     }
 
-    hlen = EVP_MD_size(kdf_md);
+    hlen = EVP_MD_get_size(kdf_md);
     if (hlen <= 0)
         return 0;
     out_len = (size_t)hlen;
@@ -388,7 +388,7 @@
         ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
         return 0;
     }
-    len = EVP_MD_size(md);
+    len = EVP_MD_get_size(md);
     return (len <= 0) ? 0 : (size_t)len;
 }
 
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index f11bcc5..3b378d3 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -174,7 +174,7 @@
                                          key1->priv_key_len) == 0);
         if (key1->cipher.cipher != NULL)
             ok = ok && EVP_CIPHER_is_a(key1->cipher.cipher,
-                                       EVP_CIPHER_name(key2->cipher.cipher));
+                                       EVP_CIPHER_get0_name(key2->cipher.cipher));
     }
     return ok;
 }
@@ -253,7 +253,7 @@
     if (key->cipher.cipher != NULL
         && !ossl_param_build_set_utf8_string(tmpl, params,
                                              OSSL_PKEY_PARAM_CIPHER,
-                                             EVP_CIPHER_name(key->cipher.cipher)))
+                                             EVP_CIPHER_get0_name(key->cipher.cipher)))
         return 0;
 
 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c
index 85625c8..4f84504 100644
--- a/providers/implementations/macs/cmac_prov.c
+++ b/providers/implementations/macs/cmac_prov.c
@@ -99,7 +99,7 @@
 {
     struct cmac_data_st *macctx = vmacctx;
 
-    return EVP_CIPHER_CTX_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx));
+    return EVP_CIPHER_CTX_get_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx));
 }
 
 static int cmac_setkey(struct cmac_data_st *macctx,
diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c
index 1f4047c..29fb9f8 100644
--- a/providers/implementations/macs/gmac_prov.c
+++ b/providers/implementations/macs/gmac_prov.c
@@ -103,7 +103,7 @@
 {
     EVP_CIPHER_CTX *ctx = macctx->ctx;
 
-    if (keylen != (size_t)EVP_CIPHER_CTX_key_length(ctx)) {
+    if (keylen != (size_t)EVP_CIPHER_CTX_get_key_length(ctx)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
         return 0;
     }
@@ -214,7 +214,7 @@
         || !ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx))
         return 0;
 
-    if (EVP_CIPHER_mode(ossl_prov_cipher_cipher(&macctx->cipher))
+    if (EVP_CIPHER_get_mode(ossl_prov_cipher_cipher(&macctx->cipher))
         != EVP_CIPH_GCM_MODE) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE);
         return 0;
diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
index 4ee57ca..123c40f 100644
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -187,7 +187,7 @@
         return 0;
     }
 
-    kctx->out_len = EVP_MD_size(ossl_prov_digest_md(&kctx->digest));
+    kctx->out_len = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
     return kctx;
 }
 
@@ -243,7 +243,7 @@
                        size_t keylen)
 {
     const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest);
-    int w = EVP_MD_block_size(digest);
+    int w = EVP_MD_get_block_size(digest);
 
     if (keylen < KMAC_MIN_KEY || keylen > KMAC_MAX_KEY) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
@@ -288,7 +288,7 @@
                            NULL))
         return 0;
 
-    t = EVP_MD_block_size(ossl_prov_digest_md(&kctx->digest));
+    t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest));
     if (t < 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
         return 0;
diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
index 48e8677..458feca 100644
--- a/providers/implementations/rands/drbg_ctr.c
+++ b/providers/implementations/rands/drbg_ctr.c
@@ -540,7 +540,7 @@
         ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CIPHER);
         return 0;
     }
-    ctr->keylen = keylen = EVP_CIPHER_key_length(ctr->cipher_ctr);
+    ctr->keylen = keylen = EVP_CIPHER_get_key_length(ctr->cipher_ctr);
     if (ctr->ctx_ecb == NULL)
         ctr->ctx_ecb = EVP_CIPHER_CTX_new();
     if (ctr->ctx_ctr == NULL)
@@ -645,7 +645,8 @@
     p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_CIPHER);
     if (p != NULL) {
         if (ctr->cipher_ctr == NULL
-            || !OSSL_PARAM_set_utf8_string(p, EVP_CIPHER_name(ctr->cipher_ctr)))
+            || !OSSL_PARAM_set_utf8_string(p,
+                                           EVP_CIPHER_get0_name(ctr->cipher_ctr)))
             return 0;
     }
 
diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c
index 4db104c..6deb0a2 100644
--- a/providers/implementations/rands/drbg_hash.c
+++ b/providers/implementations/rands/drbg_hash.c
@@ -438,7 +438,7 @@
     p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_DIGEST);
     if (p != NULL) {
         md = ossl_prov_digest_md(&hash->digest);
-        if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_name(md)))
+        if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_get0_name(md)))
             return 0;
     }
 
@@ -468,13 +468,13 @@
 
     md = ossl_prov_digest_md(&hash->digest);
     if (md != NULL) {
-        if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+        if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
             ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
             return 0;
         }
 
         /* These are taken from SP 800-90 10.1 Table 2 */
-        hash->blocklen = EVP_MD_size(md);
+        hash->blocklen = EVP_MD_get_size(md);
         /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
         ctx->strength = 64 * (hash->blocklen >> 3);
         if (ctx->strength > 256)
diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
index 67c0339..e68465a 100644
--- a/providers/implementations/rands/drbg_hmac.c
+++ b/providers/implementations/rands/drbg_hmac.c
@@ -326,7 +326,7 @@
     if (p != NULL) {
         if (hmac->ctx == NULL)
             return 0;
-        name = EVP_MAC_name(EVP_MAC_CTX_mac(hmac->ctx));
+        name = EVP_MAC_get0_name(EVP_MAC_CTX_get0_mac(hmac->ctx));
         if (!OSSL_PARAM_set_utf8_string(p, name))
             return 0;
     }
@@ -334,7 +334,7 @@
     p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_DIGEST);
     if (p != NULL) {
         md = ossl_prov_digest_md(&hmac->digest);
-        if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_name(md)))
+        if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_get0_name(md)))
             return 0;
     }
 
@@ -369,7 +369,7 @@
      * digests.
      */
     md = ossl_prov_digest_md(&hmac->digest);
-    if (md != NULL && (EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+    if (md != NULL && (EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
         return 0;
     }
@@ -380,7 +380,7 @@
 
     if (hmac->ctx != NULL) {
         /* These are taken from SP 800-90 10.1 Table 2 */
-        hmac->blocklen = EVP_MD_size(md);
+        hmac->blocklen = EVP_MD_get_size(md);
         /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
         ctx->strength = 64 * (int)(hmac->blocklen >> 3);
         if (ctx->strength > 256)
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index 23e000d..138fbce 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -92,7 +92,7 @@
 static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx)
 {
     if (pdsactx->md != NULL)
-        return EVP_MD_size(pdsactx->md);
+        return EVP_MD_get_size(pdsactx->md);
     return 0;
 }
 
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index a4297d1..c32641f 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -248,7 +248,7 @@
     WPACKET_cleanup(&pkt);
     ctx->mdctx = NULL;
     ctx->md = md;
-    ctx->mdsize = EVP_MD_size(ctx->md);
+    ctx->mdsize = EVP_MD_get_size(ctx->md);
     OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
 
     return 1;
@@ -429,7 +429,7 @@
     p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
     if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL
                                                     ? ctx->mdname
-                                                    : EVP_MD_name(ctx->md)))
+                                                    : EVP_MD_get0_name(ctx->md)))
         return 0;
 
     return 1;
diff --git a/providers/implementations/signature/mac_legacy_sig.c b/providers/implementations/signature/mac_legacy_sig.c
index a8cc67b..d9fd105 100644
--- a/providers/implementations/signature/mac_legacy_sig.c
+++ b/providers/implementations/signature/mac_legacy_sig.c
@@ -107,7 +107,7 @@
     pmacctx->key = vkey;
 
     if (pmacctx->key->cipher.cipher != NULL)
-        ciphername = (char *)EVP_CIPHER_name(pmacctx->key->cipher.cipher);
+        ciphername = (char *)EVP_CIPHER_get0_name(pmacctx->key->cipher.cipher);
 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
     if (pmacctx->key->cipher.engine != NULL)
         engine = (char *)ENGINE_get_id(pmacctx->key->cipher.engine);
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index abd3b1a..30fd43e 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -116,7 +116,7 @@
 static size_t rsa_get_md_size(const PROV_RSA_CTX *prsactx)
 {
     if (prsactx->md != NULL)
-        return EVP_MD_size(prsactx->md);
+        return EVP_MD_get_size(prsactx->md);
     return 0;
 }
 
@@ -156,7 +156,7 @@
         int max_saltlen;
 
         /* See if minimum salt length exceeds maximum possible */
-        max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_size(prsactx->md);
+        max_saltlen = RSA_size(prsactx->rsa) - EVP_MD_get_size(prsactx->md);
         if ((RSA_bits(prsactx->rsa) & 0x7) == 1)
             max_saltlen--;
         if (min_saltlen < 0 || min_saltlen > max_saltlen) {
@@ -195,9 +195,9 @@
     int saltlen = ctx->saltlen;
  
     if (saltlen == RSA_PSS_SALTLEN_DIGEST) {
-        saltlen = EVP_MD_size(ctx->md);
+        saltlen = EVP_MD_get_size(ctx->md);
     } else if (saltlen == RSA_PSS_SALTLEN_AUTO || saltlen == RSA_PSS_SALTLEN_MAX) {
-        saltlen = RSA_size(ctx->rsa) - EVP_MD_size(ctx->md) - 2;
+        saltlen = RSA_size(ctx->rsa) - EVP_MD_get_size(ctx->md) - 2;
         if ((RSA_bits(ctx->rsa) & 0x7) == 1)
             saltlen--;
     }
@@ -575,13 +575,13 @@
             if (rsa_pss_restricted(prsactx)) {
                 switch (prsactx->saltlen) {
                 case RSA_PSS_SALTLEN_DIGEST:
-                    if (prsactx->min_saltlen > EVP_MD_size(prsactx->md)) {
+                    if (prsactx->min_saltlen > EVP_MD_get_size(prsactx->md)) {
                         ERR_raise_data(ERR_LIB_PROV,
                                        PROV_R_PSS_SALTLEN_TOO_SMALL,
                                        "minimum salt length set to %d, "
                                        "but the digest only gives %d",
                                        prsactx->min_saltlen,
-                                       EVP_MD_size(prsactx->md));
+                                       EVP_MD_get_size(prsactx->md));
                         return 0;
                     }
                     /* FALLTHRU */
@@ -678,10 +678,10 @@
                 ERR_raise(ERR_LIB_PROV, PROV_R_ALGORITHM_MISMATCH);
                 return 0;
             }
-            if (ret != EVP_MD_size(prsactx->md)) {
+            if (ret != EVP_MD_get_size(prsactx->md)) {
                 ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH,
                                "Should be %d, but got %d",
-                               EVP_MD_size(prsactx->md), ret);
+                               EVP_MD_get_size(prsactx->md), ret);
                 return 0;
             }
 
@@ -1279,13 +1279,13 @@
                 }
                 break;
             case RSA_PSS_SALTLEN_DIGEST:
-                if (prsactx->min_saltlen > EVP_MD_size(prsactx->md)) {
+                if (prsactx->min_saltlen > EVP_MD_get_size(prsactx->md)) {
                     ERR_raise_data(ERR_LIB_PROV,
                                    PROV_R_PSS_SALTLEN_TOO_SMALL,
                                    "Should be more than %d, but would be "
                                    "set to match digest size (%d)",
                                    prsactx->min_saltlen,
-                                   EVP_MD_size(prsactx->md));
+                                   EVP_MD_get_size(prsactx->md));
                     return 0;
                 }
                 break;
diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c
index 8607a8b..719e7a2 100644
--- a/providers/implementations/signature/sm2_sig.c
+++ b/providers/implementations/signature/sm2_sig.c
@@ -198,7 +198,7 @@
     if (ctx->mdctx == NULL)
         goto error;
 
-    md_nid = EVP_MD_type(ctx->md);
+    md_nid = EVP_MD_get_type(ctx->md);
 
     /*
      * We do not care about DER writing errors.
@@ -295,7 +295,7 @@
 
     if (psm2ctx == NULL
         || psm2ctx->mdctx == NULL
-        || EVP_MD_size(psm2ctx->md) > (int)sizeof(digest))
+        || EVP_MD_get_size(psm2ctx->md) > (int)sizeof(digest))
         return 0;
 
     if (!(sm2sig_compute_z_digest(psm2ctx)
@@ -378,7 +378,7 @@
     p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
     if (p != NULL && !OSSL_PARAM_set_utf8_string(p, psm2ctx->md == NULL
                                                     ? psm2ctx->mdname
-                                                    : EVP_MD_name(psm2ctx->md)))
+                                                    : EVP_MD_get0_name(psm2ctx->md)))
         return 0;
 
     return 1;
diff --git a/ssl/ktls.c b/ssl/ktls.c
index 4aece2e..a5de8bd 100644
--- a/ssl/ktls.c
+++ b/ssl/ktls.c
@@ -67,7 +67,7 @@
     case SSL_AES256GCM:
         crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16;
         if (s->version == TLS1_3_VERSION)
-            crypto_info->iv_len = EVP_CIPHER_CTX_iv_length(dd);
+            crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd);
         else
             crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN;
         break;
@@ -87,7 +87,7 @@
             return 0;
         }
         crypto_info->cipher_algorithm = CRYPTO_AES_CBC;
-        crypto_info->iv_len = EVP_CIPHER_iv_length(c);
+        crypto_info->iv_len = EVP_CIPHER_get_iv_length(c);
         crypto_info->auth_key = mac_key;
         crypto_info->auth_key_len = mac_secret_size;
         break;
@@ -95,7 +95,7 @@
         return 0;
     }
     crypto_info->cipher_key = key;
-    crypto_info->cipher_key_len = EVP_CIPHER_key_length(c);
+    crypto_info->cipher_key_len = EVP_CIPHER_get_key_length(c);
     crypto_info->iv = iv;
     crypto_info->tls_vmajor = (s->version >> 8) & 0x000000ff;
     crypto_info->tls_vminor = (s->version & 0x000000ff);
@@ -129,11 +129,11 @@
     /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 
      * or Chacha20-Poly1305
      */
-    switch (EVP_CIPHER_nid(c))
+    switch (EVP_CIPHER_get_nid(c))
     {
 # ifdef OPENSSL_KTLS_AES_CCM_128
     case NID_aes_128_ccm:
-        if (EVP_CIPHER_CTX_tag_length(dd) != EVP_CCM_TLS_TAG_LEN)
+        if (EVP_CIPHER_CTX_get_tag_length(dd) != EVP_CCM_TLS_TAG_LEN)
           return 0;
 # endif
 # ifdef OPENSSL_KTLS_AES_GCM_128
@@ -163,7 +163,7 @@
     unsigned char *iiv = iv;
 
     if (s->version == TLS1_2_VERSION &&
-        EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
+        EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) {
         if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv,
                                            EVP_GCM_TLS_FIXED_IV_LEN
                                            + EVP_GCM_TLS_EXPLICIT_IV_LEN))
@@ -172,7 +172,7 @@
     }
 
     memset(crypto_info, 0, sizeof(*crypto_info));
-    switch (EVP_CIPHER_nid(c))
+    switch (EVP_CIPHER_get_nid(c))
     {
 # ifdef OPENSSL_KTLS_AES_GCM_128
     case NID_aes_128_gcm:
@@ -182,7 +182,7 @@
         memcpy(crypto_info->gcm128.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN,
                 TLS_CIPHER_AES_GCM_128_IV_SIZE);
         memcpy(crypto_info->gcm128.salt, iiv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
-        memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_key_length(c));
+        memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c));
         memcpy(crypto_info->gcm128.rec_seq, rl_sequence,
                 TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
         if (rec_seq != NULL)
@@ -197,7 +197,7 @@
         memcpy(crypto_info->gcm256.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN,
                 TLS_CIPHER_AES_GCM_256_IV_SIZE);
         memcpy(crypto_info->gcm256.salt, iiv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
-        memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_key_length(c));
+        memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c));
         memcpy(crypto_info->gcm256.rec_seq, rl_sequence,
                 TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE);
         if (rec_seq != NULL)
@@ -212,7 +212,7 @@
         memcpy(crypto_info->ccm128.iv, iiv + EVP_CCM_TLS_FIXED_IV_LEN,
                 TLS_CIPHER_AES_CCM_128_IV_SIZE);
         memcpy(crypto_info->ccm128.salt, iiv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
-        memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_key_length(c));
+        memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c));
         memcpy(crypto_info->ccm128.rec_seq, rl_sequence,
                 TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE);
         if (rec_seq != NULL)
@@ -226,7 +226,8 @@
         crypto_info->tls_crypto_info_len = sizeof(crypto_info->chacha20poly1305);
         memcpy(crypto_info->chacha20poly1305.iv, iiv,
 		TLS_CIPHER_CHACHA20_POLY1305_IV_SIZE);
-        memcpy(crypto_info->chacha20poly1305.key, key, EVP_CIPHER_key_length(c));
+        memcpy(crypto_info->chacha20poly1305.key, key,
+               EVP_CIPHER_get_key_length(c));
         memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence,
                 TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE);
         if (rec_seq != NULL)
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 6713ff7..336ebc8 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -837,7 +837,7 @@
     if (clear)
         mac_size = 0;
     else {
-        mac_size = EVP_MD_CTX_size(s->write_hash);
+        mac_size = EVP_MD_CTX_get_size(s->write_hash);
         if (mac_size < 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
@@ -871,9 +871,9 @@
 
     /* Explicit IV length, block ciphers appropriate version flag */
     if (s->enc_write_ctx) {
-        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx);
         if (mode == EVP_CIPH_CBC_MODE) {
-            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx);
             if (eivlen <= 1)
                 eivlen = 0;
         }
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 8cd102e..a217db7 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -439,7 +439,7 @@
             && !SSL_WRITE_ETM(s)
             && SSL_USE_EXPLICIT_IV(s)
             && BIO_get_ktls_send(s->wbio) == 0
-            && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
+            && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
                 & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) != 0) {
         unsigned char aad[13];
         EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
@@ -588,7 +588,7 @@
     }
     if (maxpipes == 0
         || s->enc_write_ctx == NULL
-        || (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
+        || (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx))
             & EVP_CIPH_FLAG_PIPELINE) == 0
         || !SSL_USE_EXPLICIT_IV(s))
         maxpipes = 1;
@@ -723,7 +723,7 @@
         mac_size = 0;
     } else {
         /* TODO(siz_t): Convert me */
-        mac_size = EVP_MD_CTX_size(s->write_hash);
+        mac_size = EVP_MD_CTX_get_size(s->write_hash);
         if (mac_size < 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             goto err;
@@ -831,10 +831,10 @@
 
     /* Explicit IV length, block ciphers appropriate version flag */
     if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) {
-        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx);
         if (mode == EVP_CIPH_CBC_MODE) {
             /* TODO(size_t): Convert me */
-            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx);
             if (eivlen <= 1)
                 eivlen = 0;
         } else if (mode == EVP_CIPH_GCM_MODE) {
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 8788d49..8c4ff01 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -480,7 +480,7 @@
              && thisrr->type == SSL3_RT_APPLICATION_DATA
              && SSL_USE_EXPLICIT_IV(s)
              && s->enc_read_ctx != NULL
-             && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx))
+             && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_read_ctx))
                  & EVP_CIPH_FLAG_PIPELINE) != 0
              && ssl3_record_app_data_waiting(s));
 
@@ -526,7 +526,7 @@
         const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash);
 
         if (tmpmd != NULL) {
-            imac_size = EVP_MD_size(tmpmd);
+            imac_size = EVP_MD_get_size(tmpmd);
             if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
                     SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
                     return -1;
@@ -855,11 +855,11 @@
         memmove(rec->data, rec->input, rec->length);
         rec->input = rec->data;
     } else {
-        int provided = (EVP_CIPHER_provider(enc) != NULL);
+        int provided = (EVP_CIPHER_get0_provider(enc) != NULL);
 
         l = rec->length;
         /* TODO(size_t): Convert this call */
-        bs = EVP_CIPHER_CTX_block_size(ds);
+        bs = EVP_CIPHER_CTX_get_block_size(ds);
 
         /* COMPRESS */
 
@@ -889,7 +889,7 @@
             /* otherwise, rec->length >= bs */
         }
 
-        if (EVP_CIPHER_provider(enc) != NULL) {
+        if (EVP_CIPHER_get0_provider(enc) != NULL) {
             int outlen;
 
             if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input,
@@ -968,7 +968,7 @@
 
     if (sending) {
         if (EVP_MD_CTX_get0_md(s->write_hash)) {
-            int n = EVP_MD_CTX_size(s->write_hash);
+            int n = EVP_MD_CTX_get_size(s->write_hash);
             if (!ossl_assert(n >= 0)) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                 return 0;
@@ -983,8 +983,8 @@
             enc = EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx);
             /* For TLSv1.1 and later explicit IV */
             if (SSL_USE_EXPLICIT_IV(s)
-                && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
-                ivlen = EVP_CIPHER_iv_length(enc);
+                && EVP_CIPHER_get_mode(enc) == EVP_CIPH_CBC_MODE)
+                ivlen = EVP_CIPHER_get_iv_length(enc);
             else
                 ivlen = 0;
             if (ivlen > 1) {
@@ -1006,7 +1006,7 @@
         }
     } else {
         if (EVP_MD_CTX_get0_md(s->read_hash)) {
-            int n = EVP_MD_CTX_size(s->read_hash);
+            int n = EVP_MD_CTX_get_size(s->read_hash);
             if (!ossl_assert(n >= 0)) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
                 return 0;
@@ -1025,12 +1025,12 @@
             recs[ctr].input = recs[ctr].data;
         }
     } else {
-        int provided = (EVP_CIPHER_provider(enc) != NULL);
+        int provided = (EVP_CIPHER_get0_provider(enc) != NULL);
 
-        bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_get0_cipher(ds));
+        bs = EVP_CIPHER_get_block_size(EVP_CIPHER_CTX_get0_cipher(ds));
 
         if (n_recs > 1) {
-            if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
+            if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
                   & EVP_CIPH_FLAG_PIPELINE) == 0) {
                 /*
                  * We shouldn't have been called with pipeline data if the
@@ -1043,7 +1043,7 @@
         for (ctr = 0; ctr < n_recs; ctr++) {
             reclen[ctr] = recs[ctr].length;
 
-            if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
+            if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
                         & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
                 unsigned char *seq;
 
@@ -1177,10 +1177,10 @@
              * any explicit IV
              */
             if (!sending) {
-                if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
+                if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) {
                         recs[0].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
                         recs[0].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-                } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
+                } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) {
                         recs[0].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
                         recs[0].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
                 } else if (bs != 1 && SSL_USE_EXPLICIT_IV(s)) {
@@ -1215,7 +1215,7 @@
             /* TODO(size_t): Convert this call */
             tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
                               (unsigned int)reclen[0]);
-            if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(ds))
+            if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ds))
                  & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0
                 ? (tmpr < 0)
                 : (tmpr == 0)) {
@@ -1225,13 +1225,13 @@
 
             if (!sending) {
                 /* Adjust the record to remove the explicit IV/MAC/Tag */
-                if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
+                if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_GCM_MODE) {
                     for (ctr = 0; ctr < n_recs; ctr++) {
                         recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
                         recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
                         recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
                     }
-                } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
+                } else if (EVP_CIPHER_get_mode(enc) == EVP_CIPH_CCM_MODE) {
                     for (ctr = 0; ctr < n_recs; ctr++) {
                         recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
                         recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
@@ -1261,7 +1261,7 @@
                                                         : NULL,
                                          bs,
                                          macsize,
-                                         (EVP_CIPHER_flags(enc)
+                                         (EVP_CIPHER_get_flags(enc)
                                          & EVP_CIPH_FLAG_AEAD_CIPHER) != 0,
                                          s->ctx->libctx))
                         return 0;
@@ -1283,7 +1283,7 @@
  */
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
 {
-    switch (EVP_MD_CTX_type(ctx)) {
+    switch (EVP_MD_CTX_get_type(ctx)) {
     case NID_md5:
     case NID_sha1:
     case NID_sha224:
@@ -1315,15 +1315,15 @@
         hash = ssl->read_hash;
     }
 
-    t = EVP_MD_CTX_size(hash);
+    t = EVP_MD_CTX_get_size(hash);
     if (t < 0)
         return 0;
     md_size = t;
     npad = (48 / md_size) * md_size;
 
-    if (!sending &&
-        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-        ssl3_cbc_record_digest_supported(hash)) {
+    if (!sending
+        && EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE
+        && ssl3_cbc_record_digest_supported(hash)) {
 #ifdef OPENSSL_NO_DEPRECATED_3_0
         return 0;
 #else
@@ -1418,7 +1418,7 @@
         hash = ssl->read_hash;
     }
 
-    t = EVP_MD_CTX_size(hash);
+    t = EVP_MD_CTX_get_size(hash);
     if (!ossl_assert(t >= 0))
         return 0;
     md_size = t;
@@ -1457,16 +1457,16 @@
     header[11] = (unsigned char)(rec->length >> 8);
     header[12] = (unsigned char)(rec->length & 0xff);
 
-    if (!sending && !SSL_READ_ETM(ssl) &&
-            EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-            ssl3_cbc_record_digest_supported(mac_ctx)) {
+    if (!sending && !SSL_READ_ETM(ssl)
+        && EVP_CIPHER_CTX_get_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE
+        && ssl3_cbc_record_digest_supported(mac_ctx)) {
         OSSL_PARAM tls_hmac_params[2], *p = tls_hmac_params;
 
         *p++ = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE,
                                            &rec->orig_len);
         *p++ = OSSL_PARAM_construct_end();
 
-        if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_pkey_ctx(mac_ctx),
+        if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx),
                                      tls_hmac_params))
             return 0;
     }
@@ -1551,7 +1551,7 @@
         const EVP_MD *tmpmd = EVP_MD_CTX_get0_md(s->read_hash);
 
         if (tmpmd != NULL) {
-            imac_size = EVP_MD_size(tmpmd);
+            imac_size = EVP_MD_get_size(tmpmd);
             if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
                     SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
                     return -1;
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index 0e4b310..13c007a 100644
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -62,7 +62,7 @@
         return 1;
     }
 
-    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
 
     if (s->early_data_state == SSL_EARLY_DATA_WRITING
             || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 88ac6e4..64b246e 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -186,15 +186,15 @@
         EVP_CIPHER_CTX_reset(dd);
 
     p = s->s3.tmp.key_block;
-    mdi = EVP_MD_size(m);
+    mdi = EVP_MD_get_size(m);
     if (mdi < 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }
     i = mdi;
-    cl = EVP_CIPHER_key_length(c);
+    cl = EVP_CIPHER_get_key_length(c);
     j = cl;
-    k = EVP_CIPHER_iv_length(c);
+    k = EVP_CIPHER_get_iv_length(c);
     if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
         (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
         ms = &(p[0]);
@@ -225,7 +225,7 @@
         goto err;
     }
 
-    if (EVP_CIPHER_provider(c) != NULL
+    if (EVP_CIPHER_get0_provider(c) != NULL
             && !tls_provider_set_tls_params(s, dd, c, m)) {
         /* SSLfatal already called */
         goto err;
@@ -266,11 +266,11 @@
     s->s3.tmp.new_compression = comp;
 #endif
 
-    num = EVP_MD_size(hash);
+    num = EVP_MD_get_size(hash);
     if (num < 0)
         return 0;
 
-    num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c);
+    num = EVP_CIPHER_get_key_length(c) + num + EVP_CIPHER_get_iv_length(c);
     num *= 2;
 
     ssl3_cleanup_key_block(s);
@@ -424,7 +424,7 @@
         return 0;
     }
 
-    if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) {
+    if (EVP_MD_CTX_get_type(s->s3.handshake_dgst) != NID_md5_sha1) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST);
         return 0;
     }
@@ -440,7 +440,7 @@
         goto err;
     }
 
-    ret = EVP_MD_CTX_size(ctx);
+    ret = EVP_MD_CTX_get_size(ctx);
     if (ret < 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         ret = 0;
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 582124a..d7c19fe 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -346,7 +346,7 @@
         if (md == NULL) {
             ctx->disabled_mac_mask |= t->mask;
         } else {
-            int tmpsize = EVP_MD_size(md);
+            int tmpsize = EVP_MD_get_size(md);
             if (!ossl_assert(tmpsize >= 0))
                 return 0;
             ctx->ssl_mac_secret_size[i] = tmpsize;
@@ -566,8 +566,9 @@
             *mac_secret_size = ctx->ssl_mac_secret_size[i];
     }
 
-    if ((*enc != NULL) &&
-        (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER))
+    if ((*enc != NULL)
+        && (*md != NULL 
+            || (EVP_CIPHER_get_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER))
         && (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
         const EVP_CIPHER *evp = NULL;
 
@@ -2172,7 +2173,7 @@
         if (e_md == NULL)
             return 0;
 
-        mac = EVP_MD_size(e_md);
+        mac = EVP_MD_get_size(e_md);
         if (c->algorithm_enc != SSL_eNULL) {
             int cipher_nid = SSL_CIPHER_get_cipher_nid(c);
             const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid);
@@ -2180,12 +2181,12 @@
             /* If it wasn't AEAD or SSL_eNULL, we expect it to be a
                known CBC cipher. */
             if (e_ciph == NULL ||
-                EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE)
+                EVP_CIPHER_get_mode(e_ciph) != EVP_CIPH_CBC_MODE)
                 return 0;
 
             in = 1; /* padding length byte */
-            out = EVP_CIPHER_iv_length(e_ciph);
-            blk = EVP_CIPHER_block_size(e_ciph);
+            out = EVP_CIPHER_get_iv_length(e_ciph);
+            blk = EVP_CIPHER_get_block_size(e_ciph);
         }
     }
 
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index af95f2e..c8ab4a6 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -305,7 +305,7 @@
         }
     }
 
-    if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
+    if (md != NULL && dlen != (size_t)EVP_MD_get_size(md)) {
         ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
         return 0;
     }
@@ -4764,7 +4764,7 @@
 {
     EVP_MD_CTX *ctx = NULL;
     EVP_MD_CTX *hdgst = s->s3.handshake_dgst;
-    int hashleni = EVP_MD_CTX_size(hdgst);
+    int hashleni = EVP_MD_CTX_get_size(hdgst);
     int ret = 0;
 
     if (hashleni < 0 || (size_t)hashleni > outlen) {
@@ -5898,7 +5898,7 @@
 int ssl_evp_cipher_up_ref(const EVP_CIPHER *cipher)
 {
     /* Don't up-ref an implicit EVP_CIPHER */
-    if (EVP_CIPHER_provider(cipher) == NULL)
+    if (EVP_CIPHER_get0_provider(cipher) == NULL)
         return 1;
 
     /*
@@ -5913,7 +5913,7 @@
     if (cipher == NULL)
         return;
 
-    if (EVP_CIPHER_provider(cipher) != NULL) {
+    if (EVP_CIPHER_get0_provider(cipher) != NULL) {
         /*
          * The cipher was explicitly fetched and therefore it is safe to cast
          * away the const
@@ -5942,7 +5942,7 @@
 int ssl_evp_md_up_ref(const EVP_MD *md)
 {
     /* Don't up-ref an implicit EVP_MD */
-    if (EVP_MD_provider(md) == NULL)
+    if (EVP_MD_get0_provider(md) == NULL)
         return 1;
 
     /*
@@ -5957,7 +5957,7 @@
     if (md == NULL)
         return;
 
-    if (EVP_MD_provider(md) != NULL) {
+    if (EVP_MD_get0_provider(md) != NULL) {
         /*
          * The digest was explicitly fetched and therefore it is safe to cast
          * away the const
@@ -5969,7 +5969,7 @@
 int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey)
 {
     if (!ssl_security(s, SSL_SECOP_TMP_DH,
-                      EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) {
+                      EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
         ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
         EVP_PKEY_free(dhpkey);
         return 0;
@@ -5982,7 +5982,7 @@
 int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey)
 {
     if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
-                          EVP_PKEY_security_bits(dhpkey), 0, dhpkey)) {
+                          EVP_PKEY_get_security_bits(dhpkey), 0, dhpkey)) {
         ERR_raise(ERR_LIB_SSL, SSL_R_DH_KEY_TOO_SMALL);
         EVP_PKEY_free(dhpkey);
         return 0;
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 42d591e..d12e940 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1453,7 +1453,7 @@
 #endif
     const unsigned char *label;
     size_t bindersize, labelsize, hashsize;
-    int hashsizei = EVP_MD_size(md);
+    int hashsizei = EVP_MD_get_size(md);
     int ret = -1;
     int usepskfored = 0;
 
@@ -1587,7 +1587,7 @@
         binderout = tmpbinder;
 
     bindersize = hashsize;
-    if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_name(md), s->ctx->libctx,
+    if (EVP_DigestSignInit_ex(mctx, NULL, EVP_MD_get0_name(md), s->ctx->libctx,
                               s->ctx->propq, mackey, NULL) <= 0
             || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
             || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index fe9f8a9..545b2d0 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -937,7 +937,7 @@
              * length.
              */
             hlen +=  PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
-                     + EVP_MD_size(md);
+                     + EVP_MD_get_size(md);
         }
     }
 
@@ -1068,7 +1068,7 @@
          */
         agems += s->session->ext.tick_age_add;
 
-        reshashsize = EVP_MD_size(mdres);
+        reshashsize = EVP_MD_get_size(mdres);
         s->ext.tick_identity++;
         dores = 1;
     }
@@ -1097,7 +1097,7 @@
             return EXT_RETURN_FAIL;
         }
 
-        pskhashsize = EVP_MD_size(mdpsk);
+        pskhashsize = EVP_MD_get_size(mdpsk);
     }
 
     /* Create the extension, but skip over the binder for now */
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 6b3b33e..51c3251 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1164,7 +1164,8 @@
 
         md = ssl_md(s->ctx, sess->cipher->algorithm2);
         if (!EVP_MD_is_a(md,
-                EVP_MD_name(ssl_md(s->ctx, s->s3.tmp.new_cipher->algorithm2)))) {
+                EVP_MD_get0_name(ssl_md(s->ctx,
+                                        s->s3.tmp.new_cipher->algorithm2)))) {
             /* The ciphersuite is not compatible with this session. */
             SSL_SESSION_free(sess);
             sess = NULL;
@@ -1179,7 +1180,7 @@
         return 1;
 
     binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
-    hashsize = EVP_MD_size(md);
+    hashsize = EVP_MD_get_size(md);
 
     if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 82bb013..88b34c6 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2083,7 +2083,8 @@
         goto err;
     }
 
-    if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
+    if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                      EVP_PKEY_get_security_bits(peer_tmp),
                       0, peer_tmp)) {
         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL);
         goto err;
@@ -2258,7 +2259,7 @@
         }
         if (SSL_USE_SIGALGS(s))
             OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n",
-                        md == NULL ? "n/a" : EVP_MD_name(md));
+                        md == NULL ? "n/a" : EVP_MD_get0_name(md));
 
         if (!PACKET_get_length_prefixed_2(pkt, &signature)
             || PACKET_remaining(pkt) != 0) {
@@ -2273,7 +2274,7 @@
         }
 
         if (EVP_DigestVerifyInit_ex(md_ctx, &pctx,
-                                    md == NULL ? NULL : EVP_MD_name(md),
+                                    md == NULL ? NULL : EVP_MD_get0_name(md),
                                     s->ctx->libctx, s->ctx->propq, pkey,
                                     NULL) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
@@ -2589,7 +2590,7 @@
     /* This is a standalone message in TLSv1.3, so there is no more to read */
     if (SSL_IS_TLS13(s)) {
         const EVP_MD *md = ssl_handshake_md(s);
-        int hashleni = EVP_MD_size(md);
+        int hashleni = EVP_MD_get_size(md);
         size_t hashlen;
         static const unsigned char nonce_label[] = "resumption";
 
@@ -2942,7 +2943,7 @@
      * stack, we need to zero pad the DHE pub key to the same length
      * as the prime.
      */
-    prime_len = EVP_PKEY_size(ckey);
+    prime_len = EVP_PKEY_get_size(ckey);
     pad_len = prime_len - encoded_pub_len;
     if (pad_len > 0) {
         if (!WPACKET_sub_allocate_bytes_u16(pkt, pad_len, &keybytes)) {
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 1fcd064..8c588fd 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -132,17 +132,17 @@
 
     if (s->write_hash) {
         if (s->enc_write_ctx
-            && (EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) &
+            && (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(s->enc_write_ctx)) &
                 EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
             mac_size = 0;
         else
-            mac_size = EVP_MD_CTX_size(s->write_hash);
+            mac_size = EVP_MD_CTX_get_size(s->write_hash);
     } else
         mac_size = 0;
 
     if (s->enc_write_ctx &&
-        (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
-        blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
+        (EVP_CIPHER_CTX_get_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
+        blocksize = 2 * EVP_CIPHER_CTX_get_block_size(s->enc_write_ctx);
     else
         blocksize = 0;
 
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 800a957..eef2fe4 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -309,7 +309,8 @@
         goto err;
     }
 
-    if (EVP_DigestSignInit_ex(mctx, &pctx, md == NULL ? NULL : EVP_MD_name(md),
+    if (EVP_DigestSignInit_ex(mctx, &pctx,
+                              md == NULL ? NULL : EVP_MD_get0_name(md),
                               s->ctx->libctx, s->ctx->propq, pkey,
                               NULL) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
@@ -451,7 +452,7 @@
 
     if (SSL_USE_SIGALGS(s))
         OSSL_TRACE1(TLS, "USING TLSv1.2 HASH %s\n",
-                    md == NULL ? "n/a" : EVP_MD_name(md));
+                    md == NULL ? "n/a" : EVP_MD_get0_name(md));
 
     /* Check for broken implementations of GOST ciphersuites */
     /*
@@ -461,10 +462,10 @@
 #ifndef OPENSSL_NO_GOST
     if (!SSL_USE_SIGALGS(s)
         && ((PACKET_remaining(pkt) == 64
-             && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001
-                 || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))
+             && (EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2001
+                 || EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_256))
             || (PACKET_remaining(pkt) == 128
-                && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {
+                && EVP_PKEY_get_id(pkey) == NID_id_GostR3410_2012_512))) {
         len = PACKET_remaining(pkt);
     } else
 #endif
@@ -484,10 +485,10 @@
     }
 
     OSSL_TRACE1(TLS, "Using client verify alg %s\n",
-                md == NULL ? "n/a" : EVP_MD_name(md));
+                md == NULL ? "n/a" : EVP_MD_get0_name(md));
 
     if (EVP_DigestVerifyInit_ex(mctx, &pctx,
-                                md == NULL ? NULL : EVP_MD_name(md),
+                                md == NULL ? NULL : EVP_MD_get0_name(md),
                                 s->ctx->libctx, s->ctx->propq, pkey,
                                 NULL) <= 0) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB);
@@ -495,7 +496,7 @@
     }
 #ifndef OPENSSL_NO_GOST
     {
-        int pktype = EVP_PKEY_id(pkey);
+        int pktype = EVP_PKEY_get_id(pkey);
         if (pktype == NID_id_GostR3410_2001
             || pktype == NID_id_GostR3410_2012_256
             || pktype == NID_id_GostR3410_2012_512) {
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 15bcdae..a954097 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2480,7 +2480,7 @@
             goto err;
         }
         if (!ssl_security(s, SSL_SECOP_TMP_DH,
-                          EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
+                          EVP_PKEY_get_security_bits(pkdhp), 0, pkdhp)) {
             SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_DH_KEY_TOO_SMALL);
             goto err;
         }
@@ -2678,7 +2678,7 @@
         }
 
         if (EVP_DigestSignInit_ex(md_ctx, &pctx,
-                                  md == NULL ? NULL : EVP_MD_name(md),
+                                  md == NULL ? NULL : EVP_MD_get0_name(md),
                                   s->ctx->libctx, s->ctx->propq, pkey,
                                   NULL) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -3766,7 +3766,7 @@
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED);
             goto err;
         }
-        iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+        iv_len = EVP_CIPHER_CTX_get_iv_length(ctx);
     } else {
         EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC",
                                               s->ctx->propq);
@@ -3777,7 +3777,7 @@
             goto err;
         }
 
-        iv_len = EVP_CIPHER_iv_length(cipher);
+        iv_len = EVP_CIPHER_get_iv_length(cipher);
         if (iv_len < 0
                 || RAND_bytes_ex(s->ctx->libctx, iv, iv_len, 0) <= 0
                 || !EVP_EncryptInit_ex(ctx, cipher, NULL,
@@ -3875,7 +3875,7 @@
         uint64_t nonce;
         static const unsigned char nonce_label[] = "resumption";
         const EVP_MD *md = ssl_handshake_md(s);
-        int hashleni = EVP_MD_size(md);
+        int hashleni = EVP_MD_get_size(md);
 
         /* Ensure cast to size_t is safe */
         if (!ossl_assert(hashleni >= 0)) {
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 886709b..03a83ee 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -52,7 +52,7 @@
     EVP_KDF_free(kdf);
     if (kctx == NULL)
         goto err;
-    mdname = EVP_MD_name(md);
+    mdname = EVP_MD_get0_name(md);
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                             (char *)mdname, 0);
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
@@ -146,14 +146,14 @@
     size_t macsize = 0;
     int imacsize = -1;
 
-    if ((EVP_CIPHER_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0
+    if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0
                /*
                 * We look at s->ext.use_etm instead of SSL_READ_ETM() or
                 * SSL_WRITE_ETM() because this test applies to both reading
                 * and writing.
                 */
             && !s->ext.use_etm)
-        imacsize = EVP_MD_size(md);
+        imacsize = EVP_MD_get_size(md);
     if (imacsize >= 0)
         macsize = (size_t)imacsize;
 
@@ -175,12 +175,12 @@
 static int tls_iv_length_within_key_block(const EVP_CIPHER *c)
 {
     /* If GCM/CCM mode only part of IV comes from PRF */
-    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+    if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE)
         return EVP_GCM_TLS_FIXED_IV_LEN;
-    else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+    else if (EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE)
         return EVP_CCM_TLS_FIXED_IV_LEN;
     else
-        return EVP_CIPHER_iv_length(c);
+        return EVP_CIPHER_get_iv_length(c);
 }
 
 int tls1_change_cipher_state(SSL *s, int which)
@@ -334,7 +334,7 @@
     i = *mac_secret_size = s->s3.tmp.new_mac_secret_size;
 
     /* TODO(size_t): convert me */
-    cl = EVP_CIPHER_key_length(c);
+    cl = EVP_CIPHER_get_key_length(c);
     j = cl;
     k = tls_iv_length_within_key_block(c);
     if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@@ -362,7 +362,7 @@
 
     memcpy(mac_secret, ms, i);
 
-    if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+    if (!(EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
         if (mac_type == EVP_PKEY_HMAC) {
             mac_key = EVP_PKEY_new_raw_private_key_ex(s->ctx->libctx, "HMAC",
                                                       s->ctx->propq, mac_secret,
@@ -377,7 +377,7 @@
                                            (int)*mac_secret_size);
         }
         if (mac_key == NULL
-            || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_name(m),
+            || EVP_DigestSignInit_ex(mac_ctx, NULL, EVP_MD_get0_name(m),
                                      s->ctx->libctx, s->ctx->propq, mac_key,
                                      NULL) <= 0) {
             EVP_PKEY_free(mac_key);
@@ -392,14 +392,14 @@
         BIO_dump_indent(trc_out, ms, i, 4);
     } OSSL_TRACE_END(TLS);
 
-    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
+    if (EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) {
         if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
             || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
                                     iv)) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             goto err;
         }
-    } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
+    } else if (EVP_CIPHER_get_mode(c) == EVP_CIPH_CCM_MODE) {
         int taglen;
         if (s->s3.tmp.
             new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
@@ -421,13 +421,14 @@
         }
     }
     /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
-    if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
+    if ((EVP_CIPHER_get_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)
+        && *mac_secret_size
         && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
                                 (int)*mac_secret_size, mac_secret)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
         goto err;
     }
-    if (EVP_CIPHER_provider(c) != NULL
+    if (EVP_CIPHER_get0_provider(c) != NULL
             && !tls_provider_set_tls_params(s, dd, c, m)) {
         /* SSLfatal already called */
         goto err;
@@ -510,7 +511,7 @@
 
     OSSL_TRACE_BEGIN(TLS) {
         BIO_printf(trc_out, "which = %04X, key:\n", which);
-        BIO_dump_indent(trc_out, key, EVP_CIPHER_key_length(c), 4);
+        BIO_dump_indent(trc_out, key, EVP_CIPHER_get_key_length(c), 4);
         BIO_printf(trc_out, "iv:\n");
         BIO_dump_indent(trc_out, iv, k, 4);
     } OSSL_TRACE_END(TLS);
@@ -546,7 +547,8 @@
     s->s3.tmp.new_hash = hash;
     s->s3.tmp.new_mac_pkey_type = mac_type;
     s->s3.tmp.new_mac_secret_size = mac_secret_size;
-    num = mac_secret_size + EVP_CIPHER_key_length(c) + tls_iv_length_within_key_block(c);
+    num = mac_secret_size + EVP_CIPHER_get_key_length(c)
+          + tls_iv_length_within_key_block(c);
     num *= 2;
 
     ssl3_cleanup_key_block(s);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 1dc57af..d22a794 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -357,7 +357,7 @@
          * assumption to make (in which case perhaps we should document this
          * behaviour)?
          */
-        if (EVP_KEYMGMT_provider(keymgmt) == provider) {
+        if (EVP_KEYMGMT_get0_provider(keymgmt) == provider) {
             /* We have a match - so we will use this group */
             ctx->group_list_len++;
             ginf = NULL;
@@ -1235,7 +1235,7 @@
  * SHA512 has a hash length of 64 bytes, which is incompatible
  * with a 128 byte (1024 bit) key.
  */
-#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2)
+#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_get_size(md) + 2)
 static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey,
                                       const SIGALG_LOOKUP *lu)
 {
@@ -1245,7 +1245,7 @@
         return 0;
     if (!tls1_lookup_md(ctx, lu, &md) || md == NULL)
         return 0;
-    if (EVP_PKEY_size(pkey) < RSA_PSS_MINIMUM_KEY_SIZE(md))
+    if (EVP_PKEY_get_size(pkey) < RSA_PSS_MINIMUM_KEY_SIZE(md))
         return 0;
     return 1;
 }
@@ -1418,10 +1418,10 @@
         return 0;
     if (md != NULL)
     {
-        int md_type = EVP_MD_type(md);
+        int md_type = EVP_MD_get_type(md);
 
         /* Security bits: half digest bits */
-        secbits = EVP_MD_size(md) * 4;
+        secbits = EVP_MD_get_size(md) * 4;
         /*
          * SHA1 and MD5 are known to be broken. Reduce security bits so that
          * they're no longer accepted at security level 1. The real values don't
@@ -1463,7 +1463,7 @@
     const SIGALG_LOOKUP *lu;
     int secbits = 0;
 
-    pkeyid = EVP_PKEY_id(pkey);
+    pkeyid = EVP_PKEY_get_id(pkey);
     /* Should never happen */
     if (pkeyid == -1)
         return -1;
@@ -1490,7 +1490,7 @@
         return 0;
     }
     /* Check the sigalg is consistent with the key OID */
-    if (!ssl_cert_lookup_by_nid(EVP_PKEY_id(pkey), &cidx)
+    if (!ssl_cert_lookup_by_nid(EVP_PKEY_get_id(pkey), &cidx)
             || lu->sig_idx != (int)cidx) {
         SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_WRONG_SIGNATURE_TYPE);
         return 0;
@@ -1560,7 +1560,7 @@
     secbits = sigalg_security_bits(s->ctx, lu);
     if (secbits == 0 ||
         !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
-                      md != NULL ? EVP_MD_type(md) : NID_undef,
+                      md != NULL ? EVP_MD_get_type(md) : NID_undef,
                       (void *)sigalgstr)) {
         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
         return 0;
@@ -1893,7 +1893,7 @@
 
     /* Sanity check ticket length: must exceed keyname + IV + HMAC */
     if (eticklen <=
-        TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
+        TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx) + mlen) {
         ret = SSL_TICKET_NO_DECRYPT;
         goto end;
     }
@@ -1911,8 +1911,8 @@
     }
     /* Attempt to decrypt session data */
     /* Move p after IV to start of encrypted ticket, update length */
-    p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
-    eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+    p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx);
+    eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx);
     sdec = OPENSSL_malloc(eticklen);
     if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p,
                                           (int)eticklen) <= 0) {
@@ -2898,7 +2898,7 @@
         } else {
             if (s->s3.tmp.cert == NULL)
                 return NULL;
-            dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey);
+            dh_secbits = EVP_PKEY_get_security_bits(s->s3.tmp.cert->privatekey);
         }
     }
 
@@ -2950,7 +2950,7 @@
          * reject keys which omit parameters but this only affects DSA and
          * omission of parameters is never (?) done in practice.
          */
-        secbits = EVP_PKEY_security_bits(pkey);
+        secbits = EVP_PKEY_get_security_bits(pkey);
     }
     if (s)
         return ssl_security(s, op, secbits, 0, x);
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index dba1e5f..53aeea4 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -43,7 +43,7 @@
     EVP_KDF_CTX *kctx;
     OSSL_PARAM params[5], *p = params;
     int mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
-    const char *mdname = EVP_MD_name(md);
+    const char *mdname = EVP_MD_get0_name(md);
     int ret;
     size_t hkdflabellen;
     size_t hashlen;
@@ -76,7 +76,7 @@
         return 0;
     }
 
-    hashlen = EVP_MD_size(md);
+    hashlen = EVP_MD_get_size(md);
 
     if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
             || !WPACKET_put_bytes_u16(&pkt, outlen)
@@ -185,7 +185,7 @@
     EVP_KDF_CTX *kctx;
     OSSL_PARAM params[5], *p = params;
     int mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
-    const char *mdname = EVP_MD_name(md);
+    const char *mdname = EVP_MD_get0_name(md);
 #ifdef CHARSET_EBCDIC
     static const char derived_secret_label[] = { 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00 };
 #else
@@ -201,7 +201,7 @@
         return 0;
     }
 
-    mdleni = EVP_MD_size(md);
+    mdleni = EVP_MD_get_size(md);
     /* Ensure cast to size_t is safe */
     if (!ossl_assert(mdleni >= 0)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
@@ -293,7 +293,7 @@
 {
     const EVP_MD *md = ssl_handshake_md(s);
 
-    *secret_size = EVP_MD_size(md);
+    *secret_size = EVP_MD_get_size(md);
     /* Calls SSLfatal() if required */
     return tls13_generate_secret(s, md, prev, NULL, 0, out);
 }
@@ -305,7 +305,7 @@
 size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
                              unsigned char *out)
 {
-    const char *mdname = EVP_MD_name(ssl_handshake_md(s));
+    const char *mdname = EVP_MD_get0_name(ssl_handshake_md(s));
     unsigned char hash[EVP_MAX_MD_SIZE];
     unsigned char finsecret[EVP_MAX_MD_SIZE];
     unsigned char *key = NULL;
@@ -386,7 +386,7 @@
                                     EVP_CIPHER_CTX *ciph_ctx)
 {
     size_t ivlen, keylen, taglen;
-    int hashleni = EVP_MD_size(md);
+    int hashleni = EVP_MD_get_size(md);
     size_t hashlen;
 
     /* Ensure cast to size_t is safe */
@@ -403,8 +403,8 @@
     }
 
     /* TODO(size_t): convert me */
-    keylen = EVP_CIPHER_key_length(ciph);
-    if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) {
+    keylen = EVP_CIPHER_get_key_length(ciph);
+    if (EVP_CIPHER_get_mode(ciph) == EVP_CIPH_CCM_MODE) {
         uint32_t algenc;
 
         ivlen = EVP_CCM_TLS_IV_LEN;
@@ -425,7 +425,7 @@
          else
             taglen = EVP_CCM_TLS_TAG_LEN;
     } else {
-        ivlen = EVP_CIPHER_iv_length(ciph);
+        ivlen = EVP_CIPHER_get_iv_length(ciph);
         taglen = 0;
     }
 
@@ -611,7 +611,7 @@
         } else if (which & SSL3_CC_HANDSHAKE) {
             insecret = s->handshake_secret;
             finsecret = s->client_finished_secret;
-            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+            finsecretlen = EVP_MD_get_size(ssl_handshake_md(s));
             label = client_handshake_traffic;
             labellen = sizeof(client_handshake_traffic) - 1;
             log_label = CLIENT_HANDSHAKE_LABEL;
@@ -643,7 +643,7 @@
         if (which & SSL3_CC_HANDSHAKE) {
             insecret = s->handshake_secret;
             finsecret = s->server_finished_secret;
-            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+            finsecretlen = EVP_MD_get_size(ssl_handshake_md(s));
             label = server_handshake_traffic;
             labellen = sizeof(server_handshake_traffic) - 1;
             log_label = SERVER_HANDSHAKE_LABEL;
@@ -798,7 +798,7 @@
   static const unsigned char application_traffic[] = "traffic upd";
 #endif
     const EVP_MD *md = ssl_handshake_md(s);
-    size_t hashlen = EVP_MD_size(md);
+    size_t hashlen = EVP_MD_get_size(md);
     unsigned char key[EVP_MAX_KEY_LENGTH];
     unsigned char *insecret, *iv;
     unsigned char secret[EVP_MAX_MD_SIZE];
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 8400919..05a328a 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -92,7 +92,7 @@
     EVP_MD_CTX *md_ctx = NULL;
     unsigned char *sig = NULL;
     size_t sig_len;
-    size_t sz = EVP_PKEY_size(pkey);
+    size_t sz = EVP_PKEY_get_size(pkey);
 
     if (!TEST_ptr(sig = OPENSSL_malloc(sz))
         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
diff --git a/test/aesgcmtest.c b/test/aesgcmtest.c
index 1dc3aa8..c371f47 100644
--- a/test/aesgcmtest.c
+++ b/test/aesgcmtest.c
@@ -54,7 +54,7 @@
           && TEST_true(EVP_EncryptUpdate(ctx, ct, ct_len, gcm_pt,
                                          sizeof(gcm_pt)) > 0)
           && TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &outlen) > 0)
-          && TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 16)
+          && TEST_int_eq(EVP_CIPHER_CTX_get_tag_length(ctx), 16)
           && TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
                                            tag) > 0)
           && TEST_true(iv_gen == NULL
@@ -76,7 +76,7 @@
               && TEST_true(EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL,
                                               NULL, NULL) > 0)
               && TEST_true(EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, iv) > 0)
-              && TEST_int_eq(EVP_CIPHER_CTX_tag_length(ctx), 16)
+              && TEST_int_eq(EVP_CIPHER_CTX_get_tag_length(ctx), 16)
               && TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad,
                                              sizeof(gcm_aad)) > 0)
               && TEST_true(EVP_DecryptUpdate(ctx, pt, &ptlen, ct,
diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c
index a67db17..f8c6b14 100644
--- a/test/bad_dtls_test.c
+++ b/test/bad_dtls_test.c
@@ -382,7 +382,7 @@
         return 0;
 
     do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
-           handshake_hash, EVP_MD_CTX_size(handshake_md),
+           handshake_hash, EVP_MD_CTX_get_size(handshake_md),
            NULL, 0,
            finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH);
 
diff --git a/test/defltfips_test.c b/test/defltfips_test.c
index a834921..a2325a1 100644
--- a/test/defltfips_test.c
+++ b/test/defltfips_test.c
@@ -36,7 +36,8 @@
     if (!TEST_ptr(sha256))
         return 0;
     if (is_fips
-            && !TEST_str_eq(OSSL_PROVIDER_name(EVP_MD_provider(sha256)), "fips")) {
+            && !TEST_str_eq(OSSL_PROVIDER_name(EVP_MD_get0_provider(sha256)),
+                                               "fips")) {
         EVP_MD_free(sha256);
         return 0;
     }
diff --git a/test/drbgtest.c b/test/drbgtest.c
index ad5266c..a6fd465 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -81,7 +81,7 @@
  */
 static int state(EVP_RAND_CTX *drbg)
 {
-    return EVP_RAND_state(drbg);
+    return EVP_RAND_get_state(drbg);
 }
 
 static unsigned int query_rand_uint(EVP_RAND_CTX *drbg, const char *name)
diff --git a/test/ecdsatest.c b/test/ecdsatest.c
index 66ab2bc..c94d7d8 100644
--- a/test/ecdsatest.c
+++ b/test/ecdsatest.c
@@ -179,7 +179,7 @@
     static const char sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
     EVP_PKEY_CTX *pctx;
 
-    if (!TEST_ptr(pctx = EVP_MD_CTX_pkey_ctx(mctx))
+    if (!TEST_ptr(pctx = EVP_MD_CTX_get_pkey_ctx(mctx))
         || !TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, sm2_id, sizeof(sm2_id)), 0))
         return 0;
     return 1;
diff --git a/test/endecoder_legacy_test.c b/test/endecoder_legacy_test.c
index b3bd4f5..121e2de 100644
--- a/test/endecoder_legacy_test.c
+++ b/test/endecoder_legacy_test.c
@@ -518,7 +518,7 @@
     if (!TEST_ptr(pkey = key->key)
         || !TEST_true(evp_pkey_copy_downgraded(&downgraded_pkey, pkey))
         || !TEST_ptr(downgraded_pkey)
-        || !TEST_int_eq(EVP_PKEY_id(downgraded_pkey), key->evp_type)
+        || !TEST_int_eq(EVP_PKEY_get_id(downgraded_pkey), key->evp_type)
         || !TEST_ptr(legacy_obj = EVP_PKEY_get0(downgraded_pkey)))
         goto end;
 
diff --git a/test/enginetest.c b/test/enginetest.c
index 67e4941..64d31ac 100644
--- a/test/enginetest.c
+++ b/test/enginetest.c
@@ -260,7 +260,7 @@
     if (!TEST_ptr(pkey = get_test_pkey()))
         goto err;
 
-    len = EVP_PKEY_size(pkey);
+    len = EVP_PKEY_get_size(pkey);
     if (!TEST_ptr(tmp = OPENSSL_malloc(len)))
         goto err;
 
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 10ab4bf..f91784b 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -844,7 +844,7 @@
         goto err;
 
     if (!TEST_ptr(keypair = load_example_rsa_key())
-            || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
+            || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
             || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
             || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
                                        &keypair, 1))
@@ -1088,7 +1088,7 @@
     p = input;
     if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
             || !TEST_ptr_eq(p, input + input_len)
-            || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
+            || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
         goto done;
 
     ret = 1;
@@ -1734,7 +1734,7 @@
     if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
         goto done;
     if (type == 0
-        && !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
+        && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
         goto done;
 
     if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
@@ -2334,11 +2334,11 @@
         goto err;
 
     if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
-            || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
+            || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
         goto err;
 
     if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
-            || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
+            || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
         goto err;
 
     ret = 1;
@@ -2616,7 +2616,7 @@
             || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
             || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
         goto err;
-    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
     if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
             || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
         goto err;
@@ -2727,7 +2727,7 @@
             || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
             || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
         goto err;
-    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
     if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
             || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
         goto err;
diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index e480ae9..d932b73 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -275,7 +275,7 @@
     if (!TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &p, input_len, mainctx,
                                                NULL))
             || !TEST_ptr_eq(p, input + input_len)
-            || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
+            || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
         goto done;
 
     if (ak->evptype == EVP_PKEY_RSA) {
diff --git a/test/evp_fetch_prov_test.c b/test/evp_fetch_prov_test.c
index 07cf79d..fc10bda 100644
--- a/test/evp_fetch_prov_test.c
+++ b/test/evp_fetch_prov_test.c
@@ -149,8 +149,8 @@
     return TEST_ptr(md)
         && TEST_true(EVP_MD_is_a(md, "SHA256"))
         && TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd))
-        && TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH)
-        && TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK);
+        && TEST_int_eq(EVP_MD_get_size(md), SHA256_DIGEST_LENGTH)
+        && TEST_int_eq(EVP_MD_get_block_size(md), SHA256_CBLOCK);
 }
 
 static int test_implicit_EVP_MD_fetch(void)
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index ed74072..94d2b0a 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -1352,8 +1352,8 @@
      * because without the algorithm in the cache, fetching it a second time
      * will result in a different pointer.
      */
-    return TEST_ptr_eq(EVP_KDF_provider(kdf1), EVP_KDF_provider(kdf2))
-           && TEST_str_eq(EVP_KDF_name(kdf1), EVP_KDF_name(kdf2));
+    return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2))
+           && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2));
 }
 
 static int test_kdf_get_kdf(void)
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
index f51de88..b9794b6 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -349,10 +349,10 @@
         goto err;
 
     /* ccm fails on the second update - this matches OpenSSL 1_1_1 behaviour */
-    ccm = (EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE);
+    ccm = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE);
 
     /* siv cannot be called with NULL key as the iv is irrelevant */
-    siv = (EVP_CIPHER_mode(cipher) == EVP_CIPH_SIV_MODE);
+    siv = (EVP_CIPHER_get_mode(cipher) == EVP_CIPH_SIV_MODE);
 
     /*
      * Skip init call with a null key for RC4 as the stream cipher does not
@@ -439,14 +439,14 @@
     if (!TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, name, NULL)))
         goto err;
 
-    in_len = EVP_CIPHER_block_size(cipher) / 2;
+    in_len = EVP_CIPHER_get_block_size(cipher) / 2;
 
     /* skip any ciphers that don't allow partial updates */
-    if (((EVP_CIPHER_flags(cipher)
+    if (((EVP_CIPHER_get_flags(cipher)
           & (EVP_CIPH_FLAG_CTS | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) != 0)
-        || EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE
-        || EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE
-        || EVP_CIPHER_mode(cipher) == EVP_CIPH_WRAP_MODE) {
+        || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_CCM_MODE
+        || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE
+        || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_WRAP_MODE) {
         ret = 1;
         goto err;
     }
@@ -460,7 +460,7 @@
     if (!TEST_mem_eq(out1, out1_len, out2, out2_len))
         goto err;
 
-    if (EVP_CIPHER_mode(cipher) != EVP_CIPH_SIV_MODE) {
+    if (EVP_CIPHER_get_mode(cipher) != EVP_CIPH_SIV_MODE) {
         if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv))
             || !TEST_true(EVP_EncryptUpdate(ctx, out3, &out3_len, in, in_len)))
             goto err;
@@ -484,7 +484,7 @@
 static void collect_cipher_names(EVP_CIPHER *cipher, void *cipher_names_list)
 {
     STACK_OF(OPENSSL_STRING) *names = cipher_names_list;
-    const char *name = EVP_CIPHER_name(cipher);
+    const char *name = EVP_CIPHER_get0_name(cipher);
     char *namedup = NULL;
 
     assert(name != NULL);
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index 681a8e5..92b3614 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -346,9 +346,9 @@
 
     while (dup_pk == NULL) {
         ret = 0;
-        if (!TEST_int_eq(EVP_PKEY_bits(pk), 32)
-            || !TEST_int_eq(EVP_PKEY_security_bits(pk), 8)
-            || !TEST_int_eq(EVP_PKEY_size(pk), 4)
+        if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32)
+            || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 8)
+            || !TEST_int_eq(EVP_PKEY_get_size(pk), 4)
             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
             goto err;
 
@@ -528,9 +528,9 @@
 
     while (dup_pk == NULL) {
         ret = 0;
-        if (!TEST_int_eq(EVP_PKEY_bits(pk), 2048)
-            || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
-            || !TEST_int_eq(EVP_PKEY_size(pk), 256)
+        if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
+            || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
+            || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
             goto err;
 
@@ -709,9 +709,9 @@
 
     while (dup_pk == NULL) {
         ret = 0;
-        if (!TEST_int_eq(EVP_PKEY_bits(pk), 2048)
-            || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
-            || !TEST_int_eq(EVP_PKEY_size(pk), 256)
+        if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
+            || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
+            || !TEST_int_eq(EVP_PKEY_get_size(pk), 256)
             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
             goto err;
 
@@ -1016,9 +1016,9 @@
 
     while (dup_pk == NULL) {
         ret = 0;
-        if (!TEST_int_eq(EVP_PKEY_bits(pk), bits)
-            || !TEST_int_eq(EVP_PKEY_security_bits(pk), security_bits)
-            || !TEST_int_eq(EVP_PKEY_size(pk), size)
+        if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits)
+            || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), security_bits)
+            || !TEST_int_eq(EVP_PKEY_get_size(pk), size)
             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
             goto err;
 
@@ -1154,9 +1154,9 @@
 
     while (dup_pk == NULL) {
         ret = 0;
-        if (!TEST_int_eq(EVP_PKEY_bits(pk), 256)
-            || !TEST_int_eq(EVP_PKEY_security_bits(pk), 128)
-            || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 35 * 2)
+        if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256)
+            || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 128)
+            || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 35 * 2)
             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
             goto err;
 
@@ -1459,9 +1459,9 @@
 
     while (dup_pk == NULL) {
         ret = 0;
-        if (!TEST_int_eq(EVP_PKEY_bits(pk), 2048)
-            || !TEST_int_eq(EVP_PKEY_security_bits(pk), 112)
-            || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 2 * (3 + sizeof(q_data)))
+        if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048)
+            || !TEST_int_eq(EVP_PKEY_get_security_bits(pk), 112)
+            || !TEST_int_eq(EVP_PKEY_get_size(pk), 2 + 2 * (3 + sizeof(q_data)))
             || !TEST_false(EVP_PKEY_missing_parameters(pk)))
             goto err;
 
diff --git a/test/evp_test.c b/test/evp_test.c
index bf4777e..059de12 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -431,7 +431,7 @@
         goto err;
     }
 
-    if (EVP_MD_flags(expected->digest) & EVP_MD_FLAG_XOF) {
+    if (EVP_MD_get_flags(expected->digest) & EVP_MD_FLAG_XOF) {
         EVP_MD_CTX *mctx_cpy;
         char dont[] = "touch";
 
@@ -541,13 +541,13 @@
     cdat->cipher = cipher;
     cdat->fetched_cipher = fetched_cipher;
     cdat->enc = -1;
-    m = EVP_CIPHER_mode(cipher);
+    m = EVP_CIPHER_get_mode(cipher);
     if (m == EVP_CIPH_GCM_MODE
             || m == EVP_CIPH_OCB_MODE
             || m == EVP_CIPH_SIV_MODE
             || m == EVP_CIPH_CCM_MODE)
         cdat->aead = m;
-    else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+    else if (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
         cdat->aead = -1;
     else
         cdat->aead = 0;
@@ -714,7 +714,7 @@
                 t->err = "INVALID_IV_LENGTH";
                 goto err;
             }
-        } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_iv_length(ctx_base)) {
+        } else if (expected->iv_len != (size_t)EVP_CIPHER_CTX_get_iv_length(ctx_base)) {
             t->err = "INVALID_IV_LENGTH";
             goto err;
         }
@@ -770,9 +770,9 @@
         /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
         unsigned char iv[128];
         if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx_base, iv, sizeof(iv)))
-                || ((EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
-                    && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
-                                    expected->iv_len))) {
+            || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
+                && !TEST_mem_eq(expected->iv, expected->iv_len, iv,
+                                expected->iv_len))) {
             t->err = "INVALID_IV";
             goto err;
         }
@@ -894,9 +894,9 @@
         /* Some (e.g., GCM) tests use IVs longer than EVP_MAX_IV_LENGTH. */
         unsigned char iv[128];
         if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
-                || ((EVP_CIPHER_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
-                    && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
-                                    expected->iv_len))) {
+            || ((EVP_CIPHER_get_flags(expected->cipher) & EVP_CIPH_CUSTOM_IV) == 0
+                && !TEST_mem_eq(expected->next_iv, expected->iv_len, iv,
+                                expected->iv_len))) {
             t->err = "INVALID_NEXT_IV";
             goto err;
         }
@@ -922,9 +922,9 @@
         t->err = "NO_KEY";
         return 0;
     }
-    if (!cdat->iv && EVP_CIPHER_iv_length(cdat->cipher)) {
+    if (!cdat->iv && EVP_CIPHER_get_iv_length(cdat->cipher)) {
         /* IV is optional and usually omitted in wrap mode */
-        if (EVP_CIPHER_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
+        if (EVP_CIPHER_get_mode(cdat->cipher) != EVP_CIPH_WRAP_MODE) {
             t->err = "NO_IV";
             return 0;
         }
@@ -976,10 +976,10 @@
              * lengths so we don't fragment for those
              */
             if (cdat->aead == EVP_CIPH_CCM_MODE
-                    || ((EVP_CIPHER_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
-                    || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
-                    || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
-                    || EVP_CIPHER_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
+                || ((EVP_CIPHER_get_flags(cdat->cipher) & EVP_CIPH_FLAG_CTS) != 0)
+                || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_SIV_MODE
+                || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_XTS_MODE
+                || EVP_CIPHER_get_mode(cdat->cipher) == EVP_CIPH_WRAP_MODE)
                 break;
             out_misalign = 0;
             frag++;
@@ -1959,7 +1959,8 @@
         }
 #endif
     } else if (expected->pbe_type == PBE_TYPE_PKCS12) {
-        fetched_digest = EVP_MD_fetch(libctx, EVP_MD_name(expected->md), NULL);
+        fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(expected->md),
+                                      NULL);
         if (fetched_digest == NULL) {
             t->err = "PKCS12_ERROR";
             goto err;
@@ -2332,7 +2333,7 @@
     if (!TEST_true(EVP_RAND_CTX_set_params(expected->ctx, params)))
         goto err;
 
-    strength = EVP_RAND_strength(expected->ctx);
+    strength = EVP_RAND_get_strength(expected->ctx);
     for (i = 0; i <= expected->n; i++) {
         item = expected->data + i;
 
@@ -2401,7 +2402,7 @@
         if (!TEST_true(EVP_RAND_uninstantiate(expected->ctx))
                 || !TEST_true(EVP_RAND_uninstantiate(expected->parent))
                 || !TEST_true(EVP_RAND_verify_zeroization(expected->ctx))
-                || !TEST_int_eq(EVP_RAND_state(expected->ctx),
+                || !TEST_int_eq(EVP_RAND_get_state(expected->ctx),
                                 EVP_RAND_STATE_UNINITIALISED))
             goto err;
     }
@@ -2971,7 +2972,7 @@
     if (strcmp(keyword, "Key") == 0) {
         EVP_PKEY *pkey = NULL;
         int rv = 0;
-        const char *name = mdata->md == NULL ? NULL : EVP_MD_name(mdata->md);
+        const char *name = mdata->md == NULL ? NULL : EVP_MD_get0_name(mdata->md);
 
         if (mdata->is_verify)
             rv = find_key(&pkey, value, public_keys);
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c
index bba78f6..9725530 100644
--- a/test/helpers/handshake.c
+++ b/test/helpers/handshake.c
@@ -1240,7 +1240,7 @@
             return NID_undef;
         return OBJ_txt2nid(name);
     }
-    return EVP_PKEY_id(pkey);
+    return EVP_PKEY_get_id(pkey);
 }
 
 static int peer_pkey_type(SSL *s)
diff --git a/test/provider_fallback_test.c b/test/provider_fallback_test.c
index 79765d9..0e38bd8 100644
--- a/test/provider_fallback_test.c
+++ b/test/provider_fallback_test.c
@@ -20,7 +20,7 @@
 
     ok = TEST_true(OSSL_PROVIDER_available(ctx, "default"))
         && TEST_ptr(rsameth = EVP_KEYMGMT_fetch(ctx, "RSA", NULL))
-        && TEST_ptr(prov = EVP_KEYMGMT_provider(rsameth))
+        && TEST_ptr(prov = EVP_KEYMGMT_get0_provider(rsameth))
         && TEST_str_eq(OSSL_PROVIDER_name(prov), "default");
 
     EVP_KEYMGMT_free(rsameth);
diff --git a/test/provider_internal_test.c b/test/provider_internal_test.c
index 6c29545..451d0f6 100644
--- a/test/provider_internal_test.c
+++ b/test/provider_internal_test.c
@@ -118,7 +118,7 @@
         goto err;
 
     if (!TEST_ptr_null(md = EVP_MD_fetch(ctx, "SHA256", NULL))) {
-        const char *provname = OSSL_PROVIDER_name(EVP_MD_provider(md));
+        const char *provname = OSSL_PROVIDER_name(EVP_MD_get0_provider(md));
 
         if (OSSL_PROVIDER_available(NULL, provname))
             TEST_info("%s provider is available\n", provname);
diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
index ad9a4a2..c779b72 100644
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@@ -717,7 +717,7 @@
 
 static void print_key_details(BIO *out, EVP_PKEY *key)
 {
-    int keyid = EVP_PKEY_id(key);
+    int keyid = EVP_PKEY_get_id(key);
 
 #ifndef OPENSSL_NO_EC
     if (keyid == EVP_PKEY_EC) {
@@ -726,7 +726,7 @@
 
         if (!EVP_PKEY_get_group_name(key, group, sizeof(group), &size))
             strcpy(group, "unknown group");
-        BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), group);
+        BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_get_bits(key), group);
     } else
 #endif
     {
@@ -745,7 +745,7 @@
             algname = OBJ_nid2sn(keyid);
             break;
         }
-        BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
+        BIO_printf(out, "%d bits %s", EVP_PKEY_get_bits(key), algname);
     }
 }
 
diff --git a/test/sslapitest.c b/test/sslapitest.c
index b687ab9..7275d6f 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -8850,7 +8850,7 @@
 
     if (!TEST_int_gt(SSL_get_tmp_key(serverssl, &tmpkey), 0))
         goto end;
-    if (!TEST_size_t_eq(EVP_PKEY_bits(tmpkey), expdhsize))
+    if (!TEST_size_t_eq(EVP_PKEY_get_bits(tmpkey), expdhsize))
         goto end;
 
     if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c
index 3bb189f..f83da87 100644
--- a/test/tls13encryptiontest.c
+++ b/test/tls13encryptiontest.c
@@ -347,7 +347,7 @@
 
     for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
         /* Load the record */
-        ivlen = EVP_CIPHER_iv_length(ciph);
+        ivlen = EVP_CIPHER_get_iv_length(ciph);
         if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
                          RECORD_LAYER_get_read_sequence(&s->rlayer))) {
             TEST_error("Failed loading key into EVP_CIPHER_CTX");
diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c
index 5a16f30..bf214d3 100644
--- a/test/tls13secretstest.c
+++ b/test/tls13secretstest.c
@@ -314,7 +314,7 @@
                      handshake_secret, sizeof(handshake_secret)))
         goto err;
 
-    hashsize = EVP_MD_size(ssl_handshake_md(s));
+    hashsize = EVP_MD_get_size(ssl_handshake_md(s));
     if (!TEST_size_t_eq(sizeof(client_hts), hashsize))
         goto err;
     if (!TEST_size_t_eq(sizeof(client_hts_key), KEYLEN))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c7d8942..112a6f6 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -163,7 +163,7 @@
 CMS_RecipientInfo_kari_get0_ctx         166	3_0_0	EXIST::FUNCTION:CMS
 PKCS7_set_attributes                    167	3_0_0	EXIST::FUNCTION:
 d2i_POLICYQUALINFO                      168	3_0_0	EXIST::FUNCTION:
-EVP_MD_type                             170	3_0_0	EXIST::FUNCTION:
+EVP_MD_get_type                         170	3_0_0	EXIST::FUNCTION:
 EVP_PKCS82PKEY                          171	3_0_0	EXIST::FUNCTION:
 BN_generate_prime_ex                    172	3_0_0	EXIST::FUNCTION:
 EVP_EncryptInit                         173	3_0_0	EXIST::FUNCTION:
@@ -172,7 +172,7 @@
 EVP_PKEY_derive_init                    176	3_0_0	EXIST::FUNCTION:
 PEM_write_bio_ASN1_stream               177	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_delete_attr                    178	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_key_length               179	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_key_length           179	3_0_0	EXIST::FUNCTION:
 BIO_clear_flags                         180	3_0_0	EXIST::FUNCTION:
 i2d_DISPLAYTEXT                         181	3_0_0	EXIST::FUNCTION:
 OCSP_response_status                    182	3_0_0	EXIST::FUNCTION:OCSP
@@ -197,7 +197,7 @@
 OCSP_request_add0_id                    201	3_0_0	EXIST::FUNCTION:OCSP
 EVP_seed_cfb128                         202	3_0_0	EXIST::FUNCTION:SEED
 BASIC_CONSTRAINTS_free                  203	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_flags                        204	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_flags                    204	3_0_0	EXIST::FUNCTION:
 PEM_write_bio_ECPKParameters            205	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 SCT_set_version                         206	3_0_0	EXIST::FUNCTION:CT
 CMS_add1_ReceiptRequest                 207	3_0_0	EXIST::FUNCTION:CMS
@@ -422,7 +422,7 @@
 d2i_RSA_PSS_PARAMS                      430	3_0_0	EXIST::FUNCTION:
 USERNOTICE_free                         431	3_0_0	EXIST::FUNCTION:
 MD4_Transform                           432	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4
-EVP_CIPHER_block_size                   433	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_block_size               433	3_0_0	EXIST::FUNCTION:
 CERTIFICATEPOLICIES_new                 434	3_0_0	EXIST::FUNCTION:
 BIO_dump_fp                             435	3_0_0	EXIST::FUNCTION:STDIO
 BIO_set_flags                           436	3_0_0	EXIST::FUNCTION:
@@ -734,7 +734,7 @@
 CTLOG_STORE_new                         754	3_0_0	EXIST::FUNCTION:CT
 EVP_CIPHER_meth_set_cleanup             755	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 d2i_PKCS12_SAFEBAG                      756	3_0_0	EXIST::FUNCTION:
-EVP_MD_pkey_type                        757	3_0_0	EXIST::FUNCTION:
+EVP_MD_get_pkey_type                    757	3_0_0	EXIST::FUNCTION:
 X509_policy_node_get0_qualifiers        758	3_0_0	EXIST::FUNCTION:
 OCSP_cert_status_str                    759	3_0_0	EXIST::FUNCTION:OCSP
 EVP_MD_meth_get_flags                   760	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -781,7 +781,7 @@
 BIO_f_null                              802	3_0_0	EXIST::FUNCTION:
 EC_GROUP_set_curve_name                 803	3_0_0	EXIST::FUNCTION:EC
 d2i_PBE2PARAM                           804	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_security_bits                  805	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_security_bits              805	3_0_0	EXIST::FUNCTION:
 PKCS12_unpack_p7encdata                 806	3_0_0	EXIST::FUNCTION:
 X509V3_EXT_i2d                          807	3_0_0	EXIST::FUNCTION:
 X509V3_get_value_bool                   808	3_0_0	EXIST::FUNCTION:
@@ -1507,7 +1507,7 @@
 SXNET_free                              1542	3_0_0	EXIST::FUNCTION:
 CMS_get0_content                        1543	3_0_0	EXIST::FUNCTION:CMS
 BN_is_word                              1544	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_key_length                   1545	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_key_length               1545	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_asn1_to_param                1546	3_0_0	EXIST::FUNCTION:
 OCSP_request_onereq_get0                1547	3_0_0	EXIST::FUNCTION:OCSP
 ERR_load_PKCS7_strings                  1548	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
@@ -1518,7 +1518,7 @@
 BIO_get_accept_socket                   1553	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,SOCK
 CMS_SignerInfo_sign                     1554	3_0_0	EXIST::FUNCTION:CMS
 ASN1_item_i2d_bio                       1555	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_block_size               1556	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_block_size           1556	3_0_0	EXIST::FUNCTION:
 DIRECTORYSTRING_free                    1557	3_0_0	EXIST::FUNCTION:
 TS_CONF_set_default_engine              1558	3_0_0	EXIST::FUNCTION:ENGINE,TS
 BN_set_bit                              1559	3_0_0	EXIST::FUNCTION:
@@ -1528,7 +1528,7 @@
 EC_GROUP_check                          1563	3_0_0	EXIST::FUNCTION:EC
 OPENSSL_sk_delete                       1564	3_0_0	EXIST::FUNCTION:
 TS_RESP_CTX_set_extension_cb            1565	3_0_0	EXIST::FUNCTION:TS
-EVP_CIPHER_CTX_nid                      1566	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_nid                  1566	3_0_0	EXIST::FUNCTION:
 TS_RESP_CTX_add_md                      1567	3_0_0	EXIST::FUNCTION:TS
 DES_set_key                             1568	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
 X509V3_extensions_print                 1569	3_0_0	EXIST::FUNCTION:
@@ -2037,7 +2037,7 @@
 i2d_ASN1_GENERALSTRING                  2085	3_0_0	EXIST::FUNCTION:
 POLICYQUALINFO_new                      2086	3_0_0	EXIST::FUNCTION:
 PKCS7_RECIP_INFO_get0_alg               2087	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_base_id                        2088	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_base_id                    2088	3_0_0	EXIST::FUNCTION:
 UI_method_set_opener                    2089	3_0_0	EXIST::FUNCTION:
 X509v3_get_ext_by_NID                   2090	3_0_0	EXIST::FUNCTION:
 TS_CONF_set_policies                    2091	3_0_0	EXIST::FUNCTION:TS
@@ -2111,7 +2111,7 @@
 PEM_write_X509                          2158	3_0_0	EXIST::FUNCTION:STDIO
 BN_CTX_free                             2159	3_0_0	EXIST::FUNCTION:
 EC_GROUP_get_curve_GF2m                 2160	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M
-EVP_MD_flags                            2161	3_0_0	EXIST::FUNCTION:
+EVP_MD_get_flags                        2161	3_0_0	EXIST::FUNCTION:
 OPENSSL_sk_set                          2162	3_0_0	EXIST::FUNCTION:
 OCSP_request_sign                       2163	3_0_0	EXIST::FUNCTION:OCSP
 BN_GF2m_mod_solve_quad                  2164	3_0_0	EXIST::FUNCTION:EC2M
@@ -2168,7 +2168,7 @@
 SCT_LIST_validate                       2217	3_0_0	EXIST::FUNCTION:CT
 X509_PURPOSE_get_id                     2218	3_0_0	EXIST::FUNCTION:
 EC_KEY_get_ex_data                      2219	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
-EVP_MD_size                             2220	3_0_0	EXIST::FUNCTION:
+EVP_MD_get_size                         2220	3_0_0	EXIST::FUNCTION:
 CRYPTO_malloc                           2221	3_0_0	EXIST::FUNCTION:
 ERR_load_ASN1_strings                   2222	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_REQ_get_extension_nids             2223	3_0_0	EXIST::FUNCTION:
@@ -2222,7 +2222,7 @@
 NCONF_free                              2271	3_0_0	EXIST::FUNCTION:
 NETSCAPE_SPKI_b64_decode                2272	3_0_0	EXIST::FUNCTION:
 BIO_f_md                                2273	3_0_0	EXIST::FUNCTION:
-EVP_MD_CTX_pkey_ctx                     2274	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_get_pkey_ctx                 2274	3_0_0	EXIST::FUNCTION:
 ENGINE_set_default_EC                   2275	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 CMS_ReceiptRequest_free                 2276	3_0_0	EXIST::FUNCTION:CMS
 TS_STATUS_INFO_get0_text                2277	3_0_0	EXIST::FUNCTION:TS
@@ -2301,7 +2301,7 @@
 i2d_CMS_bio                             2351	3_0_0	EXIST::FUNCTION:CMS
 CRYPTO_gcm128_decrypt                   2352	3_0_0	EXIST::FUNCTION:
 EVP_aes_256_ctr                         2353	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_bits                           2354	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_bits                       2354	3_0_0	EXIST::FUNCTION:
 BN_BLINDING_new                         2355	3_0_0	EXIST::FUNCTION:
 ASN1_GENERALIZEDTIME_check              2356	3_0_0	EXIST::FUNCTION:
 BN_clear_bit                            2357	3_0_0	EXIST::FUNCTION:
@@ -2358,7 +2358,7 @@
 COMP_CTX_get_method                     2409	3_0_0	EXIST::FUNCTION:COMP
 EC_GROUP_get_cofactor                   2410	3_0_0	EXIST::FUNCTION:EC
 EVP_rc5_32_12_16_ofb                    2411	3_0_0	EXIST::FUNCTION:RC5
-EVP_MD_CTX_md_data                      2412	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_get0_md_data                 2412	3_0_0	EXIST::FUNCTION:
 ASN1_PCTX_set_nm_flags                  2413	3_0_0	EXIST::FUNCTION:
 BIO_ctrl                                2414	3_0_0	EXIST::FUNCTION:
 X509_CRL_set_default_method             2415	3_0_0	EXIST::FUNCTION:
@@ -2476,7 +2476,7 @@
 ASN1_d2i_bio                            2529	3_0_0	EXIST::FUNCTION:
 X509_REQ_digest                         2531	3_0_0	EXIST::FUNCTION:
 X509_set1_notAfter                      2532	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_type                         2533	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_type                     2533	3_0_0	EXIST::FUNCTION:
 ASN1_TYPE_set_octetstring               2534	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_asn1_set_free                  2535	3_0_0	EXIST::FUNCTION:
 CMS_signed_get0_data_by_OBJ             2536	3_0_0	EXIST::FUNCTION:CMS
@@ -2665,7 +2665,7 @@
 PEM_write_PKCS8PrivateKey               2724	3_0_0	EXIST::FUNCTION:STDIO
 ENGINE_new                              2725	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
 X509_check_issued                       2726	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_iv_length                2727	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_iv_length            2727	3_0_0	EXIST::FUNCTION:
 DES_string_to_2keys                     2728	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DES
 EVP_PKEY_copy_parameters                2729	3_0_0	EXIST::FUNCTION:
 CMS_ContentInfo_print_ctx               2730	3_0_0	EXIST::FUNCTION:CMS
@@ -3143,7 +3143,7 @@
 SMIME_write_ASN1                        3211	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_CTX_new                      3212	3_0_0	EXIST::FUNCTION:
 MD4_Final                               3213	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,MD4
-EVP_PKEY_id                             3214	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_id                         3214	3_0_0	EXIST::FUNCTION:
 CMS_RecipientInfo_get0_pkey_ctx         3215	3_0_0	EXIST::FUNCTION:CMS
 OCSP_REQINFO_free                       3216	3_0_0	EXIST::FUNCTION:OCSP
 AUTHORITY_KEYID_new                     3217	3_0_0	EXIST::FUNCTION:
@@ -3443,7 +3443,7 @@
 CERTIFICATEPOLICIES_it                  3517	3_0_0	EXIST::FUNCTION:
 EVP_MD_CTX_ctrl                         3518	3_0_0	EXIST::FUNCTION:
 PKCS7_final                             3519	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_size                           3520	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get_size                       3520	3_0_0	EXIST::FUNCTION:
 EVP_DecryptFinal_ex                     3521	3_0_0	EXIST::FUNCTION:
 SCT_get_signature_nid                   3522	3_0_0	EXIST::FUNCTION:CT
 PROXY_CERT_INFO_EXTENSION_new           3523	3_0_0	EXIST::FUNCTION:
@@ -3580,7 +3580,7 @@
 CMS_encrypt                             3662	3_0_0	EXIST::FUNCTION:CMS
 CRYPTO_nistcts128_decrypt               3663	3_0_0	EXIST::FUNCTION:
 ERR_load_DH_strings                     3664	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
-EVP_MD_block_size                       3665	3_0_0	EXIST::FUNCTION:
+EVP_MD_get_block_size                   3665	3_0_0	EXIST::FUNCTION:
 TS_X509_ALGOR_print_bio                 3666	3_0_0	EXIST::FUNCTION:TS
 d2i_PKCS7_ENVELOPE                      3667	3_0_0	EXIST::FUNCTION:
 ESS_CERT_ID_new                         3669	3_0_0	EXIST::FUNCTION:
@@ -3608,7 +3608,7 @@
 X509_VERIFY_PARAM_set1_ip               3691	3_0_0	EXIST::FUNCTION:
 OTHERNAME_free                          3692	3_0_0	EXIST::FUNCTION:
 OCSP_REVOKEDINFO_free                   3693	3_0_0	EXIST::FUNCTION:OCSP
-EVP_CIPHER_CTX_encrypting               3694	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_is_encrypting            3694	3_0_0	EXIST::FUNCTION:
 EC_KEY_can_sign                         3695	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 PEM_write_bio_RSAPublicKey              3696	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 X509_CRL_set1_lastUpdate                3697	3_0_0	EXIST::FUNCTION:
@@ -3715,7 +3715,7 @@
 BN_div_word                             3799	3_0_0	EXIST::FUNCTION:
 TS_CONF_set_signer_key                  3800	3_0_0	EXIST::FUNCTION:TS
 BN_GF2m_mod_sqrt                        3801	3_0_0	EXIST::FUNCTION:EC2M
-EVP_CIPHER_nid                          3802	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_nid                      3802	3_0_0	EXIST::FUNCTION:
 OBJ_txt2obj                             3803	3_0_0	EXIST::FUNCTION:
 CMS_RecipientInfo_kari_get0_orig_id     3804	3_0_0	EXIST::FUNCTION:CMS
 EVP_bf_ecb                              3805	3_0_0	EXIST::FUNCTION:BF
@@ -3758,7 +3758,7 @@
 i2d_PrivateKey_bio                      3843	3_0_0	EXIST::FUNCTION:
 RSA_padding_add_PKCS1_type_1            3844	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 i2d_re_X509_tbs                         3845	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_iv_length                    3846	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_iv_length                3846	3_0_0	EXIST::FUNCTION:
 OSSL_HTTP_REQ_CTX_get0_mem_bio          3847	3_0_0	EXIST::FUNCTION:
 i2d_PKCS8PrivateKeyInfo_bio             3848	3_0_0	EXIST::FUNCTION:
 d2i_OCSP_CERTID                         3849	3_0_0	EXIST::FUNCTION:OCSP
@@ -3811,7 +3811,7 @@
 o2i_SCT                                 3898	3_0_0	EXIST::FUNCTION:CT
 CRL_DIST_POINTS_free                    3899	3_0_0	EXIST::FUNCTION:
 d2i_OCSP_SINGLERESP                     3900	3_0_0	EXIST::FUNCTION:OCSP
-EVP_CIPHER_CTX_num                      3901	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_num                  3901	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_verify_recover_init            3902	3_0_0	EXIST::FUNCTION:
 SHA512_Init                             3903	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 TS_MSG_IMPRINT_set_msg                  3904	3_0_0	EXIST::FUNCTION:TS
@@ -4406,7 +4406,7 @@
 EVP_MAC_CTX_new                         4534	3_0_0	EXIST::FUNCTION:
 EVP_MAC_CTX_free                        4535	3_0_0	EXIST::FUNCTION:
 EVP_MAC_CTX_dup                         4536	3_0_0	EXIST::FUNCTION:
-EVP_MAC_CTX_mac                         4537	3_0_0	EXIST::FUNCTION:
+EVP_MAC_CTX_get0_mac                    4537	3_0_0	EXIST::FUNCTION:
 EVP_MAC_CTX_get_mac_size                4538	3_0_0	EXIST::FUNCTION:
 EVP_Q_mac                               4539	3_0_0	EXIST::FUNCTION:
 EVP_MAC_init                            4540	3_0_0	EXIST::FUNCTION:
@@ -4435,7 +4435,7 @@
 EVP_KDF_CTX_reset                       4563	3_0_0	EXIST::FUNCTION:
 EVP_KDF_CTX_get_kdf_size                4564	3_0_0	EXIST::FUNCTION:
 EVP_KDF_derive                          4565	3_0_0	EXIST::FUNCTION:
-EVP_KDF_name                            4566	3_0_0	EXIST::FUNCTION:
+EVP_KDF_get0_name                       4566	3_0_0	EXIST::FUNCTION:
 EC_GROUP_get0_field                     4567	3_0_0	EXIST::FUNCTION:EC
 CRYPTO_alloc_ex_data                    4568	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_new                        4569	3_0_0	EXIST::FUNCTION:
@@ -4581,7 +4581,7 @@
 EC_GROUP_check_named_curve              4709	3_0_0	EXIST::FUNCTION:EC
 EVP_CIPHER_up_ref                       4710	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_fetch                        4711	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_mode                         4712	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_mode                     4712	3_0_0	EXIST::FUNCTION:
 OPENSSL_info                            4713	3_0_0	EXIST::FUNCTION:
 EVP_KDF_CTX_new                         4714	3_0_0	EXIST::FUNCTION:
 EVP_KDF_CTX_kdf                         4715	3_0_0	EXIST::FUNCTION:
@@ -4626,16 +4626,16 @@
 EVP_KEYMGMT_fetch                       4754	3_0_0	EXIST::FUNCTION:
 EVP_KEYMGMT_up_ref                      4755	3_0_0	EXIST::FUNCTION:
 EVP_KEYMGMT_free                        4756	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_provider                    4757	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_get0_provider               4757	3_0_0	EXIST::FUNCTION:
 X509_PUBKEY_dup                         4758	3_0_0	EXIST::FUNCTION:
-EVP_MD_name                             4759	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_name                         4760	3_0_0	EXIST::FUNCTION:
-EVP_MD_provider                         4761	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_provider                     4762	3_0_0	EXIST::FUNCTION:
+EVP_MD_get0_name                        4759	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get0_name                    4760	3_0_0	EXIST::FUNCTION:
+EVP_MD_get0_provider                    4761	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get0_provider                4762	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_name                      4763	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_do_all_provided              4764	3_0_0	EXIST::FUNCTION:
 EVP_MD_do_all_provided                  4765	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_provider                    4766	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_get0_provider               4766	3_0_0	EXIST::FUNCTION:
 OSSL_PROVIDER_available                 4767	3_0_0	EXIST::FUNCTION:
 ERR_new                                 4768	3_0_0	EXIST::FUNCTION:
 ERR_set_debug                           4769	3_0_0	EXIST::FUNCTION:
@@ -4666,16 +4666,16 @@
 EVP_MAC_up_ref                          4794	3_0_0	EXIST::FUNCTION:
 EVP_MAC_get_params                      4795	3_0_0	EXIST::FUNCTION:
 EVP_MAC_gettable_params                 4796	3_0_0	EXIST::FUNCTION:
-EVP_MAC_provider                        4797	3_0_0	EXIST::FUNCTION:
+EVP_MAC_get0_provider                   4797	3_0_0	EXIST::FUNCTION:
 EVP_MAC_do_all_provided                 4798	3_0_0	EXIST::FUNCTION:
-EVP_MAC_name                            4799	3_0_0	EXIST::FUNCTION:
+EVP_MAC_get0_name                       4799	3_0_0	EXIST::FUNCTION:
 EVP_MD_free                             4800	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_free                         4801	3_0_0	EXIST::FUNCTION:
 EVP_KDF_up_ref                          4802	3_0_0	EXIST::FUNCTION:
 EVP_KDF_free                            4803	3_0_0	EXIST::FUNCTION:
 EVP_KDF_fetch                           4804	3_0_0	EXIST::FUNCTION:
 EVP_KDF_CTX_dup                         4805	3_0_0	EXIST::FUNCTION:
-EVP_KDF_provider                        4806	3_0_0	EXIST::FUNCTION:
+EVP_KDF_get0_provider                   4806	3_0_0	EXIST::FUNCTION:
 EVP_KDF_get_params                      4807	3_0_0	EXIST::FUNCTION:
 EVP_KDF_CTX_get_params                  4808	3_0_0	EXIST::FUNCTION:
 EVP_KDF_CTX_set_params                  4809	3_0_0	EXIST::FUNCTION:
@@ -4685,14 +4685,14 @@
 EVP_KDF_do_all_provided                 4813	3_0_0	EXIST::FUNCTION:
 EVP_SIGNATURE_free                      4814	3_0_0	EXIST::FUNCTION:
 EVP_SIGNATURE_up_ref                    4815	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_provider                  4816	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_get0_provider             4816	3_0_0	EXIST::FUNCTION:
 EVP_SIGNATURE_fetch                     4817	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_signature_md           4818	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get_signature_md           4819	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get_params                 4820	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_gettable_params            4821	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_settable_params            4822	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_CTX_tag_length               4823	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_tag_length           4823	3_0_0	EXIST::FUNCTION:
 ERR_get_error_all                       4824	3_0_0	EXIST::FUNCTION:
 ERR_peek_error_func                     4825	3_0_0	EXIST::FUNCTION:
 ERR_peek_error_data                     4826	3_0_0	EXIST::FUNCTION:
@@ -4783,13 +4783,13 @@
 EVP_KEYEXCH_names_do_all                4911	3_0_0	EXIST::FUNCTION:
 EVP_KDF_names_do_all                    4912	3_0_0	EXIST::FUNCTION:
 EVP_SIGNATURE_names_do_all              4913	3_0_0	EXIST::FUNCTION:
-EVP_MD_number                           4914	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_number                       4915	3_0_0	EXIST::FUNCTION:
-EVP_MAC_number                          4916	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_number                      4917	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_number                      4918	3_0_0	EXIST::FUNCTION:
-EVP_KDF_number                          4919	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_number                    4920	3_0_0	EXIST::FUNCTION:
+EVP_MD_get_number                       4914	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_number                   4915	3_0_0	EXIST::FUNCTION:
+EVP_MAC_get_number                      4916	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_get_number                  4917	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_get_number                  4918	3_0_0	EXIST::FUNCTION:
+EVP_KDF_get_number                      4919	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_get_number                4920	3_0_0	EXIST::FUNCTION:
 OSSL_CMP_CTX_snprint_PKIStatus          4921	3_0_0	EXIST::FUNCTION:CMP
 OSSL_CMP_HDR_get0_transactionID         4922	3_0_0	EXIST::FUNCTION:CMP
 OSSL_CMP_HDR_get0_recipNonce            4923	3_0_0	EXIST::FUNCTION:CMP
@@ -4802,10 +4802,10 @@
 EVP_PKEY_fromdata                       4930	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_free                    4931	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_up_ref                  4932	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_provider                4933	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_get0_provider           4933	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_fetch                   4934	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_is_a                    4935	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_number                  4936	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_get_number              4936	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_do_all_provided         4937	3_0_0	EXIST::FUNCTION:
 EVP_ASYM_CIPHER_names_do_all            4938	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_rsa_padding            4939	3_0_0	EXIST::FUNCTION:
@@ -4827,16 +4827,16 @@
 OSSL_ENCODER_up_ref                     4955	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_free                       4956	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_fetch                      4957	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_number                     4958	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_get_number                 4958	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_is_a                       4959	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_provider                   4960	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_get0_provider              4960	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_do_all_provided            4961	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_names_do_all               4962	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_settable_ctx_params        4963	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_CTX_new                    4964	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_CTX_set_params             4965	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_CTX_free                   4966	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_properties                 4967	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_get0_properties            4967	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_to_bio                     4968	3_0_0	EXIST::FUNCTION:
 OSSL_ENCODER_to_fp                      4969	3_0_0	EXIST::FUNCTION:STDIO
 OSSL_ENCODER_CTX_new_for_pkey           4970	3_0_0	EXIST::FUNCTION:
@@ -5043,14 +5043,14 @@
 EVP_RAND_fetch                          5171	3_0_0	EXIST::FUNCTION:
 EVP_RAND_up_ref                         5172	3_0_0	EXIST::FUNCTION:
 EVP_RAND_free                           5173	3_0_0	EXIST::FUNCTION:
-EVP_RAND_number                         5174	3_0_0	EXIST::FUNCTION:
-EVP_RAND_name                           5175	3_0_0	EXIST::FUNCTION:
+EVP_RAND_get_number                     5174	3_0_0	EXIST::FUNCTION:
+EVP_RAND_get0_name                      5175	3_0_0	EXIST::FUNCTION:
 EVP_RAND_is_a                           5176	3_0_0	EXIST::FUNCTION:
-EVP_RAND_provider                       5177	3_0_0	EXIST::FUNCTION:
+EVP_RAND_get0_provider                  5177	3_0_0	EXIST::FUNCTION:
 EVP_RAND_get_params                     5178	3_0_0	EXIST::FUNCTION:
 EVP_RAND_CTX_new                        5179	3_0_0	EXIST::FUNCTION:
 EVP_RAND_CTX_free                       5180	3_0_0	EXIST::FUNCTION:
-EVP_RAND_CTX_rand                       5181	3_0_0	EXIST::FUNCTION:
+EVP_RAND_CTX_get0_rand                  5181	3_0_0	EXIST::FUNCTION:
 EVP_RAND_CTX_get_params                 5182	3_0_0	EXIST::FUNCTION:
 EVP_RAND_CTX_set_params                 5183	3_0_0	EXIST::FUNCTION:
 EVP_RAND_gettable_params                5184	3_0_0	EXIST::FUNCTION:
@@ -5065,8 +5065,8 @@
 EVP_RAND_nonce                          5193	3_0_0	EXIST::FUNCTION:
 EVP_RAND_enable_locking                 5194	3_0_0	EXIST::FUNCTION:
 EVP_RAND_verify_zeroization             5195	3_0_0	EXIST::FUNCTION:
-EVP_RAND_strength                       5196	3_0_0	EXIST::FUNCTION:
-EVP_RAND_state                          5197	3_0_0	EXIST::FUNCTION:
+EVP_RAND_get_strength                   5196	3_0_0	EXIST::FUNCTION:
+EVP_RAND_get_state                      5197	3_0_0	EXIST::FUNCTION:
 EVP_default_properties_is_fips_enabled  5198	3_0_0	EXIST::FUNCTION:
 EVP_default_properties_enable_fips      5199	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_new_raw_private_key_ex         5200	3_0_0	EXIST::FUNCTION:
@@ -5113,9 +5113,9 @@
 OSSL_DECODER_fetch                      5241	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_up_ref                     5242	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_free                       5243	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_provider                   5244	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_properties                 5245	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_number                     5246	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_get0_provider              5244	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_get0_properties            5245	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_get_number                 5246	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_is_a                       5247	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_do_all_provided            5248	3_0_0	EXIST::FUNCTION:
 OSSL_DECODER_names_do_all               5249	3_0_0	EXIST::FUNCTION:
@@ -5180,7 +5180,7 @@
 EVP_PKEY_CTX_set1_hkdf_salt             5308	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set1_hkdf_key              5309	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_add1_hkdf_info             5310	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_CTX_hkdf_mode                  5311	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_CTX_set_hkdf_mode              5311	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set1_pbe_pass              5312	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set1_scrypt_salt           5313	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_set_scrypt_N               5314	3_0_0	EXIST::FUNCTION:
@@ -5217,9 +5217,9 @@
 OSSL_STORE_LOADER_set_open_ex           5345	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 OSSL_STORE_LOADER_fetch                 5346	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_LOADER_up_ref                5347	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_provider              5348	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_properties            5349	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_number                5350	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_get0_provider         5348	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_get0_properties       5349	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_get_number            5350	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_LOADER_is_a                  5351	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_LOADER_do_all_provided       5352	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_LOADER_names_do_all          5353	3_0_0	EXIST::FUNCTION:
@@ -5238,14 +5238,14 @@
 CMS_AuthEnvelopedData_create_ex         5366	3_0_0	EXIST::FUNCTION:CMS
 EVP_PKEY_CTX_set_ec_param_enc           5367	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_get0_type_name                 5368	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_name                        5369	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_get0_name                   5369	3_0_0	EXIST::FUNCTION:
 EC_KEY_decoded_from_explicit_params     5370	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,EC
 EVP_KEM_free                            5371	3_0_0	EXIST::FUNCTION:
 EVP_KEM_up_ref                          5372	3_0_0	EXIST::FUNCTION:
-EVP_KEM_provider                        5373	3_0_0	EXIST::FUNCTION:
+EVP_KEM_get0_provider                   5373	3_0_0	EXIST::FUNCTION:
 EVP_KEM_fetch                           5374	3_0_0	EXIST::FUNCTION:
 EVP_KEM_is_a                            5375	3_0_0	EXIST::FUNCTION:
-EVP_KEM_number                          5376	3_0_0	EXIST::FUNCTION:
+EVP_KEM_get_number                      5376	3_0_0	EXIST::FUNCTION:
 EVP_KEM_do_all_provided                 5377	3_0_0	EXIST::FUNCTION:
 EVP_KEM_names_do_all                    5378	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_encapsulate_init               5379	3_0_0	EXIST::FUNCTION:
@@ -5347,22 +5347,22 @@
 EVP_PKEY_dup                            5475	3_0_0	EXIST::FUNCTION:
 RSA_PSS_PARAMS_dup                      5476	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_derive_set_peer_ex             5477	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_name                       5478	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_name                       5479	3_0_0	EXIST::FUNCTION:
-OSSL_DECODER_description                5480	3_0_0	EXIST::FUNCTION:
-OSSL_ENCODER_description                5481	3_0_0	EXIST::FUNCTION:
-OSSL_STORE_LOADER_description           5482	3_0_0	EXIST::FUNCTION:
-EVP_MD_description                      5483	3_0_0	EXIST::FUNCTION:
-EVP_CIPHER_description                  5484	3_0_0	EXIST::FUNCTION:
-EVP_MAC_description                     5485	3_0_0	EXIST::FUNCTION:
-EVP_RAND_description                    5486	3_0_0	EXIST::FUNCTION:
-EVP_PKEY_description                    5487	3_0_0	EXIST::FUNCTION:
-EVP_KEYMGMT_description                 5488	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_description               5489	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_description             5490	3_0_0	EXIST::FUNCTION:
-EVP_KEM_description                     5491	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_description                 5492	3_0_0	EXIST::FUNCTION:
-EVP_KDF_description                     5493	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_get0_name                  5478	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_get0_name                  5479	3_0_0	EXIST::FUNCTION:
+OSSL_DECODER_get0_description           5480	3_0_0	EXIST::FUNCTION:
+OSSL_ENCODER_get0_description           5481	3_0_0	EXIST::FUNCTION:
+OSSL_STORE_LOADER_get0_description      5482	3_0_0	EXIST::FUNCTION:
+EVP_MD_get0_description                 5483	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get0_description             5484	3_0_0	EXIST::FUNCTION:
+EVP_MAC_get0_description                5485	3_0_0	EXIST::FUNCTION:
+EVP_RAND_get0_description               5486	3_0_0	EXIST::FUNCTION:
+EVP_PKEY_get0_description               5487	3_0_0	EXIST::FUNCTION:
+EVP_KEYMGMT_get0_description            5488	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_get0_description          5489	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_get0_description        5490	3_0_0	EXIST::FUNCTION:
+EVP_KEM_get0_description                5491	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_get0_description            5492	3_0_0	EXIST::FUNCTION:
+EVP_KDF_get0_description                5493	3_0_0	EXIST::FUNCTION:
 OPENSSL_sk_find_all                     5494	3_0_0	EXIST::FUNCTION:
 X509_CRL_new_ex                         5495	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_dup                          5496	3_0_0	EXIST::FUNCTION:
@@ -5375,10 +5375,10 @@
 EVP_CIPHER_CTX_get0_cipher              5503	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_CTX_get1_cipher              5504	3_0_0	EXIST::FUNCTION:
 OSSL_LIB_CTX_get0_global_default        5505	3_0_0	EXIST::FUNCTION:
-EVP_SIGNATURE_name                      5506	3_0_0	EXIST::FUNCTION:
-EVP_ASYM_CIPHER_name                    5507	3_0_0	EXIST::FUNCTION:
-EVP_KEM_name                            5508	3_0_0	EXIST::FUNCTION:
-EVP_KEYEXCH_name                        5509	3_0_0	EXIST::FUNCTION:
+EVP_SIGNATURE_get0_name                 5506	3_0_0	EXIST::FUNCTION:
+EVP_ASYM_CIPHER_get0_name               5507	3_0_0	EXIST::FUNCTION:
+EVP_KEM_get0_name                       5508	3_0_0	EXIST::FUNCTION:
+EVP_KEYEXCH_get0_name                   5509	3_0_0	EXIST::FUNCTION:
 PKCS5_v2_PBE_keyivgen_ex                5510	3_0_0	EXIST::FUNCTION:
 EVP_PBE_scrypt_ex                       5511	3_0_0	EXIST::FUNCTION:SCRYPT
 PKCS5_v2_scrypt_keyivgen_ex             5512	3_0_0	EXIST::FUNCTION:SCRYPT
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index df71963..cd81ba7 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -631,8 +631,6 @@
 ERR_unload_strings(3)
 EVP_CIPHER_CTX_buf_noconst(3)
 EVP_CIPHER_CTX_copy(3)
-EVP_CIPHER_CTX_encrypting(3)
-EVP_CIPHER_CTX_num(3)
 EVP_CIPHER_CTX_rand_key(3)
 EVP_CIPHER_CTX_set_num(3)
 EVP_CIPHER_do_all(3)
diff --git a/util/other.syms b/util/other.syms
index 706ad7f..03dd5c9 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -232,10 +232,10 @@
 ERR_raise_data                          define
 EVP_DigestSignUpdate                    define
 EVP_DigestVerifyUpdate                  define
-EVP_MD_CTX_block_size                   define
-EVP_MD_CTX_name                         define
-EVP_MD_CTX_size                         define
-EVP_MD_CTX_type                         define
+EVP_MD_CTX_get_block_size               define
+EVP_MD_CTX_get0_name                    define
+EVP_MD_CTX_get_size                     define
+EVP_MD_CTX_get_type                     define
 EVP_OpenUpdate                          define
 EVP_PKEY_CTX_add1_hkdf_info             define
 EVP_PKEY_CTX_add1_tls1_prf_seed         define
@@ -255,7 +255,6 @@
 EVP_PKEY_CTX_get_rsa_padding            define
 EVP_PKEY_CTX_get_rsa_pss_saltlen        define
 EVP_PKEY_CTX_get_signature_md           define
-EVP_PKEY_CTX_hkdf_mode                  define
 EVP_PKEY_CTX_set0_dh_kdf_oid            define
 EVP_PKEY_CTX_set0_dh_kdf_ukm            define
 EVP_PKEY_CTX_set0_ecdh_kdf_ukm          define