diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
index e61a5df089362..0c32e014264ee 100644
--- a/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
@@ -47,7 +47,7 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
     k = BN_new();
     l = BN_new();
     m = BN_new();
-    ctx = BN_CTX_new();
+    ctx = BN_CTX_new_ex(key->libctx);
     if (i == NULL || j == NULL || k == NULL || l == NULL
             || m == NULL || ctx == NULL) {
         ret = -1;
@@ -65,13 +65,13 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
     }
 
     /* p prime? */
-    if (BN_check_prime(key->p, NULL, cb) != 1) {
+    if (BN_check_prime(key->p, ctx, cb) != 1) {
         ret = 0;
         ERR_raise(ERR_LIB_RSA, RSA_R_P_NOT_PRIME);
     }
 
     /* q prime? */
-    if (BN_check_prime(key->q, NULL, cb) != 1) {
+    if (BN_check_prime(key->q, ctx, cb) != 1) {
         ret = 0;
         ERR_raise(ERR_LIB_RSA, RSA_R_Q_NOT_PRIME);
     }
@@ -79,7 +79,7 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
     /* r_i prime? */
     for (idx = 0; idx < ex_primes; idx++) {
         pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
-        if (BN_check_prime(pinfo->r, NULL, cb) != 1) {
+        if (BN_check_prime(pinfo->r, ctx, cb) != 1) {
             ret = 0;
             ERR_raise(ERR_LIB_RSA, RSA_R_MP_R_NOT_PRIME);
         }
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index ccd07c33fbb4a..a2192df575c61 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -103,7 +103,7 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes,
         goto err;
     }
 
-    ctx = BN_CTX_new();
+    ctx = BN_CTX_new_ex(rsa->libctx);
     if (ctx == NULL)
         goto err;
     BN_CTX_start(ctx);
@@ -187,7 +187,8 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes,
 
         for (;;) {
  redo:
-            if (!BN_generate_prime_ex(prime, bitsr[i] + adj, 0, NULL, NULL, cb))
+            if (!BN_generate_prime_ex2(prime, bitsr[i] + adj, 0, NULL, NULL,
+                                       cb, ctx))
                 goto err;
             /*
              * prime should not be equal to p, q, r_3...
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index cadc8ae201a16..2b8b10e25dac7 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -187,7 +187,7 @@ int ossl_sm2_encrypt(const EC_KEY *key,
 
     memset(ciphertext_buf, 0, *ciphertext_len);
 
-    if (!BN_priv_rand_range(k, order)) {
+    if (!BN_priv_rand_range_ex(k, order, ctx)) {
         ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR);
         goto done;
     }