Namespace crypto/fipsmodule/bcm_interface.h's internal symbols.

Down from 582 to 428 unintended exported symbols.

Bug: 42220000
Change-Id: I33431193c01a212229b5740619d3da926a6a6964
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/86649
Reviewed-by: Xiangfei Ding <xfding@google.com>
Commit-Queue: Rudolf Polzer <rpolzer@google.com>
diff --git a/crypto/aes/aes.cc b/crypto/aes/aes.cc
index fc9b67d..ac2c943 100644
--- a/crypto/aes/aes.cc
+++ b/crypto/aes/aes.cc
@@ -18,6 +18,9 @@
 
 #include "../fipsmodule/bcm_interface.h"
 
+
+using namespace bssl;
+
 void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
   BCM_aes_encrypt(in, out, key);
 }
diff --git a/crypto/fipsmodule/aes/aes.cc.inc b/crypto/fipsmodule/aes/aes.cc.inc
index 2b57a6c..56a110f 100644
--- a/crypto/fipsmodule/aes/aes.cc.inc
+++ b/crypto/fipsmodule/aes/aes.cc.inc
@@ -25,8 +25,8 @@
 // value, or both. Therefore they cannot mix. Also, on AArch64, the plain-C
 // code, above, is incompatible with the |aes_hw_*| functions.
 
-bcm_infallible BCM_aes_encrypt(const uint8_t *in, uint8_t *out,
-                               const AES_KEY *key) {
+bcm_infallible bssl::BCM_aes_encrypt(const uint8_t *in, uint8_t *out,
+                                     const AES_KEY *key) {
   if (hwaes_capable()) {
     aes_hw_encrypt(in, out, key);
   } else if (vpaes_capable()) {
@@ -37,8 +37,8 @@
   return bcm_infallible::not_approved;
 }
 
-bcm_infallible BCM_aes_decrypt(const uint8_t *in, uint8_t *out,
-                               const AES_KEY *key) {
+bcm_infallible bssl::BCM_aes_decrypt(const uint8_t *in, uint8_t *out,
+                                     const AES_KEY *key) {
   if (hwaes_capable()) {
     aes_hw_decrypt(in, out, key);
   } else if (vpaes_capable()) {
@@ -49,8 +49,8 @@
   return bcm_infallible::not_approved;
 }
 
-bcm_status BCM_aes_set_encrypt_key(const uint8_t *key, unsigned bits,
-                                   AES_KEY *aeskey) {
+bcm_status bssl::BCM_aes_set_encrypt_key(const uint8_t *key, unsigned bits,
+                                         AES_KEY *aeskey) {
   int ret = -1;
   if (hwaes_capable()) {
     ret = aes_hw_set_encrypt_key(key, bits, aeskey);
@@ -66,8 +66,8 @@
   return bcm_status::not_approved;
 }
 
-bcm_status BCM_aes_set_decrypt_key(const uint8_t *key, unsigned bits,
-                                   AES_KEY *aeskey) {
+bcm_status bssl::BCM_aes_set_decrypt_key(const uint8_t *key, unsigned bits,
+                                         AES_KEY *aeskey) {
   int ret = -1;
   if (hwaes_capable()) {
     ret = aes_hw_set_decrypt_key(key, bits, aeskey);
diff --git a/crypto/fipsmodule/bcm_interface.h b/crypto/fipsmodule/bcm_interface.h
index 654acf0..b78c372 100644
--- a/crypto/fipsmodule/bcm_interface.h
+++ b/crypto/fipsmodule/bcm_interface.h
@@ -30,9 +30,7 @@
 // Over time, calls from libcrypto to BCM will all move to this header
 // and the separation will become more meaningful.
 
-#if defined(__cplusplus)
-extern "C" {
-#endif
+BSSL_NAMESPACE_BEGIN
 
 // Enumerated types for return values from bcm functions, both infallible
 // and fallible functions. Two success values are used to correspond to the
@@ -939,9 +937,7 @@
 bcm_status BCM_aes_set_decrypt_key(const uint8_t *key, unsigned bits,
                                    AES_KEY *aeskey);
 
+BSSL_NAMESPACE_END
 
-#if defined(__cplusplus)
-}  // extern C
-#endif
 
 #endif  // OPENSSL_HEADER_CRYPTO_FIPSMODULE_BCM_INTERFACE_H
diff --git a/crypto/fipsmodule/digest/digests.cc.inc b/crypto/fipsmodule/digest/digests.cc.inc
index 3a3bfd3..a246a51 100644
--- a/crypto/fipsmodule/digest/digests.cc.inc
+++ b/crypto/fipsmodule/digest/digests.cc.inc
@@ -24,13 +24,15 @@
 #include "../delocate.h"
 #include "internal.h"
 
+
+using namespace bssl;
+
 #if defined(NDEBUG)
 #define CHECK(x) (void)(x)
 #else
 #define CHECK(x) assert(x)
 #endif
 
-
 static void sha1_init(EVP_MD_CTX *ctx) {
   BCM_sha1_init(reinterpret_cast<SHA_CTX *>(ctx->md_data));
 }
diff --git a/crypto/fipsmodule/mldsa/mldsa.cc.inc b/crypto/fipsmodule/mldsa/mldsa.cc.inc
index 9493ed3..5c305b2 100644
--- a/crypto/fipsmodule/mldsa/mldsa.cc.inc
+++ b/crypto/fipsmodule/mldsa/mldsa.cc.inc
@@ -2285,34 +2285,34 @@
 
 // ML-DSA-65 specific wrappers.
 
-bcm_status BCM_mldsa65_parse_public_key(MLDSA65_public_key *public_key,
-                                        CBS *in) {
+bcm_status bssl::BCM_mldsa65_parse_public_key(MLDSA65_public_key *public_key,
+                                              CBS *in) {
   return bcm_as_approved_status(mldsa_parse_public_key(
       mldsa::public_key_from_external_65(public_key), in));
 }
 
-bcm_status BCM_mldsa65_marshal_private_key(
+bcm_status bssl::BCM_mldsa65_marshal_private_key(
     CBB *out, const MLDSA65_private_key *private_key) {
   return bcm_as_approved_status(mldsa_marshal_private_key(
       out, mldsa::private_key_from_external_65(private_key)));
 }
 
-bcm_status BCM_mldsa65_parse_private_key(MLDSA65_private_key *private_key,
-                                         CBS *in) {
+bcm_status bssl::BCM_mldsa65_parse_private_key(MLDSA65_private_key *private_key,
+                                               CBS *in) {
   return bcm_as_approved_status(
       mldsa_parse_private_key(mldsa::private_key_from_external_65(private_key),
                               in) &&
       CBS_len(in) == 0);
 }
 
-bcm_status BCM_mldsa65_check_key_fips(MLDSA65_private_key *private_key) {
+bcm_status bssl::BCM_mldsa65_check_key_fips(MLDSA65_private_key *private_key) {
   return bcm_as_approved_status(
       mldsa::fips::check_key(mldsa::private_key_from_external_65(private_key)));
 }
 
 // Calls |MLDSA_generate_key_external_entropy| with random bytes from
 // |BCM_rand_bytes|.
-bcm_status BCM_mldsa65_generate_key(
+bcm_status bssl::BCM_mldsa65_generate_key(
     uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
     uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA65_private_key *out_private_key) {
   BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES);
@@ -2321,7 +2321,7 @@
                                                    out_private_key, out_seed);
 }
 
-bcm_status BCM_mldsa65_private_key_from_seed(
+bcm_status bssl::BCM_mldsa65_private_key_from_seed(
     MLDSA65_private_key *out_private_key,
     const uint8_t seed[MLDSA_SEED_BYTES]) {
   uint8_t public_key[MLDSA65_PUBLIC_KEY_BYTES];
@@ -2329,7 +2329,7 @@
                                                    seed);
 }
 
-bcm_status BCM_mldsa65_generate_key_external_entropy(
+bcm_status bssl::BCM_mldsa65_generate_key_external_entropy(
     uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
     MLDSA65_private_key *out_private_key,
     const uint8_t entropy[MLDSA_SEED_BYTES]) {
@@ -2338,7 +2338,7 @@
       mldsa::private_key_from_external_65(out_private_key), entropy));
 }
 
-bcm_status BCM_mldsa65_generate_key_fips(
+bcm_status bssl::BCM_mldsa65_generate_key_fips(
     uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
     uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA65_private_key *out_private_key) {
   if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
@@ -2351,7 +2351,7 @@
   return BCM_mldsa65_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa65_generate_key_external_entropy_fips(
+bcm_status bssl::BCM_mldsa65_generate_key_external_entropy_fips(
     uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
     MLDSA65_private_key *out_private_key,
     const uint8_t entropy[MLDSA_SEED_BYTES]) {
@@ -2366,7 +2366,7 @@
   return BCM_mldsa65_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa65_private_key_from_seed_fips(
+bcm_status bssl::BCM_mldsa65_private_key_from_seed_fips(
     MLDSA65_private_key *out_private_key,
     const uint8_t seed[MLDSA_SEED_BYTES]) {
   uint8_t public_key[MLDSA65_PUBLIC_KEY_BYTES];
@@ -2377,7 +2377,7 @@
   return BCM_mldsa65_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa65_public_from_private(
+bcm_status bssl::BCM_mldsa65_public_from_private(
     MLDSA65_public_key *out_public_key,
     const MLDSA65_private_key *private_key) {
   const auto *priv = mldsa::private_key_from_external_65(private_key);
@@ -2386,13 +2386,13 @@
   return bcm_status::approved;
 }
 
-const MLDSA65_public_key *BCM_mldsa65_public_of_private(
+const MLDSA65_public_key *bssl::BCM_mldsa65_public_of_private(
     const MLDSA65_private_key *private_key) {
   return reinterpret_cast<const MLDSA65_public_key *>(
       &mldsa::private_key_from_external_65(private_key)->pub);
 }
 
-bcm_status BCM_mldsa65_sign_internal(
+bcm_status bssl::BCM_mldsa65_sign_internal(
     uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
     const MLDSA65_private_key *private_key, const uint8_t *msg, size_t msg_len,
     const uint8_t *context_prefix, size_t context_prefix_len,
@@ -2404,7 +2404,7 @@
       randomizer));
 }
 
-bcm_status BCM_mldsa65_sign_mu_internal(
+bcm_status bssl::BCM_mldsa65_sign_mu_internal(
     uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
     const MLDSA65_private_key *private_key,
     const uint8_t msg_rep[MLDSA_MU_BYTES],
@@ -2416,7 +2416,7 @@
 
 // ML-DSA signature in randomized mode, filling the random bytes with
 // |BCM_rand_bytes|.
-bcm_status BCM_mldsa65_sign(
+bcm_status bssl::BCM_mldsa65_sign(
     uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
     const MLDSA65_private_key *private_key, const uint8_t *msg, size_t msg_len,
     const uint8_t *context, size_t context_len) {
@@ -2432,9 +2432,10 @@
 }
 
 // ML-DSA pre-hashed API: initializing a pre-hashing context.
-void BCM_mldsa65_prehash_init(MLDSA65_prehash *out_prehash_ctx,
-                              const MLDSA65_public_key *public_key,
-                              const uint8_t *context, size_t context_len) {
+void bssl::BCM_mldsa65_prehash_init(MLDSA65_prehash *out_prehash_ctx,
+                                    const MLDSA65_public_key *public_key,
+                                    const uint8_t *context,
+                                    size_t context_len) {
   BSSL_CHECK(context_len <= 255);
 
   const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)};
@@ -2445,21 +2446,21 @@
 }
 
 // ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk.
-void BCM_mldsa65_prehash_update(MLDSA65_prehash *inout_prehash_ctx,
-                                const uint8_t *msg, size_t msg_len) {
+void bssl::BCM_mldsa65_prehash_update(MLDSA65_prehash *inout_prehash_ctx,
+                                      const uint8_t *msg, size_t msg_len) {
   mldsa_prehash_update(
       mldsa::prehash_context_from_external_65(inout_prehash_ctx), msg, msg_len);
 }
 
 // ML-DSA pre-hashed API: obtaining a message representative to sign.
-void BCM_mldsa65_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
-                                  MLDSA65_prehash *inout_prehash_ctx) {
+void bssl::BCM_mldsa65_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
+                                        MLDSA65_prehash *inout_prehash_ctx) {
   mldsa_prehash_finalize(
       out_msg_rep, mldsa::prehash_context_from_external_65(inout_prehash_ctx));
 }
 
 // ML-DSA pre-hashed API: signing a message representative.
-bcm_status BCM_mldsa65_sign_message_representative(
+bcm_status bssl::BCM_mldsa65_sign_message_representative(
     uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
     const MLDSA65_private_key *private_key,
     const uint8_t msg_rep[MLDSA_MU_BYTES]) {
@@ -2473,7 +2474,7 @@
 }
 
 // ML-DSA pre-hashed API: verifying a message representative.
-bcm_status BCM_mldsa65_verify_message_representative(
+bcm_status bssl::BCM_mldsa65_verify_message_representative(
     const MLDSA65_public_key *public_key,
     const uint8_t signature[MLDSA65_SIGNATURE_BYTES],
     const uint8_t msg_rep[MLDSA_MU_BYTES]) {
@@ -2482,10 +2483,10 @@
 }
 
 // FIPS 204, Algorithm 3 (`ML-DSA.Verify`).
-bcm_status BCM_mldsa65_verify(const MLDSA65_public_key *public_key,
-                              const uint8_t signature[MLDSA65_SIGNATURE_BYTES],
-                              const uint8_t *msg, size_t msg_len,
-                              const uint8_t *context, size_t context_len) {
+bcm_status bssl::BCM_mldsa65_verify(
+    const MLDSA65_public_key *public_key,
+    const uint8_t signature[MLDSA65_SIGNATURE_BYTES], const uint8_t *msg,
+    size_t msg_len, const uint8_t *context, size_t context_len) {
   BSSL_CHECK(context_len <= 255);
   const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)};
   return BCM_mldsa65_verify_internal(public_key, signature, msg, msg_len,
@@ -2493,7 +2494,7 @@
                                      context, context_len);
 }
 
-bcm_status BCM_mldsa65_verify_internal(
+bcm_status bssl::BCM_mldsa65_verify_internal(
     const MLDSA65_public_key *public_key,
     const uint8_t encoded_signature[MLDSA65_SIGNATURE_BYTES],
     const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
@@ -2503,14 +2504,14 @@
       msg_len, context_prefix, context_prefix_len, context, context_len));
 }
 
-bcm_status BCM_mldsa65_marshal_public_key(
+bcm_status bssl::BCM_mldsa65_marshal_public_key(
     CBB *out, const MLDSA65_public_key *public_key) {
   return bcm_as_approved_status(mldsa_marshal_public_key(
       out, mldsa::public_key_from_external_65(public_key)));
 }
 
-int BCM_mldsa65_public_keys_equal(const MLDSA65_public_key *a,
-                                  const MLDSA65_public_key *b) {
+int bssl::BCM_mldsa65_public_keys_equal(const MLDSA65_public_key *a,
+                                        const MLDSA65_public_key *b) {
   auto *a_pub = mldsa::public_key_from_external_65(a);
   auto *b_pub = mldsa::public_key_from_external_65(b);
   // It is sufficient to compare |public_key_hash|. When importing a public key,
@@ -2524,34 +2525,34 @@
 
 // ML-DSA-87 specific wrappers.
 
-bcm_status BCM_mldsa87_parse_public_key(MLDSA87_public_key *public_key,
-                                        CBS *in) {
+bcm_status bssl::BCM_mldsa87_parse_public_key(MLDSA87_public_key *public_key,
+                                              CBS *in) {
   return bcm_as_approved_status(mldsa_parse_public_key(
       mldsa::public_key_from_external_87(public_key), in));
 }
 
-bcm_status BCM_mldsa87_marshal_private_key(
+bcm_status bssl::BCM_mldsa87_marshal_private_key(
     CBB *out, const MLDSA87_private_key *private_key) {
   return bcm_as_approved_status(mldsa_marshal_private_key(
       out, mldsa::private_key_from_external_87(private_key)));
 }
 
-bcm_status BCM_mldsa87_parse_private_key(MLDSA87_private_key *private_key,
-                                         CBS *in) {
+bcm_status bssl::BCM_mldsa87_parse_private_key(MLDSA87_private_key *private_key,
+                                               CBS *in) {
   return bcm_as_approved_status(
       mldsa_parse_private_key(mldsa::private_key_from_external_87(private_key),
                               in) &&
       CBS_len(in) == 0);
 }
 
-bcm_status BCM_mldsa87_check_key_fips(MLDSA87_private_key *private_key) {
+bcm_status bssl::BCM_mldsa87_check_key_fips(MLDSA87_private_key *private_key) {
   return bcm_as_approved_status(
       mldsa::fips::check_key(mldsa::private_key_from_external_87(private_key)));
 }
 
 // Calls |MLDSA_generate_key_external_entropy| with random bytes from
 // |BCM_rand_bytes|.
-bcm_status BCM_mldsa87_generate_key(
+bcm_status bssl::BCM_mldsa87_generate_key(
     uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
     uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA87_private_key *out_private_key) {
   BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES);
@@ -2559,7 +2560,7 @@
                                                    out_private_key, out_seed);
 }
 
-bcm_status BCM_mldsa87_private_key_from_seed(
+bcm_status bssl::BCM_mldsa87_private_key_from_seed(
     MLDSA87_private_key *out_private_key,
     const uint8_t seed[MLDSA_SEED_BYTES]) {
   uint8_t public_key[MLDSA87_PUBLIC_KEY_BYTES];
@@ -2567,7 +2568,7 @@
                                                    seed);
 }
 
-bcm_status BCM_mldsa87_generate_key_external_entropy(
+bcm_status bssl::BCM_mldsa87_generate_key_external_entropy(
     uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
     MLDSA87_private_key *out_private_key,
     const uint8_t entropy[MLDSA_SEED_BYTES]) {
@@ -2576,7 +2577,7 @@
       mldsa::private_key_from_external_87(out_private_key), entropy));
 }
 
-bcm_status BCM_mldsa87_generate_key_fips(
+bcm_status bssl::BCM_mldsa87_generate_key_fips(
     uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
     uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA87_private_key *out_private_key) {
   if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
@@ -2589,7 +2590,7 @@
   return BCM_mldsa87_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa87_generate_key_external_entropy_fips(
+bcm_status bssl::BCM_mldsa87_generate_key_external_entropy_fips(
     uint8_t out_encoded_public_key[MLDSA87_PUBLIC_KEY_BYTES],
     MLDSA87_private_key *out_private_key,
     const uint8_t entropy[MLDSA_SEED_BYTES]) {
@@ -2604,7 +2605,7 @@
   return BCM_mldsa87_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa87_private_key_from_seed_fips(
+bcm_status bssl::BCM_mldsa87_private_key_from_seed_fips(
     MLDSA87_private_key *out_private_key,
     const uint8_t seed[MLDSA_SEED_BYTES]) {
   uint8_t public_key[MLDSA87_PUBLIC_KEY_BYTES];
@@ -2615,7 +2616,7 @@
   return BCM_mldsa87_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa87_public_from_private(
+bcm_status bssl::BCM_mldsa87_public_from_private(
     MLDSA87_public_key *out_public_key,
     const MLDSA87_private_key *private_key) {
   const auto *priv = mldsa::private_key_from_external_87(private_key);
@@ -2624,13 +2625,13 @@
   return bcm_status::approved;
 }
 
-const MLDSA87_public_key *BCM_mldsa87_public_of_private(
+const MLDSA87_public_key *bssl::BCM_mldsa87_public_of_private(
     const MLDSA87_private_key *private_key) {
   return reinterpret_cast<const MLDSA87_public_key *>(
       &mldsa::private_key_from_external_87(private_key)->pub);
 }
 
-bcm_status BCM_mldsa87_sign_internal(
+bcm_status bssl::BCM_mldsa87_sign_internal(
     uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
     const MLDSA87_private_key *private_key, const uint8_t *msg, size_t msg_len,
     const uint8_t *context_prefix, size_t context_prefix_len,
@@ -2642,7 +2643,7 @@
       randomizer));
 }
 
-bcm_status BCM_mldsa87_sign_mu_internal(
+bcm_status bssl::BCM_mldsa87_sign_mu_internal(
     uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
     const MLDSA87_private_key *private_key,
     const uint8_t msg_rep[MLDSA_MU_BYTES],
@@ -2654,7 +2655,7 @@
 
 // ML-DSA signature in randomized mode, filling the random bytes with
 // |BCM_rand_bytes|.
-bcm_status BCM_mldsa87_sign(
+bcm_status bssl::BCM_mldsa87_sign(
     uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
     const MLDSA87_private_key *private_key, const uint8_t *msg, size_t msg_len,
     const uint8_t *context, size_t context_len) {
@@ -2669,9 +2670,10 @@
 }
 
 // ML-DSA pre-hashed API: initializing a pre-hashing context.
-void BCM_mldsa87_prehash_init(MLDSA87_prehash *out_prehash_ctx,
-                              const MLDSA87_public_key *public_key,
-                              const uint8_t *context, size_t context_len) {
+void bssl::BCM_mldsa87_prehash_init(MLDSA87_prehash *out_prehash_ctx,
+                                    const MLDSA87_public_key *public_key,
+                                    const uint8_t *context,
+                                    size_t context_len) {
   BSSL_CHECK(context_len <= 255);
 
   const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)};
@@ -2682,21 +2684,21 @@
 }
 
 // ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk.
-void BCM_mldsa87_prehash_update(MLDSA87_prehash *inout_prehash_ctx,
-                                const uint8_t *msg, size_t msg_len) {
+void bssl::BCM_mldsa87_prehash_update(MLDSA87_prehash *inout_prehash_ctx,
+                                      const uint8_t *msg, size_t msg_len) {
   mldsa_prehash_update(
       mldsa::prehash_context_from_external_87(inout_prehash_ctx), msg, msg_len);
 }
 
 // ML-DSA pre-hashed API: obtaining a message representative to sign.
-void BCM_mldsa87_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
-                                  MLDSA87_prehash *inout_prehash_ctx) {
+void bssl::BCM_mldsa87_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
+                                        MLDSA87_prehash *inout_prehash_ctx) {
   mldsa_prehash_finalize(
       out_msg_rep, mldsa::prehash_context_from_external_87(inout_prehash_ctx));
 }
 
 // ML-DSA pre-hashed API: signing a message representative.
-bcm_status BCM_mldsa87_sign_message_representative(
+bcm_status bssl::BCM_mldsa87_sign_message_representative(
     uint8_t out_encoded_signature[MLDSA87_SIGNATURE_BYTES],
     const MLDSA87_private_key *private_key,
     const uint8_t msg_rep[MLDSA_MU_BYTES]) {
@@ -2710,7 +2712,7 @@
 }
 
 // ML-DSA pre-hashed API: verifying a message representative.
-bcm_status BCM_mldsa87_verify_message_representative(
+bcm_status bssl::BCM_mldsa87_verify_message_representative(
     const MLDSA87_public_key *public_key,
     const uint8_t signature[MLDSA87_SIGNATURE_BYTES],
     const uint8_t msg_rep[MLDSA_MU_BYTES]) {
@@ -2719,10 +2721,11 @@
 }
 
 // FIPS 204, Algorithm 3 (`ML-DSA.Verify`).
-bcm_status BCM_mldsa87_verify(const MLDSA87_public_key *public_key,
-                              const uint8_t *signature, const uint8_t *msg,
-                              size_t msg_len, const uint8_t *context,
-                              size_t context_len) {
+bcm_status bssl::BCM_mldsa87_verify(const MLDSA87_public_key *public_key,
+                                    const uint8_t *signature,
+                                    const uint8_t *msg, size_t msg_len,
+                                    const uint8_t *context,
+                                    size_t context_len) {
   BSSL_CHECK(context_len <= 255);
   const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)};
   return BCM_mldsa87_verify_internal(public_key, signature, msg, msg_len,
@@ -2730,7 +2733,7 @@
                                      context, context_len);
 }
 
-bcm_status BCM_mldsa87_verify_internal(
+bcm_status bssl::BCM_mldsa87_verify_internal(
     const MLDSA87_public_key *public_key,
     const uint8_t encoded_signature[MLDSA87_SIGNATURE_BYTES],
     const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
@@ -2740,14 +2743,14 @@
       msg_len, context_prefix, context_prefix_len, context, context_len));
 }
 
-bcm_status BCM_mldsa87_marshal_public_key(
+bcm_status bssl::BCM_mldsa87_marshal_public_key(
     CBB *out, const MLDSA87_public_key *public_key) {
   return bcm_as_approved_status(mldsa_marshal_public_key(
       out, mldsa::public_key_from_external_87(public_key)));
 }
 
-int BCM_mldsa87_public_keys_equal(const MLDSA87_public_key *a,
-                                  const MLDSA87_public_key *b) {
+int bssl::BCM_mldsa87_public_keys_equal(const MLDSA87_public_key *a,
+                                        const MLDSA87_public_key *b) {
   auto *a_pub = mldsa::public_key_from_external_87(a);
   auto *b_pub = mldsa::public_key_from_external_87(b);
   // It is sufficient to compare |public_key_hash|. When importing a public key,
@@ -2761,34 +2764,34 @@
 
 // ML-DSA-44 specific wrappers.
 
-bcm_status BCM_mldsa44_parse_public_key(MLDSA44_public_key *public_key,
-                                        CBS *in) {
+bcm_status bssl::BCM_mldsa44_parse_public_key(MLDSA44_public_key *public_key,
+                                              CBS *in) {
   return bcm_as_approved_status(mldsa_parse_public_key(
       mldsa::public_key_from_external_44(public_key), in));
 }
 
-bcm_status BCM_mldsa44_marshal_private_key(
+bcm_status bssl::BCM_mldsa44_marshal_private_key(
     CBB *out, const MLDSA44_private_key *private_key) {
   return bcm_as_approved_status(mldsa_marshal_private_key(
       out, mldsa::private_key_from_external_44(private_key)));
 }
 
-bcm_status BCM_mldsa44_parse_private_key(MLDSA44_private_key *private_key,
-                                         CBS *in) {
+bcm_status bssl::BCM_mldsa44_parse_private_key(MLDSA44_private_key *private_key,
+                                               CBS *in) {
   return bcm_as_approved_status(
       mldsa_parse_private_key(mldsa::private_key_from_external_44(private_key),
                               in) &&
       CBS_len(in) == 0);
 }
 
-bcm_status BCM_mldsa44_check_key_fips(MLDSA44_private_key *private_key) {
+bcm_status bssl::BCM_mldsa44_check_key_fips(MLDSA44_private_key *private_key) {
   return bcm_as_approved_status(
       mldsa::fips::check_key(mldsa::private_key_from_external_44(private_key)));
 }
 
 // Calls |MLDSA_generate_key_external_entropy| with random bytes from
 // |BCM_rand_bytes|.
-bcm_status BCM_mldsa44_generate_key(
+bcm_status bssl::BCM_mldsa44_generate_key(
     uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
     uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA44_private_key *out_private_key) {
   BCM_rand_bytes(out_seed, MLDSA_SEED_BYTES);
@@ -2796,7 +2799,7 @@
                                                    out_private_key, out_seed);
 }
 
-bcm_status BCM_mldsa44_private_key_from_seed(
+bcm_status bssl::BCM_mldsa44_private_key_from_seed(
     MLDSA44_private_key *out_private_key,
     const uint8_t seed[MLDSA_SEED_BYTES]) {
   uint8_t public_key[MLDSA44_PUBLIC_KEY_BYTES];
@@ -2804,7 +2807,7 @@
                                                    seed);
 }
 
-bcm_status BCM_mldsa44_generate_key_external_entropy(
+bcm_status bssl::BCM_mldsa44_generate_key_external_entropy(
     uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
     MLDSA44_private_key *out_private_key,
     const uint8_t entropy[MLDSA_SEED_BYTES]) {
@@ -2813,7 +2816,7 @@
       mldsa::private_key_from_external_44(out_private_key), entropy));
 }
 
-bcm_status BCM_mldsa44_generate_key_fips(
+bcm_status bssl::BCM_mldsa44_generate_key_fips(
     uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
     uint8_t out_seed[MLDSA_SEED_BYTES], MLDSA44_private_key *out_private_key) {
   if (out_encoded_public_key == nullptr || out_private_key == nullptr) {
@@ -2826,7 +2829,7 @@
   return BCM_mldsa44_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa44_generate_key_external_entropy_fips(
+bcm_status bssl::BCM_mldsa44_generate_key_external_entropy_fips(
     uint8_t out_encoded_public_key[MLDSA44_PUBLIC_KEY_BYTES],
     MLDSA44_private_key *out_private_key,
     const uint8_t entropy[MLDSA_SEED_BYTES]) {
@@ -2841,7 +2844,7 @@
   return BCM_mldsa44_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa44_private_key_from_seed_fips(
+bcm_status bssl::BCM_mldsa44_private_key_from_seed_fips(
     MLDSA44_private_key *out_private_key,
     const uint8_t seed[MLDSA_SEED_BYTES]) {
   uint8_t public_key[MLDSA44_PUBLIC_KEY_BYTES];
@@ -2852,7 +2855,7 @@
   return BCM_mldsa44_check_key_fips(out_private_key);
 }
 
-bcm_status BCM_mldsa44_public_from_private(
+bcm_status bssl::BCM_mldsa44_public_from_private(
     MLDSA44_public_key *out_public_key,
     const MLDSA44_private_key *private_key) {
   const auto *priv = mldsa::private_key_from_external_44(private_key);
@@ -2861,13 +2864,13 @@
   return bcm_status::approved;
 }
 
-const MLDSA44_public_key *BCM_mldsa44_public_of_private(
+const MLDSA44_public_key *bssl::BCM_mldsa44_public_of_private(
     const MLDSA44_private_key *private_key) {
   return reinterpret_cast<const MLDSA44_public_key *>(
       &mldsa::private_key_from_external_44(private_key)->pub);
 }
 
-bcm_status BCM_mldsa44_sign_internal(
+bcm_status bssl::BCM_mldsa44_sign_internal(
     uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
     const MLDSA44_private_key *private_key, const uint8_t *msg, size_t msg_len,
     const uint8_t *context_prefix, size_t context_prefix_len,
@@ -2879,7 +2882,7 @@
       randomizer));
 }
 
-bcm_status BCM_mldsa44_sign_mu_internal(
+bcm_status bssl::BCM_mldsa44_sign_mu_internal(
     uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
     const MLDSA44_private_key *private_key,
     const uint8_t msg_rep[MLDSA_MU_BYTES],
@@ -2891,7 +2894,7 @@
 
 // ML-DSA signature in randomized mode, filling the random bytes with
 // |BCM_rand_bytes|.
-bcm_status BCM_mldsa44_sign(
+bcm_status bssl::BCM_mldsa44_sign(
     uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
     const MLDSA44_private_key *private_key, const uint8_t *msg, size_t msg_len,
     const uint8_t *context, size_t context_len) {
@@ -2906,9 +2909,10 @@
 }
 
 // ML-DSA pre-hashed API: initializing a pre-hashing context.
-void BCM_mldsa44_prehash_init(MLDSA44_prehash *out_prehash_ctx,
-                              const MLDSA44_public_key *public_key,
-                              const uint8_t *context, size_t context_len) {
+void bssl::BCM_mldsa44_prehash_init(MLDSA44_prehash *out_prehash_ctx,
+                                    const MLDSA44_public_key *public_key,
+                                    const uint8_t *context,
+                                    size_t context_len) {
   BSSL_CHECK(context_len <= 255);
 
   const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)};
@@ -2919,21 +2923,21 @@
 }
 
 // ML-DSA pre-hashed API: updating a pre-hashing context with a message chunk.
-void BCM_mldsa44_prehash_update(MLDSA44_prehash *inout_prehash_ctx,
-                                const uint8_t *msg, size_t msg_len) {
+void bssl::BCM_mldsa44_prehash_update(MLDSA44_prehash *inout_prehash_ctx,
+                                      const uint8_t *msg, size_t msg_len) {
   mldsa_prehash_update(
       mldsa::prehash_context_from_external_44(inout_prehash_ctx), msg, msg_len);
 }
 
 // ML-DSA pre-hashed API: obtaining a message representative to sign.
-void BCM_mldsa44_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
-                                  MLDSA44_prehash *inout_prehash_ctx) {
+void bssl::BCM_mldsa44_prehash_finalize(uint8_t out_msg_rep[MLDSA_MU_BYTES],
+                                        MLDSA44_prehash *inout_prehash_ctx) {
   mldsa_prehash_finalize(
       out_msg_rep, mldsa::prehash_context_from_external_44(inout_prehash_ctx));
 }
 
 // ML-DSA pre-hashed API: signing a message representative.
-bcm_status BCM_mldsa44_sign_message_representative(
+bcm_status bssl::BCM_mldsa44_sign_message_representative(
     uint8_t out_encoded_signature[MLDSA44_SIGNATURE_BYTES],
     const MLDSA44_private_key *private_key,
     const uint8_t msg_rep[MLDSA_MU_BYTES]) {
@@ -2947,7 +2951,7 @@
 }
 
 // ML-DSA pre-hashed API: verifying a message representative.
-bcm_status BCM_mldsa44_verify_message_representative(
+bcm_status bssl::BCM_mldsa44_verify_message_representative(
     const MLDSA44_public_key *public_key,
     const uint8_t signature[MLDSA44_SIGNATURE_BYTES],
     const uint8_t msg_rep[MLDSA_MU_BYTES]) {
@@ -2956,10 +2960,11 @@
 }
 
 // FIPS 204, Algorithm 3 (`ML-DSA.Verify`).
-bcm_status BCM_mldsa44_verify(const MLDSA44_public_key *public_key,
-                              const uint8_t *signature, const uint8_t *msg,
-                              size_t msg_len, const uint8_t *context,
-                              size_t context_len) {
+bcm_status bssl::BCM_mldsa44_verify(const MLDSA44_public_key *public_key,
+                                    const uint8_t *signature,
+                                    const uint8_t *msg, size_t msg_len,
+                                    const uint8_t *context,
+                                    size_t context_len) {
   BSSL_CHECK(context_len <= 255);
   const uint8_t context_prefix[2] = {0, static_cast<uint8_t>(context_len)};
   return BCM_mldsa44_verify_internal(public_key, signature, msg, msg_len,
@@ -2967,7 +2972,7 @@
                                      context, context_len);
 }
 
-bcm_status BCM_mldsa44_verify_internal(
+bcm_status bssl::BCM_mldsa44_verify_internal(
     const MLDSA44_public_key *public_key,
     const uint8_t encoded_signature[MLDSA44_SIGNATURE_BYTES],
     const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
@@ -2977,14 +2982,14 @@
       msg_len, context_prefix, context_prefix_len, context, context_len));
 }
 
-bcm_status BCM_mldsa44_marshal_public_key(
+bcm_status bssl::BCM_mldsa44_marshal_public_key(
     CBB *out, const MLDSA44_public_key *public_key) {
   return bcm_as_approved_status(mldsa_marshal_public_key(
       out, mldsa::public_key_from_external_44(public_key)));
 }
 
-int BCM_mldsa44_public_keys_equal(const MLDSA44_public_key *a,
-                                  const MLDSA44_public_key *b) {
+int bssl::BCM_mldsa44_public_keys_equal(const MLDSA44_public_key *a,
+                                        const MLDSA44_public_key *b) {
   auto *a_pub = mldsa::public_key_from_external_44(a);
   auto *b_pub = mldsa::public_key_from_external_44(b);
   // It is sufficient to compare |public_key_hash|. When importing a public key,
diff --git a/crypto/fipsmodule/mlkem/mlkem.cc.inc b/crypto/fipsmodule/mlkem/mlkem.cc.inc
index 838c52b..5cd82a4 100644
--- a/crypto/fipsmodule/mlkem/mlkem.cc.inc
+++ b/crypto/fipsmodule/mlkem/mlkem.cc.inc
@@ -1074,7 +1074,8 @@
 }  // namespace
 }  // namespace mlkem
 
-bcm_status BCM_mlkem768_check_fips(const MLKEM768_private_key *private_key) {
+bcm_status bssl::BCM_mlkem768_check_fips(
+    const MLKEM768_private_key *private_key) {
   const mlkem::private_key<RANK768> *priv =
       mlkem::private_key_768_from_external(private_key);
 
@@ -1097,7 +1098,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem768_generate_key_fips(
+bcm_status bssl::BCM_mlkem768_generate_key_fips(
     uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
     uint8_t optional_out_seed[MLKEM_SEED_BYTES],
     MLKEM768_private_key *out_private_key) {
@@ -1109,7 +1110,7 @@
   return BCM_mlkem768_check_fips(out_private_key);
 }
 
-bcm_infallible BCM_mlkem768_generate_key(
+bcm_infallible bssl::BCM_mlkem768_generate_key(
     uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
     uint8_t optional_out_seed[MLKEM_SEED_BYTES],
     MLKEM768_private_key *out_private_key) {
@@ -1124,7 +1125,7 @@
   return bcm_infallible::not_approved;
 }
 
-bcm_status BCM_mlkem768_private_key_from_seed(
+bcm_status bssl::BCM_mlkem768_private_key_from_seed(
     MLKEM768_private_key *out_private_key, const uint8_t *seed,
     size_t seed_len) {
   if (seed_len != MLKEM_SEED_BYTES) {
@@ -1137,7 +1138,8 @@
   return bcm_status::not_approved;
 }
 
-bcm_status BCM_mlkem1024_check_fips(const MLKEM1024_private_key *private_key) {
+bcm_status bssl::BCM_mlkem1024_check_fips(
+    const MLKEM1024_private_key *private_key) {
   const mlkem::private_key<RANK1024> *priv =
       mlkem::private_key_1024_from_external(private_key);
 
@@ -1160,7 +1162,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem1024_generate_key_fips(
+bcm_status bssl::BCM_mlkem1024_generate_key_fips(
     uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
     uint8_t optional_out_seed[MLKEM_SEED_BYTES],
     MLKEM1024_private_key *out_private_key) {
@@ -1172,7 +1174,7 @@
   return BCM_mlkem1024_check_fips(out_private_key);
 }
 
-bcm_infallible BCM_mlkem1024_generate_key(
+bcm_infallible bssl::BCM_mlkem1024_generate_key(
     uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
     uint8_t optional_out_seed[MLKEM_SEED_BYTES],
     MLKEM1024_private_key *out_private_key) {
@@ -1187,7 +1189,7 @@
   return bcm_infallible::not_approved;
 }
 
-bcm_status BCM_mlkem1024_private_key_from_seed(
+bcm_status bssl::BCM_mlkem1024_private_key_from_seed(
     MLKEM1024_private_key *out_private_key, const uint8_t *seed,
     size_t seed_len) {
   if (seed_len != MLKEM_SEED_BYTES) {
@@ -1199,7 +1201,7 @@
   return bcm_status::not_approved;
 }
 
-bcm_infallible BCM_mlkem768_generate_key_external_seed(
+bcm_infallible bssl::BCM_mlkem768_generate_key_external_seed(
     uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
     MLKEM768_private_key *out_private_key,
     const uint8_t seed[MLKEM_SEED_BYTES]) {
@@ -1209,7 +1211,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_mlkem1024_generate_key_external_seed(
+bcm_infallible bssl::BCM_mlkem1024_generate_key_external_seed(
     uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
     MLKEM1024_private_key *out_private_key,
     const uint8_t seed[MLKEM_SEED_BYTES]) {
@@ -1219,7 +1221,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_mlkem768_public_from_private(
+bcm_infallible bssl::BCM_mlkem768_public_from_private(
     MLKEM768_public_key *out_public_key,
     const MLKEM768_private_key *private_key) {
   mlkem::public_key<RANK768> *const pub =
@@ -1230,7 +1232,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_mlkem1024_public_from_private(
+bcm_infallible bssl::BCM_mlkem1024_public_from_private(
     MLKEM1024_public_key *out_public_key,
     const MLKEM1024_private_key *private_key) {
   mlkem::public_key<RANK1024> *const pub =
@@ -1243,7 +1245,7 @@
 
 // Calls |MLKEM768_encap_external_entropy| with random bytes from
 // |BCM_rand_bytes|
-bcm_infallible BCM_mlkem768_encap(
+bcm_infallible bssl::BCM_mlkem768_encap(
     uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
     uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
     const MLKEM768_public_key *public_key) {
@@ -1255,7 +1257,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_mlkem1024_encap(
+bcm_infallible bssl::BCM_mlkem1024_encap(
     uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
     uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
     const MLKEM1024_public_key *public_key) {
@@ -1267,7 +1269,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_mlkem768_encap_external_entropy(
+bcm_infallible bssl::BCM_mlkem768_encap_external_entropy(
     uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
     uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
     const MLKEM768_public_key *public_key,
@@ -1278,7 +1280,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_mlkem1024_encap_external_entropy(
+bcm_infallible bssl::BCM_mlkem1024_encap_external_entropy(
     uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
     uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
     const MLKEM1024_public_key *public_key,
@@ -1289,7 +1291,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_status BCM_mlkem768_decap(
+bcm_status bssl::BCM_mlkem768_decap(
     uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
     const uint8_t *ciphertext, size_t ciphertext_len,
     const MLKEM768_private_key *private_key) {
@@ -1303,7 +1305,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem1024_decap(
+bcm_status bssl::BCM_mlkem1024_decap(
     uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
     const uint8_t *ciphertext, size_t ciphertext_len,
     const MLKEM1024_private_key *private_key) {
@@ -1317,20 +1319,20 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem768_marshal_public_key(
+bcm_status bssl::BCM_mlkem768_marshal_public_key(
     CBB *out, const MLKEM768_public_key *public_key) {
   return mlkem_marshal_public_key(
       out, mlkem::public_key_768_from_external(public_key));
 }
 
-bcm_status BCM_mlkem1024_marshal_public_key(
+bcm_status bssl::BCM_mlkem1024_marshal_public_key(
     CBB *out, const MLKEM1024_public_key *public_key) {
   return mlkem_marshal_public_key(
       out, mlkem::public_key_1024_from_external(public_key));
 }
 
-bcm_status BCM_mlkem768_parse_public_key(MLKEM768_public_key *public_key,
-                                         CBS *in) {
+bcm_status bssl::BCM_mlkem768_parse_public_key(MLKEM768_public_key *public_key,
+                                               CBS *in) {
   mlkem::public_key<RANK768> *pub =
       mlkem::public_key_768_from_external(public_key);
   if (!mlkem_parse_public_key(pub, in)) {
@@ -1339,8 +1341,8 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem1024_parse_public_key(MLKEM1024_public_key *public_key,
-                                          CBS *in) {
+bcm_status bssl::BCM_mlkem1024_parse_public_key(
+    MLKEM1024_public_key *public_key, CBS *in) {
   mlkem::public_key<RANK1024> *pub =
       mlkem::public_key_1024_from_external(public_key);
   if (!mlkem_parse_public_key(pub, in)) {
@@ -1349,7 +1351,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem768_marshal_private_key(
+bcm_status bssl::BCM_mlkem768_marshal_private_key(
     CBB *out, const MLKEM768_private_key *private_key) {
   const mlkem::private_key<RANK768> *const priv =
       mlkem::private_key_768_from_external(private_key);
@@ -1359,7 +1361,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem1024_marshal_private_key(
+bcm_status bssl::BCM_mlkem1024_marshal_private_key(
     CBB *out, const MLKEM1024_private_key *private_key) {
   const mlkem::private_key<RANK1024> *const priv =
       mlkem::private_key_1024_from_external(private_key);
@@ -1369,8 +1371,8 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem768_parse_private_key(MLKEM768_private_key *out_private_key,
-                                          CBS *in) {
+bcm_status bssl::BCM_mlkem768_parse_private_key(
+    MLKEM768_private_key *out_private_key, CBS *in) {
   mlkem::private_key<RANK768> *const priv =
       mlkem::private_key_768_from_external(out_private_key);
   if (!mlkem_parse_private_key(priv, in)) {
@@ -1379,7 +1381,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_mlkem1024_parse_private_key(
+bcm_status bssl::BCM_mlkem1024_parse_private_key(
     MLKEM1024_private_key *out_private_key, CBS *in) {
   mlkem::private_key<RANK1024> *const priv =
       mlkem::private_key_1024_from_external(out_private_key);
diff --git a/crypto/fipsmodule/rand/rand.cc.inc b/crypto/fipsmodule/rand/rand.cc.inc
index f7a2c58..da47583 100644
--- a/crypto/fipsmodule/rand/rand.cc.inc
+++ b/crypto/fipsmodule/rand/rand.cc.inc
@@ -172,7 +172,7 @@
 
 #endif
 
-bcm_status BCM_rand_bytes_hwrng(uint8_t *buf, const size_t len) {
+bcm_status bssl::BCM_rand_bytes_hwrng(uint8_t *buf, const size_t len) {
   if (!have_rdrand()) {
     return bcm_status::failure;
   }
@@ -203,8 +203,9 @@
 DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer, {})
 DEFINE_STATIC_MUTEX(entropy_buffer_lock)
 
-bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len,
-                                     int want_additional_input) {
+bcm_infallible bssl::BCM_rand_load_entropy(const uint8_t *entropy,
+                                           size_t entropy_len,
+                                           int want_additional_input) {
   struct entropy_buffer *const buffer = entropy_buffer_bss_get();
 
   CRYPTO_MUTEX_lock_write(entropy_buffer_lock_bss_get());
@@ -332,7 +333,7 @@
 
 #endif
 
-bcm_infallible BCM_rand_bytes_with_additional_data(
+bcm_infallible bssl::BCM_rand_bytes_with_additional_data(
     uint8_t *out, size_t out_len, const uint8_t user_additional_data[32]) {
   if (out_len == 0) {
     return bcm_infallible::approved;
@@ -474,7 +475,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_rand_bytes(uint8_t *out, size_t out_len) {
+bcm_infallible bssl::BCM_rand_bytes(uint8_t *out, size_t out_len) {
   static const uint8_t kZeroAdditionalData[32] = {0};
   BCM_rand_bytes_with_additional_data(out, out_len, kZeroAdditionalData);
   return bcm_infallible::approved;
diff --git a/crypto/fipsmodule/sha/sha1.cc.inc b/crypto/fipsmodule/sha/sha1.cc.inc
index 68bf91f..ce962d3 100644
--- a/crypto/fipsmodule/sha/sha1.cc.inc
+++ b/crypto/fipsmodule/sha/sha1.cc.inc
@@ -26,7 +26,7 @@
 
 using namespace bssl;
 
-bcm_infallible BCM_sha1_init(SHA_CTX *sha) {
+bcm_infallible bssl::BCM_sha1_init(SHA_CTX *sha) {
   OPENSSL_memset(sha, 0, sizeof(SHA_CTX));
   sha->h[0] = 0x67452301UL;
   sha->h[1] = 0xefcdab89UL;
@@ -41,7 +41,8 @@
                                   size_t num);
 #endif
 
-bcm_infallible BCM_sha1_transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]) {
+bcm_infallible bssl::BCM_sha1_transform(SHA_CTX *c,
+                                        const uint8_t data[SHA_CBLOCK]) {
   sha1_block_data_order(c->h, data, 1);
   return bcm_infallible::approved;
 }
@@ -58,7 +59,7 @@
 };
 }  // namespace
 
-bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) {
+bcm_infallible bssl::BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) {
   crypto_md32_update<SHA1Traits>(c,
                                  Span(static_cast<const uint8_t *>(data), len));
   return bcm_infallible::approved;
@@ -73,15 +74,16 @@
   CRYPTO_store_u32_be(out + 16, ctx->h[4]);
 }
 
-bcm_infallible BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c) {
+bcm_infallible bssl::BCM_sha1_final(uint8_t out[SHA_DIGEST_LENGTH],
+                                    SHA_CTX *c) {
   crypto_md32_final<SHA1Traits>(c);
   sha1_output_state(out, c);
   FIPS_service_indicator_update_state();
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len,
-                                  const uint8_t xkey[SHA_DIGEST_LENGTH]) {
+bcm_infallible bssl::BCM_fips_186_2_prf(uint8_t *out, size_t out_len,
+                                        const uint8_t xkey[SHA_DIGEST_LENGTH]) {
   // XKEY and XVAL are 160-bit values, but are internally right-padded up to
   // block size. See FIPS 186-2, Appendix 3.3. This buffer maintains both the
   // current value of XKEY and the padding.
diff --git a/crypto/fipsmodule/sha/sha256.cc.inc b/crypto/fipsmodule/sha/sha256.cc.inc
index ed6f3b4..00a278e 100644
--- a/crypto/fipsmodule/sha/sha256.cc.inc
+++ b/crypto/fipsmodule/sha/sha256.cc.inc
@@ -26,7 +26,7 @@
 
 using namespace bssl;
 
-bcm_infallible BCM_sha224_init(SHA256_CTX *sha) {
+bcm_infallible bssl::BCM_sha224_init(SHA256_CTX *sha) {
   OPENSSL_memset(sha, 0, sizeof(SHA256_CTX));
   sha->h[0] = 0xc1059ed8UL;
   sha->h[1] = 0x367cd507UL;
@@ -40,7 +40,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_sha256_init(SHA256_CTX *sha) {
+bcm_infallible bssl::BCM_sha256_init(SHA256_CTX *sha) {
   OPENSSL_memset(sha, 0, sizeof(SHA256_CTX));
   sha->h[0] = 0x6a09e667UL;
   sha->h[1] = 0xbb67ae85UL;
@@ -59,8 +59,8 @@
                                     size_t num);
 #endif
 
-bcm_infallible BCM_sha256_transform(SHA256_CTX *c,
-                                    const uint8_t data[SHA256_CBLOCK]) {
+bcm_infallible bssl::BCM_sha256_transform(SHA256_CTX *c,
+                                          const uint8_t data[SHA256_CBLOCK]) {
   sha256_block_data_order(c->h, data, 1);
   return bcm_infallible::approved;
 }
@@ -77,14 +77,15 @@
 };
 }  // namespace
 
-bcm_infallible BCM_sha256_update(SHA256_CTX *c, const void *data, size_t len) {
+bcm_infallible bssl::BCM_sha256_update(SHA256_CTX *c, const void *data,
+                                       size_t len) {
   crypto_md32_update<SHA256Traits>(
       c, Span(static_cast<const uint8_t *>(data), len));
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_sha224_update(SHA256_CTX *ctx, const void *data,
-                                 size_t len) {
+bcm_infallible bssl::BCM_sha224_update(SHA256_CTX *ctx, const void *data,
+                                       size_t len) {
   return BCM_sha256_update(ctx, data, len);
 }
 
@@ -103,8 +104,8 @@
   FIPS_service_indicator_update_state();
 }
 
-bcm_infallible BCM_sha256_final(uint8_t out[SHA256_DIGEST_LENGTH],
-                                SHA256_CTX *c) {
+bcm_infallible bssl::BCM_sha256_final(uint8_t out[SHA256_DIGEST_LENGTH],
+                                      SHA256_CTX *c) {
   // Ideally we would assert |sha->md_len| is |SHA256_DIGEST_LENGTH| tomatch the
   // size hint, but calling code often pairs |SHA224_Init| with |SHA256_Final|
   // and expects |sha->md_len| to carry the size over.
@@ -114,8 +115,8 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_sha224_final(uint8_t out[SHA224_DIGEST_LENGTH],
-                                SHA256_CTX *ctx) {
+bcm_infallible bssl::BCM_sha224_final(uint8_t out[SHA224_DIGEST_LENGTH],
+                                      SHA256_CTX *ctx) {
   // This function must be paired with |SHA224_Init|, which sets |ctx->md_len|
   // to |SHA224_DIGEST_LENGTH|.
   assert(ctx->md_len == SHA224_DIGEST_LENGTH);
@@ -295,9 +296,9 @@
 #endif  // !defined(SHA256_ASM)
 
 
-bcm_infallible BCM_sha256_transform_blocks(uint32_t state[8],
-                                           const uint8_t *data,
-                                           size_t num_blocks) {
+bcm_infallible bssl::BCM_sha256_transform_blocks(uint32_t state[8],
+                                                 const uint8_t *data,
+                                                 size_t num_blocks) {
   sha256_block_data_order(state, data, num_blocks);
   return bcm_infallible::approved;
 }
diff --git a/crypto/fipsmodule/sha/sha512.cc.inc b/crypto/fipsmodule/sha/sha512.cc.inc
index ed11237..f2282f4 100644
--- a/crypto/fipsmodule/sha/sha512.cc.inc
+++ b/crypto/fipsmodule/sha/sha512.cc.inc
@@ -32,7 +32,7 @@
 
 static void sha512_final_impl(uint8_t *out, size_t md_len, SHA512_CTX *sha);
 
-bcm_infallible BCM_sha384_init(SHA512_CTX *sha) {
+bcm_infallible bssl::BCM_sha384_init(SHA512_CTX *sha) {
   sha->h[0] = UINT64_C(0xcbbb9d5dc1059ed8);
   sha->h[1] = UINT64_C(0x629a292a367cd507);
   sha->h[2] = UINT64_C(0x9159015a3070dd17);
@@ -50,7 +50,7 @@
 }
 
 
-bcm_infallible BCM_sha512_init(SHA512_CTX *sha) {
+bcm_infallible bssl::BCM_sha512_init(SHA512_CTX *sha) {
   sha->h[0] = UINT64_C(0x6a09e667f3bcc908);
   sha->h[1] = UINT64_C(0xbb67ae8584caa73b);
   sha->h[2] = UINT64_C(0x3c6ef372fe94f82b);
@@ -67,7 +67,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_sha512_256_init(SHA512_CTX *sha) {
+bcm_infallible bssl::BCM_sha512_256_init(SHA512_CTX *sha) {
   sha->h[0] = UINT64_C(0x22312194fc2bf72c);
   sha->h[1] = UINT64_C(0x9f555fa3c84c64c2);
   sha->h[2] = UINT64_C(0x2393b86b6f53b151);
@@ -90,8 +90,8 @@
 #endif
 
 
-bcm_infallible BCM_sha384_final(uint8_t out[SHA384_DIGEST_LENGTH],
-                                SHA512_CTX *sha) {
+bcm_infallible bssl::BCM_sha384_final(uint8_t out[SHA384_DIGEST_LENGTH],
+                                      SHA512_CTX *sha) {
   // This function must be paired with |BCM_sha384_init|, which sets
   // |sha->md_len| to |SHA384_DIGEST_LENGTH|.
   assert(sha->md_len == SHA384_DIGEST_LENGTH);
@@ -99,18 +99,18 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_sha384_update(SHA512_CTX *sha, const void *data,
-                                 size_t len) {
+bcm_infallible bssl::BCM_sha384_update(SHA512_CTX *sha, const void *data,
+                                       size_t len) {
   return BCM_sha512_update(sha, data, len);
 }
 
-bcm_infallible BCM_sha512_256_update(SHA512_CTX *sha, const void *data,
-                                     size_t len) {
+bcm_infallible bssl::BCM_sha512_256_update(SHA512_CTX *sha, const void *data,
+                                           size_t len) {
   return BCM_sha512_update(sha, data, len);
 }
 
-bcm_infallible BCM_sha512_256_final(uint8_t out[SHA512_256_DIGEST_LENGTH],
-                                    SHA512_CTX *sha) {
+bcm_infallible bssl::BCM_sha512_256_final(uint8_t out[SHA512_256_DIGEST_LENGTH],
+                                          SHA512_CTX *sha) {
   // This function must be paired with |BCM_sha512_256_init|, which sets
   // |sha->md_len| to |SHA512_256_DIGEST_LENGTH|.
   assert(sha->md_len == SHA512_256_DIGEST_LENGTH);
@@ -118,14 +118,14 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_sha512_transform(SHA512_CTX *c,
-                                    const uint8_t block[SHA512_CBLOCK]) {
+bcm_infallible bssl::BCM_sha512_transform(SHA512_CTX *c,
+                                          const uint8_t block[SHA512_CBLOCK]) {
   sha512_block_data_order(c->h, block, 1);
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_sha512_update(SHA512_CTX *c, const void *in_data,
-                                 size_t len) {
+bcm_infallible bssl::BCM_sha512_update(SHA512_CTX *c, const void *in_data,
+                                       size_t len) {
   uint8_t *p = c->p;
   const uint8_t *data = reinterpret_cast<const uint8_t *>(in_data);
 
@@ -168,8 +168,8 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_sha512_final(uint8_t out[SHA512_DIGEST_LENGTH],
-                                SHA512_CTX *sha) {
+bcm_infallible bssl::BCM_sha512_final(uint8_t out[SHA512_DIGEST_LENGTH],
+                                      SHA512_CTX *sha) {
   // Ideally we would assert |sha->md_len| is |SHA512_DIGEST_LENGTH| to match
   // the size hint, but calling code often pairs |BCM_sha384_init| with
   // |BCM_sha512_final| and expects |sha->md_len| to carry the size over.
diff --git a/crypto/fipsmodule/slhdsa/slhdsa.cc.inc b/crypto/fipsmodule/slhdsa/slhdsa.cc.inc
index 51854a6..b48f8fb 100644
--- a/crypto/fipsmodule/slhdsa/slhdsa.cc.inc
+++ b/crypto/fipsmodule/slhdsa/slhdsa.cc.inc
@@ -307,7 +307,7 @@
 
 }  // namespace
 
-bcm_infallible BCM_slhdsa_sha2_128s_generate_key_from_seed(
+bcm_infallible bssl::BCM_slhdsa_sha2_128s_generate_key_from_seed(
     uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
     uint8_t out_secret_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
     const uint8_t seed[3 * BCM_SLHDSA_SHA2_128S_N]) {
@@ -316,7 +316,7 @@
       &kSLHDSAConfigSHA2_128s, out_public_key, out_secret_key, seed);
 }
 
-bcm_infallible BCM_slhdsa_shake_256f_generate_key_from_seed(
+bcm_infallible bssl::BCM_slhdsa_shake_256f_generate_key_from_seed(
     uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES],
     uint8_t out_secret_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES],
     const uint8_t seed[3 * BCM_SLHDSA_SHAKE_256F_N]) {
@@ -325,7 +325,7 @@
       &kSLHDSAConfigSHAKE_256f, out_public_key, out_secret_key, seed);
 }
 
-bcm_status BCM_slhdsa_sha2_128s_generate_key_from_seed_fips(
+bcm_status bssl::BCM_slhdsa_sha2_128s_generate_key_from_seed_fips(
     uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
     uint8_t out_secret_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
     const uint8_t seed[3 * BCM_SLHDSA_SHA2_128S_N]) {
@@ -337,7 +337,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_slhdsa_shake_256f_generate_key_from_seed_fips(
+bcm_status bssl::BCM_slhdsa_shake_256f_generate_key_from_seed_fips(
     uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES],
     uint8_t out_secret_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES],
     const uint8_t seed[3 * BCM_SLHDSA_SHAKE_256F_N]) {
@@ -349,7 +349,7 @@
   return bcm_status::approved;
 }
 
-bcm_infallible BCM_slhdsa_sha2_128s_generate_key(
+bcm_infallible bssl::BCM_slhdsa_sha2_128s_generate_key(
     uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
     uint8_t out_private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES]) {
   uint8_t seed[3 * BCM_SLHDSA_SHA2_128S_N];
@@ -358,7 +358,7 @@
                                                      out_private_key, seed);
 }
 
-bcm_infallible BCM_slhdsa_shake_256f_generate_key(
+bcm_infallible bssl::BCM_slhdsa_shake_256f_generate_key(
     uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES],
     uint8_t out_private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES]) {
   uint8_t seed[3 * BCM_SLHDSA_SHAKE_256F_N];
@@ -367,7 +367,7 @@
                                                       out_private_key, seed);
 }
 
-bcm_status BCM_slhdsa_sha2_128s_generate_key_fips(
+bcm_status bssl::BCM_slhdsa_sha2_128s_generate_key_fips(
     uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
     uint8_t out_private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES]) {
   if (out_public_key == nullptr || out_private_key == nullptr) {
@@ -377,7 +377,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_slhdsa_shake_256f_generate_key_fips(
+bcm_status bssl::BCM_slhdsa_shake_256f_generate_key_fips(
     uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES],
     uint8_t out_private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES]) {
   if (out_public_key == nullptr || out_private_key == nullptr) {
@@ -387,7 +387,7 @@
   return bcm_status::approved;
 }
 
-bcm_infallible BCM_slhdsa_sha2_128s_public_from_private(
+bcm_infallible bssl::BCM_slhdsa_sha2_128s_public_from_private(
     uint8_t out_public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
     const uint8_t private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES]) {
   OPENSSL_memcpy(out_public_key, private_key + 2 * BCM_SLHDSA_SHA2_128S_N,
@@ -395,7 +395,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_infallible BCM_slhdsa_shake_256f_public_from_private(
+bcm_infallible bssl::BCM_slhdsa_shake_256f_public_from_private(
     uint8_t out_public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES],
     const uint8_t private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES]) {
   OPENSSL_memcpy(out_public_key, private_key + 2 * BCM_SLHDSA_SHAKE_256F_N,
@@ -403,7 +403,7 @@
   return bcm_infallible::approved;
 }
 
-bcm_status BCM_slhdsa_sha2_128s_sign(
+bcm_status bssl::BCM_slhdsa_sha2_128s_sign(
     uint8_t out_signature[BCM_SLHDSA_SHA2_128S_SIGNATURE_BYTES],
     const uint8_t private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
     const uint8_t *msg, size_t msg_len, const uint8_t *context,
@@ -425,7 +425,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_slhdsa_shake_256f_sign(
+bcm_status bssl::BCM_slhdsa_shake_256f_sign(
     uint8_t out_signature[BCM_SLHDSA_SHAKE_256F_SIGNATURE_BYTES],
     const uint8_t private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES],
     const uint8_t *msg, size_t msg_len, const uint8_t *context,
@@ -493,7 +493,7 @@
   return 1;
 }
 
-bcm_infallible BCM_slhdsa_sha2_128s_sign_internal(
+bcm_infallible bssl::BCM_slhdsa_sha2_128s_sign_internal(
     uint8_t out_signature[BCM_SLHDSA_SHA2_128S_SIGNATURE_BYTES],
     const uint8_t secret_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
     const uint8_t header[BCM_SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context,
@@ -505,7 +505,7 @@
                                     msg, msg_len, entropy);
 }
 
-bcm_infallible BCM_slhdsa_shake_256f_sign_internal(
+bcm_infallible bssl::BCM_slhdsa_shake_256f_sign_internal(
     uint8_t out_signature[BCM_SLHDSA_SHAKE_256F_SIGNATURE_BYTES],
     const uint8_t secret_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES],
     const uint8_t header[BCM_SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context,
@@ -517,7 +517,7 @@
                                     msg, msg_len, entropy);
 }
 
-bcm_status BCM_slhdsa_sha2_128s_prehash_sign(
+bcm_status bssl::BCM_slhdsa_sha2_128s_prehash_sign(
     uint8_t out_signature[BCM_SLHDSA_SHA2_128S_SIGNATURE_BYTES],
     const uint8_t private_key[BCM_SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES],
     const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid,
@@ -546,7 +546,7 @@
   return bcm_status::approved;
 }
 
-bcm_status BCM_slhdsa_shake_256f_prehash_sign(
+bcm_status bssl::BCM_slhdsa_shake_256f_prehash_sign(
     uint8_t out_signature[BCM_SLHDSA_SHAKE_256F_SIGNATURE_BYTES],
     const uint8_t private_key[BCM_SLHDSA_SHAKE_256F_PRIVATE_KEY_BYTES],
     const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid,
@@ -576,7 +576,7 @@
 }
 
 // Implements Algorithm 24: slh_verify function (Section 10.3, page 41)
-bcm_status BCM_slhdsa_sha2_128s_verify(
+bcm_status bssl::BCM_slhdsa_sha2_128s_verify(
     const uint8_t *signature, size_t signature_len,
     const uint8_t public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
     const uint8_t *msg, size_t msg_len, const uint8_t *context,
@@ -595,7 +595,7 @@
       context_len, msg, msg_len);
 }
 
-bcm_status BCM_slhdsa_shake_256f_verify(
+bcm_status bssl::BCM_slhdsa_shake_256f_verify(
     const uint8_t *signature, size_t signature_len,
     const uint8_t public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES],
     const uint8_t *msg, size_t msg_len, const uint8_t *context,
@@ -613,7 +613,7 @@
       context_len, msg, msg_len);
 }
 
-bcm_status BCM_slhdsa_sha2_128s_prehash_verify(
+bcm_status bssl::BCM_slhdsa_sha2_128s_prehash_verify(
     const uint8_t *signature, size_t signature_len,
     const uint8_t public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
     const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid,
@@ -639,7 +639,7 @@
       context_and_oid_len, hashed_msg, hashed_msg_len);
 }
 
-bcm_status BCM_slhdsa_shake_256f_prehash_verify(
+bcm_status bssl::BCM_slhdsa_shake_256f_prehash_verify(
     const uint8_t *signature, size_t signature_len,
     const uint8_t public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES],
     const uint8_t *hashed_msg, size_t hashed_msg_len, int hash_nid,
@@ -665,7 +665,7 @@
       context_and_oid_len, hashed_msg, hashed_msg_len);
 }
 
-bcm_status BCM_slhdsa_sha2_128s_verify_internal(
+bcm_status bssl::BCM_slhdsa_sha2_128s_verify_internal(
     const uint8_t *signature, size_t signature_len,
     const uint8_t public_key[BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],
     const uint8_t header[BCM_SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context,
@@ -676,7 +676,7 @@
                          msg_len);
 }
 
-bcm_status BCM_slhdsa_shake_256f_verify_internal(
+bcm_status bssl::BCM_slhdsa_shake_256f_verify_internal(
     const uint8_t *signature, size_t signature_len,
     const uint8_t public_key[BCM_SLHDSA_SHAKE_256F_PUBLIC_KEY_BYTES],
     const uint8_t header[BCM_SLHDSA_M_PRIME_HEADER_LEN], const uint8_t *context,
diff --git a/crypto/mldsa/mldsa.cc b/crypto/mldsa/mldsa.cc
index 7b7c605..f17ab88 100644
--- a/crypto/mldsa/mldsa.cc
+++ b/crypto/mldsa/mldsa.cc
@@ -16,6 +16,9 @@
 
 #include "../fipsmodule/bcm_interface.h"
 
+
+using namespace bssl;
+
 int MLDSA65_generate_key(
     uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
     uint8_t out_seed[MLDSA_SEED_BYTES],
diff --git a/crypto/mldsa/mldsa_test.cc b/crypto/mldsa/mldsa_test.cc
index 53587a5..f774153 100644
--- a/crypto/mldsa/mldsa_test.cc
+++ b/crypto/mldsa/mldsa_test.cc
@@ -32,12 +32,13 @@
 #include "../test/wycheproof_util.h"
 
 
+BSSL_NAMESPACE_BEGIN
 namespace {
 
 template <typename T>
 std::vector<uint8_t> Marshal(bcm_status (*marshal_func)(CBB *, const T *),
                              const T *t) {
-  bssl::ScopedCBB cbb;
+  ScopedCBB cbb;
   uint8_t *encoded;
   size_t encoded_len;
   if (!CBB_init(cbb.get(), 1) ||                             //
@@ -311,13 +312,12 @@
       MLDSA65_generate_key(encoded_public_key.data(), seed, priv.get()));
 
   // Public key is 1 byte too short.
-  CBS cbs =
-      CBS(bssl::Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES - 1));
+  CBS cbs = CBS(Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES - 1));
   auto parsed_pub = std::make_unique<MLDSA65_public_key>();
   EXPECT_FALSE(MLDSA65_parse_public_key(parsed_pub.get(), &cbs));
 
   // Public key has the correct length.
-  cbs = CBS(bssl::Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES));
+  cbs = CBS(Span(encoded_public_key).first(MLDSA65_PUBLIC_KEY_BYTES));
   EXPECT_TRUE(MLDSA65_parse_public_key(parsed_pub.get(), &cbs));
 
   // Public key is 1 byte too long.
@@ -711,3 +711,4 @@
 }
 
 }  // namespace
+BSSL_NAMESPACE_END
diff --git a/crypto/mlkem/mlkem.cc b/crypto/mlkem/mlkem.cc
index 505414b..5728be6 100644
--- a/crypto/mlkem/mlkem.cc
+++ b/crypto/mlkem/mlkem.cc
@@ -17,6 +17,8 @@
 #include "../fipsmodule/bcm_interface.h"
 
 
+using namespace bssl;
+
 void MLKEM768_generate_key(
     uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
     uint8_t optional_out_seed[MLKEM_SEED_BYTES],
diff --git a/crypto/sha/sha1.cc b/crypto/sha/sha1.cc
index c2c9494..6b06961 100644
--- a/crypto/sha/sha1.cc
+++ b/crypto/sha/sha1.cc
@@ -18,6 +18,9 @@
 
 #include "../fipsmodule/bcm_interface.h"
 
+
+using namespace bssl;
+
 int SHA1_Init(SHA_CTX *sha) {
   BCM_sha1_init(sha);
   return 1;
diff --git a/crypto/sha/sha256.cc b/crypto/sha/sha256.cc
index b3f40ce..3ef66bc 100644
--- a/crypto/sha/sha256.cc
+++ b/crypto/sha/sha256.cc
@@ -19,6 +19,8 @@
 #include "../fipsmodule/bcm_interface.h"
 
 
+using namespace bssl;
+
 int SHA224_Init(SHA256_CTX *sha) {
   BCM_sha224_init(sha);
   return 1;
diff --git a/crypto/sha/sha512.cc b/crypto/sha/sha512.cc
index 5ea8442..afb5516 100644
--- a/crypto/sha/sha512.cc
+++ b/crypto/sha/sha512.cc
@@ -19,6 +19,8 @@
 #include "../fipsmodule/bcm_interface.h"
 
 
+using namespace bssl;
+
 int SHA384_Init(SHA512_CTX *sha) {
   BCM_sha384_init(sha);
   return 1;
diff --git a/crypto/slhdsa/slhdsa.cc b/crypto/slhdsa/slhdsa.cc
index a593e81..ff47073 100644
--- a/crypto/slhdsa/slhdsa.cc
+++ b/crypto/slhdsa/slhdsa.cc
@@ -19,6 +19,8 @@
 #include "../fipsmodule/bcm_interface.h"
 
 
+using namespace bssl;
+
 static_assert(SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES ==
               BCM_SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES);
 static_assert(SLHDSA_SHA2_128S_PRIVATE_KEY_BYTES ==
diff --git a/crypto/slhdsa/slhdsa_test.cc b/crypto/slhdsa/slhdsa_test.cc
index 2013381..6acf5a8 100644
--- a/crypto/slhdsa/slhdsa_test.cc
+++ b/crypto/slhdsa/slhdsa_test.cc
@@ -26,6 +26,7 @@
 #include "../test/file_test.h"
 #include "../test/test_util.h"
 
+BSSL_NAMESPACE_BEGIN
 namespace {
 
 TEST(SLHDSATest, KeyGenerationSHA2) {
@@ -342,3 +343,4 @@
 }
 
 }  // namespace
+BSSL_NAMESPACE_END