[tor-commits] [tor/master] Rename nonconformant identifiers.

nickm at torproject.org nickm at torproject.org
Wed Jan 18 20:55:31 UTC 2012


commit 26e789fbfd4e5a7e2789c1577e8eb967de3eba86
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Jan 18 15:53:30 2012 -0500

    Rename nonconformant identifiers.
    
    Fixes bug 4893.
    
    These changes are pure mechanical, and were generated with this
    perl script:
    
      /usr/bin/perl -w -i.bak -p
    
      s/crypto_pk_env_t/crypto_pk_t/g;
      s/crypto_dh_env_t/crypto_dh_t/g;
      s/crypto_cipher_env_t/crypto_cipher_t/g;
      s/crypto_digest_env_t/crypto_digest_t/g;
    
      s/aes_free_cipher/aes_cipher_free/g;
      s/crypto_free_cipher_env/crypto_cipher_free/g;
      s/crypto_free_digest_env/crypto_digest_free/g;
      s/crypto_free_pk_env/crypto_pk_free/g;
    
      s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
      s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
      s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
      s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;
    
      s/crypto_new_cipher_env/crypto_cipher_new/g;
      s/crypto_new_digest_env/crypto_digest_new/g;
      s/crypto_new_digest256_env/crypto_digest256_new/g;
      s/crypto_new_pk_env/crypto_pk_new/g;
    
      s/crypto_create_crypto_env/crypto_cipher_new/g;
    
      s/connection_create_listener/connection_listener_new/g;
      s/smartlist_create/smartlist_new/g;
      s/transport_create/transport_new/g;
---
 changes/renaming_identifiers |    9 ++
 src/common/address.c         |    6 +-
 src/common/aes.c             |    2 +-
 src/common/aes.h             |    2 +-
 src/common/compat.c          |    4 +-
 src/common/container.c       |    2 +-
 src/common/container.h       |    2 +-
 src/common/crypto.c          |  226 +++++++++++++++++++++---------------------
 src/common/crypto.h          |  134 +++++++++++++-------------
 src/common/log.c             |    6 +-
 src/common/tortls.c          |   70 +++++++-------
 src/common/tortls.h          |   10 +-
 src/common/util.c            |   12 +-
 src/or/circuitbuild.c        |   76 +++++++-------
 src/or/circuitbuild.h        |    4 +-
 src/or/circuitlist.c         |   22 ++--
 src/or/command.c             |   12 +-
 src/or/config.c              |   46 +++++-----
 src/or/connection.c          |   14 ++--
 src/or/connection_or.c       |   28 +++---
 src/or/connection_or.h       |    4 +-
 src/or/control.c             |   86 ++++++++--------
 src/or/cpuworker.c           |    6 +-
 src/or/directory.c           |   56 +++++-----
 src/or/dirserv.c             |   44 ++++----
 src/or/dirserv.h             |    4 +-
 src/or/dirvote.c             |   82 ++++++++--------
 src/or/dirvote.h             |   10 +-
 src/or/dns.c                 |    6 +-
 src/or/geoip.c               |   22 ++--
 src/or/hibernate.c           |    8 +-
 src/or/main.c                |   10 +-
 src/or/microdesc.c           |    8 +-
 src/or/networkstatus.c       |   28 +++---
 src/or/nodelist.c            |    6 +-
 src/or/ntmain.c              |    2 +-
 src/or/onion.c               |   16 ++--
 src/or/onion.h               |   10 +-
 src/or/or.h                  |   44 ++++----
 src/or/policies.c            |   12 +-
 src/or/relay.c               |   14 ++--
 src/or/rendclient.c          |    8 +-
 src/or/rendcommon.c          |   44 ++++----
 src/or/rendcommon.h          |    4 +-
 src/or/rendmid.c             |    6 +-
 src/or/rendservice.c         |   66 ++++++------
 src/or/rephist.c             |   34 +++---
 src/or/router.c              |   96 +++++++++---------
 src/or/router.h              |   22 ++--
 src/or/routerlist.c          |   88 ++++++++--------
 src/or/routerparse.c         |  116 +++++++++++-----------
 src/or/routerparse.h         |    2 +-
 src/or/transports.c          |   24 +++---
 src/test/bench.c             |   32 +++---
 src/test/test.c              |   46 +++++-----
 src/test/test.h              |    2 +-
 src/test/test_containers.c   |   28 +++---
 src/test/test_crypto.c       |   80 ++++++++--------
 src/test/test_dir.c          |   64 ++++++------
 src/test/test_microdesc.c    |    2 +-
 src/test/test_pt.c           |    4 +-
 src/test/test_util.c         |    6 +-
 src/tools/tor-checkkey.c     |    6 +-
 src/tools/tor-gencert.c      |   14 ++--
 64 files changed, 984 insertions(+), 975 deletions(-)

diff --git a/changes/renaming_identifiers b/changes/renaming_identifiers
new file mode 100644
index 0000000..5a49f8f
--- /dev/null
+++ b/changes/renaming_identifiers
@@ -0,0 +1,9 @@
+  o Code simplifications and refactorings:
+    - Rename a handful of old identifiers, mostly related to crypto
+      structures and crypto functions. By convention, our "create an
+      object" functions are called "type_new()", our "free an object"
+      functions are called "type_free()", and our types indicate that
+      they are types only with a final "_t". But a handful of older
+      types and functions broke these rules, with function names like
+      "type_create" or "subsystem_op_type", or with type names like
+      type_env_t.
diff --git a/src/common/address.c b/src/common/address.c
index 2e9892c..e18ef95 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1125,7 +1125,7 @@ get_interface_addresses_raw(int severity)
     return NULL;
   }
 
-  result = smartlist_create();
+  result = smartlist_new();
   for (i = ifa; i; i = i->ifa_next) {
     tor_addr_t tmp;
     if (!i->ifa_addr)
@@ -1184,7 +1184,7 @@ get_interface_addresses_raw(int severity)
     goto done;
   }
 
-  result = smartlist_create();
+  result = smartlist_new();
   for (address = addresses; address; address = address->Next) {
     IP_ADAPTER_UNICAST_ADDRESS *a;
     for (a = address->FirstUnicastAddress; a; a = a->Next) {
@@ -1224,7 +1224,7 @@ get_interface_addresses_raw(int severity)
     goto done;
   }
   close(fd);
-  result = smartlist_create();
+  result = smartlist_new();
   if (ifc.ifc_len < sz)
     sz = ifc.ifc_len;
   n = sz / sizeof(struct ifreq);
diff --git a/src/common/aes.c b/src/common/aes.c
index da7220f..cfd931f 100644
--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -264,7 +264,7 @@ aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
 /** Release storage held by <b>cipher</b>
  */
 void
-aes_free_cipher(aes_cnt_cipher_t *cipher)
+aes_cipher_free(aes_cnt_cipher_t *cipher)
 {
   if (!cipher)
     return;
diff --git a/src/common/aes.h b/src/common/aes.h
index f7f0319..f9de68a 100644
--- a/src/common/aes.h
+++ b/src/common/aes.h
@@ -17,7 +17,7 @@ struct aes_cnt_cipher;
 typedef struct aes_cnt_cipher aes_cnt_cipher_t;
 
 aes_cnt_cipher_t* aes_new_cipher(void);
-void aes_free_cipher(aes_cnt_cipher_t *cipher);
+void aes_cipher_free(aes_cnt_cipher_t *cipher);
 void aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits);
 void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
                char *output);
diff --git a/src/common/compat.c b/src/common/compat.c
index 1f9066d..4af670a 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1352,7 +1352,7 @@ log_credential_status(void)
   } else {
     int i, retval = 0;
     char *s = NULL;
-    smartlist_t *elts = smartlist_create();
+    smartlist_t *elts = smartlist_new();
 
     for (i = 0; i<ngids; i++) {
       smartlist_add_asprintf(elts, "%u", (unsigned)sup_gids[i]);
@@ -2587,7 +2587,7 @@ tor_cond_new(void)
 {
   tor_cond_t *cond = tor_malloc_zero(sizeof(tor_cond_t));
   InitializeCriticalSection(&cond->mutex);
-  cond->events = smartlist_create();
+  cond->events = smartlist_new();
   return cond;
 }
 void
diff --git a/src/common/container.c b/src/common/container.c
index 31cc6c5..81a946a 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -29,7 +29,7 @@
 /** Allocate and return an empty smartlist.
  */
 smartlist_t *
-smartlist_create(void)
+smartlist_new(void)
 {
   smartlist_t *sl = tor_malloc(sizeof(smartlist_t));
   sl->num_used = 0;
diff --git a/src/common/container.h b/src/common/container.h
index fe071cc..4e14ab4 100644
--- a/src/common/container.h
+++ b/src/common/container.h
@@ -26,7 +26,7 @@ typedef struct smartlist_t {
   /** @} */
 } smartlist_t;
 
-smartlist_t *smartlist_create(void);
+smartlist_t *smartlist_new(void);
 void smartlist_free(smartlist_t *sl);
 void smartlist_clear(smartlist_t *sl);
 void smartlist_add(smartlist_t *sl, void *element);
diff --git a/src/common/crypto.c b/src/common/crypto.c
index e377b01..6bc54fc 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -109,14 +109,14 @@ static int _n_openssl_mutexes = 0;
 #endif
 
 /** A public key, or a public/private key-pair. */
-struct crypto_pk_env_t
+struct crypto_pk_t
 {
   int refs; /**< reference count, so we don't have to copy keys */
   RSA *key; /**< The key itself */
 };
 
 /** Key and stream information for a stream cipher. */
-struct crypto_cipher_env_t
+struct crypto_cipher_t
 {
   char key[CIPHER_KEY_LEN]; /**< The raw key. */
   aes_cnt_cipher_t *cipher; /**< The key in format usable for counter-mode AES
@@ -125,7 +125,7 @@ struct crypto_cipher_env_t
 
 /** A structure to hold the first half (x, g^x) of a Diffie-Hellman handshake
  * while we're waiting for the second.*/
-struct crypto_dh_env_t {
+struct crypto_dh_t {
   DH *dh; /**< The openssl DH object */
 };
 
@@ -295,30 +295,30 @@ crypto_thread_cleanup(void)
   ERR_remove_state(0);
 }
 
-/** used by tortls.c: wrap an RSA* in a crypto_pk_env_t. */
-crypto_pk_env_t *
-_crypto_new_pk_env_rsa(RSA *rsa)
+/** used by tortls.c: wrap an RSA* in a crypto_pk_t. */
+crypto_pk_t *
+_crypto_new_pk_from_rsa(RSA *rsa)
 {
-  crypto_pk_env_t *env;
+  crypto_pk_t *env;
   tor_assert(rsa);
-  env = tor_malloc(sizeof(crypto_pk_env_t));
+  env = tor_malloc(sizeof(crypto_pk_t));
   env->refs = 1;
   env->key = rsa;
   return env;
 }
 
 /** Helper, used by tor-checkkey.c and tor-gencert.c.  Return the RSA from a
- * crypto_pk_env_t. */
+ * crypto_pk_t. */
 RSA *
-_crypto_pk_env_get_rsa(crypto_pk_env_t *env)
+_crypto_pk_get_rsa(crypto_pk_t *env)
 {
   return env->key;
 }
 
-/** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_env_t.  Iff
+/** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_t.  Iff
  * private is set, include the private-key portion of the key. */
 EVP_PKEY *
-_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env, int private)
+_crypto_pk_get_evp_pkey(crypto_pk_t *env, int private)
 {
   RSA *key = NULL;
   EVP_PKEY *pkey = NULL;
@@ -343,10 +343,10 @@ _crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env, int private)
   return NULL;
 }
 
-/** Used by tortls.c: Get the DH* from a crypto_dh_env_t.
+/** Used by tortls.c: Get the DH* from a crypto_dh_t.
  */
 DH *
-_crypto_dh_env_get_dh(crypto_dh_env_t *dh)
+_crypto_dh_get_dh(crypto_dh_t *dh)
 {
   return dh->dh;
 }
@@ -354,21 +354,21 @@ _crypto_dh_env_get_dh(crypto_dh_env_t *dh)
 /** Allocate and return storage for a public key.  The key itself will not yet
  * be set.
  */
-crypto_pk_env_t *
-crypto_new_pk_env(void)
+crypto_pk_t *
+crypto_pk_new(void)
 {
   RSA *rsa;
 
   rsa = RSA_new();
   tor_assert(rsa);
-  return _crypto_new_pk_env_rsa(rsa);
+  return _crypto_new_pk_from_rsa(rsa);
 }
 
 /** Release a reference to an asymmetric key; when all the references
  * are released, free the key.
  */
 void
-crypto_free_pk_env(crypto_pk_env_t *env)
+crypto_pk_free(crypto_pk_t *env)
 {
   if (!env)
     return;
@@ -387,13 +387,13 @@ crypto_free_pk_env(crypto_pk_env_t *env)
  * (1=encrypt, 0=decrypt).  Return the crypto object on success; NULL
  * on failure.
  */
-crypto_cipher_env_t *
+crypto_cipher_t *
 crypto_create_init_cipher(const char *key, int encrypt_mode)
 {
   int r;
-  crypto_cipher_env_t *crypto = NULL;
+  crypto_cipher_t *crypto = NULL;
 
-  if (! (crypto = crypto_new_cipher_env())) {
+  if (! (crypto = crypto_cipher_new())) {
     log_warn(LD_CRYPTO, "Unable to allocate crypto object");
     return NULL;
   }
@@ -411,18 +411,18 @@ crypto_create_init_cipher(const char *key, int encrypt_mode)
 
  error:
   if (crypto)
-    crypto_free_cipher_env(crypto);
+    crypto_cipher_free(crypto);
   return NULL;
 }
 
 /** Allocate and return a new symmetric cipher.
  */
-crypto_cipher_env_t *
-crypto_new_cipher_env(void)
+crypto_cipher_t *
+crypto_cipher_new(void)
 {
-  crypto_cipher_env_t *env;
+  crypto_cipher_t *env;
 
-  env = tor_malloc_zero(sizeof(crypto_cipher_env_t));
+  env = tor_malloc_zero(sizeof(crypto_cipher_t));
   env->cipher = aes_new_cipher();
   return env;
 }
@@ -430,14 +430,14 @@ crypto_new_cipher_env(void)
 /** Free a symmetric cipher.
  */
 void
-crypto_free_cipher_env(crypto_cipher_env_t *env)
+crypto_cipher_free(crypto_cipher_t *env)
 {
   if (!env)
     return;
 
   tor_assert(env->cipher);
-  aes_free_cipher(env->cipher);
-  memset(env, 0, sizeof(crypto_cipher_env_t));
+  aes_cipher_free(env->cipher);
+  memset(env, 0, sizeof(crypto_cipher_t));
   tor_free(env);
 }
 
@@ -447,7 +447,7 @@ crypto_free_cipher_env(crypto_cipher_env_t *env)
  * Return 0 on success, -1 on failure.
  */
 int
-crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits)
+crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
 {
   tor_assert(env);
 
@@ -494,7 +494,7 @@ crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits)
  */
 /* Used here, and used for testing. */
 int
-crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
+crypto_pk_read_private_key_from_string(crypto_pk_t *env,
                                        const char *s, ssize_t len)
 {
   BIO *b;
@@ -526,7 +526,7 @@ crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
  * <b>keyfile</b> into <b>env</b>.  Return 0 on success, -1 on failure.
  */
 int
-crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
+crypto_pk_read_private_key_from_filename(crypto_pk_t *env,
                                          const char *keyfile)
 {
   char *contents;
@@ -555,7 +555,7 @@ crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
 
 /** Helper function to implement crypto_pk_write_*_key_to_string. */
 static int
-crypto_pk_write_key_to_string_impl(crypto_pk_env_t *env, char **dest,
+crypto_pk_write_key_to_string_impl(crypto_pk_t *env, char **dest,
                                    size_t *len, int is_public)
 {
   BUF_MEM *buf;
@@ -603,7 +603,7 @@ crypto_pk_write_key_to_string_impl(crypto_pk_env_t *env, char **dest,
  * failure, return -1.
  */
 int
-crypto_pk_write_public_key_to_string(crypto_pk_env_t *env, char **dest,
+crypto_pk_write_public_key_to_string(crypto_pk_t *env, char **dest,
                                      size_t *len)
 {
   return crypto_pk_write_key_to_string_impl(env, dest, len, 1);
@@ -615,7 +615,7 @@ crypto_pk_write_public_key_to_string(crypto_pk_env_t *env, char **dest,
  * failure, return -1.
  */
 int
-crypto_pk_write_private_key_to_string(crypto_pk_env_t *env, char **dest,
+crypto_pk_write_private_key_to_string(crypto_pk_t *env, char **dest,
                                      size_t *len)
 {
   return crypto_pk_write_key_to_string_impl(env, dest, len, 0);
@@ -626,7 +626,7 @@ crypto_pk_write_private_key_to_string(crypto_pk_env_t *env, char **dest,
  * failure.
  */
 int
-crypto_pk_read_public_key_from_string(crypto_pk_env_t *env, const char *src,
+crypto_pk_read_public_key_from_string(crypto_pk_t *env, const char *src,
                                       size_t len)
 {
   BIO *b;
@@ -657,7 +657,7 @@ crypto_pk_read_public_key_from_string(crypto_pk_env_t *env, const char *src,
  * PEM-encoded.  Return 0 on success, -1 on failure.
  */
 int
-crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
+crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
                                         const char *fname)
 {
   BIO *bio;
@@ -691,7 +691,7 @@ crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
 /** Return true iff <b>env</b> has a valid key.
  */
 int
-crypto_pk_check_key(crypto_pk_env_t *env)
+crypto_pk_check_key(crypto_pk_t *env)
 {
   int r;
   tor_assert(env);
@@ -705,7 +705,7 @@ crypto_pk_check_key(crypto_pk_env_t *env)
 /** Return true iff <b>key</b> contains the private-key portion of the RSA
  * key. */
 int
-crypto_pk_key_is_private(const crypto_pk_env_t *key)
+crypto_pk_key_is_private(const crypto_pk_t *key)
 {
   tor_assert(key);
   return PRIVATE_KEY_OK(key);
@@ -715,7 +715,7 @@ crypto_pk_key_is_private(const crypto_pk_env_t *key)
  * equals 65537.
  */
 int
-crypto_pk_public_exponent_ok(crypto_pk_env_t *env)
+crypto_pk_public_exponent_ok(crypto_pk_t *env)
 {
   tor_assert(env);
   tor_assert(env->key);
@@ -727,7 +727,7 @@ crypto_pk_public_exponent_ok(crypto_pk_env_t *env)
  * if a==b, and 1 if a\>b.
  */
 int
-crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b)
+crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
 {
   int result;
 
@@ -747,7 +747,7 @@ crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b)
 
 /** Return the size of the public key modulus in <b>env</b>, in bytes. */
 size_t
-crypto_pk_keysize(crypto_pk_env_t *env)
+crypto_pk_keysize(crypto_pk_t *env)
 {
   tor_assert(env);
   tor_assert(env->key);
@@ -757,7 +757,7 @@ crypto_pk_keysize(crypto_pk_env_t *env)
 
 /** Return the size of the public key modulus of <b>env</b>, in bits. */
 int
-crypto_pk_num_bits(crypto_pk_env_t *env)
+crypto_pk_num_bits(crypto_pk_t *env)
 {
   tor_assert(env);
   tor_assert(env->key);
@@ -768,8 +768,8 @@ crypto_pk_num_bits(crypto_pk_env_t *env)
 
 /** Increase the reference count of <b>env</b>, and return it.
  */
-crypto_pk_env_t *
-crypto_pk_dup_key(crypto_pk_env_t *env)
+crypto_pk_t *
+crypto_pk_dup_key(crypto_pk_t *env)
 {
   tor_assert(env);
   tor_assert(env->key);
@@ -779,8 +779,8 @@ crypto_pk_dup_key(crypto_pk_env_t *env)
 }
 
 /** Make a real honest-to-goodness copy of <b>env</b>, and return it. */
-crypto_pk_env_t *
-crypto_pk_copy_full(crypto_pk_env_t *env)
+crypto_pk_t *
+crypto_pk_copy_full(crypto_pk_t *env)
 {
   RSA *new_key;
   int privatekey = 0;
@@ -803,7 +803,7 @@ crypto_pk_copy_full(crypto_pk_env_t *env)
     return NULL;
   }
 
-  return _crypto_new_pk_env_rsa(new_key);
+  return _crypto_new_pk_from_rsa(new_key);
 }
 
 /** Encrypt <b>fromlen</b> bytes from <b>from</b> with the public key
@@ -815,7 +815,7 @@ crypto_pk_copy_full(crypto_pk_env_t *env)
  * at least the length of the modulus of <b>env</b>.
  */
 int
-crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen,
+crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
                          const char *from, size_t fromlen, int padding)
 {
   int r;
@@ -844,7 +844,7 @@ crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen,
  * at least the length of the modulus of <b>env</b>.
  */
 int
-crypto_pk_private_decrypt(crypto_pk_env_t *env, char *to,
+crypto_pk_private_decrypt(crypto_pk_t *env, char *to,
                           size_t tolen,
                           const char *from, size_t fromlen,
                           int padding, int warnOnFailure)
@@ -881,7 +881,7 @@ crypto_pk_private_decrypt(crypto_pk_env_t *env, char *to,
  * at least the length of the modulus of <b>env</b>.
  */
 int
-crypto_pk_public_checksig(crypto_pk_env_t *env, char *to,
+crypto_pk_public_checksig(crypto_pk_t *env, char *to,
                           size_t tolen,
                           const char *from, size_t fromlen)
 {
@@ -908,7 +908,7 @@ crypto_pk_public_checksig(crypto_pk_env_t *env, char *to,
  * SHA1(data).  Else return -1.
  */
 int
-crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
+crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
                                size_t datalen, const char *sig, size_t siglen)
 {
   char digest[DIGEST_LEN];
@@ -953,7 +953,7 @@ crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
  * at least the length of the modulus of <b>env</b>.
  */
 int
-crypto_pk_private_sign(crypto_pk_env_t *env, char *to, size_t tolen,
+crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
                        const char *from, size_t fromlen)
 {
   int r;
@@ -985,7 +985,7 @@ crypto_pk_private_sign(crypto_pk_env_t *env, char *to, size_t tolen,
  * at least the length of the modulus of <b>env</b>.
  */
 int
-crypto_pk_private_sign_digest(crypto_pk_env_t *env, char *to, size_t tolen,
+crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
                               const char *from, size_t fromlen)
 {
   int r;
@@ -1015,7 +1015,7 @@ crypto_pk_private_sign_digest(crypto_pk_env_t *env, char *to, size_t tolen,
  *     the source data encrypted in AES-CTR mode with the symmetric key.
  */
 int
-crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
+crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
                                 char *to, size_t tolen,
                                 const char *from,
                                 size_t fromlen,
@@ -1023,7 +1023,7 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
 {
   int overhead, outlen, r;
   size_t pkeylen, symlen;
-  crypto_cipher_env_t *cipher = NULL;
+  crypto_cipher_t *cipher = NULL;
   char *buf = NULL;
 
   tor_assert(env);
@@ -1046,7 +1046,7 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
   tor_assert(tolen >= fromlen + overhead + CIPHER_KEY_LEN);
   tor_assert(tolen >= pkeylen);
 
-  cipher = crypto_new_cipher_env();
+  cipher = crypto_cipher_new();
   if (!cipher) return -1;
   if (crypto_cipher_generate_key(cipher)<0)
     goto err;
@@ -1077,7 +1077,7 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
   if (r<0) goto err;
   memset(buf, 0, pkeylen);
   tor_free(buf);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   tor_assert(outlen+symlen < INT_MAX);
   return (int)(outlen + symlen);
  err:
@@ -1085,13 +1085,13 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
     memset(buf, 0, pkeylen);
     tor_free(buf);
   }
-  if (cipher) crypto_free_cipher_env(cipher);
+  if (cipher) crypto_cipher_free(cipher);
   return -1;
 }
 
 /** Invert crypto_pk_public_hybrid_encrypt. */
 int
-crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
+crypto_pk_private_hybrid_decrypt(crypto_pk_t *env,
                                  char *to,
                                  size_t tolen,
                                  const char *from,
@@ -1100,7 +1100,7 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
 {
   int outlen, r;
   size_t pkeylen;
-  crypto_cipher_env_t *cipher = NULL;
+  crypto_cipher_t *cipher = NULL;
   char *buf = NULL;
 
   tor_assert(fromlen < SIZE_T_CEILING);
@@ -1136,13 +1136,13 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
     goto err;
   memset(buf,0,pkeylen);
   tor_free(buf);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   tor_assert(outlen + fromlen < INT_MAX);
   return (int)(outlen + (fromlen-pkeylen));
  err:
   memset(buf,0,pkeylen);
   tor_free(buf);
-  if (cipher) crypto_free_cipher_env(cipher);
+  if (cipher) crypto_cipher_free(cipher);
   return -1;
 }
 
@@ -1150,7 +1150,7 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
  * Return -1 on error, or the number of characters used on success.
  */
 int
-crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len)
+crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len)
 {
   int len;
   unsigned char *buf, *cp;
@@ -1175,7 +1175,7 @@ crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len)
 /** Decode an ASN.1-encoded public key from <b>str</b>; return the result on
  * success and NULL on failure.
  */
-crypto_pk_env_t *
+crypto_pk_t *
 crypto_pk_asn1_decode(const char *str, size_t len)
 {
   RSA *rsa;
@@ -1189,7 +1189,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
     crypto_log_errors(LOG_WARN,"decoding public key");
     return NULL;
   }
-  return _crypto_new_pk_env_rsa(rsa);
+  return _crypto_new_pk_from_rsa(rsa);
 }
 
 /** Given a private or public key <b>pk</b>, put a SHA1 hash of the
@@ -1197,7 +1197,7 @@ crypto_pk_asn1_decode(const char *str, size_t len)
  * Return 0 on success, -1 on failure.
  */
 int
-crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out)
+crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out)
 {
   unsigned char *buf, *bufp;
   int len;
@@ -1223,7 +1223,7 @@ crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out)
 /** Compute all digests of the DER encoding of <b>pk</b>, and store them
  * in <b>digests_out</b>.  Return 0 on success, -1 on failure. */
 int
-crypto_pk_get_all_digests(crypto_pk_env_t *pk, digests_t *digests_out)
+crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out)
 {
   unsigned char *buf, *bufp;
   int len;
@@ -1277,7 +1277,7 @@ add_spaces_to_fp(char *out, size_t outlen, const char *in)
  * If <b>add_space</b> is false, omit the spaces.
  */
 int
-crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out, int add_space)
+crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out, int add_space)
 {
   char digest[DIGEST_LEN];
   char hexdigest[HEX_DIGEST_LEN+1];
@@ -1316,7 +1316,7 @@ crypto_pk_check_fingerprint_syntax(const char *s)
  * Return 0 on success, -1 on failure.  Does not initialize the cipher.
  */
 int
-crypto_cipher_generate_key(crypto_cipher_env_t *env)
+crypto_cipher_generate_key(crypto_cipher_t *env)
 {
   tor_assert(env);
 
@@ -1327,7 +1327,7 @@ crypto_cipher_generate_key(crypto_cipher_env_t *env)
  * CIPHER_KEY_LEN bytes of <b>key</b>. Does not initialize the cipher.
  */
 void
-crypto_cipher_set_key(crypto_cipher_env_t *env, const char *key)
+crypto_cipher_set_key(crypto_cipher_t *env, const char *key)
 {
   tor_assert(env);
   tor_assert(key);
@@ -1347,7 +1347,7 @@ crypto_cipher_generate_iv(char *iv_out)
  * corresponding to the encryption of the CIPHER_IV_LEN bytes at
  * <b>iv</b>.  */
 int
-crypto_cipher_set_iv(crypto_cipher_env_t *env, const char *iv)
+crypto_cipher_set_iv(crypto_cipher_t *env, const char *iv)
 {
   tor_assert(env);
   tor_assert(iv);
@@ -1358,7 +1358,7 @@ crypto_cipher_set_iv(crypto_cipher_env_t *env, const char *iv)
 /** Return a pointer to the key set for the cipher in <b>env</b>.
  */
 const char *
-crypto_cipher_get_key(crypto_cipher_env_t *env)
+crypto_cipher_get_key(crypto_cipher_t *env)
 {
   return env->key;
 }
@@ -1367,7 +1367,7 @@ crypto_cipher_get_key(crypto_cipher_env_t *env)
  * success, -1 on failure.
  */
 int
-crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env)
+crypto_cipher_encrypt_init_cipher(crypto_cipher_t *env)
 {
   tor_assert(env);
 
@@ -1379,7 +1379,7 @@ crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env)
  * success, -1 on failure.
  */
 int
-crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env)
+crypto_cipher_decrypt_init_cipher(crypto_cipher_t *env)
 {
   tor_assert(env);
 
@@ -1392,7 +1392,7 @@ crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env)
  * On failure, return -1.
  */
 int
-crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
+crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
                       const char *from, size_t fromlen)
 {
   tor_assert(env);
@@ -1411,7 +1411,7 @@ crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
  * On failure, return -1.
  */
 int
-crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
+crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
                       const char *from, size_t fromlen)
 {
   tor_assert(env);
@@ -1427,7 +1427,7 @@ crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
  * on success, return 0.  On failure, return -1.
  */
 int
-crypto_cipher_crypt_inplace(crypto_cipher_env_t *env, char *buf, size_t len)
+crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *buf, size_t len)
 {
   tor_assert(len < SIZE_T_CEILING);
   aes_crypt_inplace(env->cipher, buf, len);
@@ -1444,7 +1444,7 @@ crypto_cipher_crypt_inplace(crypto_cipher_env_t *env, char *buf, size_t len)
  * to immediately after the encrypted data.
  */
 int
-crypto_cipher_encrypt_with_iv(crypto_cipher_env_t *cipher,
+crypto_cipher_encrypt_with_iv(crypto_cipher_t *cipher,
                               char *to, size_t tolen,
                               const char *from, size_t fromlen)
 {
@@ -1475,7 +1475,7 @@ crypto_cipher_encrypt_with_iv(crypto_cipher_env_t *cipher,
  * to immediately after the decrypted data.
  */
 int
-crypto_cipher_decrypt_with_iv(crypto_cipher_env_t *cipher,
+crypto_cipher_decrypt_with_iv(crypto_cipher_t *cipher,
                               char *to, size_t tolen,
                               const char *from, size_t fromlen)
 {
@@ -1569,7 +1569,7 @@ crypto_digest_algorithm_parse_name(const char *name)
 }
 
 /** Intermediate information about the digest of a stream of data. */
-struct crypto_digest_env_t {
+struct crypto_digest_t {
   union {
     SHA_CTX sha1; /**< state for SHA1 */
     SHA256_CTX sha2; /**< state for SHA256 */
@@ -1580,11 +1580,11 @@ struct crypto_digest_env_t {
 
 /** Allocate and return a new digest object to compute SHA1 digests.
  */
-crypto_digest_env_t *
-crypto_new_digest_env(void)
+crypto_digest_t *
+crypto_digest_new(void)
 {
-  crypto_digest_env_t *r;
-  r = tor_malloc(sizeof(crypto_digest_env_t));
+  crypto_digest_t *r;
+  r = tor_malloc(sizeof(crypto_digest_t));
   SHA1_Init(&r->d.sha1);
   r->algorithm = DIGEST_SHA1;
   return r;
@@ -1592,12 +1592,12 @@ crypto_new_digest_env(void)
 
 /** Allocate and return a new digest object to compute 256-bit digests
  * using <b>algorithm</b>. */
-crypto_digest_env_t *
-crypto_new_digest256_env(digest_algorithm_t algorithm)
+crypto_digest_t *
+crypto_digest256_new(digest_algorithm_t algorithm)
 {
-  crypto_digest_env_t *r;
+  crypto_digest_t *r;
   tor_assert(algorithm == DIGEST_SHA256);
-  r = tor_malloc(sizeof(crypto_digest_env_t));
+  r = tor_malloc(sizeof(crypto_digest_t));
   SHA256_Init(&r->d.sha2);
   r->algorithm = algorithm;
   return r;
@@ -1606,18 +1606,18 @@ crypto_new_digest256_env(digest_algorithm_t algorithm)
 /** Deallocate a digest object.
  */
 void
-crypto_free_digest_env(crypto_digest_env_t *digest)
+crypto_digest_free(crypto_digest_t *digest)
 {
   if (!digest)
     return;
-  memset(digest, 0, sizeof(crypto_digest_env_t));
+  memset(digest, 0, sizeof(crypto_digest_t));
   tor_free(digest);
 }
 
 /** Add <b>len</b> bytes from <b>data</b> to the digest object.
  */
 void
-crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
+crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
                         size_t len)
 {
   tor_assert(digest);
@@ -1645,15 +1645,15 @@ crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
  * <b>out_len</b> must be \<= DIGEST256_LEN.
  */
 void
-crypto_digest_get_digest(crypto_digest_env_t *digest,
+crypto_digest_get_digest(crypto_digest_t *digest,
                          char *out, size_t out_len)
 {
   unsigned char r[DIGEST256_LEN];
-  crypto_digest_env_t tmpenv;
+  crypto_digest_t tmpenv;
   tor_assert(digest);
   tor_assert(out);
   /* memcpy into a temporary ctx, since SHA*_Final clears the context */
-  memcpy(&tmpenv, digest, sizeof(crypto_digest_env_t));
+  memcpy(&tmpenv, digest, sizeof(crypto_digest_t));
   switch (digest->algorithm) {
     case DIGEST_SHA1:
       tor_assert(out_len <= DIGEST_LEN);
@@ -1678,13 +1678,13 @@ crypto_digest_get_digest(crypto_digest_env_t *digest,
 /** Allocate and return a new digest object with the same state as
  * <b>digest</b>
  */
-crypto_digest_env_t *
-crypto_digest_dup(const crypto_digest_env_t *digest)
+crypto_digest_t *
+crypto_digest_dup(const crypto_digest_t *digest)
 {
-  crypto_digest_env_t *r;
+  crypto_digest_t *r;
   tor_assert(digest);
-  r = tor_malloc(sizeof(crypto_digest_env_t));
-  memcpy(r,digest,sizeof(crypto_digest_env_t));
+  r = tor_malloc(sizeof(crypto_digest_t));
+  memcpy(r,digest,sizeof(crypto_digest_t));
   return r;
 }
 
@@ -1692,12 +1692,12 @@ crypto_digest_dup(const crypto_digest_env_t *digest)
  * of the digest object <b>from</b>.
  */
 void
-crypto_digest_assign(crypto_digest_env_t *into,
-                     const crypto_digest_env_t *from)
+crypto_digest_assign(crypto_digest_t *into,
+                     const crypto_digest_t *from)
 {
   tor_assert(into);
   tor_assert(from);
-  memcpy(into,from,sizeof(crypto_digest_env_t));
+  memcpy(into,from,sizeof(crypto_digest_t));
 }
 
 /** Compute the HMAC-SHA-1 of the <b>msg_len</b> bytes in <b>msg</b>, using
@@ -2126,10 +2126,10 @@ init_dh_param(void)
 
 /** Allocate and return a new DH object for a key exchange.
  */
-crypto_dh_env_t *
+crypto_dh_t *
 crypto_dh_new(int dh_type)
 {
-  crypto_dh_env_t *res = tor_malloc_zero(sizeof(crypto_dh_env_t));
+  crypto_dh_t *res = tor_malloc_zero(sizeof(crypto_dh_t));
 
   tor_assert(dh_type == DH_TYPE_CIRCUIT || dh_type == DH_TYPE_TLS ||
              dh_type == DH_TYPE_REND);
@@ -2164,7 +2164,7 @@ crypto_dh_new(int dh_type)
 /** Return the length of the DH key in <b>dh</b>, in bytes.
  */
 int
-crypto_dh_get_bytes(crypto_dh_env_t *dh)
+crypto_dh_get_bytes(crypto_dh_t *dh)
 {
   tor_assert(dh);
   return DH_size(dh->dh);
@@ -2174,7 +2174,7 @@ crypto_dh_get_bytes(crypto_dh_env_t *dh)
  * success, -1 on failure.
  */
 int
-crypto_dh_generate_public(crypto_dh_env_t *dh)
+crypto_dh_generate_public(crypto_dh_t *dh)
 {
  again:
   if (!DH_generate_key(dh->dh)) {
@@ -2198,7 +2198,7 @@ crypto_dh_generate_public(crypto_dh_env_t *dh)
  * success, -1 on failure.  <b>pubkey_len</b> must be \>= DH_BYTES.
  */
 int
-crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey, size_t pubkey_len)
+crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
 {
   int bytes;
   tor_assert(dh);
@@ -2271,7 +2271,7 @@ tor_check_dh_key(int severity, BIGNUM *bn)
  * where || is concatenation.)
  */
 ssize_t
-crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
+crypto_dh_compute_secret(int severity, crypto_dh_t *dh,
                          const char *pubkey, size_t pubkey_len,
                          char *secret_out, size_t secret_bytes_out)
 {
@@ -2362,7 +2362,7 @@ crypto_expand_key_material(const char *key_in, size_t key_in_len,
 /** Free a DH key exchange object.
  */
 void
-crypto_dh_free(crypto_dh_env_t *dh)
+crypto_dh_free(crypto_dh_t *dh)
 {
   if (!dh)
     return;
@@ -2963,7 +2963,7 @@ void
 secret_to_key(char *key_out, size_t key_out_len, const char *secret,
               size_t secret_len, const char *s2k_specifier)
 {
-  crypto_digest_env_t *d;
+  crypto_digest_t *d;
   uint8_t c;
   size_t count, tmplen;
   char *tmp;
@@ -2976,7 +2976,7 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
 
   tor_assert(key_out_len <= DIGEST_LEN);
 
-  d = crypto_new_digest_env();
+  d = crypto_digest_new();
   tmplen = 8+secret_len;
   tmp = tor_malloc(tmplen);
   memcpy(tmp,s2k_specifier,8);
@@ -2994,7 +2994,7 @@ secret_to_key(char *key_out, size_t key_out_len, const char *secret,
   crypto_digest_get_digest(d, key_out, key_out_len);
   memset(tmp, 0, tmplen);
   tor_free(tmp);
-  crypto_free_digest_env(d);
+  crypto_digest_free(d);
 }
 
 #ifdef TOR_IS_MULTITHREADED
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 4783654..1c5ee0d 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -107,10 +107,10 @@ typedef struct {
   char d[N_DIGEST_ALGORITHMS][DIGEST256_LEN];
 } digests_t;
 
-typedef struct crypto_pk_env_t crypto_pk_env_t;
-typedef struct crypto_cipher_env_t crypto_cipher_env_t;
-typedef struct crypto_digest_env_t crypto_digest_env_t;
-typedef struct crypto_dh_env_t crypto_dh_env_t;
+typedef struct crypto_pk_t crypto_pk_t;
+typedef struct crypto_cipher_t crypto_cipher_t;
+typedef struct crypto_digest_t crypto_digest_t;
+typedef struct crypto_dh_t crypto_dh_t;
 
 /* global state */
 int crypto_global_init(int hardwareAccel,
@@ -120,93 +120,93 @@ void crypto_thread_cleanup(void);
 int crypto_global_cleanup(void);
 
 /* environment setup */
-crypto_pk_env_t *crypto_new_pk_env(void);
-void crypto_free_pk_env(crypto_pk_env_t *env);
+crypto_pk_t *crypto_pk_new(void);
+void crypto_pk_free(crypto_pk_t *env);
 
 void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname);
 
-/* convenience function: wraps crypto_create_crypto_env, set_key, and init. */
-crypto_cipher_env_t *crypto_create_init_cipher(const char *key,
+/* convenience function: wraps crypto_cipher_new, set_key, and init. */
+crypto_cipher_t *crypto_create_init_cipher(const char *key,
                                                int encrypt_mode);
 
-crypto_cipher_env_t *crypto_new_cipher_env(void);
-void crypto_free_cipher_env(crypto_cipher_env_t *env);
+crypto_cipher_t *crypto_cipher_new(void);
+void crypto_cipher_free(crypto_cipher_t *env);
 
 /* public key crypto */
-int crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits);
+int crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits);
 #define crypto_pk_generate_key(env)                     \
   crypto_pk_generate_key_with_bits((env), (PK_BYTES*8))
 
-int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
+int crypto_pk_read_private_key_from_filename(crypto_pk_t *env,
                                              const char *keyfile);
-int crypto_pk_write_public_key_to_string(crypto_pk_env_t *env,
+int crypto_pk_write_public_key_to_string(crypto_pk_t *env,
                                          char **dest, size_t *len);
-int crypto_pk_write_private_key_to_string(crypto_pk_env_t *env,
+int crypto_pk_write_private_key_to_string(crypto_pk_t *env,
                                           char **dest, size_t *len);
-int crypto_pk_read_public_key_from_string(crypto_pk_env_t *env,
+int crypto_pk_read_public_key_from_string(crypto_pk_t *env,
                                           const char *src, size_t len);
-int crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
+int crypto_pk_read_private_key_from_string(crypto_pk_t *env,
                                            const char *s, ssize_t len);
-int crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
+int crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
                                             const char *fname);
 
-int crypto_pk_check_key(crypto_pk_env_t *env);
-int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b);
-size_t crypto_pk_keysize(crypto_pk_env_t *env);
-int crypto_pk_num_bits(crypto_pk_env_t *env);
-crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig);
-crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig);
-int crypto_pk_key_is_private(const crypto_pk_env_t *key);
-int crypto_pk_public_exponent_ok(crypto_pk_env_t *env);
+int crypto_pk_check_key(crypto_pk_t *env);
+int crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b);
+size_t crypto_pk_keysize(crypto_pk_t *env);
+int crypto_pk_num_bits(crypto_pk_t *env);
+crypto_pk_t *crypto_pk_dup_key(crypto_pk_t *orig);
+crypto_pk_t *crypto_pk_copy_full(crypto_pk_t *orig);
+int crypto_pk_key_is_private(const crypto_pk_t *key);
+int crypto_pk_public_exponent_ok(crypto_pk_t *env);
 
-int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen,
+int crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
                              const char *from, size_t fromlen, int padding);
-int crypto_pk_private_decrypt(crypto_pk_env_t *env, char *to, size_t tolen,
+int crypto_pk_private_decrypt(crypto_pk_t *env, char *to, size_t tolen,
                               const char *from, size_t fromlen,
                               int padding, int warnOnFailure);
-int crypto_pk_public_checksig(crypto_pk_env_t *env, char *to, size_t tolen,
+int crypto_pk_public_checksig(crypto_pk_t *env, char *to, size_t tolen,
                               const char *from, size_t fromlen);
-int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
+int crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
                                size_t datalen, const char *sig, size_t siglen);
-int crypto_pk_private_sign(crypto_pk_env_t *env, char *to, size_t tolen,
+int crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
                            const char *from, size_t fromlen);
-int crypto_pk_private_sign_digest(crypto_pk_env_t *env, char *to, size_t tolen,
+int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
                                   const char *from, size_t fromlen);
-int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, char *to,
+int crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, char *to,
                                     size_t tolen,
                                     const char *from, size_t fromlen,
                                     int padding, int force);
-int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, char *to,
+int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
                                      size_t tolen,
                                      const char *from, size_t fromlen,
                                      int padding, int warnOnFailure);
 
-int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len);
-crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, size_t len);
-int crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out);
-int crypto_pk_get_all_digests(crypto_pk_env_t *pk, digests_t *digests_out);
-int crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out,int add_space);
+int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len);
+crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
+int crypto_pk_get_digest(crypto_pk_t *pk, char *digest_out);
+int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out);
+int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
 int crypto_pk_check_fingerprint_syntax(const char *s);
 
 /* symmetric crypto */
-int crypto_cipher_generate_key(crypto_cipher_env_t *env);
-void crypto_cipher_set_key(crypto_cipher_env_t *env, const char *key);
+int crypto_cipher_generate_key(crypto_cipher_t *env);
+void crypto_cipher_set_key(crypto_cipher_t *env, const char *key);
 void crypto_cipher_generate_iv(char *iv_out);
-int crypto_cipher_set_iv(crypto_cipher_env_t *env, const char *iv);
-const char *crypto_cipher_get_key(crypto_cipher_env_t *env);
-int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
-int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
+int crypto_cipher_set_iv(crypto_cipher_t *env, const char *iv);
+const char *crypto_cipher_get_key(crypto_cipher_t *env);
+int crypto_cipher_encrypt_init_cipher(crypto_cipher_t *env);
+int crypto_cipher_decrypt_init_cipher(crypto_cipher_t *env);
 
-int crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
+int crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
                           const char *from, size_t fromlen);
-int crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
+int crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
                           const char *from, size_t fromlen);
-int crypto_cipher_crypt_inplace(crypto_cipher_env_t *env, char *d, size_t len);
+int crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *d, size_t len);
 
-int crypto_cipher_encrypt_with_iv(crypto_cipher_env_t *env,
+int crypto_cipher_encrypt_with_iv(crypto_cipher_t *env,
                                   char *to, size_t tolen,
                                   const char *from, size_t fromlen);
-int crypto_cipher_decrypt_with_iv(crypto_cipher_env_t *env,
+int crypto_cipher_decrypt_with_iv(crypto_cipher_t *env,
                                   char *to, size_t tolen,
                                   const char *from, size_t fromlen);
 
@@ -217,16 +217,16 @@ int crypto_digest256(char *digest, const char *m, size_t len,
 int crypto_digest_all(digests_t *ds_out, const char *m, size_t len);
 const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg);
 int crypto_digest_algorithm_parse_name(const char *name);
-crypto_digest_env_t *crypto_new_digest_env(void);
-crypto_digest_env_t *crypto_new_digest256_env(digest_algorithm_t algorithm);
-void crypto_free_digest_env(crypto_digest_env_t *digest);
-void crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
+crypto_digest_t *crypto_digest_new(void);
+crypto_digest_t *crypto_digest256_new(digest_algorithm_t algorithm);
+void crypto_digest_free(crypto_digest_t *digest);
+void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
                              size_t len);
-void crypto_digest_get_digest(crypto_digest_env_t *digest,
+void crypto_digest_get_digest(crypto_digest_t *digest,
                               char *out, size_t out_len);
-crypto_digest_env_t *crypto_digest_dup(const crypto_digest_env_t *digest);
-void crypto_digest_assign(crypto_digest_env_t *into,
-                          const crypto_digest_env_t *from);
+crypto_digest_t *crypto_digest_dup(const crypto_digest_t *digest);
+void crypto_digest_assign(crypto_digest_t *into,
+                          const crypto_digest_t *from);
 void crypto_hmac_sha1(char *hmac_out,
                       const char *key, size_t key_len,
                       const char *msg, size_t msg_len);
@@ -238,15 +238,15 @@ void crypto_hmac_sha256(char *hmac_out,
 #define DH_TYPE_CIRCUIT 1
 #define DH_TYPE_REND 2
 #define DH_TYPE_TLS 3
-crypto_dh_env_t *crypto_dh_new(int dh_type);
-int crypto_dh_get_bytes(crypto_dh_env_t *dh);
-int crypto_dh_generate_public(crypto_dh_env_t *dh);
-int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out,
+crypto_dh_t *crypto_dh_new(int dh_type);
+int crypto_dh_get_bytes(crypto_dh_t *dh);
+int crypto_dh_generate_public(crypto_dh_t *dh);
+int crypto_dh_get_public(crypto_dh_t *dh, char *pubkey_out,
                          size_t pubkey_out_len);
-ssize_t crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
+ssize_t crypto_dh_compute_secret(int severity, crypto_dh_t *dh,
                              const char *pubkey, size_t pubkey_len,
                              char *secret_out, size_t secret_out_len);
-void crypto_dh_free(crypto_dh_env_t *dh);
+void crypto_dh_free(crypto_dh_t *dh);
 int crypto_expand_key_material(const char *key_in, size_t in_len,
                                char *key_out, size_t key_out_len);
 
@@ -288,11 +288,11 @@ void secret_to_key(char *key_out, size_t key_out_len, const char *secret,
 struct rsa_st;
 struct evp_pkey_st;
 struct dh_st;
-struct rsa_st *_crypto_pk_env_get_rsa(crypto_pk_env_t *env);
-crypto_pk_env_t *_crypto_new_pk_env_rsa(struct rsa_st *rsa);
-struct evp_pkey_st *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env,
+struct rsa_st *_crypto_pk_get_rsa(crypto_pk_t *env);
+crypto_pk_t *_crypto_new_pk_from_rsa(struct rsa_st *rsa);
+struct evp_pkey_st *_crypto_pk_get_evp_pkey(crypto_pk_t *env,
                                                 int private);
-struct dh_st *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);
+struct dh_st *_crypto_dh_get_dh(crypto_dh_t *dh);
 /* Prototypes for private functions only used by crypto.c and test.c*/
 void add_spaces_to_fp(char *out, size_t outlen, const char *in);
 #endif
diff --git a/src/common/log.c b/src/common/log.c
index 9740062..df27066 100644
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -653,7 +653,7 @@ init_logging(void)
     log_mutex_initialized = 1;
   }
   if (pending_cb_messages == NULL)
-    pending_cb_messages = smartlist_create();
+    pending_cb_messages = smartlist_new();
 }
 
 /** Set whether we report logging domains as a part of our log messages.
@@ -737,7 +737,7 @@ flush_pending_log_callbacks(void)
   }
 
   messages = pending_cb_messages;
-  pending_cb_messages = smartlist_create();
+  pending_cb_messages = smartlist_new();
   do {
     SMARTLIST_FOREACH_BEGIN(messages, pending_cb_message_t *, msg) {
       const int severity = msg->severity;
@@ -993,7 +993,7 @@ parse_log_severity_config(const char **cfg_ptr,
         return -1;
       domains = 0;
       domains_str = tor_strndup(cfg+1, closebracket-cfg-1);
-      domains_list = smartlist_create();
+      domains_list = smartlist_new();
       smartlist_split_string(domains_list, domains_str, ",", SPLIT_SKIP_SPACE,
                              -1);
       tor_free(domains_str);
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 908337f..570dd00 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -126,8 +126,8 @@ typedef struct tor_tls_context_t {
   tor_cert_t *my_link_cert;
   tor_cert_t *my_id_cert;
   tor_cert_t *my_auth_cert;
-  crypto_pk_env_t *link_key;
-  crypto_pk_env_t *auth_key;
+  crypto_pk_t *link_key;
+  crypto_pk_t *auth_key;
 } tor_tls_context_t;
 
 #define TOR_TLS_MAGIC 0x71571571
@@ -209,17 +209,17 @@ tor_tls_get_by_ssl(const SSL *ssl)
 
 static void tor_tls_context_decref(tor_tls_context_t *ctx);
 static void tor_tls_context_incref(tor_tls_context_t *ctx);
-static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
-                                        crypto_pk_env_t *rsa_sign,
+static X509* tor_tls_create_certificate(crypto_pk_t *rsa,
+                                        crypto_pk_t *rsa_sign,
                                         const char *cname,
                                         const char *cname_sign,
                                         unsigned int lifetime);
 
 static int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
-                                    crypto_pk_env_t *identity,
+                                    crypto_pk_t *identity,
                                     unsigned int key_lifetime,
                                     int is_client);
-static tor_tls_context_t *tor_tls_context_new(crypto_pk_env_t *identity,
+static tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
                                               unsigned int key_lifetime,
                                               int is_client);
 static int check_cert_lifetime_internal(int severity, const X509 *cert,
@@ -569,8 +569,8 @@ tor_x509_name_new(const char *cname)
  * failure.
  */
 static X509 *
-tor_tls_create_certificate(crypto_pk_env_t *rsa,
-                           crypto_pk_env_t *rsa_sign,
+tor_tls_create_certificate(crypto_pk_t *rsa,
+                           crypto_pk_t *rsa_sign,
                            const char *cname,
                            const char *cname_sign,
                            unsigned int cert_lifetime)
@@ -594,9 +594,9 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
   tor_assert(cname);
   tor_assert(rsa_sign);
   tor_assert(cname_sign);
-  if (!(sign_pkey = _crypto_pk_env_get_evp_pkey(rsa_sign,1)))
+  if (!(sign_pkey = _crypto_pk_get_evp_pkey(rsa_sign,1)))
     goto error;
-  if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,0)))
+  if (!(pkey = _crypto_pk_get_evp_pkey(rsa,0)))
     goto error;
   if (!(x509 = X509_new()))
     goto error;
@@ -748,10 +748,10 @@ tor_cert_new(X509 *x509_cert)
 
   if ((pkey = X509_get_pubkey(x509_cert)) &&
       (rsa = EVP_PKEY_get1_RSA(pkey))) {
-    crypto_pk_env_t *pk = _crypto_new_pk_env_rsa(rsa);
+    crypto_pk_t *pk = _crypto_new_pk_from_rsa(rsa);
     crypto_pk_get_all_digests(pk, &cert->pkey_digests);
     cert->pkey_digests_set = 1;
-    crypto_free_pk_env(pk);
+    crypto_pk_free(pk);
     EVP_PKEY_free(pkey);
   }
 
@@ -840,8 +840,8 @@ tor_tls_context_decref(tor_tls_context_t *ctx)
     tor_cert_free(ctx->my_link_cert);
     tor_cert_free(ctx->my_id_cert);
     tor_cert_free(ctx->my_auth_cert);
-    crypto_free_pk_env(ctx->link_key);
-    crypto_free_pk_env(ctx->auth_key);
+    crypto_pk_free(ctx->link_key);
+    crypto_pk_free(ctx->auth_key);
     tor_free(ctx);
   }
 }
@@ -870,7 +870,7 @@ tor_tls_get_my_certs(int server,
  * Return the authentication key that we use to authenticate ourselves as a
  * client in the V3 in-protocol handshake.
  */
-crypto_pk_env_t *
+crypto_pk_t *
 tor_tls_get_my_client_auth_key(void)
 {
   if (! client_tls_context)
@@ -882,10 +882,10 @@ tor_tls_get_my_client_auth_key(void)
  * Return a newly allocated copy of the public key that a certificate
  * certifies.  Return NULL if the cert's key is not RSA.
  */
-crypto_pk_env_t *
+crypto_pk_t *
 tor_tls_cert_get_key(tor_cert_t *cert)
 {
-  crypto_pk_env_t *result = NULL;
+  crypto_pk_t *result = NULL;
   EVP_PKEY *pkey = X509_get_pubkey(cert->cert);
   RSA *rsa;
   if (!pkey)
@@ -895,7 +895,7 @@ tor_tls_cert_get_key(tor_cert_t *cert)
     EVP_PKEY_free(pkey);
     return NULL;
   }
-  result = _crypto_new_pk_env_rsa(rsa);
+  result = _crypto_new_pk_from_rsa(rsa);
   EVP_PKEY_free(pkey);
   return result;
 }
@@ -1018,8 +1018,8 @@ tor_tls_context_incref(tor_tls_context_t *ctx)
  * ignore <b>client_identity</b>. */
 int
 tor_tls_context_init(int is_public_server,
-                     crypto_pk_env_t *client_identity,
-                     crypto_pk_env_t *server_identity,
+                     crypto_pk_t *client_identity,
+                     crypto_pk_t *server_identity,
                      unsigned int key_lifetime)
 {
   int rv1 = 0;
@@ -1077,7 +1077,7 @@ tor_tls_context_init(int is_public_server,
  */
 static int
 tor_tls_context_init_one(tor_tls_context_t **ppcontext,
-                         crypto_pk_env_t *identity,
+                         crypto_pk_t *identity,
                          unsigned int key_lifetime,
                          int is_client)
 {
@@ -1105,10 +1105,10 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext,
  * certificate.
  */
 static tor_tls_context_t *
-tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
+tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
                     int is_client)
 {
-  crypto_pk_env_t *rsa = NULL, *rsa_auth = NULL;
+  crypto_pk_t *rsa = NULL, *rsa_auth = NULL;
   EVP_PKEY *pkey = NULL;
   tor_tls_context_t *result = NULL;
   X509 *cert = NULL, *idcert = NULL, *authcert = NULL;
@@ -1123,14 +1123,14 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
 #endif
 
   /* Generate short-term RSA key for use with TLS. */
-  if (!(rsa = crypto_new_pk_env()))
+  if (!(rsa = crypto_pk_new()))
     goto error;
   if (crypto_pk_generate_key(rsa)<0)
     goto error;
   if (!is_client) {
     /* Generate short-term RSA key for use in the in-protocol ("v3")
      * authentication handshake. */
-    if (!(rsa_auth = crypto_new_pk_env()))
+    if (!(rsa_auth = crypto_pk_new()))
       goto error;
     if (crypto_pk_generate_key(rsa_auth)<0)
       goto error;
@@ -1228,7 +1228,7 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
   SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
   if (!is_client) {
     tor_assert(rsa);
-    if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))
+    if (!(pkey = _crypto_pk_get_evp_pkey(rsa,1)))
       goto error;
     if (!SSL_CTX_use_PrivateKey(result->ctx, pkey))
       goto error;
@@ -1238,9 +1238,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
       goto error;
   }
   {
-    crypto_dh_env_t *dh = crypto_dh_new(DH_TYPE_TLS);
+    crypto_dh_t *dh = crypto_dh_new(DH_TYPE_TLS);
     tor_assert(dh);
-    SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
+    SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_get_dh(dh));
     crypto_dh_free(dh);
   }
   SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
@@ -1249,9 +1249,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
   SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 
   if (rsa)
-    crypto_free_pk_env(rsa);
+    crypto_pk_free(rsa);
   if (rsa_auth)
-    crypto_free_pk_env(rsa_auth);
+    crypto_pk_free(rsa_auth);
   X509_free(authcert);
   tor_free(nickname);
   tor_free(nn2);
@@ -1264,9 +1264,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime,
   if (pkey)
     EVP_PKEY_free(pkey);
   if (rsa)
-    crypto_free_pk_env(rsa);
+    crypto_pk_free(rsa);
   if (rsa_auth)
-    crypto_free_pk_env(rsa_auth);
+    crypto_pk_free(rsa_auth);
   if (result)
     tor_tls_context_decref(result);
   if (cert)
@@ -1314,7 +1314,7 @@ tor_tls_client_is_using_v2_ciphers(const SSL *ssl, const char *address)
   return 0;
  dump_list:
   {
-    smartlist_t *elts = smartlist_create();
+    smartlist_t *elts = smartlist_new();
     char *s;
     for (i = 0; i < sk_SSL_CIPHER_num(session->ciphers); ++i) {
       SSL_CIPHER *cipher = sk_SSL_CIPHER_value(session->ciphers, i);
@@ -2053,7 +2053,7 @@ try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
  * 0.  Else, return -1 and log complaints with log-level <b>severity</b>.
  */
 int
-tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
+tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity_key)
 {
   X509 *cert = NULL, *id_cert = NULL;
   EVP_PKEY *id_pkey = NULL;
@@ -2081,7 +2081,7 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
   rsa = EVP_PKEY_get1_RSA(id_pkey);
   if (!rsa)
     goto done;
-  *identity_key = _crypto_new_pk_env_rsa(rsa);
+  *identity_key = _crypto_new_pk_from_rsa(rsa);
 
   r = 0;
 
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 673f18d..bcec63f 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -55,8 +55,8 @@ void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
 
 void tor_tls_free_all(void);
 int tor_tls_context_init(int is_public_server,
-                         crypto_pk_env_t *client_identity,
-                         crypto_pk_env_t *server_identity,
+                         crypto_pk_t *client_identity,
+                         crypto_pk_t *server_identity,
                          unsigned int key_lifetime);
 tor_tls_t *tor_tls_new(int sock, int is_server);
 void tor_tls_set_logged_address(tor_tls_t *tls, const char *address);
@@ -67,7 +67,7 @@ int tor_tls_is_server(tor_tls_t *tls);
 void tor_tls_free(tor_tls_t *tls);
 int tor_tls_peer_has_cert(tor_tls_t *tls);
 tor_cert_t *tor_tls_get_peer_cert(tor_tls_t *tls);
-int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity);
+int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
 int tor_tls_check_lifetime(int severity,
                            tor_tls_t *tls, int past_tolerance,
                            int future_tolerance);
@@ -122,8 +122,8 @@ const digests_t *tor_cert_get_cert_digests(const tor_cert_t *cert);
 int tor_tls_get_my_certs(int server,
                          const tor_cert_t **link_cert_out,
                          const tor_cert_t **id_cert_out);
-crypto_pk_env_t *tor_tls_get_my_client_auth_key(void);
-crypto_pk_env_t *tor_tls_cert_get_key(tor_cert_t *cert);
+crypto_pk_t *tor_tls_get_my_client_auth_key(void);
+crypto_pk_t *tor_tls_cert_get_key(tor_cert_t *cert);
 int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert);
 int tor_tls_cert_is_valid(int severity,
                           const tor_cert_t *cert,
diff --git a/src/common/util.c b/src/common/util.c
index 3d8b7da..40efff0 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2160,7 +2160,7 @@ write_bytes_to_file_impl(const char *fname, const char *str, size_t len,
 {
   int r;
   sized_chunk_t c = { str, len };
-  smartlist_t *chunks = smartlist_create();
+  smartlist_t *chunks = smartlist_new();
   smartlist_add(chunks, &c);
   r = write_chunks_to_file_impl(fname, chunks, flags);
   smartlist_free(chunks);
@@ -2796,7 +2796,7 @@ tor_listdir(const char *dirname)
     tor_free(pattern);
     return NULL;
   }
-  result = smartlist_create();
+  result = smartlist_new();
   while (1) {
 #ifdef UNICODE
     wcstombs(name,findData.cFileName,MAX_PATH);
@@ -2825,7 +2825,7 @@ tor_listdir(const char *dirname)
   if (!(d = opendir(dirname)))
     return NULL;
 
-  result = smartlist_create();
+  result = smartlist_new();
   while ((de = readdir(d))) {
     if (!strcmp(de->d_name, ".") ||
         !strcmp(de->d_name, ".."))
@@ -3034,7 +3034,7 @@ format_win_cmdline_argument(const char *arg)
 
   /* Smartlist of *char */
   smartlist_t *arg_chars;
-  arg_chars = smartlist_create();
+  arg_chars = smartlist_new();
 
   /* Quote string if it contains whitespace or is empty */
   need_quotes = (strchr(arg, ' ') || strchr(arg, '\t') || '\0' == arg[0]);
@@ -3100,7 +3100,7 @@ tor_join_win_cmdline(const char *argv[])
   int i;
 
   /* Format each argument and put the result in a smartlist */
-  argv_list = smartlist_create();
+  argv_list = smartlist_new();
   for (i=0; argv[i] != NULL; i++) {
     smartlist_add(argv_list, (void *)format_win_cmdline_argument(argv[i]));
   }
@@ -3923,7 +3923,7 @@ log_from_handle(HANDLE *pipe, int severity)
   log_debug(LD_GENERAL, "Subprocess had %d bytes to say", pos);
 
   /* Split up the buffer */
-  lines = smartlist_create();
+  lines = smartlist_new();
   tor_split_lines(lines, buf, pos);
 
   /* Log each line */
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index d157dbd..d35c08e 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -793,7 +793,7 @@ circuit_build_times_parse_state(circuit_build_times_t *cbt,
   loaded_times = tor_malloc_zero(sizeof(build_time_t)*state->TotalBuildTimes);
 
   for (line = state->BuildtimeHistogram; line; line = line->next) {
-    smartlist_t *args = smartlist_create();
+    smartlist_t *args = smartlist_new();
     smartlist_split_string(args, line->value, " ",
                            SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
     if (smartlist_len(args) < 2) {
@@ -1540,7 +1540,7 @@ circuit_list_path_impl(origin_circuit_t *circ, int verbose, int verbose_names)
   const char *states[] = {"closed", "waiting for keys", "open"};
   char *s;
 
-  elements = smartlist_create();
+  elements = smartlist_new();
 
   if (verbose) {
     const char *nickname = build_state_get_exit_nickname(circ->build_state);
@@ -1825,7 +1825,7 @@ circuit_n_conn_done(or_connection_t *or_conn, int status)
             or_conn->nickname ? or_conn->nickname : "NULL",
             or_conn->_base.address, status);
 
-  pending_circs = smartlist_create();
+  pending_circs = smartlist_new();
   circuit_get_all_pending_on_or_conn(pending_circs, or_conn);
 
   SMARTLIST_FOREACH_BEGIN(pending_circs, circuit_t *, circ)
@@ -2320,17 +2320,17 @@ int
 circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data,
                           int reverse)
 {
-  crypto_digest_env_t *tmp_digest;
-  crypto_cipher_env_t *tmp_crypto;
+  crypto_digest_t *tmp_digest;
+  crypto_cipher_t *tmp_crypto;
 
   tor_assert(cpath);
   tor_assert(key_data);
   tor_assert(!(cpath->f_crypto || cpath->b_crypto ||
              cpath->f_digest || cpath->b_digest));
 
-  cpath->f_digest = crypto_new_digest_env();
+  cpath->f_digest = crypto_digest_new();
   crypto_digest_add_bytes(cpath->f_digest, key_data, DIGEST_LEN);
-  cpath->b_digest = crypto_new_digest_env();
+  cpath->b_digest = crypto_digest_new();
   crypto_digest_add_bytes(cpath->b_digest, key_data+DIGEST_LEN, DIGEST_LEN);
 
   if (!(cpath->f_crypto =
@@ -2793,7 +2793,7 @@ choose_good_exit_server_general(int need_uptime, int need_capacity)
   /* If any routers definitely support any pending connections, choose one
    * at random. */
   if (best_support > 0) {
-    smartlist_t *supporting = smartlist_create();
+    smartlist_t *supporting = smartlist_new();
 
     SMARTLIST_FOREACH(the_nodes, const node_t *, node, {
       if (n_supported[node_sl_idx] == best_support)
@@ -2824,7 +2824,7 @@ choose_good_exit_server_general(int need_uptime, int need_capacity)
                  "choosing a doomed exit at random.",
                  options->_ExcludeExitNodesUnion ? " or are Excluded" : "");
     }
-    supporting = smartlist_create();
+    supporting = smartlist_new();
     needed_ports = circuit_get_unhandled_ports(time(NULL));
     for (attempt = 0; attempt < 2; attempt++) {
       /* try once to pick only from routers that satisfy a needed port,
@@ -3126,7 +3126,7 @@ choose_good_middle_server(uint8_t purpose,
              purpose <= _CIRCUIT_PURPOSE_MAX);
 
   log_debug(LD_CIRC, "Contemplating intermediate hop: random choice.");
-  excluded = smartlist_create();
+  excluded = smartlist_new();
   if ((r = build_state_get_exit_node(state))) {
     nodelist_add_node_and_family(excluded, r);
   }
@@ -3171,7 +3171,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state)
     return choose_random_entry(state);
   }
 
-  excluded = smartlist_create();
+  excluded = smartlist_new();
 
   if (state && (node = build_state_get_exit_node(state))) {
     /* Exclude the exit node from the state, if we have one.  Also exclude its
@@ -3306,7 +3306,7 @@ onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice)
 /** Allocate a new extend_info object based on the various arguments. */
 extend_info_t *
 extend_info_alloc(const char *nickname, const char *digest,
-                  crypto_pk_env_t *onion_key,
+                  crypto_pk_t *onion_key,
                   const tor_addr_t *addr, uint16_t port)
 {
   extend_info_t *info = tor_malloc_zero(sizeof(extend_info_t));
@@ -3369,7 +3369,7 @@ extend_info_free(extend_info_t *info)
 {
   if (!info)
     return;
-  crypto_free_pk_env(info->onion_key);
+  crypto_pk_free(info->onion_key);
   tor_free(info);
 }
 
@@ -3587,7 +3587,7 @@ is_an_entry_guard(const char *digest)
 static void
 log_entry_guards(int severity)
 {
-  smartlist_t *elements = smartlist_create();
+  smartlist_t *elements = smartlist_new();
   char *s;
 
   SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e)
@@ -4041,11 +4041,11 @@ entry_guards_set_from_config(const or_options_t *options)
     tor_free(string);
   }
 
-  entry_nodes = smartlist_create();
-  worse_entry_nodes = smartlist_create();
-  entry_fps = smartlist_create();
-  old_entry_guards_on_list = smartlist_create();
-  old_entry_guards_not_on_list = smartlist_create();
+  entry_nodes = smartlist_new();
+  worse_entry_nodes = smartlist_new();
+  entry_fps = smartlist_new();
+  old_entry_guards_on_list = smartlist_new();
+  old_entry_guards_not_on_list = smartlist_new();
 
   /* Split entry guards into those on the list and those not. */
 
@@ -4131,8 +4131,8 @@ const node_t *
 choose_random_entry(cpath_build_state_t *state)
 {
   const or_options_t *options = get_options();
-  smartlist_t *live_entry_guards = smartlist_create();
-  smartlist_t *exit_family = smartlist_create();
+  smartlist_t *live_entry_guards = smartlist_new();
+  smartlist_t *exit_family = smartlist_new();
   const node_t *chosen_exit =
     state?build_state_get_exit_node(state) : NULL;
   const node_t *node = NULL;
@@ -4146,7 +4146,7 @@ choose_random_entry(cpath_build_state_t *state)
   }
 
   if (!entry_guards)
-    entry_guards = smartlist_create();
+    entry_guards = smartlist_new();
 
   if (should_add_entry_nodes)
     entry_guards_set_from_config(options);
@@ -4273,7 +4273,7 @@ int
 entry_guards_parse_state(or_state_t *state, int set, char **msg)
 {
   entry_guard_t *node = NULL;
-  smartlist_t *new_entry_guards = smartlist_create();
+  smartlist_t *new_entry_guards = smartlist_new();
   config_line_t *line;
   time_t now = time(NULL);
   const char *state_version = state->TorVersion;
@@ -4282,7 +4282,7 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
   *msg = NULL;
   for (line = state->EntryGuards; line; line = line->next) {
     if (!strcasecmp(line->key, "EntryGuard")) {
-      smartlist_t *args = smartlist_create();
+      smartlist_t *args = smartlist_new();
       node = tor_malloc_zero(sizeof(entry_guard_t));
       /* all entry guards on disk have been contacted */
       node->made_contact = 1;
@@ -4428,7 +4428,7 @@ entry_guards_update_state(or_state_t *state)
   next = &state->EntryGuards;
   *next = NULL;
   if (!entry_guards)
-    entry_guards = smartlist_create();
+    entry_guards = smartlist_new();
   SMARTLIST_FOREACH(entry_guards, entry_guard_t *, e,
     {
       char dbuf[HEX_DIGEST_LEN+1];
@@ -4491,11 +4491,11 @@ getinfo_helper_entry_guards(control_connection_t *conn,
 
   if (!strcmp(question,"entry-guards") ||
       !strcmp(question,"helper-nodes")) {
-    smartlist_t *sl = smartlist_create();
+    smartlist_t *sl = smartlist_new();
     char tbuf[ISO_TIME_LEN+1];
     char nbuf[MAX_VERBOSE_NICKNAME_LEN+1];
     if (!entry_guards)
-      entry_guards = smartlist_create();
+      entry_guards = smartlist_new();
     SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) {
         const char *status = NULL;
         time_t when = 0;
@@ -4546,7 +4546,7 @@ void
 mark_bridge_list(void)
 {
   if (!bridge_list)
-    bridge_list = smartlist_create();
+    bridge_list = smartlist_new();
   SMARTLIST_FOREACH(bridge_list, bridge_info_t *, b,
                     b->marked_for_removal = 1);
 }
@@ -4557,7 +4557,7 @@ void
 sweep_bridge_list(void)
 {
   if (!bridge_list)
-    bridge_list = smartlist_create();
+    bridge_list = smartlist_new();
   SMARTLIST_FOREACH_BEGIN(bridge_list, bridge_info_t *, b) {
     if (b->marked_for_removal) {
       SMARTLIST_DEL_CURRENT(bridge_list, b);
@@ -4571,7 +4571,7 @@ static void
 clear_bridge_list(void)
 {
   if (!bridge_list)
-    bridge_list = smartlist_create();
+    bridge_list = smartlist_new();
   SMARTLIST_FOREACH(bridge_list, bridge_info_t *, b, bridge_free(b));
   smartlist_clear(bridge_list);
 }
@@ -4596,7 +4596,7 @@ void
 mark_transport_list(void)
 {
   if (!transport_list)
-    transport_list = smartlist_create();
+    transport_list = smartlist_new();
   SMARTLIST_FOREACH(transport_list, transport_t *, t,
                     t->marked_for_removal = 1);
 }
@@ -4607,7 +4607,7 @@ void
 sweep_transport_list(void)
 {
   if (!transport_list)
-    transport_list = smartlist_create();
+    transport_list = smartlist_new();
   SMARTLIST_FOREACH_BEGIN(transport_list, transport_t *, t) {
     if (t->marked_for_removal) {
       SMARTLIST_DEL_CURRENT(transport_list, t);
@@ -4622,7 +4622,7 @@ void
 clear_transport_list(void)
 {
   if (!transport_list)
-    transport_list = smartlist_create();
+    transport_list = smartlist_new();
   SMARTLIST_FOREACH(transport_list, transport_t *, t, transport_free(t));
   smartlist_clear(transport_list);
 }
@@ -4660,7 +4660,7 @@ transport_get_by_name(const char *name)
     protocol <b>name</b> listening at <b>addr</b>:<b>port</b> using
     SOCKS version <b>socks_ver</b>. */
 transport_t *
-transport_create(const tor_addr_t *addr, uint16_t port,
+transport_new(const tor_addr_t *addr, uint16_t port,
                  const char *name, int socks_ver)
 {
   transport_t *t = tor_malloc_zero(sizeof(transport_t));
@@ -4743,7 +4743,7 @@ transport_add(transport_t *t)
   switch (r) {
   case 0: /* should register transport */
     if (!transport_list)
-      transport_list = smartlist_create();
+      transport_list = smartlist_new();
     smartlist_add(transport_list, t);
     return 0;
   default: /* let our caller know the return code */
@@ -4758,7 +4758,7 @@ int
 transport_add_from_config(const tor_addr_t *addr, uint16_t port,
                           const char *name, int socks_ver)
 {
-  transport_t *t = transport_create(addr, port, name, socks_ver);
+  transport_t *t = transport_new(addr, port, name, socks_ver);
 
   int r = transport_add(t);
 
@@ -4924,7 +4924,7 @@ bridge_add_from_config(const tor_addr_t *addr, uint16_t port,
     b->transport_name = tor_strdup(transport_name);
   b->fetch_status.schedule = DL_SCHED_BRIDGE;
   if (!bridge_list)
-    bridge_list = smartlist_create();
+    bridge_list = smartlist_new();
 
   smartlist_add(bridge_list, b);
 }
@@ -5282,7 +5282,7 @@ entries_retry_helper(const or_options_t *options, int act)
   int any_running = 0;
   int need_bridges = options->UseBridges != 0;
   if (!entry_guards)
-    entry_guards = smartlist_create();
+    entry_guards = smartlist_new();
   SMARTLIST_FOREACH_BEGIN(entry_guards, entry_guard_t *, e) {
       node = node_get_by_id(e->identity);
       if (node && node_has_descriptor(node) &&
diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h
index 8df2748..cded399 100644
--- a/src/or/circuitbuild.h
+++ b/src/or/circuitbuild.h
@@ -57,7 +57,7 @@ int circuit_append_new_exit(origin_circuit_t *circ, extend_info_t *info);
 int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *info);
 void onion_append_to_cpath(crypt_path_t **head_ptr, crypt_path_t *new_hop);
 extend_info_t *extend_info_alloc(const char *nickname, const char *digest,
-                                 crypto_pk_env_t *onion_key,
+                                 crypto_pk_t *onion_key,
                                  const tor_addr_t *addr, uint16_t port);
 extend_info_t *extend_info_from_router(const routerinfo_t *r,
                                        int for_direct_connect);
@@ -152,7 +152,7 @@ int transport_add_from_config(const tor_addr_t *addr, uint16_t port,
                                const char *name, int socks_ver);
 int transport_add(transport_t *t);
 void transport_free(transport_t *transport);
-transport_t *transport_create(const tor_addr_t *addr, uint16_t port,
+transport_t *transport_new(const tor_addr_t *addr, uint16_t port,
                                       const char *name, int socks_ver);
 
 int find_transport_by_bridge_addrport(const tor_addr_t *addr, uint16_t port,
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 319acdb..49a9b05 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -202,7 +202,7 @@ circuit_set_state(circuit_t *circ, uint8_t state)
   if (state == circ->state)
     return;
   if (!circuits_pending_or_conns)
-    circuits_pending_or_conns = smartlist_create();
+    circuits_pending_or_conns = smartlist_new();
   if (circ->state == CIRCUIT_STATE_OR_WAIT) {
     /* remove from waiting-circuit list. */
     smartlist_remove(circuits_pending_or_conns, circ);
@@ -269,7 +269,7 @@ int
 circuit_count_pending_on_or_conn(or_connection_t *or_conn)
 {
   int cnt;
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
   circuit_get_all_pending_on_or_conn(sl, or_conn);
   cnt = smartlist_len(sl);
   smartlist_free(sl);
@@ -607,7 +607,7 @@ circuit_free(circuit_t *circ)
 
     circuit_free_cpath(ocirc->cpath);
 
-    crypto_free_pk_env(ocirc->intro_key);
+    crypto_pk_free(ocirc->intro_key);
     rend_data_free(ocirc->rend_data);
 
     tor_free(ocirc->dest_address);
@@ -628,10 +628,10 @@ circuit_free(circuit_t *circ)
     memlen = sizeof(or_circuit_t);
     tor_assert(circ->magic == OR_CIRCUIT_MAGIC);
 
-    crypto_free_cipher_env(ocirc->p_crypto);
-    crypto_free_digest_env(ocirc->p_digest);
-    crypto_free_cipher_env(ocirc->n_crypto);
-    crypto_free_digest_env(ocirc->n_digest);
+    crypto_cipher_free(ocirc->p_crypto);
+    crypto_digest_free(ocirc->p_digest);
+    crypto_cipher_free(ocirc->n_crypto);
+    crypto_digest_free(ocirc->n_digest);
 
     if (ocirc->rend_splice) {
       or_circuit_t *other = ocirc->rend_splice;
@@ -714,10 +714,10 @@ circuit_free_cpath_node(crypt_path_t *victim)
   if (!victim)
     return;
 
-  crypto_free_cipher_env(victim->f_crypto);
-  crypto_free_cipher_env(victim->b_crypto);
-  crypto_free_digest_env(victim->f_digest);
-  crypto_free_digest_env(victim->b_digest);
+  crypto_cipher_free(victim->f_crypto);
+  crypto_cipher_free(victim->b_crypto);
+  crypto_digest_free(victim->f_digest);
+  crypto_digest_free(victim->b_digest);
   crypto_dh_free(victim->dh_handshake_state);
   extend_info_free(victim->extend_info);
 
diff --git a/src/or/command.c b/src/or/command.c
index a23e47f..eb11a95 100644
--- a/src/or/command.c
+++ b/src/or/command.c
@@ -1050,7 +1050,7 @@ command_process_certs_cell(var_cell_t *cell, or_connection_t *conn)
     conn->handshake_state->authenticated = 1;
     {
       const digests_t *id_digests = tor_cert_get_id_digests(id_cert);
-      crypto_pk_env_t *identity_rcvd;
+      crypto_pk_t *identity_rcvd;
       if (!id_digests)
         ERR("Couldn't compute digests for key in ID cert");
 
@@ -1060,7 +1060,7 @@ command_process_certs_cell(var_cell_t *cell, or_connection_t *conn)
       memcpy(conn->handshake_state->authenticated_peer_id,
              id_digests->d[DIGEST_SHA1], DIGEST_LEN);
       connection_or_set_circid_type(conn, identity_rcvd);
-      crypto_free_pk_env(identity_rcvd);
+      crypto_pk_free(identity_rcvd);
     }
 
     if (connection_or_client_learned_peer_id(conn,
@@ -1253,7 +1253,7 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
     ERR("Some field in the AUTHENTICATE cell body was not as expected");
 
   {
-    crypto_pk_env_t *pk = tor_tls_cert_get_key(
+    crypto_pk_t *pk = tor_tls_cert_get_key(
                                    conn->handshake_state->auth_cert);
     char d[DIGEST256_LEN];
     char *signed_data;
@@ -1269,7 +1269,7 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
     signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
                                            (char*)auth + V3_AUTH_BODY_LEN,
                                            authlen - V3_AUTH_BODY_LEN);
-    crypto_free_pk_env(pk);
+    crypto_pk_free(pk);
     if (signed_len < 0) {
       tor_free(signed_data);
       ERR("Signature wasn't valid");
@@ -1292,7 +1292,7 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
   conn->handshake_state->authenticated = 1;
   conn->handshake_state->digest_received_data = 0;
   {
-    crypto_pk_env_t *identity_rcvd =
+    crypto_pk_t *identity_rcvd =
       tor_tls_cert_get_key(conn->handshake_state->id_cert);
     const digests_t *id_digests =
       tor_cert_get_id_digests(conn->handshake_state->id_cert);
@@ -1304,7 +1304,7 @@ command_process_authenticate_cell(var_cell_t *cell, or_connection_t *conn)
            id_digests->d[DIGEST_SHA1], DIGEST_LEN);
 
     connection_or_set_circid_type(conn, identity_rcvd);
-    crypto_free_pk_env(identity_rcvd);
+    crypto_pk_free(identity_rcvd);
 
     connection_or_init_conn_from_address(conn,
                   &conn->_base.addr,
diff --git a/src/or/config.c b/src/or/config.c
index 2627c14..4b21b6c 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -748,7 +748,7 @@ set_options(or_options_t *new_val, char **msg)
   /* Issues a CONF_CHANGED event to notify controller of the change. If Tor is
    * just starting up then the old_options will be undefined. */
   if (old_options) {
-    elements = smartlist_create();
+    elements = smartlist_new();
     for (i=0; options_format.vars[i].name; ++i) {
       const config_var_t *var = &options_format.vars[i];
       const char *var_name = var->name;
@@ -1052,8 +1052,8 @@ consider_adding_dir_authorities(const or_options_t *options,
 static int
 options_act_reversible(const or_options_t *old_options, char **msg)
 {
-  smartlist_t *new_listeners = smartlist_create();
-  smartlist_t *replaced_listeners = smartlist_create();
+  smartlist_t *new_listeners = smartlist_new();
+  smartlist_t *replaced_listeners = smartlist_new();
   static int libevent_initialized = 0;
   or_options_t *options = get_options_mutable();
   int running_tor = options->command == CMD_RUN_TOR;
@@ -2182,7 +2182,7 @@ config_assign_value(const config_format_t *fmt, or_options_t *options,
       SMARTLIST_FOREACH(*(smartlist_t**)lvalue, char *, cp, tor_free(cp));
       smartlist_clear(*(smartlist_t**)lvalue);
     } else {
-      *(smartlist_t**)lvalue = smartlist_create();
+      *(smartlist_t**)lvalue = smartlist_new();
     }
 
     smartlist_split_string(*(smartlist_t**)lvalue, c->value, ",",
@@ -2779,7 +2779,7 @@ static void
 list_torrc_options(void)
 {
   int i;
-  smartlist_t *lines = smartlist_create();
+  smartlist_t *lines = smartlist_new();
   for (i = 0; _option_vars[i].name; ++i) {
     const config_var_t *var = &_option_vars[i];
     if (var->type == CONFIG_TYPE_OBSOLETE ||
@@ -3124,7 +3124,7 @@ config_dump(const config_format_t *fmt, const void *default_options,
     }
   }
 
-  elements = smartlist_create();
+  elements = smartlist_new();
   for (i=0; fmt->vars[i].name; ++i) {
     int comment_option = 0;
     if (fmt->vars[i].type == CONFIG_TYPE_OBSOLETE ||
@@ -3387,7 +3387,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
   }
 
   if (options->NodeFamilies) {
-    options->NodeFamilySets = smartlist_create();
+    options->NodeFamilySets = smartlist_new();
     for (cl = options->NodeFamilies; cl; cl = cl->next) {
       routerset_t *rs = routerset_new();
       if (routerset_parse(rs, cl->value, cl->key) == 0) {
@@ -3493,7 +3493,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
       /* We already have firewall ports set, so migrate them to
        * ReachableAddresses, which will set ReachableORAddresses and
        * ReachableDirAddresses if they aren't set explicitly. */
-      smartlist_t *instead = smartlist_create();
+      smartlist_t *instead = smartlist_new();
       config_line_t *new_line = tor_malloc_zero(sizeof(config_line_t));
       new_line->key = tor_strdup("ReachableAddresses");
       /* If we're configured with the old format, we need to prepend some
@@ -4338,7 +4338,7 @@ check_nickname_list(const char *lst, const char *name, char **msg)
 
   if (!lst)
     return 0;
-  sl = smartlist_create();
+  sl = smartlist_new();
 
   smartlist_split_string(sl, lst, ",",
     SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK|SPLIT_STRIP_SPACE, 0);
@@ -4717,7 +4717,7 @@ config_register_addressmaps(const or_options_t *options)
   char *from, *to;
 
   addressmap_clear_configured();
-  elts = smartlist_create();
+  elts = smartlist_new();
   for (opt = options->AddressMap; opt; opt = opt->next) {
     int from_wildcard = 0, to_wildcard = 0;
     smartlist_split_string(elts, opt->value, NULL,
@@ -4825,7 +4825,7 @@ options_init_logs(or_options_t *options, int validate_only)
   }
 
   ok = 1;
-  elts = smartlist_create();
+  elts = smartlist_new();
 
   for (opt = options->Logs; opt; opt = opt->next) {
     log_severity_list_t *severity;
@@ -4919,7 +4919,7 @@ parse_bridge_line(const char *line, int validate_only)
   uint16_t port = 0;
   char digest[DIGEST_LEN];
 
-  items = smartlist_create();
+  items = smartlist_new();
   smartlist_split_string(items, line, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
   if (smartlist_len(items) < 1) {
@@ -5021,7 +5021,7 @@ parse_client_transport_line(const char *line, int validate_only)
 
   int line_length;
 
-  items = smartlist_create();
+  items = smartlist_new();
   smartlist_split_string(items, line, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
 
@@ -5035,7 +5035,7 @@ parse_client_transport_line(const char *line, int validate_only)
      transport_list (in case it's multiple transports) and validate
      the transport names. */
   transports = smartlist_get(items, 0);
-  transport_list = smartlist_create();
+  transport_list = smartlist_new();
   smartlist_split_string(transport_list, transports, ",",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH_BEGIN(transport_list, const char *, transport_name) {
@@ -5149,7 +5149,7 @@ parse_server_transport_line(const char *line, int validate_only)
 
   int line_length;
 
-  items = smartlist_create();
+  items = smartlist_new();
   smartlist_split_string(items, line, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
 
@@ -5163,7 +5163,7 @@ parse_server_transport_line(const char *line, int validate_only)
      transport_list (in case it's multiple transports) and validate
      the transport names. */
   transports = smartlist_get(items, 0);
-  transport_list = smartlist_create();
+  transport_list = smartlist_new();
   smartlist_split_string(transport_list, transports, ",",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH_BEGIN(transport_list, const char *, transport_name) {
@@ -5263,7 +5263,7 @@ parse_dir_server_line(const char *line, dirinfo_type_t required_type,
   dirinfo_type_t type = V2_DIRINFO;
   int is_not_hidserv_authority = 0, is_not_v2_authority = 0;
 
-  items = smartlist_create();
+  items = smartlist_new();
   smartlist_split_string(items, line, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
   if (smartlist_len(items) < 1) {
@@ -5597,7 +5597,7 @@ parse_port_config(smartlist_t *out,
 
   /* At last we can actually parse the FooPort lines.  The syntax is:
    * [Addr:](Port|auto) [Options].*/
-  elts = smartlist_create();
+  elts = smartlist_new();
 
   for (; ports; ports = ports->next) {
     tor_addr_t addr;
@@ -5828,7 +5828,7 @@ parse_ports(const or_options_t *options, int validate_only,
   smartlist_t *ports;
   int retval = -1;
 
-  ports = smartlist_create();
+  ports = smartlist_new();
 
   *n_ports_out = 0;
 
@@ -6010,7 +6010,7 @@ const smartlist_t *
 get_configured_ports(void)
 {
   if (!configured_ports)
-    configured_ports = smartlist_create();
+    configured_ports = smartlist_new();
   return configured_ports;
 }
 
@@ -6485,7 +6485,7 @@ state_transport_line_is_valid(const char *line)
   uint16_t port = 0;
   int r;
 
-  items = smartlist_create();
+  items = smartlist_new();
   smartlist_split_string(items, line, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
 
@@ -6803,7 +6803,7 @@ get_transport_in_state_by_name(const char *transport)
   for (line = or_state->TransportProxies ; line ; line = line->next) {
     tor_assert(!strcmp(line->key, "TransportProxy"));
 
-    items = smartlist_create();
+    items = smartlist_new();
     smartlist_split_string(items, line->value, NULL,
                            SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
     if (smartlist_len(items) != 2) /* broken state */
@@ -6971,7 +6971,7 @@ getinfo_helper_config(control_connection_t *conn,
   (void) conn;
   (void) errmsg;
   if (!strcmp(question, "config/names")) {
-    smartlist_t *sl = smartlist_create();
+    smartlist_t *sl = smartlist_new();
     int i;
     for (i = 0; _option_vars[i].name; ++i) {
       const config_var_t *var = &_option_vars[i];
diff --git a/src/or/connection.c b/src/or/connection.c
index 14dfe0a..462022d 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -44,7 +44,7 @@
 #include <pwd.h>
 #endif
 
-static connection_t *connection_create_listener(
+static connection_t *connection_listener_new(
                                const struct sockaddr *listensockaddr,
                                socklen_t listensocklen, int type,
                                const char *address,
@@ -244,7 +244,7 @@ or_connection_new(int socket_family)
   or_conn->timestamp_last_added_nonpadding = time(NULL);
   or_conn->next_circ_id = crypto_rand_int(1<<15);
 
-  or_conn->active_circuit_pqueue = smartlist_create();
+  or_conn->active_circuit_pqueue = smartlist_new();
   or_conn->active_circuit_pqueue_last_recalibrated = cell_ewma_get_tick();
 
   return or_conn;
@@ -858,7 +858,7 @@ make_socket_reuseable(tor_socket_t sock)
  * to the conn.
  */
 static connection_t *
-connection_create_listener(const struct sockaddr *listensockaddr,
+connection_listener_new(const struct sockaddr *listensockaddr,
                            socklen_t socklen,
                            int type, const char *address,
                            const port_cfg_t *port_cfg)
@@ -1790,7 +1790,7 @@ retry_listener_ports(smartlist_t *old_conns,
                      const smartlist_t *ports,
                      smartlist_t *new_conns)
 {
-  smartlist_t *launch = smartlist_create();
+  smartlist_t *launch = smartlist_new();
   int r = 0;
 
   smartlist_add_all(launch, ports);
@@ -1866,7 +1866,7 @@ retry_listener_ports(smartlist_t *old_conns,
     }
 
     if (listensockaddr) {
-      conn = connection_create_listener(listensockaddr, listensocklen,
+      conn = connection_listener_new(listensockaddr, listensocklen,
                                         port->type, address, port);
       tor_free(listensockaddr);
       tor_free(address);
@@ -1898,7 +1898,7 @@ int
 retry_all_listeners(smartlist_t *replaced_conns,
                     smartlist_t *new_conns)
 {
-  smartlist_t *listeners = smartlist_create();
+  smartlist_t *listeners = smartlist_new();
   const or_options_t *options = get_options();
   int retval = 0;
   const uint16_t old_or_port = router_get_advertised_or_port(options);
@@ -3682,7 +3682,7 @@ client_check_address_changed(tor_socket_t sock)
   if (!last_interface_ip)
     get_interface_address(LOG_INFO, &last_interface_ip);
   if (!outgoing_addrs)
-    outgoing_addrs = smartlist_create();
+    outgoing_addrs = smartlist_new();
 
   if (getsockname(sock, (struct sockaddr*)&out_addr, &out_addr_len)<0) {
     int e = tor_socket_errno(sock);
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 76402a5..a815928 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -257,7 +257,7 @@ connection_or_report_broken_states(int severity, int domain)
   if (!broken_connection_counts || disable_broken_connection_counts)
     return;
 
-  items = smartlist_create();
+  items = smartlist_new();
   STRMAP_FOREACH(broken_connection_counts, state, void *, countptr) {
     broken_state_count_t *c = tor_malloc(sizeof(broken_state_count_t));
     c->count = (intptr_t)countptr;
@@ -1329,10 +1329,10 @@ connection_or_nonopen_was_started_here(or_connection_t *conn)
  * <b>identity_rcvd</b> */
 void
 connection_or_set_circid_type(or_connection_t *conn,
-                              crypto_pk_env_t *identity_rcvd)
+                              crypto_pk_t *identity_rcvd)
 {
   const int started_here = connection_or_nonopen_was_started_here(conn);
-  crypto_pk_env_t *our_identity =
+  crypto_pk_t *our_identity =
     started_here ? get_tlsclient_identity_key() :
                    get_server_identity_key();
 
@@ -1377,7 +1377,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
                                         int started_here,
                                         char *digest_rcvd_out)
 {
-  crypto_pk_env_t *identity_rcvd=NULL;
+  crypto_pk_t *identity_rcvd=NULL;
   const or_options_t *options = get_options();
   int severity = server_mode(options) ? LOG_PROTOCOL_WARN : LOG_WARN;
   const char *safe_address =
@@ -1425,7 +1425,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
   }
 
   connection_or_set_circid_type(conn, identity_rcvd);
-  crypto_free_pk_env(identity_rcvd);
+  crypto_pk_free(identity_rcvd);
 
   if (started_here)
     return connection_or_client_learned_peer_id(conn,
@@ -1600,8 +1600,8 @@ or_handshake_state_free(or_handshake_state_t *state)
 {
   if (!state)
     return;
-  crypto_free_digest_env(state->digest_sent);
-  crypto_free_digest_env(state->digest_received);
+  crypto_digest_free(state->digest_sent);
+  crypto_digest_free(state->digest_received);
   tor_cert_free(state->auth_cert);
   tor_cert_free(state->id_cert);
   memset(state, 0xBE, sizeof(or_handshake_state_t));
@@ -1622,7 +1622,7 @@ or_handshake_state_record_cell(or_handshake_state_t *state,
                                const cell_t *cell,
                                int incoming)
 {
-  crypto_digest_env_t *d, **dptr;
+  crypto_digest_t *d, **dptr;
   packed_cell_t packed;
   if (incoming) {
     if (!state->digest_received_data)
@@ -1638,7 +1638,7 @@ or_handshake_state_record_cell(or_handshake_state_t *state,
   }
   dptr = incoming ? &state->digest_received : &state->digest_sent;
   if (! *dptr)
-    *dptr = crypto_new_digest256_env(DIGEST_SHA256);
+    *dptr = crypto_digest256_new(DIGEST_SHA256);
 
   d = *dptr;
   /* Re-packing like this is a little inefficient, but we don't have to do
@@ -1661,7 +1661,7 @@ or_handshake_state_record_var_cell(or_handshake_state_t *state,
                                    const var_cell_t *cell,
                                    int incoming)
 {
-  crypto_digest_env_t *d, **dptr;
+  crypto_digest_t *d, **dptr;
   char buf[VAR_CELL_HEADER_SIZE];
   if (incoming) {
     if (!state->digest_received_data)
@@ -1672,7 +1672,7 @@ or_handshake_state_record_var_cell(or_handshake_state_t *state,
   }
   dptr = incoming ? &state->digest_received : &state->digest_sent;
   if (! *dptr)
-    *dptr = crypto_new_digest256_env(DIGEST_SHA256);
+    *dptr = crypto_digest256_new(DIGEST_SHA256);
 
   d = *dptr;
 
@@ -2065,7 +2065,7 @@ connection_or_send_auth_challenge_cell(or_connection_t *conn)
 int
 connection_or_compute_authenticate_cell_body(or_connection_t *conn,
                                              uint8_t *out, size_t outlen,
-                                             crypto_pk_env_t *signing_key,
+                                             crypto_pk_t *signing_key,
                                              int server)
 {
   uint8_t *ptr;
@@ -2108,7 +2108,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
   }
 
   {
-    crypto_digest_env_t *server_d, *client_d;
+    crypto_digest_t *server_d, *client_d;
     if (server) {
       server_d = conn->handshake_state->digest_sent;
       client_d = conn->handshake_state->digest_received;
@@ -2195,7 +2195,7 @@ int
 connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
 {
   var_cell_t *cell;
-  crypto_pk_env_t *pk = tor_tls_get_my_client_auth_key();
+  crypto_pk_t *pk = tor_tls_get_my_client_auth_key();
   int authlen;
   size_t cell_maxlen;
   /* XXXX make sure we're actually supposed to send this! */
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index 62a15b1..e5093f5 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -51,7 +51,7 @@ void connection_or_init_conn_from_address(or_connection_t *conn,
 int connection_or_client_learned_peer_id(or_connection_t *conn,
                                          const uint8_t *peer_id);
 void connection_or_set_circid_type(or_connection_t *conn,
-                                   crypto_pk_env_t *identity_rcvd);
+                                   crypto_pk_t *identity_rcvd);
 void or_handshake_state_free(or_handshake_state_t *state);
 void or_handshake_state_record_cell(or_handshake_state_t *state,
                                     const cell_t *cell,
@@ -73,7 +73,7 @@ int connection_or_send_certs_cell(or_connection_t *conn);
 int connection_or_send_auth_challenge_cell(or_connection_t *conn);
 int connection_or_compute_authenticate_cell_body(or_connection_t *conn,
                                                  uint8_t *out, size_t outlen,
-                                                 crypto_pk_env_t *signing_key,
+                                                 crypto_pk_t *signing_key,
                                                  int server);
 int connection_or_send_authenticate_cell(or_connection_t *conn, int type);
 
diff --git a/src/or/control.c b/src/or/control.c
index 1d2d8dd..b7c46e9 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -522,7 +522,7 @@ control_ports_write_to_file(void)
   if (!options->ControlPortWriteToFile)
     return;
 
-  lines = smartlist_create();
+  lines = smartlist_new();
 
   SMARTLIST_FOREACH_BEGIN(get_connection_array(), const connection_t *, conn) {
     if (conn->type != CONN_TYPE_CONTROL_LISTENER || conn->marked_for_close)
@@ -682,7 +682,7 @@ control_setconf_helper(control_connection_t *conn, uint32_t len, char *body,
   const int clear_first = 1;
 
   char *config;
-  smartlist_t *entries = smartlist_create();
+  smartlist_t *entries = smartlist_new();
 
   /* We have a string, "body", of the format '(key(=val|="val")?)' entries
    * separated by space.  break it into a list of configuration entries. */
@@ -795,9 +795,9 @@ static int
 handle_control_getconf(control_connection_t *conn, uint32_t body_len,
                        const char *body)
 {
-  smartlist_t *questions = smartlist_create();
-  smartlist_t *answers = smartlist_create();
-  smartlist_t *unrecognized = smartlist_create();
+  smartlist_t *questions = smartlist_new();
+  smartlist_t *answers = smartlist_new();
+  smartlist_t *unrecognized = smartlist_new();
   char *msg = NULL;
   size_t msg_len;
   const or_options_t *options = get_options();
@@ -947,7 +947,7 @@ handle_control_setevents(control_connection_t *conn, uint32_t len,
 {
   int event_code = -1;
   uint32_t event_mask = 0;
-  smartlist_t *events = smartlist_create();
+  smartlist_t *events = smartlist_new();
 
   (void) len;
 
@@ -996,7 +996,7 @@ decode_hashed_passwords(config_line_t *passwords)
 {
   char decoded[64];
   config_line_t *cl;
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
 
   tor_assert(passwords);
 
@@ -1109,7 +1109,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
     smartlist_t *sl_tmp;
     char received[DIGEST_LEN];
     int also_cookie = options->CookieAuthentication;
-    sl = smartlist_create();
+    sl = smartlist_new();
     if (options->HashedControlPassword) {
       sl_tmp = decode_hashed_passwords(options->HashedControlPassword);
       if (!sl_tmp)
@@ -1283,9 +1283,9 @@ handle_control_mapaddress(control_connection_t *conn, uint32_t len,
   size_t sz;
   (void) len; /* body is NUL-terminated, so it's safe to ignore the length. */
 
-  lines = smartlist_create();
-  elts = smartlist_create();
-  reply = smartlist_create();
+  lines = smartlist_new();
+  elts = smartlist_new();
+  reply = smartlist_new();
   smartlist_split_string(lines, body, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH(lines, char *, line,
@@ -1367,7 +1367,7 @@ getinfo_helper_misc(control_connection_t *conn, const char *question,
     *answer = list_getinfo_options();
   } else if (!strcmp(question, "events/names")) {
     int i;
-    smartlist_t *event_names = smartlist_create();
+    smartlist_t *event_names = smartlist_new();
 
     for (i = 0; control_event_table[i].event_name != NULL; ++i) {
       smartlist_add(event_names, (char *)control_event_table[i].event_name);
@@ -1443,7 +1443,7 @@ getinfo_helper_misc(control_connection_t *conn, const char *question,
   } else if (!strcmp(question, "dir-usage")) {
     *answer = directory_dump_request_log();
   } else if (!strcmp(question, "fingerprint")) {
-    crypto_pk_env_t *server_key;
+    crypto_pk_t *server_key;
     if (!server_mode(get_options())) {
       *errmsg = "Not running in server mode";
       return -1;
@@ -1535,7 +1535,7 @@ getinfo_helper_listeners(control_connection_t *control_conn,
   else
     return 0; /* unknown key */
 
-  res = smartlist_create();
+  res = smartlist_new();
   SMARTLIST_FOREACH_BEGIN(get_connection_array(), connection_t *, conn) {
     struct sockaddr_storage ss;
     socklen_t ss_len = sizeof(ss);
@@ -1587,7 +1587,7 @@ getinfo_helper_dir(control_connection_t *control_conn,
     }
   } else if (!strcmp(question, "desc/all-recent")) {
     routerlist_t *routerlist = router_get_routerlist();
-    smartlist_t *sl = smartlist_create();
+    smartlist_t *sl = smartlist_new();
     if (routerlist && routerlist->routers) {
       SMARTLIST_FOREACH(routerlist->routers, const routerinfo_t *, ri,
       {
@@ -1603,7 +1603,7 @@ getinfo_helper_dir(control_connection_t *control_conn,
   } else if (!strcmp(question, "desc/all-recent-extrainfo-hack")) {
     /* XXXX Remove this once Torstat asks for extrainfos. */
     routerlist_t *routerlist = router_get_routerlist();
-    smartlist_t *sl = smartlist_create();
+    smartlist_t *sl = smartlist_new();
     if (routerlist && routerlist->routers) {
       SMARTLIST_FOREACH(routerlist->routers, const routerinfo_t *, ri,
       {
@@ -1654,7 +1654,7 @@ getinfo_helper_dir(control_connection_t *control_conn,
   } else if (!strcmpstart(question, "dir/server/")) {
     size_t answer_len = 0;
     char *url = NULL;
-    smartlist_t *descs = smartlist_create();
+    smartlist_t *descs = smartlist_new();
     const char *msg;
     int res;
     char *cp;
@@ -1683,7 +1683,7 @@ getinfo_helper_dir(control_connection_t *control_conn,
     if (directory_permits_controller_requests(get_options())) {
       size_t len=0;
       char *cp;
-      smartlist_t *status_list = smartlist_create();
+      smartlist_t *status_list = smartlist_new();
       dirserv_get_networkstatus_v2(status_list,
                                    question+strlen("dir/status/"));
       SMARTLIST_FOREACH(status_list, cached_dir_t *, d, len += d->dir_len);
@@ -1695,8 +1695,8 @@ getinfo_helper_dir(control_connection_t *control_conn,
       *cp = '\0';
       smartlist_free(status_list);
     } else {
-      smartlist_t *fp_list = smartlist_create();
-      smartlist_t *status_list = smartlist_create();
+      smartlist_t *fp_list = smartlist_new();
+      smartlist_t *status_list = smartlist_new();
       dirserv_get_networkstatus_v2_fingerprints(
                              fp_list, question+strlen("dir/status/"));
       SMARTLIST_FOREACH(fp_list, const char *, fp, {
@@ -1763,7 +1763,7 @@ static char *
 circuit_describe_status_for_controller(origin_circuit_t *circ)
 {
   char *rv;
-  smartlist_t *descparts = smartlist_create();
+  smartlist_t *descparts = smartlist_new();
 
   {
     char *vpath = circuit_list_path_for_controller(circ);
@@ -1776,7 +1776,7 @@ circuit_describe_status_for_controller(origin_circuit_t *circ)
 
   {
     cpath_build_state_t *build_state = circ->build_state;
-    smartlist_t *flaglist = smartlist_create();
+    smartlist_t *flaglist = smartlist_new();
     char *flaglist_joined;
 
     if (build_state->onehop_tunnel)
@@ -1842,7 +1842,7 @@ getinfo_helper_events(control_connection_t *control_conn,
   (void) control_conn;
   if (!strcmp(question, "circuit-status")) {
     circuit_t *circ_;
-    smartlist_t *status = smartlist_create();
+    smartlist_t *status = smartlist_new();
     for (circ_ = _circuit_get_global_list(); circ_; circ_ = circ_->next) {
       origin_circuit_t *circ;
       char *circdesc;
@@ -1870,7 +1870,7 @@ getinfo_helper_events(control_connection_t *control_conn,
     smartlist_free(status);
   } else if (!strcmp(question, "stream-status")) {
     smartlist_t *conns = get_connection_array();
-    smartlist_t *status = smartlist_create();
+    smartlist_t *status = smartlist_new();
     char buf[256];
     SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
       const char *state;
@@ -1920,7 +1920,7 @@ getinfo_helper_events(control_connection_t *control_conn,
     smartlist_free(status);
   } else if (!strcmp(question, "orconn-status")) {
     smartlist_t *conns = get_connection_array();
-    smartlist_t *status = smartlist_create();
+    smartlist_t *status = smartlist_new();
     SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) {
       const char *state;
       char name[128];
@@ -1955,7 +1955,7 @@ getinfo_helper_events(control_connection_t *control_conn,
     } else {
       return 0;
     }
-    mappings = smartlist_create();
+    mappings = smartlist_new();
     addressmap_get_mappings(mappings, min_e, max_e, 1);
     *answer = smartlist_join_strings(mappings, "\r\n", 0, NULL);
     SMARTLIST_FOREACH(mappings, char *, cp, tor_free(cp));
@@ -2161,7 +2161,7 @@ static char *
 list_getinfo_options(void)
 {
   int i;
-  smartlist_t *lines = smartlist_create();
+  smartlist_t *lines = smartlist_new();
   char *ans;
   for (i = 0; getinfo_items[i].varname; ++i) {
     if (!getinfo_items[i].desc)
@@ -2214,9 +2214,9 @@ static int
 handle_control_getinfo(control_connection_t *conn, uint32_t len,
                        const char *body)
 {
-  smartlist_t *questions = smartlist_create();
-  smartlist_t *answers = smartlist_create();
-  smartlist_t *unrecognized = smartlist_create();
+  smartlist_t *questions = smartlist_new();
+  smartlist_t *answers = smartlist_new();
+  smartlist_t *unrecognized = smartlist_new();
   char *msg = NULL, *ans = NULL;
   int i;
   (void) len; /* body is NUL-terminated, so it's safe to ignore the length. */
@@ -2302,7 +2302,7 @@ static smartlist_t *
 getargs_helper(const char *command, control_connection_t *conn,
                const char *body, int min_args, int max_args)
 {
-  smartlist_t *args = smartlist_create();
+  smartlist_t *args = smartlist_new();
   smartlist_split_string(args, body, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   if (smartlist_len(args) < min_args) {
@@ -2357,7 +2357,7 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len,
   smartlist_t *args;
   (void) len;
 
-  router_nicknames = smartlist_create();
+  router_nicknames = smartlist_new();
 
   args = getargs_helper("EXTENDCIRCUIT", conn, body, 1, -1);
   if (!args)
@@ -2409,7 +2409,7 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len,
   SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
   smartlist_free(args);
 
-  nodes = smartlist_create();
+  nodes = smartlist_new();
   SMARTLIST_FOREACH(router_nicknames, const char *, n,
   {
     const node_t *node = node_get_by_nickname(n, 1);
@@ -2636,7 +2636,7 @@ handle_control_postdescriptor(control_connection_t *conn, uint32_t len,
   int cache = 0; /* eventually, we may switch this to 1 */
 
   char *cp = memchr(body, '\n', len);
-  smartlist_t *args = smartlist_create();
+  smartlist_t *args = smartlist_new();
   tor_assert(cp);
   *cp++ = '\0';
 
@@ -2835,7 +2835,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len,
              "isn't listening for ADDRMAP events.  It probably won't see "
              "the answer.");
   }
-  args = smartlist_create();
+  args = smartlist_new();
   smartlist_split_string(args, body, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   {
@@ -2843,7 +2843,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len,
     if (modearg && !strcasecmp(modearg, "mode=reverse"))
       is_reverse = 1;
   }
-  failed = smartlist_create();
+  failed = smartlist_new();
   SMARTLIST_FOREACH(args, const char *, arg, {
       if (!is_keyval_pair(arg)) {
           if (dnsserv_launch_request(arg, is_reverse)<0)
@@ -2873,7 +2873,7 @@ handle_control_protocolinfo(control_connection_t *conn, uint32_t len,
   (void)len;
 
   conn->have_sent_protocolinfo = 1;
-  args = smartlist_create();
+  args = smartlist_new();
   smartlist_split_string(args, body, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH(args, const char *, arg, {
@@ -2903,7 +2903,7 @@ handle_control_protocolinfo(control_connection_t *conn, uint32_t len,
     {
       int passwd = (options->HashedControlPassword != NULL ||
                     options->HashedControlSessionPassword != NULL);
-      smartlist_t *mlist = smartlist_create();
+      smartlist_t *mlist = smartlist_new();
       if (cookies)
         smartlist_add(mlist, (char*)"COOKIE");
       if (passwd)
@@ -2944,7 +2944,7 @@ handle_control_usefeature(control_connection_t *conn,
   smartlist_t *args;
   int bad = 0;
   (void) len; /* body is nul-terminated; it's safe to ignore the length */
-  args = smartlist_create();
+  args = smartlist_new();
   smartlist_split_string(args, body, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH(args, const char *, arg, {
@@ -3775,7 +3775,7 @@ control_event_descriptors_changed(smartlist_t *routers)
     return 0;
 
   {
-    smartlist_t *names = smartlist_create();
+    smartlist_t *names = smartlist_new();
     char *ids;
     SMARTLIST_FOREACH(routers, routerinfo_t *, ri, {
         char *b = tor_malloc(MAX_VERBOSE_NICKNAME_LEN+1);
@@ -3880,7 +3880,7 @@ control_event_networkstatus_changed_helper(smartlist_t *statuses,
   if (!EVENT_IS_INTERESTING(event) || !smartlist_len(statuses))
     return 0;
 
-  strs = smartlist_create();
+  strs = smartlist_new();
   smartlist_add(strs, tor_strdup("650+"));
   smartlist_add(strs, tor_strdup(event_string));
   smartlist_add(strs, tor_strdup("\r\n"));
@@ -4019,7 +4019,7 @@ control_event_networkstatus_changed_single(const routerstatus_t *rs)
   if (!EVENT_IS_INTERESTING(EVENT_NS))
     return 0;
 
-  statuses = smartlist_create();
+  statuses = smartlist_new();
   smartlist_add(statuses, (void*)rs);
   r = control_event_networkstatus_changed(statuses);
   smartlist_free(statuses);
@@ -4171,7 +4171,7 @@ control_event_conf_changed(smartlist_t *elements)
       smartlist_len(elements) == 0) {
     return 0;
   }
-  lines = smartlist_create();
+  lines = smartlist_new();
   for (i = 0; i < smartlist_len(elements); i += 2) {
     char *k = smartlist_get(elements, i);
     char *v = smartlist_get(elements, i+1);
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index ed31d35..411d9bb 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -233,7 +233,7 @@ cpuworker_main(void *data)
   char reply_to_proxy[ONIONSKIN_REPLY_LEN];
   char buf[LEN_ONION_RESPONSE];
   char tag[TAG_LEN];
-  crypto_pk_env_t *onion_key = NULL, *last_onion_key = NULL;
+  crypto_pk_t *onion_key = NULL, *last_onion_key = NULL;
 
   fd = fdarray[1]; /* this side is ours */
 #ifndef TOR_IS_MULTITHREADED
@@ -303,9 +303,9 @@ cpuworker_main(void *data)
   }
  end:
   if (onion_key)
-    crypto_free_pk_env(onion_key);
+    crypto_pk_free(onion_key);
   if (last_onion_key)
-    crypto_free_pk_env(last_onion_key);
+    crypto_pk_free(last_onion_key);
   tor_close_socket(fd);
   crypto_thread_cleanup();
   spawn_exit();
diff --git a/src/or/directory.c b/src/or/directory.c
index 94c37f1..149e692 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -153,7 +153,7 @@ static char *
 authdir_type_to_string(dirinfo_type_t auth)
 {
   char *result;
-  smartlist_t *lst = smartlist_create();
+  smartlist_t *lst = smartlist_new();
   if (auth & V1_DIRINFO)
     smartlist_add(lst, (void*)"V1");
   if (auth & V2_DIRINFO)
@@ -714,7 +714,7 @@ connection_dir_download_v2_networkstatus_failed(dir_connection_t *conn,
   } else if (!strcmpstart(conn->requested_resource, "fp/")) {
     /* We were trying to download by fingerprint; mark them all as having
      * failed, and possibly retry them later.*/
-    smartlist_t *failed = smartlist_create();
+    smartlist_t *failed = smartlist_new();
     dir_split_resource_into_fingerprints(conn->requested_resource+3,
                                          failed, NULL, 0);
     if (smartlist_len(failed)) {
@@ -775,7 +775,7 @@ connection_dir_bridge_routerdesc_failed(dir_connection_t *conn)
   if (!conn->requested_resource || strcmpstart(conn->requested_resource,"fp/"))
     return;
 
-  which = smartlist_create();
+  which = smartlist_new();
   dir_split_resource_into_fingerprints(conn->requested_resource
                                         + strlen("fp/"),
                                        which, NULL, 0);
@@ -797,7 +797,7 @@ connection_dir_download_cert_failed(dir_connection_t *conn, int status)
 
   if (!conn->requested_resource)
     return;
-  failed = smartlist_create();
+  failed = smartlist_new();
   dir_split_resource_into_fingerprints(conn->requested_resource+3,
                                        failed, NULL, DSR_HEX);
   SMARTLIST_FOREACH(failed, char *, cp,
@@ -1078,7 +1078,7 @@ directory_get_consensus_url(int supports_conditional_consensus,
 
   if (supports_conditional_consensus) {
     char *authority_id_list;
-    smartlist_t *authority_digests = smartlist_create();
+    smartlist_t *authority_digests = smartlist_new();
 
     SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
                       trusted_dir_server_t *, ds,
@@ -1121,7 +1121,7 @@ directory_send_command(dir_connection_t *conn,
 {
   char proxystring[256];
   char hoststring[128];
-  smartlist_t *headers = smartlist_create();
+  smartlist_t *headers = smartlist_new();
   char *url;
   char request[8192];
   const char *httpcommand = NULL;
@@ -1432,11 +1432,11 @@ parse_http_response(const char *headers, int *code, time_t *date,
   }
   *code = n2;
 
-  parsed_headers = smartlist_create();
+  parsed_headers = smartlist_new();
   smartlist_split_string(parsed_headers, headers, "\n",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
   if (reason) {
-    smartlist_t *status_line_elements = smartlist_create();
+    smartlist_t *status_line_elements = smartlist_new();
     tor_assert(smartlist_len(parsed_headers));
     smartlist_split_string(status_line_elements,
                            smartlist_get(parsed_headers, 0),
@@ -1755,13 +1755,13 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
     if (conn->requested_resource &&
         !strcmpstart(conn->requested_resource,"fp/")) {
       source = NS_FROM_DIR_BY_FP;
-      which = smartlist_create();
+      which = smartlist_new();
       dir_split_resource_into_fingerprints(conn->requested_resource+3,
                                            which, NULL, 0);
     } else if (conn->requested_resource &&
                !strcmpstart(conn->requested_resource, "all")) {
       source = NS_FROM_DIR_ALL;
-      which = smartlist_create();
+      which = smartlist_new();
       SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
                         trusted_dir_server_t *, ds,
         {
@@ -1910,7 +1910,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
     if (conn->requested_resource &&
         (!strcmpstart(conn->requested_resource,"d/") ||
          !strcmpstart(conn->requested_resource,"fp/"))) {
-      which = smartlist_create();
+      which = smartlist_new();
       dir_split_resource_into_fingerprints(conn->requested_resource +
                                              (descriptor_digests ? 2 : 3),
                                            which, NULL, 0);
@@ -1987,7 +1987,7 @@ connection_dir_client_reached_eof(dir_connection_t *conn)
              conn->_base.port);
     tor_assert(conn->requested_resource &&
                !strcmpstart(conn->requested_resource, "d/"));
-    which = smartlist_create();
+    which = smartlist_new();
     dir_split_resource_into_fingerprints(conn->requested_resource+2,
                                          which, NULL,
                                          DSR_DIGEST256|DSR_BASE64);
@@ -2509,7 +2509,7 @@ directory_dump_request_log(void)
 
   ensure_request_map_initialized();
 
-  lines = smartlist_create();
+  lines = smartlist_new();
 
   for (iter = strmap_iter_init(request_map);
        !strmap_iter_done(iter);
@@ -2568,7 +2568,7 @@ directory_dump_request_log(void)
 int
 client_likes_consensus(networkstatus_t *v, const char *want_url)
 {
-  smartlist_t *want_authorities = smartlist_create();
+  smartlist_t *want_authorities = smartlist_new();
   int need_at_least;
   int have = 0;
 
@@ -2742,7 +2742,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
   if (!strcmpstart(url,"/tor/status/")
       || !strcmpstart(url, "/tor/status-vote/current/consensus")) {
     /* v2 or v3 network status fetch. */
-    smartlist_t *dir_fps = smartlist_create();
+    smartlist_t *dir_fps = smartlist_new();
     int is_v3 = !strcmpstart(url, "/tor/status-vote");
     geoip_client_action_t act =
         is_v3 ? GEOIP_CLIENT_NETWORKSTATUS : GEOIP_CLIENT_NETWORKSTATUS_V2;
@@ -2877,8 +2877,8 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     int current;
     ssize_t body_len = 0;
     ssize_t estimated_len = 0;
-    smartlist_t *items = smartlist_create();
-    smartlist_t *dir_items = smartlist_create();
+    smartlist_t *items = smartlist_new();
+    smartlist_t *dir_items = smartlist_new();
     int lifetime = 60; /* XXXX023 should actually use vote intervals. */
     url += strlen("/tor/status-vote/");
     current = !strcmpstart(url, "current/");
@@ -2906,7 +2906,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
         smartlist_add(dir_items, (cached_dir_t*)d);
     } else {
       const cached_dir_t *d;
-      smartlist_t *fps = smartlist_create();
+      smartlist_t *fps = smartlist_new();
       int flags;
       if (!strcmpstart(url, "d/")) {
         url += 2;
@@ -2970,7 +2970,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
   }
 
   if (!strcmpstart(url, "/tor/micro/d/")) {
-    smartlist_t *fps = smartlist_create();
+    smartlist_t *fps = smartlist_new();
 
     dir_split_resource_into_fingerprints(url+strlen("/tor/micro/d/"),
                                       fps, NULL,
@@ -3013,7 +3013,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
     int cache_lifetime = 0;
     int is_extra = !strcmpstart(url,"/tor/extra/");
     url += is_extra ? strlen("/tor/extra/") : strlen("/tor/server/");
-    conn->fingerprint_stack = smartlist_create();
+    conn->fingerprint_stack = smartlist_new();
     res = dirserv_get_routerdesc_fingerprints(conn->fingerprint_stack, url,
                                           &msg,
                                           !connection_dir_is_encrypted(conn),
@@ -3074,7 +3074,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
   }
 
   if (!strcmpstart(url,"/tor/keys/")) {
-    smartlist_t *certs = smartlist_create();
+    smartlist_t *certs = smartlist_new();
     ssize_t len = -1;
     if (!strcmp(url, "/tor/keys/all")) {
       authority_cert_get_all(certs);
@@ -3083,7 +3083,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
       if (cert)
         smartlist_add(certs, cert);
     } else if (!strcmpstart(url, "/tor/keys/fp/")) {
-      smartlist_t *fps = smartlist_create();
+      smartlist_t *fps = smartlist_new();
       dir_split_resource_into_fingerprints(url+strlen("/tor/keys/fp/"),
                                            fps, NULL,
                                            DSR_HEX|DSR_SORT_UNIQ);
@@ -3094,7 +3094,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
       });
       smartlist_free(fps);
     } else if (!strcmpstart(url, "/tor/keys/sk/")) {
-      smartlist_t *fps = smartlist_create();
+      smartlist_t *fps = smartlist_new();
       dir_split_resource_into_fingerprints(url+strlen("/tor/keys/sk/"),
                                            fps, NULL,
                                            DSR_HEX|DSR_SORT_UNIQ);
@@ -3105,7 +3105,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
       });
       smartlist_free(fps);
     } else if (!strcmpstart(url, "/tor/keys/fp-sk/")) {
-      smartlist_t *fp_sks = smartlist_create();
+      smartlist_t *fp_sks = smartlist_new();
       dir_split_resource_into_fingerprint_pairs(url+strlen("/tor/keys/fp-sk/"),
                                                 fp_sks);
       SMARTLIST_FOREACH(fp_sks, fp_pair_t *, pair, {
@@ -3286,7 +3286,7 @@ directory_handle_command_get(dir_connection_t *conn, const char *headers,
 
     memset(&mi, 0, sizeof(mi));
     mi = mallinfo();
-    lines = smartlist_create();
+    lines = smartlist_new();
 
     ADD_MALLINFO_LINE(arena)
     ADD_MALLINFO_LINE(ordblks)
@@ -3823,8 +3823,8 @@ int
 dir_split_resource_into_fingerprint_pairs(const char *res,
                                           smartlist_t *pairs_out)
 {
-  smartlist_t *pairs_tmp = smartlist_create();
-  smartlist_t *pairs_result = smartlist_create();
+  smartlist_t *pairs_tmp = smartlist_new();
+  smartlist_t *pairs_result = smartlist_new();
 
   smartlist_split_string(pairs_tmp, res, "+", 0, 0);
   if (smartlist_len(pairs_tmp)) {
@@ -3892,7 +3892,7 @@ dir_split_resource_into_fingerprints(const char *resource,
     HEX_DIGEST256_LEN : HEX_DIGEST_LEN;
   const int base64_digest_len = digests_are_256 ?
     BASE64_DIGEST256_LEN : BASE64_DIGEST_LEN;
-  smartlist_t *fp_tmp = smartlist_create();
+  smartlist_t *fp_tmp = smartlist_new();
 
   tor_assert(!(decode_hex && decode_base64));
   tor_assert(fp_out);
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index cc8dffb..a7bbe98 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -185,7 +185,7 @@ add_fingerprint_to_dir(const char *nickname, const char *fp,
 /** Add the nickname and fingerprint for this OR to the
  * global list of recognized identity key fingerprints. */
 int
-dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk)
+dirserv_add_own_fingerprint(const char *nickname, crypto_pk_t *pk)
 {
   char fp[FINGERPRINT_LEN+1];
   if (crypto_pk_get_fingerprint(pk, fp, 0)<0) {
@@ -645,7 +645,7 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
   }
 
   s = desc;
-  list = smartlist_create();
+  list = smartlist_new();
   if (!router_parse_list_from_string(&s, NULL, list, SAVED_NOWHERE, 0, 0,
                                      annotation_buf)) {
     SMARTLIST_FOREACH(list, routerinfo_t *, ri, {
@@ -768,7 +768,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
     smartlist_t *changed;
     control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
 
-    changed = smartlist_create();
+    changed = smartlist_new();
     smartlist_add(changed, ri);
     routerlist_descriptors_added(changed, 0);
     smartlist_free(changed);
@@ -830,7 +830,7 @@ directory_remove_invalid(void)
 {
   int changed = 0;
   routerlist_t *rl = router_get_routerlist();
-  smartlist_t *nodes = smartlist_create();
+  smartlist_t *nodes = smartlist_new();
   smartlist_add_all(nodes, nodelist_get_list());
 
   SMARTLIST_FOREACH_BEGIN(nodes, node_t *, node) {
@@ -1040,7 +1040,7 @@ list_server_status_v1(smartlist_t *routers, char **router_status_out,
   int authdir = authdir_mode_publishes_statuses(options);
   tor_assert(router_status_out);
 
-  rs_entries = smartlist_create();
+  rs_entries = smartlist_new();
 
   SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
     const node_t *node = node_get_by_id(ri->cache_info.identity_digest);
@@ -1080,7 +1080,7 @@ format_versions_list(config_line_t *ln)
 {
   smartlist_t *versions;
   char *result;
-  versions = smartlist_create();
+  versions = smartlist_new();
   for ( ; ln; ln = ln->next) {
     smartlist_split_string(versions, ln->value, ",",
                            SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -1114,7 +1114,7 @@ router_is_active(const routerinfo_t *ri, const node_t *node, time_t now)
  */
 int
 dirserv_dump_directory_to_string(char **dir_out,
-                                 crypto_pk_env_t *private_key)
+                                 crypto_pk_t *private_key)
 {
   char *cp;
   char *identity_pkey; /* Identity key, DER64-encoded. */
@@ -1636,7 +1636,7 @@ generate_runningrouters(void)
   char digest[DIGEST_LEN];
   char published[ISO_TIME_LEN+1];
   size_t len;
-  crypto_pk_env_t *private_key = get_server_identity_key();
+  crypto_pk_t *private_key = get_server_identity_key();
   char *identity_pkey; /* Identity key, DER64-encoded. */
   size_t identity_pkey_len;
 
@@ -2265,7 +2265,7 @@ get_possible_sybil_list(const smartlist_t *routers)
 {
   const or_options_t *options = get_options();
   digestmap_t *omit_as_sybil;
-  smartlist_t *routers_by_ip = smartlist_create();
+  smartlist_t *routers_by_ip = smartlist_new();
   uint32_t last_addr;
   int addr_count;
   /* Allow at most this number of Tor servers on a single IP address, ... */
@@ -2637,7 +2637,7 @@ dirserv_read_measured_bandwidths(const char *from_file,
 /** Return a new networkstatus_t* containing our current opinion. (For v3
  * authorities) */
 networkstatus_t *
-dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
+dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
                                         authority_cert_t *cert)
 {
   const or_options_t *options = get_options();
@@ -2698,13 +2698,13 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
 
   dirserv_compute_performance_thresholds(rl);
 
-  routers = smartlist_create();
+  routers = smartlist_new();
   smartlist_add_all(routers, rl->routers);
   routers_sort_by_identity(routers);
   omit_as_sybil = get_possible_sybil_list(routers);
 
-  routerstatuses = smartlist_create();
-  microdescriptors = smartlist_create();
+  routerstatuses = smartlist_new();
+  microdescriptors = smartlist_new();
 
   SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) {
     if (ri->cache_info.published_on >= cutoff) {
@@ -2794,7 +2794,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
 
   v3_out->client_versions = client_versions;
   v3_out->server_versions = server_versions;
-  v3_out->known_flags = smartlist_create();
+  v3_out->known_flags = smartlist_new();
   smartlist_split_string(v3_out->known_flags,
                 "Authority Exit Fast Guard Stable V2Dir Valid",
                 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -2813,7 +2813,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
   smartlist_sort_strings(v3_out->known_flags);
 
   if (options->ConsensusParams) {
-    v3_out->net_params = smartlist_create();
+    v3_out->net_params = smartlist_new();
     smartlist_split_string(v3_out->net_params,
                            options->ConsensusParams, NULL, 0, 0);
     smartlist_sort_strings(v3_out->net_params);
@@ -2822,7 +2822,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
   voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
   voter->nickname = tor_strdup(options->Nickname);
   memcpy(voter->identity_digest, identity_digest, DIGEST_LEN);
-  voter->sigs = smartlist_create();
+  voter->sigs = smartlist_new();
   voter->address = hostname;
   voter->addr = addr;
   voter->dir_port = router_get_advertised_dir_port(options, 0);
@@ -2838,7 +2838,7 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
     }
   }
 
-  v3_out->voters = smartlist_create();
+  v3_out->voters = smartlist_new();
   smartlist_add(v3_out->voters, voter);
   v3_out->cert = authority_cert_dup(cert);
   v3_out->routerstatus_list = routerstatuses;
@@ -2864,7 +2864,7 @@ generate_v2_networkstatus_opinion(void)
   char published[ISO_TIME_LEN+1];
   char digest[DIGEST_LEN];
   uint32_t addr;
-  crypto_pk_env_t *private_key;
+  crypto_pk_t *private_key;
   routerlist_t *rl = router_get_routerlist();
   time_t now = time(NULL);
   time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH;
@@ -2949,7 +2949,7 @@ generate_v2_networkstatus_opinion(void)
 
   dirserv_compute_performance_thresholds(rl);
 
-  routers = smartlist_create();
+  routers = smartlist_new();
   smartlist_add_all(routers, rl->routers);
   routers_sort_by_identity(routers);
 
@@ -3090,7 +3090,7 @@ dirserv_get_networkstatus_v2(smartlist_t *result,
                              const char *key)
 {
   cached_dir_t *cached;
-  smartlist_t *fingerprints = smartlist_create();
+  smartlist_t *fingerprints = smartlist_new();
   tor_assert(result);
 
   if (!cached_v2_networkstatus)
@@ -3211,7 +3211,7 @@ dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
     if (ri)
       smartlist_add(descs_out, (void*) &(ri->cache_info));
   } else if (!strcmpstart(key, "/tor/server/d/")) {
-    smartlist_t *digests = smartlist_create();
+    smartlist_t *digests = smartlist_new();
     key += strlen("/tor/server/d/");
     dir_split_resource_into_fingerprints(key, digests, NULL,
                                          DSR_HEX|DSR_SORT_UNIQ);
@@ -3224,7 +3224,7 @@ dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
     SMARTLIST_FOREACH(digests, char *, d, tor_free(d));
     smartlist_free(digests);
   } else if (!strcmpstart(key, "/tor/server/fp/")) {
-    smartlist_t *digests = smartlist_create();
+    smartlist_t *digests = smartlist_new();
     time_t cutoff = time(NULL) - ROUTER_MAX_AGE_TO_PUBLISH;
     key += strlen("/tor/server/fp/");
     dir_split_resource_into_fingerprints(key, digests, NULL,
diff --git a/src/or/dirserv.h b/src/or/dirserv.h
index d3fd90c..6a86b94 100644
--- a/src/or/dirserv.h
+++ b/src/or/dirserv.h
@@ -54,7 +54,7 @@
 
 int connection_dirserv_flushed_some(dir_connection_t *conn);
 
-int dirserv_add_own_fingerprint(const char *nickname, crypto_pk_env_t *pk);
+int dirserv_add_own_fingerprint(const char *nickname, crypto_pk_t *pk);
 int dirserv_load_fingerprint_file(void);
 void dirserv_free_fingerprint_list(void);
 const char *dirserv_get_nickname_by_digest(const char *digest);
@@ -69,7 +69,7 @@ void dirserv_set_router_is_running(routerinfo_t *router, time_t now);
 int list_server_status_v1(smartlist_t *routers, char **router_status_out,
                           int for_controller);
 int dirserv_dump_directory_to_string(char **dir_out,
-                                     crypto_pk_env_t *private_key);
+                                     crypto_pk_t *private_key);
 
 int directory_fetches_from_authorities(const or_options_t *options);
 int directory_fetches_dir_info_early(const or_options_t *options);
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index f81ffa0..cddb658 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -82,7 +82,7 @@ static char *make_consensus_method_list(int low, int high, const char *sep);
  * <b>v3_ns</b>, signed with our v3 signing key <b>private_signing_key</b>.
  * For v3 authorities. */
 char *
-format_networkstatus_vote(crypto_pk_env_t *private_signing_key,
+format_networkstatus_vote(crypto_pk_t *private_signing_key,
                           networkstatus_t *v3_ns)
 {
   size_t len;
@@ -472,7 +472,7 @@ compute_routerstatus_consensus(smartlist_t *votes, int consensus_method,
 
   if (consensus_method >= MIN_METHOD_FOR_MICRODESC &&
       microdesc_digest256_out) {
-    smartlist_t *digests = smartlist_create();
+    smartlist_t *digests = smartlist_new();
     const char *best_microdesc_digest;
     SMARTLIST_FOREACH_BEGIN(votes, vote_routerstatus_t *, rs) {
         char d[DIGEST256_LEN];
@@ -500,15 +500,15 @@ static void
 hash_list_members(char *digest_out, size_t len_out,
                   smartlist_t *lst, digest_algorithm_t alg)
 {
-  crypto_digest_env_t *d;
+  crypto_digest_t *d;
   if (alg == DIGEST_SHA1)
-    d = crypto_new_digest_env();
+    d = crypto_digest_new();
   else
-    d = crypto_new_digest256_env(alg);
+    d = crypto_digest256_new(alg);
   SMARTLIST_FOREACH(lst, const char *, cp,
                     crypto_digest_add_bytes(d, cp, strlen(cp)));
   crypto_digest_get_digest(d, digest_out, len_out);
-  crypto_free_digest_env(d);
+  crypto_digest_free(d);
 }
 
 /** Sorting helper: compare two strings based on their values as base-ten
@@ -536,9 +536,9 @@ _cmp_int_strings(const void **_a, const void **_b)
 static int
 compute_consensus_method(smartlist_t *votes)
 {
-  smartlist_t *all_methods = smartlist_create();
-  smartlist_t *acceptable_methods = smartlist_create();
-  smartlist_t *tmp = smartlist_create();
+  smartlist_t *all_methods = smartlist_new();
+  smartlist_t *acceptable_methods = smartlist_new();
+  smartlist_t *tmp = smartlist_new();
   int min = (smartlist_len(votes) * 2) / 3;
   int n_ok;
   int result;
@@ -583,7 +583,7 @@ make_consensus_method_list(int low, int high, const char *separator)
 
   int i;
   smartlist_t *lst;
-  lst = smartlist_create();
+  lst = smartlist_new();
   for (i = low; i <= high; ++i) {
     if (!consensus_method_is_supported(i))
       continue;
@@ -604,7 +604,7 @@ static char *
 compute_consensus_versions_list(smartlist_t *lst, int n_versioning)
 {
   int min = n_versioning / 2;
-  smartlist_t *good = smartlist_create();
+  smartlist_t *good = smartlist_new();
   char *result;
   sort_version_list(lst, 0);
   get_frequent_members(good, lst, min);
@@ -634,7 +634,7 @@ dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
 
   const int n_votes = smartlist_len(votes);
   smartlist_t *output;
-  smartlist_t *param_list = smartlist_create();
+  smartlist_t *param_list = smartlist_new();
 
   /* We require that the parameter lists in the votes are well-formed: that
      is, that their keywords are unique and sorted, and that their values are
@@ -662,7 +662,7 @@ dirvote_compute_params(smartlist_t *votes, int method, int total_authorities)
   tor_assert(eq);
   cur_param_len = (int)(eq+1 - cur_param);
 
-  output = smartlist_create();
+  output = smartlist_new();
 
   SMARTLIST_FOREACH_BEGIN(param_list, const char *, param) {
     const char *next_param;
@@ -1341,10 +1341,10 @@ networkstatus_compute_bw_weights_v9(smartlist_t *chunks, int64_t G, int64_t M,
 char *
 networkstatus_compute_consensus(smartlist_t *votes,
                                 int total_authorities,
-                                crypto_pk_env_t *identity_key,
-                                crypto_pk_env_t *signing_key,
+                                crypto_pk_t *identity_key,
+                                crypto_pk_t *signing_key,
                                 const char *legacy_id_key_digest,
-                                crypto_pk_env_t *legacy_signing_key,
+                                crypto_pk_t *legacy_signing_key,
                                 consensus_flavor_t flavor)
 {
   smartlist_t *chunks;
@@ -1369,7 +1369,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
     log_warn(LD_DIR, "Can't compute a consensus from no votes.");
     return NULL;
   }
-  flags = smartlist_create();
+  flags = smartlist_new();
 
   consensus_method = compute_consensus_method(votes);
   if (consensus_method_is_supported(consensus_method)) {
@@ -1392,8 +1392,8 @@ networkstatus_compute_consensus(smartlist_t *votes,
     int *votesec_list = tor_malloc(n_votes * sizeof(int));
     int *distsec_list = tor_malloc(n_votes * sizeof(int));
     int n_versioning_clients = 0, n_versioning_servers = 0;
-    smartlist_t *combined_client_versions = smartlist_create();
-    smartlist_t *combined_server_versions = smartlist_create();
+    smartlist_t *combined_client_versions = smartlist_new();
+    smartlist_t *combined_server_versions = smartlist_new();
 
     SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
       tor_assert(v->type == NS_TYPE_VOTE);
@@ -1403,7 +1403,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
       votesec_list[v_sl_idx] = v->vote_seconds;
       distsec_list[v_sl_idx] = v->dist_seconds;
       if (v->client_versions) {
-        smartlist_t *cv = smartlist_create();
+        smartlist_t *cv = smartlist_new();
         ++n_versioning_clients;
         smartlist_split_string(cv, v->client_versions, ",",
                                SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -1412,7 +1412,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
         smartlist_free(cv); /* elements get freed later. */
       }
       if (v->server_versions) {
-        smartlist_t *sv = smartlist_create();
+        smartlist_t *sv = smartlist_new();
         ++n_versioning_servers;
         smartlist_split_string(sv, v->server_versions, ",",
                                SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -1454,7 +1454,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
     tor_free(distsec_list);
   }
 
-  chunks = smartlist_create();
+  chunks = smartlist_new();
 
   {
     char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
@@ -1504,7 +1504,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
   smartlist_sort(votes, _compare_votes_by_authority_id);
   /* Add the authority sections. */
   {
-    smartlist_t *dir_sources = smartlist_create();
+    smartlist_t *dir_sources = smartlist_new();
     SMARTLIST_FOREACH_BEGIN(votes, networkstatus_t *, v) {
       dir_src_ent_t *e = tor_malloc_zero(sizeof(dir_src_ent_t));
       e->v = v;
@@ -1560,10 +1560,10 @@ networkstatus_compute_consensus(smartlist_t *votes,
     int *flag_counts; /* The number of voters that list flag[j] for the
                        * currently considered router. */
     int i;
-    smartlist_t *matching_descs = smartlist_create();
-    smartlist_t *chosen_flags = smartlist_create();
-    smartlist_t *versions = smartlist_create();
-    smartlist_t *exitsummaries = smartlist_create();
+    smartlist_t *matching_descs = smartlist_new();
+    smartlist_t *chosen_flags = smartlist_new();
+    smartlist_t *versions = smartlist_new();
+    smartlist_t *exitsummaries = smartlist_new();
     uint32_t *bandwidths = tor_malloc(sizeof(uint32_t) * smartlist_len(votes));
     uint32_t *measured_bws = tor_malloc(sizeof(uint32_t) *
                                         smartlist_len(votes));
@@ -2288,7 +2288,7 @@ networkstatus_format_signatures(networkstatus_t *consensus,
   else
     keyword = "directory-signature";
 
-  elements = smartlist_create();
+  elements = smartlist_new();
 
   SMARTLIST_FOREACH_BEGIN(consensus->voters, networkstatus_voter_info_t *, v) {
     SMARTLIST_FOREACH_BEGIN(v->sigs, document_signature_t *, sig) {
@@ -2350,7 +2350,7 @@ networkstatus_get_detached_signatures(smartlist_t *consensuses)
     return NULL;
   }
 
-  elements = smartlist_create();
+  elements = smartlist_new();
 
   {
     char va_buf[ISO_TIME_LEN+1], fu_buf[ISO_TIME_LEN+1],
@@ -2426,7 +2426,7 @@ get_detached_signatures_from_pending_consensuses(pending_consensus_t *pending,
 {
   int flav;
   char *signatures;
-  smartlist_t *c = smartlist_create();
+  smartlist_t *c = smartlist_new();
   for (flav = 0; flav < n_flavors; ++flav) {
     if (pending[flav].consensus)
       smartlist_add(c, pending[flav].consensus);
@@ -2694,7 +2694,7 @@ static smartlist_t *pending_consensus_signature_list = NULL;
 static int
 dirvote_perform_vote(void)
 {
-  crypto_pk_env_t *key = get_my_v3_authority_signing_key();
+  crypto_pk_t *key = get_my_v3_authority_signing_key();
   authority_cert_t *cert = get_my_v3_authority_cert();
   networkstatus_t *ns;
   char *contents;
@@ -2742,7 +2742,7 @@ dirvote_perform_vote(void)
 static void
 dirvote_fetch_missing_votes(void)
 {
-  smartlist_t *missing_fps = smartlist_create();
+  smartlist_t *missing_fps = smartlist_new();
   char *resource;
 
   SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
@@ -2821,9 +2821,9 @@ static void
 dirvote_clear_votes(int all_votes)
 {
   if (!previous_vote_list)
-    previous_vote_list = smartlist_create();
+    previous_vote_list = smartlist_new();
   if (!pending_vote_list)
-    pending_vote_list = smartlist_create();
+    pending_vote_list = smartlist_new();
 
   /* All "previous" votes are now junk. */
   SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, v, {
@@ -2862,7 +2862,7 @@ dirvote_clear_votes(int all_votes)
 static char *
 list_v3_auth_ids(void)
 {
-  smartlist_t *known_v3_keys = smartlist_create();
+  smartlist_t *known_v3_keys = smartlist_new();
   char *keys;
   SMARTLIST_FOREACH(router_get_trusted_dir_servers(),
                     trusted_dir_server_t *, ds,
@@ -2895,7 +2895,7 @@ dirvote_add_vote(const char *vote_body, const char **msg_out, int *status_out)
   tor_assert(status_out);
 
   if (!pending_vote_list)
-    pending_vote_list = smartlist_create();
+    pending_vote_list = smartlist_new();
   *status_out = 0;
   *msg_out = NULL;
 
@@ -3059,7 +3059,7 @@ dirvote_compute_consensuses(void)
   memset(pending, 0, sizeof(pending));
 
   if (!pending_vote_list)
-    pending_vote_list = smartlist_create();
+    pending_vote_list = smartlist_new();
 
   n_voters = get_n_authorities(V3_DIRINFO);
   n_votes = smartlist_len(pending_vote_list);
@@ -3087,8 +3087,8 @@ dirvote_compute_consensuses(void)
     goto err;
   }
 
-  votes = smartlist_create();
-  votestrings = smartlist_create();
+  votes = smartlist_new();
+  votestrings = smartlist_new();
   SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v,
     {
       sized_chunk_t *c = tor_malloc(sizeof(sized_chunk_t));
@@ -3107,7 +3107,7 @@ dirvote_compute_consensuses(void)
 
   {
     char legacy_dbuf[DIGEST_LEN];
-    crypto_pk_env_t *legacy_sign=NULL;
+    crypto_pk_t *legacy_sign=NULL;
     char *legacy_id_digest = NULL;
     int n_generated = 0;
     if (get_options()->V3AuthUseLegacyKey) {
@@ -3368,7 +3368,7 @@ dirvote_add_signatures(const char *detached_signatures_body,
     log_notice(LD_DIR, "Got a signature from %s. "
                        "Queuing it for the next consensus.", source);
     if (!pending_consensus_signature_list)
-      pending_consensus_signature_list = smartlist_create();
+      pending_consensus_signature_list = smartlist_new();
     smartlist_add(pending_consensus_signature_list,
                   tor_strdup(detached_signatures_body));
     *msg = "Signature queued";
diff --git a/src/or/dirvote.h b/src/or/dirvote.h
index b585ccb..9248d47 100644
--- a/src/or/dirvote.h
+++ b/src/or/dirvote.h
@@ -24,10 +24,10 @@ void dirvote_free_all(void);
 /* vote manipulation */
 char *networkstatus_compute_consensus(smartlist_t *votes,
                                       int total_authorities,
-                                      crypto_pk_env_t *identity_key,
-                                      crypto_pk_env_t *signing_key,
+                                      crypto_pk_t *identity_key,
+                                      crypto_pk_t *signing_key,
                                       const char *legacy_identity_key_digest,
-                                      crypto_pk_env_t *legacy_signing_key,
+                                      crypto_pk_t *legacy_signing_key,
                                       consensus_flavor_t flavor);
 int networkstatus_add_detached_signatures(networkstatus_t *target,
                                           ns_detached_signatures_t *sigs,
@@ -68,7 +68,7 @@ void set_routerstatus_from_routerinfo(routerstatus_t *rs,
                                       int listbaddirs, int vote_on_hsdirs);
 void router_clear_status_flags(routerinfo_t *ri);
 networkstatus_t *
-dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
+dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key,
                                         authority_cert_t *cert);
 
 microdesc_t *dirvote_create_microdescriptor(const routerinfo_t *ri);
@@ -84,7 +84,7 @@ document_signature_t *voter_get_sig_by_algorithm(
                            digest_algorithm_t alg);
 
 #ifdef DIRVOTE_PRIVATE
-char *format_networkstatus_vote(crypto_pk_env_t *private_key,
+char *format_networkstatus_vote(crypto_pk_t *private_key,
                                  networkstatus_t *v3_ns);
 char *dirvote_compute_params(smartlist_t *votes, int method,
                              int total_authorities);
diff --git a/src/or/dns.c b/src/or/dns.c
index 7a505b0..b74b056 100644
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -376,7 +376,7 @@ set_expiry(cached_resolve_t *resolve, time_t expires)
 {
   tor_assert(resolve && resolve->expire == 0);
   if (!cached_resolve_pqueue)
-    cached_resolve_pqueue = smartlist_create();
+    cached_resolve_pqueue = smartlist_new();
   resolve->expire = expires;
   smartlist_pqueue_add(cached_resolve_pqueue,
                        _compare_cached_resolves_by_expiry,
@@ -1489,7 +1489,7 @@ wildcard_increment_answer(const char *id)
   ++*ip;
 
   if (*ip > 5 && n_wildcard_requests > 10) {
-    if (!dns_wildcard_list) dns_wildcard_list = smartlist_create();
+    if (!dns_wildcard_list) dns_wildcard_list = smartlist_new();
     if (!smartlist_string_isin(dns_wildcard_list, id)) {
     log(dns_wildcard_notice_given ? LOG_INFO : LOG_NOTICE, LD_EXIT,
         "Your DNS provider has given \"%s\" as an answer for %d different "
@@ -1511,7 +1511,7 @@ add_wildcarded_test_address(const char *address)
 {
   int n, n_test_addrs;
   if (!dns_wildcarded_test_address_list)
-    dns_wildcarded_test_address_list = smartlist_create();
+    dns_wildcarded_test_address_list = smartlist_new();
 
   if (smartlist_string_isin_case(dns_wildcarded_test_address_list, address))
     return;
diff --git a/src/or/geoip.c b/src/or/geoip.c
index 3e1ee59..6d33c39 100644
--- a/src/or/geoip.c
+++ b/src/or/geoip.c
@@ -110,7 +110,7 @@ geoip_parse_entry(const char *line)
   if (!geoip_countries)
     init_geoip_countries();
   if (!geoip_entries)
-    geoip_entries = smartlist_create();
+    geoip_entries = smartlist_new();
 
   while (TOR_ISSPACE(*line))
     ++line;
@@ -174,7 +174,7 @@ static void
 init_geoip_countries(void)
 {
   geoip_country_t *geoip_unresolved;
-  geoip_countries = smartlist_create();
+  geoip_countries = smartlist_new();
   /* Add a geoip_country_t for requests that could not be resolved to a
    * country as first element (index 0) to geoip_countries. */
   geoip_unresolved = tor_malloc_zero(sizeof(geoip_country_t));
@@ -204,7 +204,7 @@ geoip_load_file(const char *filename, const or_options_t *options)
   FILE *f;
   const char *msg = "";
   int severity = options_need_geoip_info(options, &msg) ? LOG_WARN : LOG_INFO;
-  crypto_digest_env_t *geoip_digest_env = NULL;
+  crypto_digest_t *geoip_digest_env = NULL;
   clear_geoip_db();
   if (!(f = tor_fopen_cloexec(filename, "r"))) {
     log_fn(severity, LD_GENERAL, "Failed to open GEOIP file %s.  %s",
@@ -217,8 +217,8 @@ geoip_load_file(const char *filename, const or_options_t *options)
     SMARTLIST_FOREACH(geoip_entries, geoip_entry_t *, e, tor_free(e));
     smartlist_free(geoip_entries);
   }
-  geoip_entries = smartlist_create();
-  geoip_digest_env = crypto_new_digest_env();
+  geoip_entries = smartlist_new();
+  geoip_digest_env = crypto_digest_new();
   log_notice(LD_GENERAL, "Parsing GEOIP file %s.", filename);
   while (!feof(f)) {
     char buf[512];
@@ -240,7 +240,7 @@ geoip_load_file(const char *filename, const or_options_t *options)
   /* Remember file digest so that we can include it in our extra-info
    * descriptors. */
   crypto_digest_get_digest(geoip_digest_env, geoip_digest, DIGEST_LEN);
-  crypto_free_digest_env(geoip_digest_env);
+  crypto_digest_free(geoip_digest_env);
 
   return 0;
 }
@@ -714,7 +714,7 @@ geoip_get_dirreq_history(geoip_client_action_t action,
   if (action != GEOIP_CLIENT_NETWORKSTATUS &&
       action != GEOIP_CLIENT_NETWORKSTATUS_V2)
     return NULL;
-  dirreq_completed = smartlist_create();
+  dirreq_completed = smartlist_new();
   for (ptr = HT_START(dirreqmap, &dirreq_map); ptr; ptr = next) {
     ent = *ptr;
     if (ent->action != action || ent->type != type) {
@@ -834,7 +834,7 @@ geoip_get_client_history(geoip_client_action_t action)
   if (total < MIN_IPS_TO_NOTE_ANYTHING)
     goto done;
   /* Make a list of c_hist_t */
-  entries = smartlist_create();
+  entries = smartlist_new();
   for (i = 0; i < n_countries; ++i) {
     unsigned c = counts[i];
     const char *countrycode;
@@ -854,7 +854,7 @@ geoip_get_client_history(geoip_client_action_t action)
   smartlist_sort(entries, _c_hist_compare);
 
   /* Build the result. */
-  chunks = smartlist_create();
+  chunks = smartlist_new();
   SMARTLIST_FOREACH(entries, c_hist_t *, ch, {
       smartlist_add_asprintf(chunks, "%s=%u", ch->country, ch->total);
   });
@@ -888,7 +888,7 @@ geoip_get_request_history(geoip_client_action_t action)
   if (!geoip_countries)
     return NULL;
 
-  entries = smartlist_create();
+  entries = smartlist_new();
   SMARTLIST_FOREACH(geoip_countries, geoip_country_t *, c, {
       uint32_t tot = 0;
       c_hist_t *ent;
@@ -903,7 +903,7 @@ geoip_get_request_history(geoip_client_action_t action)
   });
   smartlist_sort(entries, _c_hist_compare);
 
-  strings = smartlist_create();
+  strings = smartlist_new();
   SMARTLIST_FOREACH(entries, c_hist_t *, ent, {
       smartlist_add_asprintf(strings, "%s=%u", ent->country, ent->total);
   });
diff --git a/src/or/hibernate.c b/src/or/hibernate.c
index 917bd82..bdf407d 100644
--- a/src/or/hibernate.c
+++ b/src/or/hibernate.c
@@ -140,7 +140,7 @@ accounting_parse_options(const or_options_t *options, int validate_only)
     return 0;
   }
 
-  items = smartlist_create();
+  items = smartlist_new();
   smartlist_split_string(items, v, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK,0);
   if (smartlist_len(items)<2) {
@@ -511,7 +511,7 @@ static void
 accounting_set_wakeup_time(void)
 {
   char digest[DIGEST_LEN];
-  crypto_digest_env_t *d_env;
+  crypto_digest_t *d_env;
   uint64_t time_to_exhaust_bw;
   int time_to_consider;
 
@@ -528,11 +528,11 @@ accounting_set_wakeup_time(void)
 
     crypto_pk_get_digest(get_server_identity_key(), digest);
 
-    d_env = crypto_new_digest_env();
+    d_env = crypto_digest_new();
     crypto_digest_add_bytes(d_env, buf, ISO_TIME_LEN);
     crypto_digest_add_bytes(d_env, digest, DIGEST_LEN);
     crypto_digest_get_digest(d_env, digest, DIGEST_LEN);
-    crypto_free_digest_env(d_env);
+    crypto_digest_free(d_env);
   } else {
     crypto_rand(digest, DIGEST_LEN);
   }
diff --git a/src/or/main.c b/src/or/main.c
index 1ba3395..e2480dc 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -431,7 +431,7 @@ smartlist_t *
 get_connection_array(void)
 {
   if (!connection_array)
-    connection_array = smartlist_create();
+    connection_array = smartlist_new();
   return connection_array;
 }
 
@@ -2230,11 +2230,11 @@ tor_init(int argc, char *argv[])
   int i, quiet = 0;
   time_of_process_start = time(NULL);
   if (!connection_array)
-    connection_array = smartlist_create();
+    connection_array = smartlist_new();
   if (!closeable_connection_lst)
-    closeable_connection_lst = smartlist_create();
+    closeable_connection_lst = smartlist_new();
   if (!active_linked_connection_lst)
-    active_linked_connection_lst = smartlist_create();
+    active_linked_connection_lst = smartlist_new();
   /* Have the log set up with our application name. */
   tor_snprintf(buf, sizeof(buf), "Tor %s", get_version());
   log_set_application_name(buf);
@@ -2477,7 +2477,7 @@ tor_cleanup(void)
 do_list_fingerprint(void)
 {
   char buf[FINGERPRINT_LEN+1];
-  crypto_pk_env_t *k;
+  crypto_pk_t *k;
   const char *nickname = get_options()->Nickname;
   if (!server_mode(get_options())) {
     log_err(LD_GENERAL,
diff --git a/src/or/microdesc.c b/src/or/microdesc.c
index 92f5c03..0a1ae91 100644
--- a/src/or/microdesc.c
+++ b/src/or/microdesc.c
@@ -206,7 +206,7 @@ microdescs_add_list_to_cache(microdesc_cache_t *cache,
     }
   }
 
-  added = smartlist_create();
+  added = smartlist_new();
   SMARTLIST_FOREACH_BEGIN(descriptors, microdesc_t *, md) {
     microdesc_t *md2;
     md2 = HT_FIND(microdesc_map, &cache->map, md);
@@ -428,7 +428,7 @@ microdesc_cache_rebuild(microdesc_cache_t *cache, int force)
   if (!f)
     return -1;
 
-  wrote = smartlist_create();
+  wrote = smartlist_new();
 
   HT_FOREACH(mdp, microdesc_map, &cache->map) {
     microdesc_t *md = *mdp;
@@ -566,7 +566,7 @@ microdesc_free(microdesc_t *md)
   //tor_assert(md->held_by_nodes == 0);
 
   if (md->onion_pkey)
-    crypto_free_pk_env(md->onion_pkey);
+    crypto_pk_free(md->onion_pkey);
   if (md->body && md->saved_location != SAVED_IN_CACHE)
     tor_free(md->body);
 
@@ -624,7 +624,7 @@ smartlist_t *
 microdesc_list_missing_digest256(networkstatus_t *ns, microdesc_cache_t *cache,
                                  int downloadable_only, digestmap_t *skip)
 {
-  smartlist_t *result = smartlist_create();
+  smartlist_t *result = smartlist_new();
   time_t now = time(NULL);
   tor_assert(ns->flavor == FLAV_MICRODESC);
   SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) {
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index a4e8644..44c2f26 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -161,7 +161,7 @@ router_reload_v2_networkstatus(void)
   int maybe_delete = !directory_caches_v2_dir_info(get_options());
   time_t now = time(NULL);
   if (!networkstatus_v2_list)
-    networkstatus_v2_list = smartlist_create();
+    networkstatus_v2_list = smartlist_new();
 
   entries = tor_listdir(filename);
   if (!entries) { /* dir doesn't exist */
@@ -326,7 +326,7 @@ networkstatus_v2_free(networkstatus_v2_t *ns)
   tor_free(ns->source_address);
   tor_free(ns->contact);
   if (ns->signing_key)
-    crypto_free_pk_env(ns->signing_key);
+    crypto_pk_free(ns->signing_key);
   tor_free(ns->client_versions);
   tor_free(ns->server_versions);
   if (ns->entries) {
@@ -486,11 +486,11 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
   int n_no_signature = 0;
   int n_v3_authorities = get_n_authorities(V3_DIRINFO);
   int n_required = n_v3_authorities/2 + 1;
-  smartlist_t *list_good = smartlist_create();
-  smartlist_t *list_no_signature = smartlist_create();
-  smartlist_t *need_certs_from = smartlist_create();
-  smartlist_t *unrecognized = smartlist_create();
-  smartlist_t *missing_authorities = smartlist_create();
+  smartlist_t *list_good = smartlist_new();
+  smartlist_t *list_no_signature = smartlist_new();
+  smartlist_t *need_certs_from = smartlist_new();
+  smartlist_t *unrecognized = smartlist_new();
+  smartlist_t *missing_authorities = smartlist_new();
   int severity;
   time_t now = time(NULL);
 
@@ -599,7 +599,7 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus,
       });
     {
       char *joined;
-      smartlist_t *sl = smartlist_create();
+      smartlist_t *sl = smartlist_new();
       char *tmp = smartlist_join_strings(list_good, " ", 0, NULL);
       smartlist_add_asprintf(sl,
                    "A consensus needs %d good signatures from recognized "
@@ -778,7 +778,7 @@ router_set_networkstatus_v2(const char *s, time_t arrived_at,
   }
 
   if (!networkstatus_v2_list)
-    networkstatus_v2_list = smartlist_create();
+    networkstatus_v2_list = smartlist_new();
 
   if ( (source == NS_FROM_DIR_BY_FP || source == NS_FROM_DIR_ALL) &&
        router_digest_is_me(ns->identity_digest)) {
@@ -1002,7 +1002,7 @@ const smartlist_t *
 networkstatus_get_v2_list(void)
 {
   if (!networkstatus_v2_list)
-    networkstatus_v2_list = smartlist_create();
+    networkstatus_v2_list = smartlist_new();
   return networkstatus_v2_list;
 }
 
@@ -1531,7 +1531,7 @@ notify_control_networkstatus_changed(const networkstatus_t *old_c,
     control_event_networkstatus_changed(new_c->routerstatus_list);
     return;
   }
-  changed = smartlist_create();
+  changed = smartlist_new();
 
   SMARTLIST_FOREACH_JOIN(
                      old_c->routerstatus_list, const routerstatus_t *, rs_old,
@@ -2011,7 +2011,7 @@ routers_update_status_from_consensus_networkstatus(smartlist_t *routers,
   if (!ns || !smartlist_len(ns->routerstatus_list))
     return;
   if (!networkstatus_v2_list)
-    networkstatus_v2_list = smartlist_create();
+    networkstatus_v2_list = smartlist_new();
 
   routers_sort_by_identity(routers);
 
@@ -2131,7 +2131,7 @@ networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now)
     return NULL;
   }
 
-  statuses = smartlist_create();
+  statuses = smartlist_new();
   SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
     node_t *node = node_get_mutable_by_id(ri->cache_info.identity_digest);
     if (!node)
@@ -2299,7 +2299,7 @@ getinfo_helper_networkstatus(control_connection_t *conn,
   }
 
   if (!strcmp(question, "ns/all")) {
-    smartlist_t *statuses = smartlist_create();
+    smartlist_t *statuses = smartlist_new();
     SMARTLIST_FOREACH(current_consensus->routerstatus_list,
                       const routerstatus_t *, rs,
       {
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index eafc9b8..4654f30 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -64,7 +64,7 @@ init_nodelist(void)
   if (PREDICT_UNLIKELY(the_nodelist == NULL)) {
     the_nodelist = tor_malloc_zero(sizeof(nodelist_t));
     HT_INIT(nodelist_map, &the_nodelist->nodes_by_id);
-    the_nodelist->nodes = smartlist_create();
+    the_nodelist->nodes = smartlist_new();
   }
 }
 
@@ -494,7 +494,7 @@ node_get_by_nickname(const char *nickname, int warn_if_unnamed)
 
   /* Okay, so the name is not canonical for anybody. */
   {
-    smartlist_t *matches = smartlist_create();
+    smartlist_t *matches = smartlist_new();
     const node_t *choice = NULL;
 
     SMARTLIST_FOREACH_BEGIN(the_nodelist->nodes, node_t *, node) {
@@ -657,7 +657,7 @@ node_exit_policy_rejects_all(const node_t *node)
 smartlist_t *
 node_get_all_orports(const node_t *node)
 {
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
 
   if (node->ri != NULL) {
     if (node->ri->addr != 0) {
diff --git a/src/or/ntmain.c b/src/or/ntmain.c
index da19573..bd07df1 100644
--- a/src/or/ntmain.c
+++ b/src/or/ntmain.c
@@ -466,7 +466,7 @@ nt_service_command_line(int *using_default_torrc)
     return NULL;
 
   /* Get the service arguments */
-  sl = smartlist_create();
+  sl = smartlist_new();
   for (i = 1; i < backup_argc; ++i) {
     if (!strcmp(backup_argv[i], "--options") ||
         !strcmp(backup_argv[i], "-options")) {
diff --git a/src/or/onion.c b/src/or/onion.c
index 211d14c..09349a4 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -170,12 +170,12 @@ onion_pending_remove(or_circuit_t *circ)
  * The meeting point/cookies and auth are zeroed out for now.
  */
 int
-onion_skin_create(crypto_pk_env_t *dest_router_key,
-                  crypto_dh_env_t **handshake_state_out,
+onion_skin_create(crypto_pk_t *dest_router_key,
+                  crypto_dh_t **handshake_state_out,
                   char *onion_skin_out) /* ONIONSKIN_CHALLENGE_LEN bytes */
 {
   char challenge[DH_KEY_LEN];
-  crypto_dh_env_t *dh = NULL;
+  crypto_dh_t *dh = NULL;
   int dhbytes, pkbytes;
 
   tor_assert(dest_router_key);
@@ -221,19 +221,19 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
  */
 int
 onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
-                            crypto_pk_env_t *private_key,
-                            crypto_pk_env_t *prev_private_key,
+                            crypto_pk_t *private_key,
+                            crypto_pk_t *prev_private_key,
                             char *handshake_reply_out, /*ONIONSKIN_REPLY_LEN*/
                             char *key_out,
                             size_t key_out_len)
 {
   char challenge[ONIONSKIN_CHALLENGE_LEN];
-  crypto_dh_env_t *dh = NULL;
+  crypto_dh_t *dh = NULL;
   ssize_t len;
   char *key_material=NULL;
   size_t key_material_len=0;
   int i;
-  crypto_pk_env_t *k;
+  crypto_pk_t *k;
 
   len = -1;
   for (i=0;i<2;++i) {
@@ -310,7 +310,7 @@ onion_skin_server_handshake(const char *onion_skin, /*ONIONSKIN_CHALLENGE_LEN*/
  * After the invocation, call crypto_dh_free on handshake_state.
  */
 int
-onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
+onion_skin_client_handshake(crypto_dh_t *handshake_state,
             const char *handshake_reply, /* ONIONSKIN_REPLY_LEN bytes */
             char *key_out,
             size_t key_out_len)
diff --git a/src/or/onion.h b/src/or/onion.h
index 7f603b8..4b2de79 100644
--- a/src/or/onion.h
+++ b/src/or/onion.h
@@ -16,18 +16,18 @@ int onion_pending_add(or_circuit_t *circ, char *onionskin);
 or_circuit_t *onion_next_task(char **onionskin_out);
 void onion_pending_remove(or_circuit_t *circ);
 
-int onion_skin_create(crypto_pk_env_t *router_key,
-                      crypto_dh_env_t **handshake_state_out,
+int onion_skin_create(crypto_pk_t *router_key,
+                      crypto_dh_t **handshake_state_out,
                       char *onion_skin_out);
 
 int onion_skin_server_handshake(const char *onion_skin,
-                                crypto_pk_env_t *private_key,
-                                crypto_pk_env_t *prev_private_key,
+                                crypto_pk_t *private_key,
+                                crypto_pk_t *prev_private_key,
                                 char *handshake_reply_out,
                                 char *key_out,
                                 size_t key_out_len);
 
-int onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
+int onion_skin_client_handshake(crypto_dh_t *handshake_state,
                                 const char *handshake_reply,
                                 char *key_out,
                                 size_t key_out_len);
diff --git a/src/or/or.h b/src/or/or.h
index 8681d49..8b0b3fe 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1172,8 +1172,8 @@ typedef struct or_handshake_state_t {
    *
    * @{
    */
-  crypto_digest_env_t *digest_sent;
-  crypto_digest_env_t *digest_received;
+  crypto_digest_t *digest_sent;
+  crypto_digest_t *digest_received;
   /** @} */
 
   /** Certificates that a connection initiator sent us in a CERTS cell; we're
@@ -1732,8 +1732,8 @@ typedef struct {
   tor_addr_t ipv6_addr;
   uint16_t ipv6_orport;
 
-  crypto_pk_env_t *onion_pkey; /**< Public RSA key for onions. */
-  crypto_pk_env_t *identity_pkey;  /**< Public RSA key for signing. */
+  crypto_pk_t *onion_pkey; /**< Public RSA key for onions. */
+  crypto_pk_t *identity_pkey;  /**< Public RSA key for signing. */
 
   char *platform; /**< What software/operating system is this OR using? */
 
@@ -1961,7 +1961,7 @@ typedef struct microdesc_t {
   /* Fields in the microdescriptor. */
 
   /** As routerinfo_t.onion_pkey */
-  crypto_pk_env_t *onion_pkey;
+  crypto_pk_t *onion_pkey;
   /** As routerinfo_t.family */
   smartlist_t *family;
   /** Exit policy summary */
@@ -2069,7 +2069,7 @@ typedef struct networkstatus_v2_t {
 
   char identity_digest[DIGEST_LEN]; /**< Digest of signing key. */
   char *contact; /**< How to contact directory admin? (may be NULL). */
-  crypto_pk_env_t *signing_key; /**< Key used to sign this directory. */
+  crypto_pk_t *signing_key; /**< Key used to sign this directory. */
   char *client_versions; /**< comma-separated list of recommended client
                           * versions. */
   char *server_versions; /**< comma-separated list of recommended server
@@ -2298,7 +2298,7 @@ typedef struct extend_info_t {
   char identity_digest[DIGEST_LEN]; /**< Hash of this router's identity key. */
   uint16_t port; /**< OR port. */
   tor_addr_t addr; /**< IP address. */
-  crypto_pk_env_t *onion_key; /**< Current onionskin key. */
+  crypto_pk_t *onion_key; /**< Current onionskin key. */
 } extend_info_t;
 
 /** Certificate for v3 directory protocol: binds long-term authority identity
@@ -2307,9 +2307,9 @@ typedef struct authority_cert_t {
   /** Information relating to caching this cert on disk and looking it up. */
   signed_descriptor_t cache_info;
   /** This authority's long-term authority identity key. */
-  crypto_pk_env_t *identity_key;
+  crypto_pk_t *identity_key;
   /** This authority's medium-term signing key. */
-  crypto_pk_env_t *signing_key;
+  crypto_pk_t *signing_key;
   /** The digest of <b>signing_key</b> */
   char signing_key_digest[DIGEST_LEN];
   /** The listed expiration time of this certificate. */
@@ -2361,19 +2361,19 @@ typedef struct crypt_path_t {
   /* crypto environments */
   /** Encryption key and counter for cells heading towards the OR at this
    * step. */
-  crypto_cipher_env_t *f_crypto;
+  crypto_cipher_t *f_crypto;
   /** Encryption key and counter for cells heading back from the OR at this
    * step. */
-  crypto_cipher_env_t *b_crypto;
+  crypto_cipher_t *b_crypto;
 
   /** Digest state for cells heading towards the OR at this step. */
-  crypto_digest_env_t *f_digest; /* for integrity checking */
+  crypto_digest_t *f_digest; /* for integrity checking */
   /** Digest state for cells heading away from the OR at this step. */
-  crypto_digest_env_t *b_digest;
+  crypto_digest_t *b_digest;
 
   /** Current state of Diffie-Hellman key negotiation with the OR at this
    * step. */
-  crypto_dh_env_t *dh_handshake_state;
+  crypto_dh_t *dh_handshake_state;
   /** Current state of 'fast' (non-PK) key negotiation with the OR at this
    * step. Used to save CPU when TLS is already providing all the
    * authentication, secrecy, and integrity we need, and we're already
@@ -2662,7 +2662,7 @@ typedef struct origin_circuit_t {
   /* The intro key replaces the hidden service's public key if purpose is
    * S_ESTABLISH_INTRO or S_INTRO, provided that no unversioned rendezvous
    * descriptor is used. */
-  crypto_pk_env_t *intro_key;
+  crypto_pk_t *intro_key;
 
   /** Quasi-global identifier for this circuit; used for control.c */
   /* XXXX NM This can get re-used after 2**32 circuits. */
@@ -2746,19 +2746,19 @@ typedef struct or_circuit_t {
   edge_connection_t *resolving_streams;
   /** The cipher used by intermediate hops for cells heading toward the
    * OP. */
-  crypto_cipher_env_t *p_crypto;
+  crypto_cipher_t *p_crypto;
   /** The cipher used by intermediate hops for cells heading away from
    * the OP. */
-  crypto_cipher_env_t *n_crypto;
+  crypto_cipher_t *n_crypto;
 
   /** The integrity-checking digest used by intermediate hops, for
    * cells packaged here and heading towards the OP.
    */
-  crypto_digest_env_t *p_digest;
+  crypto_digest_t *p_digest;
   /** The integrity-checking digest used by intermediate hops, for
    * cells packaged at the OP and arriving here.
    */
-  crypto_digest_env_t *n_digest;
+  crypto_digest_t *n_digest;
 
   /** Points to spliced circuit if purpose is REND_ESTABLISHED, and circuit
    * is not marked for close. */
@@ -4125,7 +4125,7 @@ typedef enum {
 typedef struct rend_authorized_client_t {
   char *client_name;
   char descriptor_cookie[REND_DESC_COOKIE_LEN];
-  crypto_pk_env_t *client_key;
+  crypto_pk_t *client_key;
 } rend_authorized_client_t;
 
 /** ASCII-encoded v2 hidden service descriptor. */
@@ -4164,7 +4164,7 @@ typedef struct rend_encoded_v2_service_descriptor_t {
  * client and service side). */
 typedef struct rend_intro_point_t {
   extend_info_t *extend_info; /**< Extend info of this introduction point. */
-  crypto_pk_env_t *intro_key; /**< Introduction key that replaces the service
+  crypto_pk_t *intro_key; /**< Introduction key that replaces the service
                                * key, if this descriptor is V2. */
 
   /** (Client side only) Flag indicating that a timeout has occurred
@@ -4219,7 +4219,7 @@ typedef struct rend_intro_point_t {
 /** Information used to connect to a hidden service.  Used on both the
  * service side and the client side. */
 typedef struct rend_service_descriptor_t {
-  crypto_pk_env_t *pk; /**< This service's public key. */
+  crypto_pk_t *pk; /**< This service's public key. */
   int version; /**< Version of the descriptor format: 0 or 2. */
   time_t timestamp; /**< Time when the descriptor was generated. */
   uint16_t protocols; /**< Bitmask: which rendezvous protocols are supported?
diff --git a/src/or/policies.c b/src/or/policies.c
index 6ae5171..0982b4b 100644
--- a/src/or/policies.c
+++ b/src/or/policies.c
@@ -75,7 +75,7 @@ policy_expand_private(smartlist_t **policy)
   if (!*policy) /*XXXX disallow NULL policies? */
     return;
 
-  tmp = smartlist_create();
+  tmp = smartlist_new();
 
   SMARTLIST_FOREACH(*policy, addr_policy_t *, p,
   {
@@ -122,8 +122,8 @@ parse_addr_policy(config_line_t *cfg, smartlist_t **dest,
   if (!cfg)
     return 0;
 
-  result = smartlist_create();
-  entries = smartlist_create();
+  result = smartlist_new();
+  entries = smartlist_new();
   for (; cfg; cfg = cfg->next) {
     smartlist_split_string(entries, cfg->value, ",",
                            SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
@@ -1064,7 +1064,7 @@ policy_summary_create(void)
   item->reject_count = 0;
   item->accepted = 0;
 
-  summary = smartlist_create();
+  summary = smartlist_new();
   smartlist_add(summary, item);
 
   return summary;
@@ -1236,8 +1236,8 @@ policy_summarize(smartlist_t *policy)
    */
   i = 0;
   start_prt = 1;
-  accepts = smartlist_create();
-  rejects = smartlist_create();
+  accepts = smartlist_new();
+  rejects = smartlist_new();
   while (1) {
     last = i == smartlist_len(summary)-1;
     if (last ||
diff --git a/src/or/relay.c b/src/or/relay.c
index 90d8015..38a563f 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -92,7 +92,7 @@ uint64_t stats_n_relay_cells_delivered = 0;
  * cell.
  */
 static void
-relay_set_digest(crypto_digest_env_t *digest, cell_t *cell)
+relay_set_digest(crypto_digest_t *digest, cell_t *cell)
 {
   char integrity[4];
   relay_header_t rh;
@@ -113,11 +113,11 @@ relay_set_digest(crypto_digest_env_t *digest, cell_t *cell)
  * and cell to their original state and return 0.
  */
 static int
-relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell)
+relay_digest_matches(crypto_digest_t *digest, cell_t *cell)
 {
   char received_integrity[4], calculated_integrity[4];
   relay_header_t rh;
-  crypto_digest_env_t *backup_digest=NULL;
+  crypto_digest_t *backup_digest=NULL;
 
   backup_digest = crypto_digest_dup(digest);
 
@@ -141,10 +141,10 @@ relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell)
     /* restore the relay header */
     memcpy(rh.integrity, received_integrity, 4);
     relay_header_pack(cell->payload, &rh);
-    crypto_free_digest_env(backup_digest);
+    crypto_digest_free(backup_digest);
     return 0;
   }
-  crypto_free_digest_env(backup_digest);
+  crypto_digest_free(backup_digest);
   return 1;
 }
 
@@ -156,7 +156,7 @@ relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell)
  * Return -1 if the crypto fails, else return 0.
  */
 static int
-relay_crypt_one_payload(crypto_cipher_env_t *cipher, uint8_t *in,
+relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in,
                         int encrypt_mode)
 {
   int r;
@@ -607,7 +607,7 @@ relay_send_command_from_edge(streamid_t stream_id, circuit_t *circ,
       /* If no RELAY_EARLY cells can be sent over this circuit, log which
        * commands have been sent as RELAY_EARLY cells before; helps debug
        * task 878. */
-      smartlist_t *commands_list = smartlist_create();
+      smartlist_t *commands_list = smartlist_new();
       int i = 0;
       char *commands = NULL;
       for (; i < origin_circ->relay_early_cells_sent; i++)
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 1acc9ea..da32791 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -131,7 +131,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
   rend_cache_entry_t *entry;
   crypt_path_t *cpath;
   off_t dh_offset;
-  crypto_pk_env_t *intro_key = NULL;
+  crypto_pk_t *intro_key = NULL;
 
   tor_assert(introcirc->_base.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
   tor_assert(rendcirc->_base.purpose == CIRCUIT_PURPOSE_C_REND_READY);
@@ -538,7 +538,7 @@ rend_client_purge_last_hid_serv_requests(void)
 static int
 directory_get_from_hs_dir(const char *desc_id, const rend_data_t *rend_query)
 {
-  smartlist_t *responsible_dirs = smartlist_create();
+  smartlist_t *responsible_dirs = smartlist_new();
   routerstatus_t *hs_dir;
   char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
   time_t now = time(NULL);
@@ -1040,7 +1040,7 @@ rend_client_get_random_intro_impl(const rend_cache_entry_t *entry,
 
   /* We'll keep a separate list of the usable nodes.  If this becomes empty,
    * no nodes are usable.  */
-  usable_nodes = smartlist_create();
+  usable_nodes = smartlist_new();
   smartlist_add_all(usable_nodes, entry->parsed->intro_nodes);
 
   /* Remove the intro points that have timed out during this HS
@@ -1170,7 +1170,7 @@ rend_parse_service_authorization(const or_options_t *options,
   config_line_t *line;
   int res = -1;
   strmap_t *parsed = strmap_new();
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
   rend_service_authorization_t *auth = NULL;
 
   for (line = options->HidServAuth; line; line = line->next) {
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index d09e656..9c7bf51 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -34,7 +34,7 @@ rend_service_descriptor_free(rend_service_descriptor_t *desc)
   if (!desc)
     return;
   if (desc->pk)
-    crypto_free_pk_env(desc->pk);
+    crypto_pk_free(desc->pk);
   if (desc->intro_nodes) {
     SMARTLIST_FOREACH(desc->intro_nodes, rend_intro_point_t *, intro,
       rend_intro_point_free(intro););
@@ -64,11 +64,11 @@ rend_get_descriptor_id_bytes(char *descriptor_id_out,
                              const char *service_id,
                              const char *secret_id_part)
 {
-  crypto_digest_env_t *digest = crypto_new_digest_env();
+  crypto_digest_t *digest = crypto_digest_new();
   crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN);
   crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN);
   crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN);
-  crypto_free_digest_env(digest);
+  crypto_digest_free(digest);
 }
 
 /** Compute the secret ID part for time_period,
@@ -80,7 +80,7 @@ static void
 get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
                          const char *descriptor_cookie, uint8_t replica)
 {
-  crypto_digest_env_t *digest = crypto_new_digest_env();
+  crypto_digest_t *digest = crypto_digest_new();
   time_period = htonl(time_period);
   crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t));
   if (descriptor_cookie) {
@@ -89,7 +89,7 @@ get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period,
   }
   crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN);
   crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN);
-  crypto_free_digest_env(digest);
+  crypto_digest_free(digest);
 }
 
 /** Return the time period for time <b>now</b> plus a potentially
@@ -181,7 +181,7 @@ rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc)
     char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1];
     char *onion_key = NULL;
     size_t onion_key_len;
-    crypto_pk_env_t *intro_key;
+    crypto_pk_t *intro_key;
     char *service_key = NULL;
     char *address = NULL;
     size_t service_key_len;
@@ -262,8 +262,8 @@ rend_encrypt_v2_intro_points_basic(char **encrypted_out,
   char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL,
        session_key[CIPHER_KEY_LEN];
   smartlist_t *encrypted_session_keys = NULL;
-  crypto_digest_env_t *digest;
-  crypto_cipher_env_t *cipher;
+  crypto_digest_t *digest;
+  crypto_cipher_t *cipher;
   tor_assert(encoded);
   tor_assert(client_cookies && smartlist_len(client_cookies) > 0);
 
@@ -294,7 +294,7 @@ rend_encrypt_v2_intro_points_basic(char **encrypted_out,
   enclen = crypto_cipher_encrypt_with_iv(cipher,
       enc + 2 + client_entries_len,
       CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   if (enclen < 0) {
     log_warn(LD_REND, "Could not encrypt introduction point string.");
     goto done;
@@ -303,7 +303,7 @@ rend_encrypt_v2_intro_points_basic(char **encrypted_out,
 
   /* Encrypt session key for cookies, determine client IDs, and put both
    * in a smartlist. */
-  encrypted_session_keys = smartlist_create();
+  encrypted_session_keys = smartlist_new();
   SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
     client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
     /* Encrypt session key. */
@@ -312,19 +312,19 @@ rend_encrypt_v2_intro_points_basic(char **encrypted_out,
                                   REND_BASIC_AUTH_CLIENT_ID_LEN,
                               session_key, CIPHER_KEY_LEN) < 0) {
       log_warn(LD_REND, "Could not encrypt session key for client.");
-      crypto_free_cipher_env(cipher);
+      crypto_cipher_free(cipher);
       tor_free(client_part);
       goto done;
     }
-    crypto_free_cipher_env(cipher);
+    crypto_cipher_free(cipher);
 
     /* Determine client ID. */
-    digest = crypto_new_digest_env();
+    digest = crypto_digest_new();
     crypto_digest_add_bytes(digest, cookie, REND_DESC_COOKIE_LEN);
     crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
     crypto_digest_get_digest(digest, client_part,
                              REND_BASIC_AUTH_CLIENT_ID_LEN);
-    crypto_free_digest_env(digest);
+    crypto_digest_free(digest);
 
     /* Put both together. */
     smartlist_add(encrypted_session_keys, client_part);
@@ -374,7 +374,7 @@ rend_encrypt_v2_intro_points_stealth(char **encrypted_out,
                                      const char *descriptor_cookie)
 {
   int r = -1, enclen;
-  crypto_cipher_env_t *cipher;
+  crypto_cipher_t *cipher;
   char *enc;
   tor_assert(encoded);
   tor_assert(descriptor_cookie);
@@ -385,7 +385,7 @@ rend_encrypt_v2_intro_points_stealth(char **encrypted_out,
   enclen = crypto_cipher_encrypt_with_iv(cipher, enc + 1,
                                          CIPHER_IV_LEN+strlen(encoded),
                                          encoded, strlen(encoded));
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   if (enclen < 0) {
     log_warn(LD_REND, "Could not encrypt introduction point string.");
     goto done;
@@ -439,7 +439,7 @@ rend_intro_point_free(rend_intro_point_t *intro)
     return;
 
   extend_info_free(intro->extend_info);
-  crypto_free_pk_env(intro->intro_key);
+  crypto_pk_free(intro->intro_key);
 
   if (intro->accepted_intro_rsa_parts != NULL) {
     digestmap_free(intro->accepted_intro_rsa_parts, _tor_free);
@@ -460,7 +460,7 @@ int
 rend_encode_v2_descriptors(smartlist_t *descs_out,
                            rend_service_descriptor_t *desc, time_t now,
                            uint8_t period, rend_auth_type_t auth_type,
-                           crypto_pk_env_t *client_key,
+                           crypto_pk_t *client_key,
                            smartlist_t *client_cookies)
 {
   char service_id[DIGEST_LEN];
@@ -470,7 +470,7 @@ rend_encode_v2_descriptors(smartlist_t *descs_out,
   size_t ipos_len = 0, ipos_encrypted_len = 0;
   int k;
   uint32_t seconds_valid;
-  crypto_pk_env_t *service_key;
+  crypto_pk_t *service_key;
   if (!desc) {
     log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given.");
     return -1;
@@ -708,7 +708,7 @@ rend_parse_service_descriptor(const char *str, size_t len)
   n_intro_points = ntohs(get_uint16(cp));
   cp += 2;
 
-  result->intro_nodes = smartlist_create();
+  result->intro_nodes = smartlist_new();
   for (i=0;i<n_intro_points;++i) {
     if (end-cp < 2) goto truncated;
     eos = (const char *)memchr(cp,'\0',end-cp);
@@ -753,7 +753,7 @@ rend_parse_service_descriptor(const char *str, size_t len)
  * identify services in directory requests and .onion URLs.)
  */
 int
-rend_get_service_id(crypto_pk_env_t *pk, char *out)
+rend_get_service_id(crypto_pk_t *pk, char *out)
 {
   char buf[DIGEST_LEN];
   tor_assert(pk);
@@ -1319,7 +1319,7 @@ rend_cache_store_v2_desc_as_client(const char *desc,
     }
   } else {
     log_info(LD_REND, "Descriptor does not contain any introduction points.");
-    parsed->intro_nodes = smartlist_create();
+    parsed->intro_nodes = smartlist_new();
   }
   /* We don't need the encoded/encrypted introduction points any longer. */
   tor_free(intro_content);
diff --git a/src/or/rendcommon.h b/src/or/rendcommon.h
index 0d64466..e633155 100644
--- a/src/or/rendcommon.h
+++ b/src/or/rendcommon.h
@@ -28,7 +28,7 @@ void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint,
 void rend_service_descriptor_free(rend_service_descriptor_t *desc);
 rend_service_descriptor_t *rend_parse_service_descriptor(const char *str,
                                                          size_t len);
-int rend_get_service_id(crypto_pk_env_t *pk, char *out);
+int rend_get_service_id(crypto_pk_t *pk, char *out);
 void rend_encoded_v2_service_descriptor_free(
                                rend_encoded_v2_service_descriptor_t *desc);
 void rend_intro_point_free(rend_intro_point_t *intro);
@@ -53,7 +53,7 @@ int rend_cache_size(void);
 int rend_encode_v2_descriptors(smartlist_t *descs_out,
                                rend_service_descriptor_t *desc, time_t now,
                                uint8_t period, rend_auth_type_t auth_type,
-                               crypto_pk_env_t *client_key,
+                               crypto_pk_t *client_key,
                                smartlist_t *client_cookies);
 int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id,
                             const char *descriptor_cookie,
diff --git a/src/or/rendmid.c b/src/or/rendmid.c
index d740980..2742c35 100644
--- a/src/or/rendmid.c
+++ b/src/or/rendmid.c
@@ -22,7 +22,7 @@ int
 rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request,
                          size_t request_len)
 {
-  crypto_pk_env_t *pk = NULL;
+  crypto_pk_t *pk = NULL;
   char buf[DIGEST_LEN+9];
   char expected_digest[DIGEST_LEN];
   char pk_digest[DIGEST_LEN];
@@ -86,7 +86,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request,
     goto err;
   }
 
-  crypto_free_pk_env(pk); /* don't need it anymore */
+  crypto_pk_free(pk); /* don't need it anymore */
   pk = NULL; /* so we don't free it again if err */
 
   base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
@@ -122,7 +122,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request,
   log_warn(LD_PROTOCOL, "Rejecting truncated ESTABLISH_INTRO cell.");
   reason = END_CIRC_REASON_TORPROTOCOL;
  err:
-  if (pk) crypto_free_pk_env(pk);
+  if (pk) crypto_pk_free(pk);
   circuit_mark_for_close(TO_CIRCUIT(circ), reason);
   return -1;
 }
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index a4087de..30b0d88 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -73,7 +73,7 @@ typedef struct rend_service_t {
                          * clients that may access our service. Can be NULL
                          * if no client authorization is performed. */
   /* Other fields */
-  crypto_pk_env_t *private_key; /**< Permanent hidden-service key. */
+  crypto_pk_t *private_key; /**< Permanent hidden-service key. */
   char service_id[REND_SERVICE_ID_LEN_BASE32+1]; /**< Onion address without
                                                   * '.onion' */
   char pk_digest[DIGEST_LEN]; /**< Hash of permanent hidden-service key. */
@@ -134,7 +134,7 @@ rend_authorized_client_free(rend_authorized_client_t *client)
   if (!client)
     return;
   if (client->client_key)
-    crypto_free_pk_env(client->client_key);
+    crypto_pk_free(client->client_key);
   tor_free(client->client_name);
   tor_free(client);
 }
@@ -158,7 +158,7 @@ rend_service_free(rend_service_t *service)
   SMARTLIST_FOREACH(service->ports, void*, p, tor_free(p));
   smartlist_free(service->ports);
   if (service->private_key)
-    crypto_free_pk_env(service->private_key);
+    crypto_pk_free(service->private_key);
   if (service->intro_nodes) {
     SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro,
       rend_intro_point_free(intro););
@@ -197,7 +197,7 @@ rend_add_service(rend_service_t *service)
   int i;
   rend_service_port_config_t *p;
 
-  service->intro_nodes = smartlist_create();
+  service->intro_nodes = smartlist_new();
 
   if (service->auth_type != REND_NO_AUTH &&
       smartlist_len(service->clients) == 0) {
@@ -268,7 +268,7 @@ parse_port_config(const char *string)
   const char *addrport;
   rend_service_port_config_t *result = NULL;
 
-  sl = smartlist_create();
+  sl = smartlist_new();
   smartlist_split_string(sl, string, " ",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   if (smartlist_len(sl) < 1 || smartlist_len(sl) > 2) {
@@ -333,7 +333,7 @@ rend_config_services(const or_options_t *options, int validate_only)
 
   if (!validate_only) {
     old_service_list = rend_service_list;
-    rend_service_list = smartlist_create();
+    rend_service_list = smartlist_new();
   }
 
   for (line = options->RendConfigLines; line; line = line->next) {
@@ -346,7 +346,7 @@ rend_config_services(const or_options_t *options, int validate_only)
       }
       service = tor_malloc_zero(sizeof(rend_service_t));
       service->directory = tor_strdup(line->value);
-      service->ports = smartlist_create();
+      service->ports = smartlist_new();
       service->intro_period_started = time(NULL);
       service->n_intro_points_wanted = NUM_INTRO_POINTS_DEFAULT;
       continue;
@@ -377,7 +377,7 @@ rend_config_services(const or_options_t *options, int validate_only)
         rend_service_free(service);
         return -1;
       }
-      type_names_split = smartlist_create();
+      type_names_split = smartlist_new();
       smartlist_split_string(type_names_split, line->value, " ", 0, 2);
       if (smartlist_len(type_names_split) < 1) {
         log_warn(LD_BUG, "HiddenServiceAuthorizeClient has no value. This "
@@ -402,7 +402,7 @@ rend_config_services(const or_options_t *options, int validate_only)
         rend_service_free(service);
         return -1;
       }
-      service->clients = smartlist_create();
+      service->clients = smartlist_new();
       if (smartlist_len(type_names_split) < 2) {
         log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains "
                             "auth-type '%s', but no client names.",
@@ -411,7 +411,7 @@ rend_config_services(const or_options_t *options, int validate_only)
         smartlist_free(type_names_split);
         continue;
       }
-      clients = smartlist_create();
+      clients = smartlist_new();
       smartlist_split_string(clients, smartlist_get(type_names_split, 1),
                              ",", SPLIT_SKIP_SPACE, 0);
       SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp));
@@ -494,7 +494,7 @@ rend_config_services(const or_options_t *options, int validate_only)
    * keep the introduction points that are still needed and close the
    * other ones. */
   if (old_service_list && !validate_only) {
-    smartlist_t *surviving_services = smartlist_create();
+    smartlist_t *surviving_services = smartlist_new();
     circuit_t *circ;
 
     /* Copy introduction points to new services. */
@@ -565,7 +565,7 @@ rend_service_update_descriptor(rend_service_t *service)
   d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t));
   d->pk = crypto_pk_dup_key(service->private_key);
   d->timestamp = time(NULL);
-  d->intro_nodes = smartlist_create();
+  d->intro_nodes = smartlist_new();
   /* Support intro protocols 2 and 3. */
   d->protocols = (1 << 2) + (1 << 3);
 
@@ -734,19 +734,19 @@ rend_service_load_keys(void)
           client->client_key = crypto_pk_dup_key(parsed->client_key);
         } else if (s->auth_type == REND_STEALTH_AUTH) {
           /* Create private key for client. */
-          crypto_pk_env_t *prkey = NULL;
-          if (!(prkey = crypto_new_pk_env())) {
+          crypto_pk_t *prkey = NULL;
+          if (!(prkey = crypto_pk_new())) {
             log_warn(LD_BUG,"Error constructing client key");
             goto err;
           }
           if (crypto_pk_generate_key(prkey)) {
             log_warn(LD_BUG,"Error generating client key");
-            crypto_free_pk_env(prkey);
+            crypto_pk_free(prkey);
             goto err;
           }
           if (crypto_pk_check_key(prkey) <= 0) {
             log_warn(LD_BUG,"Generated client key seems invalid");
-            crypto_free_pk_env(prkey);
+            crypto_pk_free(prkey);
             goto err;
           }
           client->client_key = prkey;
@@ -1046,19 +1046,19 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   rend_intro_point_t *intro_point;
   int r, i, v3_shift = 0;
   size_t len, keylen;
-  crypto_dh_env_t *dh = NULL;
+  crypto_dh_t *dh = NULL;
   origin_circuit_t *launched = NULL;
   crypt_path_t *cpath = NULL;
   char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
   char hexcookie[9];
   int circ_needs_uptime;
   int reason = END_CIRC_REASON_TORPROTOCOL;
-  crypto_pk_env_t *intro_key;
+  crypto_pk_t *intro_key;
   char intro_key_digest[DIGEST_LEN];
   int auth_type;
   size_t auth_len = 0;
   char auth_data[REND_DESC_COOKIE_LEN];
-  crypto_digest_env_t *digest = NULL;
+  crypto_digest_t *digest = NULL;
   time_t now = time(NULL);
   char diffie_hellman_hash[DIGEST_LEN];
   time_t *access_time;
@@ -1278,10 +1278,10 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
   base16_encode(hexcookie,9,r_cookie,4);
 
   /* Determine hash of Diffie-Hellman, part 1 to detect replays. */
-  digest = crypto_new_digest_env();
+  digest = crypto_digest_new();
   crypto_digest_add_bytes(digest, ptr+REND_COOKIE_LEN, DH_KEY_LEN);
   crypto_digest_get_digest(digest, diffie_hellman_hash, DIGEST_LEN);
-  crypto_free_digest_env(digest);
+  crypto_digest_free(digest);
 
   /* Check whether there is a past request with the same Diffie-Hellman,
    * part 1. */
@@ -1568,7 +1568,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
   char auth[DIGEST_LEN + 9];
   char serviceid[REND_SERVICE_ID_LEN_BASE32+1];
   int reason = END_CIRC_REASON_TORPROTOCOL;
-  crypto_pk_env_t *intro_key;
+  crypto_pk_t *intro_key;
 
   tor_assert(circuit->_base.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
 #ifndef NON_ANONYMOUS_MODE_ENABLED
@@ -1616,9 +1616,9 @@ rend_service_intro_has_opened(origin_circuit_t *circuit)
         rend_data_free(rend_data);
       }
       {
-        crypto_pk_env_t *intro_key = circuit->intro_key;
+        crypto_pk_t *intro_key = circuit->intro_key;
         circuit->intro_key = NULL;
-        crypto_free_pk_env(intro_key);
+        crypto_pk_free(intro_key);
       }
 
       circuit_has_opened(circuit);
@@ -1893,8 +1893,8 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
                          int seconds_valid)
 {
   int i, j, failed_upload = 0;
-  smartlist_t *responsible_dirs = smartlist_create();
-  smartlist_t *successful_uploads = smartlist_create();
+  smartlist_t *responsible_dirs = smartlist_new();
+  smartlist_t *successful_uploads = smartlist_new();
   routerstatus_t *hs_dir;
   for (i = 0; i < smartlist_len(descs); i++) {
     rend_encoded_v2_service_descriptor_t *desc = smartlist_get(descs, i);
@@ -1962,7 +1962,7 @@ directory_post_to_hs_dir(rend_service_descriptor_t *renddesc,
     /* Remember which routers worked this time, so that we don't upload the
      * descriptor to them again. */
     if (!renddesc->successful_uploads)
-      renddesc->successful_uploads = smartlist_create();
+      renddesc->successful_uploads = smartlist_new();
     SMARTLIST_FOREACH(successful_uploads, const char *, c, {
       if (!smartlist_digest_isin(renddesc->successful_uploads, c)) {
         char *hsdir_id = tor_memdup(c, DIGEST_LEN);
@@ -1992,15 +1992,15 @@ upload_service_descriptor(rend_service_t *service)
     networkstatus_t *c = networkstatus_get_latest_consensus();
     if (c && smartlist_len(c->routerstatus_list) > 0) {
       int seconds_valid, i, j, num_descs;
-      smartlist_t *descs = smartlist_create();
-      smartlist_t *client_cookies = smartlist_create();
+      smartlist_t *descs = smartlist_new();
+      smartlist_t *client_cookies = smartlist_new();
       /* Either upload a single descriptor (including replicas) or one
        * descriptor for each authorized client in case of authorization
        * type 'stealth'. */
       num_descs = service->auth_type == REND_STEALTH_AUTH ?
                       smartlist_len(service->clients) : 1;
       for (j = 0; j < num_descs; j++) {
-        crypto_pk_env_t *client_key = NULL;
+        crypto_pk_t *client_key = NULL;
         rend_authorized_client_t *client = NULL;
         smartlist_clear(client_cookies);
         switch (service->auth_type) {
@@ -2162,7 +2162,7 @@ rend_services_introduce(void)
   time_t now;
   const or_options_t *options = get_options();
 
-  intro_nodes = smartlist_create();
+  intro_nodes = smartlist_new();
   now = time(NULL);
 
   for (i=0; i < smartlist_len(rend_service_list); ++i) {
@@ -2323,7 +2323,7 @@ rend_services_introduce(void)
       smartlist_add(intro_nodes, (void*)node);
       intro = tor_malloc_zero(sizeof(rend_intro_point_t));
       intro->extend_info = extend_info_from_node(node, 0);
-      intro->intro_key = crypto_new_pk_env();
+      intro->intro_key = crypto_pk_new();
       tor_assert(!crypto_pk_generate_key(intro->intro_key));
       intro->time_published = -1;
       intro->time_to_expire = -1;
@@ -2489,7 +2489,7 @@ rend_service_set_connection_addr_port(edge_connection_t *conn,
              serviceid, circ->_base.n_circ_id);
     return -1;
   }
-  matching_ports = smartlist_create();
+  matching_ports = smartlist_new();
   SMARTLIST_FOREACH(service->ports, rend_service_port_config_t *, p,
   {
     if (conn->_base.port == p->virtual_port) {
diff --git a/src/or/rephist.c b/src/or/rephist.c
index 4129fe2..3d5000c 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -930,7 +930,7 @@ rep_hist_get_router_stability_doc(time_t now)
     return NULL;
 
   tor_free(last_stability_doc);
-  chunks = smartlist_create();
+  chunks = smartlist_new();
 
   if (rep_hist_have_measured_enough_stability()) {
     smartlist_add(chunks, tor_strdup("we-have-enough-measurements\n"));
@@ -1061,7 +1061,7 @@ rep_hist_load_mtbf_data(time_t now)
     tor_free(filename);
     if (!d)
       return -1;
-    lines = smartlist_create();
+    lines = smartlist_new();
     smartlist_split_string(lines, d, "\n", SPLIT_SKIP_SPACE, 0);
     tor_free(d);
   }
@@ -1609,15 +1609,15 @@ rep_hist_update_bwhist_state_section(or_state_t *state,
     }
     *s_begins = 0;
     *s_interval = 900;
-    *s_values = smartlist_create();
-    *s_maxima = smartlist_create();
+    *s_values = smartlist_new();
+    *s_maxima = smartlist_new();
     return;
   }
   *s_begins = b->next_period;
   *s_interval = NUM_SECS_BW_SUM_INTERVAL;
 
-  *s_values = smartlist_create();
-  *s_maxima = smartlist_create();
+  *s_values = smartlist_new();
+  *s_maxima = smartlist_new();
   /* Set i to first position in circular array */
   i = (b->num_maxes_set <= b->next_max_idx) ? 0 : b->next_max_idx;
   for (j=0; j < b->num_maxes_set; ++j,++i) {
@@ -1801,7 +1801,7 @@ add_predicted_port(time_t now, uint16_t port)
 static void
 predicted_ports_init(void)
 {
-  predicted_ports_list = smartlist_create();
+  predicted_ports_list = smartlist_new();
   add_predicted_port(time(NULL), 80); /* add one to kickstart us */
 }
 
@@ -1850,7 +1850,7 @@ rep_hist_note_used_port(time_t now, uint16_t port)
 smartlist_t *
 rep_hist_get_predicted_ports(time_t now)
 {
-  smartlist_t *out = smartlist_create();
+  smartlist_t *out = smartlist_new();
   tor_assert(predicted_ports_list);
 
   /* clean out obsolete entries */
@@ -2184,9 +2184,9 @@ rep_hist_format_exit_stats(time_t now)
   }
 
   /* Add observations of top ports to smartlists. */
-  written_strings = smartlist_create();
-  read_strings = smartlist_create();
-  streams_strings = smartlist_create();
+  written_strings = smartlist_new();
+  read_strings = smartlist_new();
+  streams_strings = smartlist_new();
   other_read = total_read;
   other_written = total_written;
   other_streams = total_streams;
@@ -2370,7 +2370,7 @@ rep_hist_add_buffer_stats(double mean_num_cells_in_queue,
   stat->mean_time_cells_in_queue = mean_time_cells_in_queue;
   stat->processed_cells = processed_cells;
   if (!circuits_for_buffer_stats)
-    circuits_for_buffer_stats = smartlist_create();
+    circuits_for_buffer_stats = smartlist_new();
   smartlist_add(circuits_for_buffer_stats, stat);
 }
 
@@ -2439,7 +2439,7 @@ void
 rep_hist_reset_buffer_stats(time_t now)
 {
   if (!circuits_for_buffer_stats)
-    circuits_for_buffer_stats = smartlist_create();
+    circuits_for_buffer_stats = smartlist_new();
   SMARTLIST_FOREACH(circuits_for_buffer_stats, circ_buffer_stats_t *,
       stat, tor_free(stat));
   smartlist_clear(circuits_for_buffer_stats);
@@ -2474,7 +2474,7 @@ rep_hist_format_buffer_stats(time_t now)
   memset(queued_cells, 0, SHARES * sizeof(double));
   memset(time_in_queue, 0, SHARES * sizeof(double));
   if (!circuits_for_buffer_stats)
-    circuits_for_buffer_stats = smartlist_create();
+    circuits_for_buffer_stats = smartlist_new();
   number_of_circuits = smartlist_len(circuits_for_buffer_stats);
   if (number_of_circuits > 0) {
     smartlist_sort(circuits_for_buffer_stats,
@@ -2493,9 +2493,9 @@ rep_hist_format_buffer_stats(time_t now)
   }
 
   /* Write deciles to strings. */
-  processed_cells_strings = smartlist_create();
-  queued_cells_strings = smartlist_create();
-  time_in_queue_strings = smartlist_create();
+  processed_cells_strings = smartlist_new();
+  queued_cells_strings = smartlist_new();
+  time_in_queue_strings = smartlist_new();
   for (i = 0; i < SHARES; i++) {
     smartlist_add_asprintf(processed_cells_strings,
                            "%d", !circs_in_share[i] ? 0 :
diff --git a/src/or/router.c b/src/or/router.c
index 0339e68..d86c5f3 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -47,28 +47,28 @@ extern long stats_n_seconds_working;
 static tor_mutex_t *key_lock=NULL;
 static time_t onionkey_set_at=0; /**< When was onionkey last changed? */
 /** Current private onionskin decryption key: used to decode CREATE cells. */
-static crypto_pk_env_t *onionkey=NULL;
+static crypto_pk_t *onionkey=NULL;
 /** Previous private onionskin decryption key: used to decode CREATE cells
  * generated by clients that have an older version of our descriptor. */
-static crypto_pk_env_t *lastonionkey=NULL;
+static crypto_pk_t *lastonionkey=NULL;
 /** Private server "identity key": used to sign directory info and TLS
  * certificates. Never changes. */
-static crypto_pk_env_t *server_identitykey=NULL;
+static crypto_pk_t *server_identitykey=NULL;
 /** Digest of server_identitykey. */
 static char server_identitykey_digest[DIGEST_LEN];
 /** Private client "identity key": used to sign bridges' and clients'
  * outbound TLS certificates. Regenerated on startup and on IP address
  * change. */
-static crypto_pk_env_t *client_identitykey=NULL;
+static crypto_pk_t *client_identitykey=NULL;
 /** Signing key used for v3 directory material; only set for authorities. */
-static crypto_pk_env_t *authority_signing_key = NULL;
+static crypto_pk_t *authority_signing_key = NULL;
 /** Key certificate to authenticate v3 directory material; only set for
  * authorities. */
 static authority_cert_t *authority_key_certificate = NULL;
 
 /** For emergency V3 authority key migration: An extra signing key that we use
  * with our old (obsolete) identity key for a while. */
-static crypto_pk_env_t *legacy_signing_key = NULL;
+static crypto_pk_t *legacy_signing_key = NULL;
 /** For emergency V3 authority key migration: An extra certificate to
  * authenticate legacy_signing_key with our obsolete identity key.*/
 static authority_cert_t *legacy_key_certificate = NULL;
@@ -82,15 +82,15 @@ static authority_cert_t *legacy_key_certificate = NULL;
  * lastonionkey; to update lastonionkey correctly, call rotate_onion_key().
  */
 static void
-set_onion_key(crypto_pk_env_t *k)
+set_onion_key(crypto_pk_t *k)
 {
   if (onionkey && !crypto_pk_cmp_keys(onionkey, k)) {
     /* k is already our onion key; free it and return */
-    crypto_free_pk_env(k);
+    crypto_pk_free(k);
     return;
   }
   tor_mutex_acquire(key_lock);
-  crypto_free_pk_env(onionkey);
+  crypto_pk_free(onionkey);
   onionkey = k;
   tor_mutex_release(key_lock);
   mark_my_descriptor_dirty("set onion key");
@@ -98,7 +98,7 @@ set_onion_key(crypto_pk_env_t *k)
 
 /** Return the current onion key.  Requires that the onion key has been
  * loaded or generated. */
-crypto_pk_env_t *
+crypto_pk_t *
 get_onion_key(void)
 {
   tor_assert(onionkey);
@@ -109,7 +109,7 @@ get_onion_key(void)
  * copy of the most recent onion key into *<b>last</b>.
  */
 void
-dup_onion_keys(crypto_pk_env_t **key, crypto_pk_env_t **last)
+dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
 {
   tor_assert(key);
   tor_assert(last);
@@ -136,9 +136,9 @@ get_onion_key_set_at(void)
 /** Set the current server identity key to <b>k</b>.
  */
 void
-set_server_identity_key(crypto_pk_env_t *k)
+set_server_identity_key(crypto_pk_t *k)
 {
-  crypto_free_pk_env(server_identitykey);
+  crypto_pk_free(server_identitykey);
   server_identitykey = k;
   crypto_pk_get_digest(server_identitykey, server_identitykey_digest);
 }
@@ -164,7 +164,7 @@ assert_identity_keys_ok(void)
 /** Returns the current server identity key; requires that the key has
  * been set, and that we are running as a Tor server.
  */
-crypto_pk_env_t *
+crypto_pk_t *
 get_server_identity_key(void)
 {
   tor_assert(server_identitykey);
@@ -183,16 +183,16 @@ server_identity_key_is_set(void)
 /** Set the current client identity key to <b>k</b>.
  */
 void
-set_client_identity_key(crypto_pk_env_t *k)
+set_client_identity_key(crypto_pk_t *k)
 {
-  crypto_free_pk_env(client_identitykey);
+  crypto_pk_free(client_identitykey);
   client_identitykey = k;
 }
 
 /** Returns the current client identity key for use on outgoing TLS
  * connections; requires that the key has been set.
  */
-crypto_pk_env_t *
+crypto_pk_t *
 get_tlsclient_identity_key(void)
 {
   tor_assert(client_identitykey);
@@ -217,7 +217,7 @@ get_my_v3_authority_cert(void)
 
 /** Return the v3 signing key for this v3 (voting) authority, or NULL
  * if we have no such key. */
-crypto_pk_env_t *
+crypto_pk_t *
 get_my_v3_authority_signing_key(void)
 {
   return authority_signing_key;
@@ -234,7 +234,7 @@ get_my_v3_legacy_cert(void)
 
 /** If we're an authority, and we're using a legacy authority identity key for
  * emergency migration purposes, return that key. */
-crypto_pk_env_t *
+crypto_pk_t *
 get_my_v3_legacy_signing_key(void)
 {
   return legacy_signing_key;
@@ -251,12 +251,12 @@ void
 rotate_onion_key(void)
 {
   char *fname, *fname_prev;
-  crypto_pk_env_t *prkey;
+  crypto_pk_t *prkey;
   or_state_t *state = get_or_state();
   time_t now;
   fname = get_datadir_fname2("keys", "secret_onion_key");
   fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
-  if (!(prkey = crypto_new_pk_env())) {
+  if (!(prkey = crypto_pk_new())) {
     log_err(LD_GENERAL,"Error constructing rotated onion key");
     goto error;
   }
@@ -274,7 +274,7 @@ rotate_onion_key(void)
   }
   log_info(LD_GENERAL, "Rotating onion key");
   tor_mutex_acquire(key_lock);
-  crypto_free_pk_env(lastonionkey);
+  crypto_pk_free(lastonionkey);
   lastonionkey = onionkey;
   onionkey = prkey;
   now = time(NULL);
@@ -286,7 +286,7 @@ rotate_onion_key(void)
  error:
   log_warn(LD_GENERAL, "Couldn't rotate onion key.");
   if (prkey)
-    crypto_free_pk_env(prkey);
+    crypto_pk_free(prkey);
  done:
   tor_free(fname);
   tor_free(fname_prev);
@@ -297,12 +297,12 @@ rotate_onion_key(void)
  * <b>fname</b>.  Return the read/created key, or NULL on error.  Log all
  * errors at level <b>severity</b>.
  */
-crypto_pk_env_t *
+crypto_pk_t *
 init_key_from_file(const char *fname, int generate, int severity)
 {
-  crypto_pk_env_t *prkey = NULL;
+  crypto_pk_t *prkey = NULL;
 
-  if (!(prkey = crypto_new_pk_env())) {
+  if (!(prkey = crypto_pk_new())) {
     log(severity, LD_GENERAL,"Error constructing key");
     goto error;
   }
@@ -357,7 +357,7 @@ init_key_from_file(const char *fname, int generate, int severity)
 
  error:
   if (prkey)
-    crypto_free_pk_env(prkey);
+    crypto_pk_free(prkey);
   return NULL;
 }
 
@@ -367,13 +367,13 @@ init_key_from_file(const char *fname, int generate, int severity)
  * key/cert set.  On success, store them into *<b>key_out</b> and
  * *<b>cert_out</b> respectively, and return 0.  On failure, return -1. */
 static int
-load_authority_keyset(int legacy, crypto_pk_env_t **key_out,
+load_authority_keyset(int legacy, crypto_pk_t **key_out,
                       authority_cert_t **cert_out)
 {
   int r = -1;
   char *fname = NULL, *cert = NULL;
   const char *eos = NULL;
-  crypto_pk_env_t *signing_key = NULL;
+  crypto_pk_t *signing_key = NULL;
   authority_cert_t *parsed = NULL;
 
   fname = get_datadir_fname2("keys",
@@ -403,7 +403,7 @@ load_authority_keyset(int legacy, crypto_pk_env_t **key_out,
     goto done;
   }
 
-  crypto_free_pk_env(*key_out);
+  crypto_pk_free(*key_out);
   authority_cert_free(*cert_out);
 
   *key_out = signing_key;
@@ -415,7 +415,7 @@ load_authority_keyset(int legacy, crypto_pk_env_t **key_out,
  done:
   tor_free(fname);
   tor_free(cert);
-  crypto_free_pk_env(signing_key);
+  crypto_pk_free(signing_key);
   authority_cert_free(parsed);
   return r;
 }
@@ -506,7 +506,7 @@ init_keys(void)
   /*nickname<space>fp\n\0 */
   char fingerprint_line[MAX_NICKNAME_LEN+FINGERPRINT_LEN+3];
   const char *mydesc;
-  crypto_pk_env_t *prkey;
+  crypto_pk_t *prkey;
   char digest[DIGEST_LEN];
   char v3_digest[DIGEST_LEN];
   char *cp;
@@ -532,10 +532,10 @@ init_keys(void)
   /* OP's don't need persistent keys; just make up an identity and
    * initialize the TLS context. */
   if (!server_mode(options)) {
-    if (!(prkey = crypto_new_pk_env()))
+    if (!(prkey = crypto_pk_new()))
       return -1;
     if (crypto_pk_generate_key(prkey)) {
-      crypto_free_pk_env(prkey);
+      crypto_pk_free(prkey);
       return -1;
     }
     set_client_identity_key(prkey);
@@ -589,10 +589,10 @@ init_keys(void)
   if (public_server_mode(options)) {
     set_client_identity_key(crypto_pk_dup_key(prkey)); /* set above */
   } else {
-    if (!(prkey = crypto_new_pk_env()))
+    if (!(prkey = crypto_pk_new()))
       return -1;
     if (crypto_pk_generate_key(prkey)) {
-      crypto_free_pk_env(prkey);
+      crypto_pk_free(prkey);
       return -1;
     }
     set_client_identity_key(prkey);
@@ -1566,9 +1566,9 @@ router_rebuild_descriptor(int force)
   if (options->MyFamily) {
     smartlist_t *family;
     if (!warned_nonexistent_family)
-      warned_nonexistent_family = smartlist_create();
-    family = smartlist_create();
-    ri->declared_family = smartlist_create();
+      warned_nonexistent_family = smartlist_new();
+    family = smartlist_new();
+    ri->declared_family = smartlist_new();
     smartlist_split_string(family, options->MyFamily, ",",
       SPLIT_SKIP_SPACE|SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
     SMARTLIST_FOREACH_BEGIN(family, char *, name) {
@@ -1924,7 +1924,7 @@ get_platform_str(char *platform, size_t len)
  */
 int
 router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
-                             crypto_pk_env_t *ident_key)
+                             crypto_pk_t *ident_key)
 {
   char *onion_pkey; /* Onion key, PEM-encoded. */
   char *identity_pkey; /* Identity key, PEM-encoded. */
@@ -2238,7 +2238,7 @@ load_stats_file(const char *filename, const char *end_line, time_t now,
  * success, negative on failure. */
 int
 extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
-                         crypto_pk_env_t *ident_key)
+                         crypto_pk_t *ident_key)
 {
   const or_options_t *options = get_options();
   char identity[HEX_DIGEST_LEN+1];
@@ -2250,7 +2250,7 @@ extrainfo_dump_to_string(char **s_out, extrainfo_t *extrainfo,
   char sig[DIROBJ_MAX_SIG_LEN+1];
   char *s, *pre, *contents, *cp, *s_dup = NULL;
   time_t now = time(NULL);
-  smartlist_t *chunks = smartlist_create();
+  smartlist_t *chunks = smartlist_new();
   extrainfo_t *ei_tmp = NULL;
 
   base16_encode(identity, sizeof(identity),
@@ -2688,16 +2688,16 @@ router_purpose_from_string(const char *s)
 void
 router_free_all(void)
 {
-  crypto_free_pk_env(onionkey);
-  crypto_free_pk_env(lastonionkey);
-  crypto_free_pk_env(server_identitykey);
-  crypto_free_pk_env(client_identitykey);
+  crypto_pk_free(onionkey);
+  crypto_pk_free(lastonionkey);
+  crypto_pk_free(server_identitykey);
+  crypto_pk_free(client_identitykey);
   tor_mutex_free(key_lock);
   routerinfo_free(desc_routerinfo);
   extrainfo_free(desc_extrainfo);
-  crypto_free_pk_env(authority_signing_key);
+  crypto_pk_free(authority_signing_key);
   authority_cert_free(authority_key_certificate);
-  crypto_free_pk_env(legacy_signing_key);
+  crypto_pk_free(legacy_signing_key);
   authority_cert_free(legacy_key_certificate);
 
   if (warned_nonexistent_family) {
diff --git a/src/or/router.h b/src/or/router.h
index d426b25..fb91434 100644
--- a/src/or/router.h
+++ b/src/or/router.h
@@ -12,21 +12,21 @@
 #ifndef _TOR_ROUTER_H
 #define _TOR_ROUTER_H
 
-crypto_pk_env_t *get_onion_key(void);
+crypto_pk_t *get_onion_key(void);
 time_t get_onion_key_set_at(void);
-void set_server_identity_key(crypto_pk_env_t *k);
-crypto_pk_env_t *get_server_identity_key(void);
+void set_server_identity_key(crypto_pk_t *k);
+crypto_pk_t *get_server_identity_key(void);
 int server_identity_key_is_set(void);
-void set_client_identity_key(crypto_pk_env_t *k);
-crypto_pk_env_t *get_tlsclient_identity_key(void);
+void set_client_identity_key(crypto_pk_t *k);
+crypto_pk_t *get_tlsclient_identity_key(void);
 int client_identity_key_is_set(void);
 authority_cert_t *get_my_v3_authority_cert(void);
-crypto_pk_env_t *get_my_v3_authority_signing_key(void);
+crypto_pk_t *get_my_v3_authority_signing_key(void);
 authority_cert_t *get_my_v3_legacy_cert(void);
-crypto_pk_env_t *get_my_v3_legacy_signing_key(void);
-void dup_onion_keys(crypto_pk_env_t **key, crypto_pk_env_t **last);
+crypto_pk_t *get_my_v3_legacy_signing_key(void);
+void dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last);
 void rotate_onion_key(void);
-crypto_pk_env_t *init_key_from_file(const char *fname, int generate,
+crypto_pk_t *init_key_from_file(const char *fname, int generate,
                                     int severity);
 void v3_authority_check_key_expiry(void);
 
@@ -84,7 +84,7 @@ int router_fingerprint_is_me(const char *fp);
 int router_pick_published_address(const or_options_t *options, uint32_t *addr);
 int router_rebuild_descriptor(int force);
 int router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router,
-                                 crypto_pk_env_t *ident_key);
+                                 crypto_pk_t *ident_key);
 void router_get_prim_orport(const routerinfo_t *router,
                             tor_addr_port_t *addr_port_out);
 void router_get_pref_orport(const routerinfo_t *router,
@@ -93,7 +93,7 @@ void router_get_pref_ipv6_orport(const routerinfo_t *router,
                                  tor_addr_port_t *addr_port_out);
 int router_ipv6_preferred(const routerinfo_t *router);
 int extrainfo_dump_to_string(char **s, extrainfo_t *extrainfo,
-                             crypto_pk_env_t *ident_key);
+                             crypto_pk_t *ident_key);
 int is_legal_nickname(const char *s);
 int is_legal_nickname_or_hexdigest(const char *s);
 int is_legal_hexdigest(const char *s);
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index b81289e..5fe871f 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -136,7 +136,7 @@ get_cert_list(const char *id_digest)
   if (!cl) {
     cl = tor_malloc_zero(sizeof(cert_list_t));
     cl->dl_status.schedule = DL_SCHED_CONSENSUS;
-    cl->certs = smartlist_create();
+    cl->certs = smartlist_new();
     digestmap_set(trusted_dir_certs, id_digest, cl);
   }
   return cl;
@@ -285,7 +285,7 @@ trusted_dirs_flush_certs_to_disk(void)
   if (!trusted_dir_servers_certs_changed || !trusted_dir_certs)
     return;
 
-  chunks = smartlist_create();
+  chunks = smartlist_new();
   DIGESTMAP_FOREACH(trusted_dir_certs, key, cert_list_t *, cl) {
     SMARTLIST_FOREACH(cl->certs, authority_cert_t *, cert,
           {
@@ -486,7 +486,7 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
     return;
 
   pending = digestmap_new();
-  missing_digests = smartlist_create();
+  missing_digests = smartlist_new();
 
   list_pending_downloads(pending, DIR_PURPOSE_FETCH_CERTIFICATE, "fp/");
   if (status) {
@@ -546,7 +546,7 @@ authority_certs_fetch_missing(networkstatus_t *status, time_t now)
   if (!smartlist_len(missing_digests)) {
     goto done;
   } else {
-    smartlist_t *fps = smartlist_create();
+    smartlist_t *fps = smartlist_new();
     smartlist_add(fps, tor_strdup("fp/"));
     SMARTLIST_FOREACH(missing_digests, const char *, d, {
         char *fp;
@@ -695,10 +695,10 @@ router_rebuild_store(int flags, desc_store_t *store)
   fname = get_datadir_fname(store->fname_base);
   fname_tmp = get_datadir_fname_suffix(store->fname_base, ".tmp");
 
-  chunk_list = smartlist_create();
+  chunk_list = smartlist_new();
 
   /* We sort the routers by age to enhance locality on disk. */
-  signed_descriptors = smartlist_create();
+  signed_descriptors = smartlist_new();
   if (store->type == EXTRAINFO_STORE) {
     eimap_iter_t *iter;
     for (iter = eimap_iter_init(routerlist->extra_info_map);
@@ -912,7 +912,7 @@ smartlist_t *
 router_get_trusted_dir_servers(void)
 {
   if (!trusted_dir_servers)
-    trusted_dir_servers = smartlist_create();
+    trusted_dir_servers = smartlist_new();
 
   return trusted_dir_servers;
 }
@@ -1094,12 +1094,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags)
 
  retry_without_exclude:
 
-  direct = smartlist_create();
-  tunnel = smartlist_create();
-  trusted_direct = smartlist_create();
-  trusted_tunnel = smartlist_create();
-  overloaded_direct = smartlist_create();
-  overloaded_tunnel = smartlist_create();
+  direct = smartlist_new();
+  tunnel = smartlist_new();
+  trusted_direct = smartlist_new();
+  trusted_tunnel = smartlist_new();
+  overloaded_direct = smartlist_new();
+  overloaded_tunnel = smartlist_new();
 
   /* Find all the running dirservers we know about. */
   SMARTLIST_FOREACH_BEGIN(nodelist_get_list(), const node_t *, node) {
@@ -1219,10 +1219,10 @@ router_pick_trusteddirserver_impl(dirinfo_type_t type, int flags,
 
  retry_without_exclude:
 
-  direct = smartlist_create();
-  tunnel = smartlist_create();
-  overloaded_direct = smartlist_create();
-  overloaded_tunnel = smartlist_create();
+  direct = smartlist_new();
+  tunnel = smartlist_new();
+  overloaded_direct = smartlist_new();
+  overloaded_tunnel = smartlist_new();
 
   SMARTLIST_FOREACH_BEGIN(trusted_dir_servers, trusted_dir_server_t *, d)
     {
@@ -1517,7 +1517,7 @@ router_nickname_is_in_list(const routerinfo_t *router, const char *list)
     return 0; /* definitely not */
   tor_assert(router);
 
-  nickname_list = smartlist_create();
+  nickname_list = smartlist_new();
   smartlist_split_string(nickname_list, list, ",",
     SPLIT_SKIP_SPACE|SPLIT_STRIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH(nickname_list, const char *, cp,
@@ -2165,8 +2165,8 @@ router_choose_random_node(smartlist_t *excludedsmartlist,
   const int weight_for_exit = (flags & CRN_WEIGHT_AS_EXIT) != 0;
   const int need_desc = (flags & CRN_NEED_DESC) != 0;
 
-  smartlist_t *sl=smartlist_create(),
-    *excludednodes=smartlist_create();
+  smartlist_t *sl=smartlist_new(),
+    *excludednodes=smartlist_new();
   const node_t *choice = NULL;
   const routerinfo_t *r;
   bandwidth_weight_rule_t rule;
@@ -2404,7 +2404,7 @@ router_get_by_nickname(const char *nickname, int warn_if_unnamed)
 
   if (best_match) {
     if (warn_if_unnamed && n_matches > 1) {
-      smartlist_t *fps = smartlist_create();
+      smartlist_t *fps = smartlist_new();
       int any_unwarned = 0;
       SMARTLIST_FOREACH_BEGIN(routerlist->routers, routerinfo_t *, router) {
           routerstatus_t *rs;
@@ -2652,8 +2652,8 @@ router_get_routerlist(void)
 {
   if (PREDICT_UNLIKELY(!routerlist)) {
     routerlist = tor_malloc_zero(sizeof(routerlist_t));
-    routerlist->routers = smartlist_create();
-    routerlist->old_routers = smartlist_create();
+    routerlist->routers = smartlist_new();
+    routerlist->old_routers = smartlist_new();
     routerlist->identity_map = rimap_new();
     routerlist->desc_digest_map = sdmap_new();
     routerlist->desc_by_eid_map = sdmap_new();
@@ -2685,9 +2685,9 @@ routerinfo_free(routerinfo_t *router)
   tor_free(router->platform);
   tor_free(router->contact_info);
   if (router->onion_pkey)
-    crypto_free_pk_env(router->onion_pkey);
+    crypto_pk_free(router->onion_pkey);
   if (router->identity_pkey)
-    crypto_free_pk_env(router->identity_pkey);
+    crypto_pk_free(router->identity_pkey);
   if (router->declared_family) {
     SMARTLIST_FOREACH(router->declared_family, char *, s, tor_free(s));
     smartlist_free(router->declared_family);
@@ -3214,7 +3214,7 @@ void
 routerlist_reset_warnings(void)
 {
   if (!warned_nicknames)
-    warned_nicknames = smartlist_create();
+    warned_nicknames = smartlist_new();
   SMARTLIST_FOREACH(warned_nicknames, char *, cp, tor_free(cp));
   smartlist_clear(warned_nicknames); /* now the list is empty. */
 
@@ -3821,7 +3821,7 @@ router_load_single_router(const char *s, uint8_t purpose, int cache,
   if (!cache) /* obey the preference of the controller */
     ri->cache_info.do_not_cache = 1;
 
-  lst = smartlist_create();
+  lst = smartlist_new();
   smartlist_add(lst, ri);
   routers_update_status_from_consensus_networkstatus(lst, 0);
 
@@ -3863,7 +3863,7 @@ router_load_routers_from_string(const char *s, const char *eos,
                                 int descriptor_digests,
                                 const char *prepend_annotations)
 {
-  smartlist_t *routers = smartlist_create(), *changed = smartlist_create();
+  smartlist_t *routers = smartlist_new(), *changed = smartlist_new();
   char fp[HEX_DIGEST_LEN+1];
   const char *msg;
   int from_cache = (saved_location != SAVED_NOWHERE);
@@ -3938,7 +3938,7 @@ router_load_extrainfo_from_string(const char *s, const char *eos,
                                   smartlist_t *requested_fingerprints,
                                   int descriptor_digests)
 {
-  smartlist_t *extrainfo_list = smartlist_create();
+  smartlist_t *extrainfo_list = smartlist_new();
   const char *msg;
   int from_cache = (saved_location != SAVED_NOWHERE);
 
@@ -4067,7 +4067,7 @@ add_trusted_dir_server(const char *nickname, const char *address,
   uint32_t a;
   char *hostname = NULL;
   if (!trusted_dir_servers)
-    trusted_dir_servers = smartlist_create();
+    trusted_dir_servers = smartlist_new();
 
   if (!address) { /* The address is us; we should guess. */
     if (resolve_my_address(LOG_WARN, get_options(), &a, &hostname) < 0) {
@@ -4133,8 +4133,8 @@ authority_cert_free(authority_cert_t *cert)
     return;
 
   tor_free(cert->cache_info.signed_descriptor_body);
-  crypto_free_pk_env(cert->signing_key);
-  crypto_free_pk_env(cert->identity_key);
+  crypto_pk_free(cert->signing_key);
+  crypto_pk_free(cert->identity_key);
 
   tor_free(cert);
 }
@@ -4161,7 +4161,7 @@ clear_trusted_dir_servers(void)
                       trusted_dir_server_free(ent));
     smartlist_clear(trusted_dir_servers);
   } else {
-    trusted_dir_servers = smartlist_create();
+    trusted_dir_servers = smartlist_new();
   }
   router_dir_info_changed();
 }
@@ -4188,7 +4188,7 @@ list_pending_downloads(digestmap_t *result,
                        int purpose, const char *prefix)
 {
   const size_t p_len = strlen(prefix);
-  smartlist_t *tmp = smartlist_create();
+  smartlist_t *tmp = smartlist_new();
   smartlist_t *conns = get_connection_array();
   int flags = DSR_HEX;
   if (purpose == DIR_PURPOSE_FETCH_MICRODESC)
@@ -4491,8 +4491,8 @@ update_router_descriptor_cache_downloads_v2(time_t now)
     {
       trusted_dir_server_t *ds;
       smartlist_t *dl;
-      dl = downloadable[ns_sl_idx] = smartlist_create();
-      download_from[ns_sl_idx] = smartlist_create();
+      dl = downloadable[ns_sl_idx] = smartlist_new();
+      download_from[ns_sl_idx] = smartlist_new();
       if (ns->published_on + MAX_NETWORKSTATUS_AGE+10*60 < now) {
         /* Don't download if the networkstatus is almost ancient. */
         /* Actually, I suspect what's happening here is that we ask
@@ -4604,8 +4604,8 @@ update_consensus_router_descriptor_downloads(time_t now, int is_vote,
 {
   const or_options_t *options = get_options();
   digestmap_t *map = NULL;
-  smartlist_t *no_longer_old = smartlist_create();
-  smartlist_t *downloadable = smartlist_create();
+  smartlist_t *no_longer_old = smartlist_new();
+  smartlist_t *downloadable = smartlist_new();
   routerstatus_t *source = NULL;
   int authdir = authdir_mode(options);
   int n_delayed=0, n_have=0, n_would_reject=0, n_wouldnt_use=0,
@@ -4788,7 +4788,7 @@ update_extrainfo_downloads(time_t now)
   pending = digestmap_new();
   list_pending_descriptor_downloads(pending, 1);
   rl = router_get_routerlist();
-  wanted = smartlist_create();
+  wanted = smartlist_new();
   for (old_routers = 0; old_routers < 2; ++old_routers) {
     smartlist_t *lst = old_routers ? rl->old_routers : rl->routers;
     for (i = 0; i < smartlist_len(lst); ++i) {
@@ -5396,11 +5396,11 @@ routerset_t *
 routerset_new(void)
 {
   routerset_t *result = tor_malloc_zero(sizeof(routerset_t));
-  result->list = smartlist_create();
+  result->list = smartlist_new();
   result->names = strmap_new();
   result->digests = digestmap_new();
-  result->policies = smartlist_create();
-  result->country_names = smartlist_create();
+  result->policies = smartlist_new();
+  result->country_names = smartlist_new();
   return result;
 }
 
@@ -5461,7 +5461,7 @@ routerset_parse(routerset_t *target, const char *s, const char *description)
   int r = 0;
   int added_countries = 0;
   char *countryname;
-  smartlist_t *list = smartlist_create();
+  smartlist_t *list = smartlist_new();
   smartlist_split_string(list, s, ",",
                          SPLIT_SKIP_SPACE | SPLIT_IGNORE_BLANK, 0);
   SMARTLIST_FOREACH_BEGIN(list, char *, nick) {
@@ -5880,7 +5880,7 @@ hid_serv_responsible_for_desc_id(const char *query)
   if (!(me = router_get_my_routerinfo()))
     return 0; /* This is redundant, but let's be paranoid. */
   my_id = me->cache_info.identity_digest;
-  responsible = smartlist_create();
+  responsible = smartlist_new();
   if (hid_serv_get_responsible_directories(responsible, query) < 0) {
     smartlist_free(responsible);
     return 0;
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 678b119..7a0fd17 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -178,7 +178,7 @@ typedef struct directory_token_t {
   size_t object_size;          /**< Bytes in object_body */
   char *object_body;           /**< Contents of object, base64-decoded. */
 
-  crypto_pk_env_t *key;        /**< For public keys only.  Heap-allocated. */
+  crypto_pk_t *key;        /**< For public keys only.  Heap-allocated. */
 
   char *error;                 /**< For _ERR tokens only. */
 } directory_token_t;
@@ -569,10 +569,10 @@ static directory_token_t *get_next_token(memarea_t *area,
 static int check_signature_token(const char *digest,
                                  ssize_t digest_len,
                                  directory_token_t *tok,
-                                 crypto_pk_env_t *pkey,
+                                 crypto_pk_t *pkey,
                                  int flags,
                                  const char *doctype);
-static crypto_pk_env_t *find_dir_signing_key(const char *str, const char *eos);
+static crypto_pk_t *find_dir_signing_key(const char *str, const char *eos);
 
 #undef DEBUG_AREA_ALLOC
 
@@ -700,7 +700,7 @@ router_get_extrainfo_hash(const char *s, char *digest)
  */
 int
 router_append_dirobj_signature(char *buf, size_t buf_len, const char *digest,
-                               size_t digest_len, crypto_pk_env_t *private_key)
+                               size_t digest_len, crypto_pk_t *private_key)
 {
   char *signature;
   size_t i, keysize;
@@ -766,7 +766,7 @@ tor_version_is_obsolete(const char *myversion, const char *versionlist)
     log_err(LD_BUG,"I couldn't parse my own version (%s)", myversion);
     tor_assert(0);
   }
-  version_sl = smartlist_create();
+  version_sl = smartlist_new();
   smartlist_split_string(version_sl, versionlist, ",", SPLIT_SKIP_SPACE, 0);
 
   if (!strlen(versionlist)) { /* no authorities cared or agreed */
@@ -827,7 +827,7 @@ router_parse_directory(const char *str)
   int r;
   const char *end, *cp, *str_dup = str;
   smartlist_t *tokens = NULL;
-  crypto_pk_env_t *declared_key = NULL;
+  crypto_pk_t *declared_key = NULL;
   memarea_t *area = memarea_new();
 
   /* XXXX This could be simplified a lot, but it will all go away
@@ -848,7 +848,7 @@ router_parse_directory(const char *str)
     log_warn(LD_DIR, "No signature found on directory."); goto err;
   }
   ++cp;
-  tokens = smartlist_create();
+  tokens = smartlist_new();
   if (tokenize_string(area,cp,strchr(cp,'\0'),tokens,dir_token_table,0)) {
     log_warn(LD_DIR, "Error tokenizing directory signature"); goto err;
   }
@@ -901,7 +901,7 @@ router_parse_directory(const char *str)
   dump_desc(str_dup, "v1 directory");
   r = -1;
  done:
-  if (declared_key) crypto_free_pk_env(declared_key);
+  if (declared_key) crypto_pk_free(declared_key);
   if (tokens) {
     SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
     smartlist_free(tokens);
@@ -923,7 +923,7 @@ router_parse_runningrouters(const char *str)
   directory_token_t *tok;
   time_t published_on;
   int r = -1;
-  crypto_pk_env_t *declared_key = NULL;
+  crypto_pk_t *declared_key = NULL;
   smartlist_t *tokens = NULL;
   const char *eos = str + strlen(str), *str_dup = str;
   memarea_t *area = NULL;
@@ -933,7 +933,7 @@ router_parse_runningrouters(const char *str)
     goto err;
   }
   area = memarea_new();
-  tokens = smartlist_create();
+  tokens = smartlist_new();
   if (tokenize_string(area,str,eos,tokens,dir_token_table,0)) {
     log_warn(LD_DIR, "Error tokenizing running-routers"); goto err;
   }
@@ -967,7 +967,7 @@ router_parse_runningrouters(const char *str)
   r = 0;
  err:
   dump_desc(str_dup, "v1 running-routers");
-  if (declared_key) crypto_free_pk_env(declared_key);
+  if (declared_key) crypto_pk_free(declared_key);
   if (tokens) {
     SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
     smartlist_free(tokens);
@@ -982,12 +982,12 @@ router_parse_runningrouters(const char *str)
 /** Given a directory or running-routers string in <b>str</b>, try to
  * find the its dir-signing-key token (if any).  If this token is
  * present, extract and return the key.  Return NULL on failure. */
-static crypto_pk_env_t *
+static crypto_pk_t *
 find_dir_signing_key(const char *str, const char *eos)
 {
   const char *cp;
   directory_token_t *tok;
-  crypto_pk_env_t *key = NULL;
+  crypto_pk_t *key = NULL;
   memarea_t *area = NULL;
   tor_assert(str);
   tor_assert(eos);
@@ -1030,7 +1030,7 @@ find_dir_signing_key(const char *str, const char *eos)
 /** Return true iff <b>key</b> is allowed to sign directories.
  */
 static int
-dir_signing_key_is_trusted(crypto_pk_env_t *key)
+dir_signing_key_is_trusted(crypto_pk_t *key)
 {
   char digest[DIGEST_LEN];
   if (!key) return 0;
@@ -1057,7 +1057,7 @@ static int
 check_signature_token(const char *digest,
                       ssize_t digest_len,
                       directory_token_t *tok,
-                      crypto_pk_env_t *pkey,
+                      crypto_pk_t *pkey,
                       int flags,
                       const char *doctype)
 {
@@ -1298,7 +1298,7 @@ router_parse_entry_from_string(const char *s, const char *end,
     --end;
 
   area = memarea_new();
-  tokens = smartlist_create();
+  tokens = smartlist_new();
   if (prepend_annotations) {
     if (tokenize_string(area,prepend_annotations,NULL,tokens,
                         routerdesc_token_table,TS_NOCHECK)) {
@@ -1546,7 +1546,7 @@ router_parse_entry_from_string(const char *s, const char *end,
 
   if ((tok = find_opt_by_keyword(tokens, K_FAMILY)) && tok->n_args) {
     int i;
-    router->declared_family = smartlist_create();
+    router->declared_family = smartlist_new();
     for (i=0;i<tok->n_args;++i) {
       if (!is_legal_nickname_or_hexdigest(tok->args[i])) {
         log_warn(LD_DIR, "Illegal nickname %s in family line",
@@ -1630,7 +1630,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
   char digest[128];
   smartlist_t *tokens = NULL;
   directory_token_t *tok;
-  crypto_pk_env_t *key = NULL;
+  crypto_pk_t *key = NULL;
   routerinfo_t *router = NULL;
   memarea_t *area = NULL;
   const char *s_dup = s;
@@ -1647,7 +1647,7 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
     log_warn(LD_DIR, "Couldn't compute router hash.");
     goto err;
   }
-  tokens = smartlist_create();
+  tokens = smartlist_new();
   area = memarea_new();
   if (tokenize_string(area,s,end,tokens,extrainfo_token_table,0)) {
     log_warn(LD_DIR, "Error tokenizing extra-info document.");
@@ -1780,7 +1780,7 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
     return NULL;
   }
 
-  tokens = smartlist_create();
+  tokens = smartlist_new();
   area = memarea_new();
   if (tokenize_string(area,s, eos, tokens, dir_key_certificate_table, 0) < 0) {
     log_warn(LD_DIR, "Error tokenizing key certificate");
@@ -2257,8 +2257,8 @@ networkstatus_v2_t *
 networkstatus_v2_parse_from_string(const char *s)
 {
   const char *eos, *s_dup = s;
-  smartlist_t *tokens = smartlist_create();
-  smartlist_t *footer_tokens = smartlist_create();
+  smartlist_t *tokens = smartlist_new();
+  smartlist_t *footer_tokens = smartlist_new();
   networkstatus_v2_t *ns = NULL;
   char ns_digest[DIGEST_LEN];
   char tmp_digest[DIGEST_LEN];
@@ -2368,7 +2368,7 @@ networkstatus_v2_parse_from_string(const char *s)
      goto err;
   }
 
-  ns->entries = smartlist_create();
+  ns->entries = smartlist_new();
   s = eos;
   SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t));
   smartlist_clear(tokens);
@@ -2815,7 +2815,7 @@ networkstatus_t *
 networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
                                      networkstatus_type_t ns_type)
 {
-  smartlist_t *tokens = smartlist_create();
+  smartlist_t *tokens = smartlist_new();
   smartlist_t *rs_tokens = NULL, *footer_tokens = NULL;
   networkstatus_voter_info_t *voter = NULL;
   networkstatus_t *ns = NULL;
@@ -2900,7 +2900,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     if (parse_iso_time(tok->args[0], &ns->published))
       goto err;
 
-    ns->supported_methods = smartlist_create();
+    ns->supported_methods = smartlist_new();
     tok = find_opt_by_keyword(tokens, K_CONSENSUS_METHODS);
     if (tok) {
       for (i=0; i < tok->n_args; ++i)
@@ -2967,7 +2967,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   }
 
   tok = find_by_keyword(tokens, K_KNOWN_FLAGS);
-  ns->known_flags = smartlist_create();
+  ns->known_flags = smartlist_new();
   inorder = 1;
   for (i = 0; i < tok->n_args; ++i) {
     smartlist_add(ns->known_flags, tor_strdup(tok->args[i]));
@@ -2984,7 +2984,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   tok = find_opt_by_keyword(tokens, K_PARAMS);
   if (tok) {
     inorder = 1;
-    ns->net_params = smartlist_create();
+    ns->net_params = smartlist_new();
     for (i = 0; i < tok->n_args; ++i) {
       int ok=0;
       char *eq = strchr(tok->args[i], '=');
@@ -3009,7 +3009,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
     }
   }
 
-  ns->voters = smartlist_create();
+  ns->voters = smartlist_new();
 
   SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) {
     tok = _tok;
@@ -3019,7 +3019,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
       if (voter)
         smartlist_add(ns->voters, voter);
       voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
-      voter->sigs = smartlist_create();
+      voter->sigs = smartlist_new();
       if (ns->type != NS_TYPE_CONSENSUS)
         memcpy(voter->vote_digest, ns_digests.d[DIGEST_SHA1], DIGEST_LEN);
 
@@ -3104,10 +3104,10 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   }
 
   /* Parse routerstatus lines. */
-  rs_tokens = smartlist_create();
+  rs_tokens = smartlist_new();
   rs_area = memarea_new();
   s = end_of_header;
-  ns->routerstatus_list = smartlist_create();
+  ns->routerstatus_list = smartlist_new();
 
   while (!strcmpstart(s, "r ")) {
     if (ns->type != NS_TYPE_CONSENSUS) {
@@ -3147,7 +3147,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
   }
 
   /* Parse footer; check signature. */
-  footer_tokens = smartlist_create();
+  footer_tokens = smartlist_new();
   if ((end_of_footer = strstr(s, "\nnetwork-status-version ")))
     ++end_of_footer;
   else
@@ -3180,7 +3180,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
 
   tok = find_opt_by_keyword(footer_tokens, K_BW_WEIGHTS);
   if (tok) {
-    ns->weight_params = smartlist_create();
+    ns->weight_params = smartlist_new();
     for (i = 0; i < tok->n_args; ++i) {
       int ok=0;
       char *eq = strchr(tok->args[i], '=');
@@ -3372,7 +3372,7 @@ detached_get_signatures(ns_detached_signatures_t *sigs,
 {
   smartlist_t *sl = strmap_get(sigs->signatures, flavor_name);
   if (!sl) {
-    sl = smartlist_create();
+    sl = smartlist_new();
     strmap_set(sigs->signatures, flavor_name, sl);
   }
   return sl;
@@ -3389,7 +3389,7 @@ networkstatus_parse_detached_signatures(const char *s, const char *eos)
   memarea_t *area = NULL;
   digests_t *digests;
 
-  smartlist_t *tokens = smartlist_create();
+  smartlist_t *tokens = smartlist_new();
   ns_detached_signatures_t *sigs =
     tor_malloc_zero(sizeof(ns_detached_signatures_t));
   sigs->digests = strmap_new();
@@ -3644,7 +3644,7 @@ router_add_exit_policy(routerinfo_t *router, directory_token_t *tok)
   if (!newe)
     return -1;
   if (! router->exit_policy)
-    router->exit_policy = smartlist_create();
+    router->exit_policy = smartlist_new();
 
   if (((tok->tp == K_ACCEPT6 || tok->tp == K_REJECT6) &&
        tor_addr_family(&newe->addr) == AF_INET)
@@ -3752,7 +3752,7 @@ static void
 token_clear(directory_token_t *tok)
 {
   if (tok->key)
-    crypto_free_pk_env(tok->key);
+    crypto_pk_free(tok->key);
 }
 
 #define ALLOC_ZERO(sz) memarea_alloc_zero(area,sz)
@@ -3998,11 +3998,11 @@ get_next_token(memarea_t *area,
     RET_ERR("Couldn't parse object: missing footer or object much too big.");
 
   if (!strcmp(tok->object_type, "RSA PUBLIC KEY")) { /* If it's a public key */
-    tok->key = crypto_new_pk_env();
+    tok->key = crypto_pk_new();
     if (crypto_pk_read_public_key_from_string(tok->key, obstart, eol-obstart))
       RET_ERR("Couldn't parse public key.");
   } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */
-    tok->key = crypto_new_pk_env();
+    tok->key = crypto_pk_new();
     if (crypto_pk_read_private_key_from_string(tok->key, obstart, eol-obstart))
       RET_ERR("Couldn't parse private key.");
   } else { /* If it's something else, try to base64-decode it */
@@ -4166,7 +4166,7 @@ find_all_by_keyword(smartlist_t *s, directory_keyword k)
   SMARTLIST_FOREACH(s, directory_token_t *, t,
                     if (t->tp == k) {
                       if (!out)
-                        out = smartlist_create();
+                        out = smartlist_new();
                       smartlist_add(out, t);
                     });
   return out;
@@ -4178,7 +4178,7 @@ find_all_by_keyword(smartlist_t *s, directory_keyword k)
 static smartlist_t *
 find_all_exitpolicy(smartlist_t *s)
 {
-  smartlist_t *out = smartlist_create();
+  smartlist_t *out = smartlist_new();
   SMARTLIST_FOREACH(s, directory_token_t *, t,
       if (t->tp == K_ACCEPT || t->tp == K_ACCEPT6 ||
           t->tp == K_REJECT || t->tp == K_REJECT6)
@@ -4350,8 +4350,8 @@ microdescs_parse_from_string(const char *s, const char *eos,
 
   s = eat_whitespace_eos(s, eos);
   area = memarea_new();
-  result = smartlist_create();
-  tokens = smartlist_create();
+  result = smartlist_new();
+  tokens = smartlist_new();
 
   while (s < eos) {
     start_of_next_microdesc = find_start_of_next_microdesc(s, eos);
@@ -4396,7 +4396,7 @@ microdescs_parse_from_string(const char *s, const char *eos,
 
     if ((tok = find_opt_by_keyword(tokens, K_FAMILY))) {
       int i;
-      md->family = smartlist_create();
+      md->family = smartlist_new();
       for (i=0;i<tok->n_args;++i) {
         if (!is_legal_nickname_or_hexdigest(tok->args[i])) {
           log_warn(LD_DIR, "Illegal nickname %s in family line",
@@ -4671,7 +4671,7 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
                             tor_malloc_zero(sizeof(rend_service_descriptor_t));
   char desc_hash[DIGEST_LEN];
   const char *eos;
-  smartlist_t *tokens = smartlist_create();
+  smartlist_t *tokens = smartlist_new();
   directory_token_t *tok;
   char secret_id_part[DIGEST_LEN];
   int i, version, num_ok=1;
@@ -4780,7 +4780,7 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
   /* Parse protocol versions. */
   tok = find_by_keyword(tokens, R_PROTOCOL_VERSIONS);
   tor_assert(tok->n_args == 1);
-  versions = smartlist_create();
+  versions = smartlist_new();
   smartlist_split_string(versions, tok->args[0], ",",
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
   for (i = 0; i < smartlist_len(versions); i++) {
@@ -4863,8 +4863,8 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
          session_key[CIPHER_KEY_LEN], *dec;
     int declen, client_blocks;
     size_t pos = 0, len, client_entries_len;
-    crypto_digest_env_t *digest;
-    crypto_cipher_env_t *cipher;
+    crypto_digest_t *digest;
+    crypto_cipher_t *cipher;
     client_blocks = (int) ipos_encrypted[1];
     client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE *
                          REND_BASIC_AUTH_CLIENT_ENTRY_LEN;
@@ -4874,12 +4874,12 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
       return -1;
     }
     memcpy(iv, ipos_encrypted + 2 + client_entries_len, CIPHER_IV_LEN);
-    digest = crypto_new_digest_env();
+    digest = crypto_digest_new();
     crypto_digest_add_bytes(digest, descriptor_cookie, REND_DESC_COOKIE_LEN);
     crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN);
     crypto_digest_get_digest(digest, client_id,
                              REND_BASIC_AUTH_CLIENT_ID_LEN);
-    crypto_free_digest_env(digest);
+    crypto_digest_free(digest);
     for (pos = 2; pos < 2 + client_entries_len;
          pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN) {
       if (tor_memeq(ipos_encrypted + pos, client_id,
@@ -4890,17 +4890,17 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
                                   + pos + REND_BASIC_AUTH_CLIENT_ID_LEN,
                                   CIPHER_KEY_LEN) < 0) {
           log_warn(LD_REND, "Could not decrypt session key for client.");
-          crypto_free_cipher_env(cipher);
+          crypto_cipher_free(cipher);
           return -1;
         }
-        crypto_free_cipher_env(cipher);
+        crypto_cipher_free(cipher);
         cipher = crypto_create_init_cipher(session_key, 0);
         len = ipos_encrypted_size - 2 - client_entries_len - CIPHER_IV_LEN;
         dec = tor_malloc(len);
         declen = crypto_cipher_decrypt_with_iv(cipher, dec, len,
             ipos_encrypted + 2 + client_entries_len,
             ipos_encrypted_size - 2 - client_entries_len);
-        crypto_free_cipher_env(cipher);
+        crypto_cipher_free(cipher);
         if (declen < 0) {
           log_warn(LD_REND, "Could not decrypt introduction point string.");
           tor_free(dec);
@@ -4921,7 +4921,7 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
              "check your authorization for this service!");
     return -1;
   } else if (ipos_encrypted[0] == (int)REND_STEALTH_AUTH) {
-    crypto_cipher_env_t *cipher;
+    crypto_cipher_t *cipher;
     char *dec;
     int declen;
     if (ipos_encrypted_size < CIPHER_IV_LEN + 2) {
@@ -4936,7 +4936,7 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
                                                CIPHER_IV_LEN - 1,
                                            ipos_encrypted + 1,
                                            ipos_encrypted_size - 1);
-    crypto_free_cipher_env(cipher);
+    crypto_cipher_free(cipher);
     if (declen < 0) {
       log_warn(LD_REND, "Decrypting introduction points failed!");
       tor_free(dec);
@@ -4976,8 +4976,8 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed,
   /* Consider one intro point after the other. */
   current_ipo = intro_points_encoded;
   end_of_intro_points = intro_points_encoded + intro_points_encoded_size;
-  tokens = smartlist_create();
-  parsed->intro_nodes = smartlist_create();
+  tokens = smartlist_new();
+  parsed->intro_nodes = smartlist_new();
   area = memarea_new();
 
   while (!fast_memcmpstart(current_ipo, end_of_intro_points-current_ipo,
@@ -5098,7 +5098,7 @@ rend_parse_client_keys(strmap_t *parsed_clients, const char *ckstr)
   memarea_t *area = NULL;
   if (!ckstr || strlen(ckstr) == 0)
     return -1;
-  tokens = smartlist_create();
+  tokens = smartlist_new();
   /* Begin parsing with first entry, skipping comments or whitespace at the
    * beginning. */
   area = memarea_new();
diff --git a/src/or/routerparse.h b/src/or/routerparse.h
index 527de5d..65f6c42 100644
--- a/src/or/routerparse.h
+++ b/src/or/routerparse.h
@@ -24,7 +24,7 @@ int router_get_extrainfo_hash(const char *s, char *digest);
 int router_append_dirobj_signature(char *buf, size_t buf_len,
                                    const char *digest,
                                    size_t digest_len,
-                                   crypto_pk_env_t *private_key);
+                                   crypto_pk_t *private_key);
 int router_parse_list_from_string(const char **s, const char *eos,
                                   smartlist_t *dest,
                                   saved_location_t saved_location,
diff --git a/src/or/transports.c b/src/or/transports.c
index 43e978a..0bc67ba 100644
--- a/src/or/transports.c
+++ b/src/or/transports.c
@@ -387,7 +387,7 @@ configure_proxy(managed_proxy_t *mp)
   stdout_buf[pos] = '\0';
 
   /* Split up the buffer */
-  lines = smartlist_create();
+  lines = smartlist_new();
   tor_split_lines(lines, stdout_buf, pos);
 
   /* Handle lines. */
@@ -460,7 +460,7 @@ register_server_proxy(managed_proxy_t *mp)
   /* After we register this proxy's transports, we switch its
      mp->transports to a list containing strings of its transport
      names. (See transports.h) */
-  smartlist_t *sm_tmp = smartlist_create();
+  smartlist_t *sm_tmp = smartlist_new();
 
   tor_assert(mp->conf_state != PT_PROTO_COMPLETED);
   SMARTLIST_FOREACH_BEGIN(mp->transports, transport_t *, t) {
@@ -490,7 +490,7 @@ register_client_proxy(managed_proxy_t *mp)
   /* After we register this proxy's transports, we switch its
      mp->transports to a list containing strings of its transport
      names. (See transports.h) */
-  smartlist_t *sm_tmp = smartlist_create();
+  smartlist_t *sm_tmp = smartlist_new();
 
   tor_assert(mp->conf_state != PT_PROTO_COMPLETED);
   SMARTLIST_FOREACH_BEGIN(mp->transports, transport_t *, t) {
@@ -774,7 +774,7 @@ parse_smethod_line(const char *line, managed_proxy_t *mp)
 
   transport_t *transport=NULL;
 
-  items = smartlist_create();
+  items = smartlist_new();
   smartlist_split_string(items, line, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
   if (smartlist_len(items) < 3) {
@@ -805,7 +805,7 @@ parse_smethod_line(const char *line, managed_proxy_t *mp)
     goto err;
   }
 
-  transport = transport_create(&addr, port, method_name, PROXY_NONE);
+  transport = transport_new(&addr, port, method_name, PROXY_NONE);
   if (!transport)
     goto err;
 
@@ -847,7 +847,7 @@ parse_cmethod_line(const char *line, managed_proxy_t *mp)
 
   transport_t *transport=NULL;
 
-  items = smartlist_create();
+  items = smartlist_new();
   smartlist_split_string(items, line, NULL,
                          SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, -1);
   if (smartlist_len(items) < 4) {
@@ -890,7 +890,7 @@ parse_cmethod_line(const char *line, managed_proxy_t *mp)
     goto err;
   }
 
-  transport = transport_create(&addr, port, method_name, socks_ver);
+  transport = transport_new(&addr, port, method_name, socks_ver);
   if (!transport)
     goto err;
 
@@ -921,7 +921,7 @@ get_bindaddr_for_server_proxy(const managed_proxy_t *mp)
 {
   char *bindaddr_result = NULL;
   char *bindaddr_tmp = NULL;
-  smartlist_t *string_tmp = smartlist_create();
+  smartlist_t *string_tmp = smartlist_new();
 
   tor_assert(mp->is_server);
 
@@ -967,7 +967,7 @@ set_managed_proxy_environment(LPVOID *envp, const managed_proxy_t *mp)
 
   /* A smartlist carrying all the env. variables that the managed
      proxy should inherit. */
-  smartlist_t *envs = smartlist_create();
+  smartlist_t *envs = smartlist_new();
 
   /* Copy the whole environment of the Tor process.
      It should also copy PATH and HOME of the Tor process.*/
@@ -1117,15 +1117,15 @@ managed_proxy_create(const smartlist_t *transport_list,
   mp->conf_state = PT_PROTO_INFANT;
   mp->is_server = is_server;
   mp->argv = proxy_argv;
-  mp->transports = smartlist_create();
+  mp->transports = smartlist_new();
 
-  mp->transports_to_launch = smartlist_create();
+  mp->transports_to_launch = smartlist_new();
   SMARTLIST_FOREACH(transport_list, const char *, transport,
                     add_transport_to_proxy(transport, mp));
 
   /* register the managed proxy */
   if (!managed_proxy_list)
-    managed_proxy_list = smartlist_create();
+    managed_proxy_list = smartlist_new();
   smartlist_add(managed_proxy_list, mp);
   unconfigured_proxies_n++;
 
diff --git a/src/test/bench.c b/src/test/bench.c
index ff2794e..a662bd2 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -73,11 +73,11 @@ bench_aes(void)
 {
   int len, i;
   char *b1, *b2;
-  crypto_cipher_env_t *c;
+  crypto_cipher_t *c;
   uint64_t start, end;
   const int bytes_per_iter = (1<<24);
   reset_perftime();
-  c = crypto_new_cipher_env();
+  c = crypto_cipher_new();
   crypto_cipher_generate_key(c);
   crypto_cipher_encrypt_init_cipher(c);
   for (len = 1; len <= 8192; len *= 2) {
@@ -94,7 +94,7 @@ bench_aes(void)
     printf("%d bytes: %.2f nsec per byte\n", len,
            NANOCOUNT(start, end, iters*len));
   }
-  crypto_free_cipher_env(c);
+  crypto_cipher_free(c);
 }
 
 static void
@@ -105,10 +105,10 @@ bench_cell_aes(void)
   const int iters = (1<<16);
   const int max_misalign = 15;
   char *b = tor_malloc(len+max_misalign);
-  crypto_cipher_env_t *c;
+  crypto_cipher_t *c;
   int i, misalign;
 
-  c = crypto_new_cipher_env();
+  c = crypto_cipher_new();
   crypto_cipher_generate_key(c);
   crypto_cipher_encrypt_init_cipher(c);
 
@@ -123,7 +123,7 @@ bench_cell_aes(void)
            NANOCOUNT(start, end, iters*len));
   }
 
-  crypto_free_cipher_env(c);
+  crypto_cipher_free(c);
   tor_free(b);
 }
 
@@ -131,8 +131,8 @@ bench_cell_aes(void)
 static void
 bench_dmap(void)
 {
-  smartlist_t *sl = smartlist_create();
-  smartlist_t *sl2 = smartlist_create();
+  smartlist_t *sl = smartlist_new();
+  smartlist_t *sl2 = smartlist_new();
   uint64_t start, end, pt2, pt3, pt4;
   int iters = 8192;
   const int elts = 4000;
@@ -221,14 +221,14 @@ bench_cell_ops(void)
   or_circ->_base.purpose = CIRCUIT_PURPOSE_OR;
 
   /* Initialize crypto */
-  or_circ->p_crypto = crypto_new_cipher_env();
+  or_circ->p_crypto = crypto_cipher_new();
   crypto_cipher_generate_key(or_circ->p_crypto);
   crypto_cipher_encrypt_init_cipher(or_circ->p_crypto);
-  or_circ->n_crypto = crypto_new_cipher_env();
+  or_circ->n_crypto = crypto_cipher_new();
   crypto_cipher_generate_key(or_circ->n_crypto);
   crypto_cipher_encrypt_init_cipher(or_circ->n_crypto);
-  or_circ->p_digest = crypto_new_digest_env();
-  or_circ->n_digest = crypto_new_digest_env();
+  or_circ->p_digest = crypto_digest_new();
+  or_circ->n_digest = crypto_digest_new();
 
   reset_perftime();
 
@@ -247,10 +247,10 @@ bench_cell_ops(void)
            NANOCOUNT(start,end,iters*CELL_PAYLOAD_SIZE));
   }
 
-  crypto_free_digest_env(or_circ->p_digest);
-  crypto_free_digest_env(or_circ->n_digest);
-  crypto_free_cipher_env(or_circ->p_crypto);
-  crypto_free_cipher_env(or_circ->n_crypto);
+  crypto_digest_free(or_circ->p_digest);
+  crypto_digest_free(or_circ->n_digest);
+  crypto_cipher_free(or_circ->p_crypto);
+  crypto_cipher_free(or_circ->n_crypto);
   tor_free(or_circ);
   tor_free(cell);
 }
diff --git a/src/test/test.c b/src/test/test.c
index 5fcc31c..9d369c0 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -164,27 +164,27 @@ remove_directory(void)
 /** Define this if unit tests spend too much time generating public keys*/
 #undef CACHE_GENERATED_KEYS
 
-static crypto_pk_env_t *pregen_keys[5] = {NULL, NULL, NULL, NULL, NULL};
+static crypto_pk_t *pregen_keys[5] = {NULL, NULL, NULL, NULL, NULL};
 #define N_PREGEN_KEYS ((int)(sizeof(pregen_keys)/sizeof(pregen_keys[0])))
 
 /** Generate and return a new keypair for use in unit tests.  If we're using
  * the key cache optimization, we might reuse keys: we only guarantee that
  * keys made with distinct values for <b>idx</b> are different.  The value of
  * <b>idx</b> must be at least 0, and less than N_PREGEN_KEYS. */
-crypto_pk_env_t *
+crypto_pk_t *
 pk_generate(int idx)
 {
 #ifdef CACHE_GENERATED_KEYS
   tor_assert(idx < N_PREGEN_KEYS);
   if (! pregen_keys[idx]) {
-    pregen_keys[idx] = crypto_new_pk_env();
+    pregen_keys[idx] = crypto_pk_new();
     tor_assert(!crypto_pk_generate_key(pregen_keys[idx]));
   }
   return crypto_pk_dup_key(pregen_keys[idx]);
 #else
-  crypto_pk_env_t *result;
+  crypto_pk_t *result;
   (void) idx;
-  result = crypto_new_pk_env();
+  result = crypto_pk_new();
   tor_assert(!crypto_pk_generate_key(result));
   return result;
 #endif
@@ -197,7 +197,7 @@ free_pregenerated_keys(void)
   unsigned idx;
   for (idx = 0; idx < N_PREGEN_KEYS; ++idx) {
     if (pregen_keys[idx]) {
-      crypto_free_pk_env(pregen_keys[idx]);
+      crypto_pk_free(pregen_keys[idx]);
       pregen_keys[idx] = NULL;
     }
   }
@@ -812,7 +812,7 @@ static void
 test_onion_handshake(void)
 {
   /* client-side */
-  crypto_dh_env_t *c_dh = NULL;
+  crypto_dh_t *c_dh = NULL;
   char c_buf[ONIONSKIN_CHALLENGE_LEN];
   char c_keys[40];
 
@@ -821,7 +821,7 @@ test_onion_handshake(void)
   char s_keys[40];
 
   /* shared */
-  crypto_pk_env_t *pk = NULL;
+  crypto_pk_t *pk = NULL;
 
   pk = pk_generate(0);
 
@@ -851,7 +851,7 @@ test_onion_handshake(void)
   if (c_dh)
     crypto_dh_free(c_dh);
   if (pk)
-    crypto_free_pk_env(pk);
+    crypto_pk_free(pk);
 }
 
 static void
@@ -1010,7 +1010,7 @@ test_policy_summary_helper(const char *policy_str,
                            const char *expected_summary)
 {
   config_line_t line;
-  smartlist_t *policy = smartlist_create();
+  smartlist_t *policy = smartlist_new();
   char *summary = NULL;
   int r;
   short_policy_t *short_policy = NULL;
@@ -1050,7 +1050,7 @@ test_policies(void)
   smartlist_t *sm = NULL;
   char *policy_str = NULL;
 
-  policy = smartlist_create();
+  policy = smartlist_new();
 
   p = router_parse_addr_policy_item_from_string("reject 192.168.0.0/16:*",-1);
   test_assert(p != NULL);
@@ -1076,7 +1076,7 @@ test_policies(void)
   test_assert(0 == policies_parse_exit_policy(NULL, &policy2, 1, NULL, 1));
   test_assert(policy2);
 
-  policy3 = smartlist_create();
+  policy3 = smartlist_new();
   p = router_parse_addr_policy_item_from_string("reject *:*",-1);
   test_assert(p != NULL);
   smartlist_add(policy3, p);
@@ -1084,7 +1084,7 @@ test_policies(void)
   test_assert(p != NULL);
   smartlist_add(policy3, p);
 
-  policy4 = smartlist_create();
+  policy4 = smartlist_new();
   p = router_parse_addr_policy_item_from_string("accept *:443",-1);
   test_assert(p != NULL);
   smartlist_add(policy4, p);
@@ -1092,7 +1092,7 @@ test_policies(void)
   test_assert(p != NULL);
   smartlist_add(policy4, p);
 
-  policy5 = smartlist_create();
+  policy5 = smartlist_new();
   p = router_parse_addr_policy_item_from_string("reject 0.0.0.0/8:*",-1);
   test_assert(p != NULL);
   smartlist_add(policy5, p);
@@ -1124,12 +1124,12 @@ test_policies(void)
   test_assert(p != NULL);
   smartlist_add(policy5, p);
 
-  policy6 = smartlist_create();
+  policy6 = smartlist_new();
   p = router_parse_addr_policy_item_from_string("accept 43.3.0.0/9:*",-1);
   test_assert(p != NULL);
   smartlist_add(policy6, p);
 
-  policy7 = smartlist_create();
+  policy7 = smartlist_new();
   p = router_parse_addr_policy_item_from_string("accept 0.0.0.0/8:*",-1);
   test_assert(p != NULL);
   smartlist_add(policy7, p);
@@ -1226,7 +1226,7 @@ test_policies(void)
                              "reject 1,3,5,7");
 
   /* truncation ports */
-  sm = smartlist_create();
+  sm = smartlist_new();
   for (i=1; i<2000; i+=2) {
     char buf[POLICY_BUF_LEN];
     tor_snprintf(buf, sizeof(buf), "reject *:%d", i);
@@ -1273,10 +1273,10 @@ test_rend_fns(void)
   char service_id[DIGEST_LEN];
   char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1];
   const char *next_desc;
-  smartlist_t *descs = smartlist_create();
+  smartlist_t *descs = smartlist_new();
   char computed_desc_id[DIGEST_LEN];
   char parsed_desc_id[DIGEST_LEN];
-  crypto_pk_env_t *pk1 = NULL, *pk2 = NULL;
+  crypto_pk_t *pk1 = NULL, *pk2 = NULL;
   time_t now;
   char *intro_points_encrypted = NULL;
   size_t intro_points_size;
@@ -1303,11 +1303,11 @@ test_rend_fns(void)
   generated->timestamp = now;
   generated->version = 2;
   generated->protocols = 42;
-  generated->intro_nodes = smartlist_create();
+  generated->intro_nodes = smartlist_new();
 
   for (i = 0; i < 3; i++) {
     rend_intro_point_t *intro = tor_malloc_zero(sizeof(rend_intro_point_t));
-    crypto_pk_env_t *okey = pk_generate(2 + i);
+    crypto_pk_t *okey = pk_generate(2 + i);
     intro->extend_info = tor_malloc_zero(sizeof(extend_info_t));
     intro->extend_info->onion_key = okey;
     crypto_pk_get_digest(intro->extend_info->onion_key,
@@ -1374,9 +1374,9 @@ test_rend_fns(void)
   if (generated)
     rend_service_descriptor_free(generated);
   if (pk1)
-    crypto_free_pk_env(pk1);
+    crypto_pk_free(pk1);
   if (pk2)
-    crypto_free_pk_env(pk2);
+    crypto_pk_free(pk2);
   tor_free(intro_points_encrypted);
 }
 
diff --git a/src/test/test.h b/src/test/test.h
index a053a7a..0fcb02a 100644
--- a/src/test/test.h
+++ b/src/test/test.h
@@ -67,7 +67,7 @@
 #define test_memeq_hex(expr1, hex) test_mem_op_hex(expr1, ==, hex)
 
 const char *get_fname(const char *name);
-crypto_pk_env_t *pk_generate(int idx);
+crypto_pk_t *pk_generate(int idx);
 
 void legacy_test_helper(void *data);
 extern const struct testcase_setup_t legacy_setup;
diff --git a/src/test/test_containers.c b/src/test/test_containers.c
index af9fb1c..b5b0ef3 100644
--- a/src/test/test_containers.c
+++ b/src/test/test_containers.c
@@ -34,7 +34,7 @@ test_container_smartlist_basic(void)
   /* XXXX test sort_digests, uniq_strings, uniq_digests */
 
   /* Test smartlist add, del_keeporder, insert, get. */
-  sl = smartlist_create();
+  sl = smartlist_new();
   smartlist_add(sl, (void*)1);
   smartlist_add(sl, (void*)2);
   smartlist_add(sl, (void*)3);
@@ -68,7 +68,7 @@ test_container_smartlist_basic(void)
 static void
 test_container_smartlist_strings(void)
 {
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
   char *cp=NULL, *cp_alloc=NULL;
   size_t sz;
 
@@ -298,11 +298,11 @@ test_container_smartlist_strings(void)
 static void
 test_container_smartlist_overlap(void)
 {
-  smartlist_t *sl = smartlist_create();
-  smartlist_t *ints = smartlist_create();
-  smartlist_t *odds = smartlist_create();
-  smartlist_t *evens = smartlist_create();
-  smartlist_t *primes = smartlist_create();
+  smartlist_t *sl = smartlist_new();
+  smartlist_t *ints = smartlist_new();
+  smartlist_t *odds = smartlist_new();
+  smartlist_t *evens = smartlist_new();
+  smartlist_t *primes = smartlist_new();
   int i;
   for (i=1; i < 10; i += 2)
     smartlist_add(odds, (void*)(uintptr_t)i);
@@ -351,7 +351,7 @@ test_container_smartlist_overlap(void)
 static void
 test_container_smartlist_digests(void)
 {
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
 
   /* digest_isin. */
   smartlist_add(sl, tor_memdup("AAAAAAAAAAAAAAAAAAAA", DIGEST_LEN));
@@ -384,9 +384,9 @@ test_container_smartlist_digests(void)
 static void
 test_container_smartlist_join(void)
 {
-  smartlist_t *sl = smartlist_create();
-  smartlist_t *sl2 = smartlist_create(), *sl3 = smartlist_create(),
-    *sl4 = smartlist_create();
+  smartlist_t *sl = smartlist_new();
+  smartlist_t *sl2 = smartlist_new(), *sl3 = smartlist_new(),
+    *sl4 = smartlist_new();
   char *joined=NULL;
   /* unique, sorted. */
   smartlist_split_string(sl,
@@ -479,7 +479,7 @@ test_container_bitarray(void)
 static void
 test_container_digestset(void)
 {
-  smartlist_t *included = smartlist_create();
+  smartlist_t *included = smartlist_new();
   char d[DIGEST_LEN];
   int i;
   int ok = 1;
@@ -532,7 +532,7 @@ _compare_strings_for_pqueue(const void *p1, const void *p2)
 static void
 test_container_pqueue(void)
 {
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
   int (*cmp)(const void *, const void*);
   const int offset = STRUCT_OFFSET(pq_entry_t, idx);
 #define ENTRY(s) pq_entry_t s = { #s, -1 }
@@ -669,7 +669,7 @@ test_container_strmap(void)
 
   /* Test iterator. */
   iter = strmap_iter_init(map);
-  found_keys = smartlist_create();
+  found_keys = smartlist_new();
   while (!strmap_iter_done(iter)) {
     strmap_iter_get(iter,&k,&v);
     smartlist_add(found_keys, tor_strdup(k));
diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index 2adbcc9..bf0962e 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -13,8 +13,8 @@
 static void
 test_crypto_dh(void)
 {
-  crypto_dh_env_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
-  crypto_dh_env_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
+  crypto_dh_t *dh1 = crypto_dh_new(DH_TYPE_CIRCUIT);
+  crypto_dh_t *dh2 = crypto_dh_new(DH_TYPE_CIRCUIT);
   char p1[DH_BYTES];
   char p2[DH_BYTES];
   char s1[DH_BYTES];
@@ -99,7 +99,7 @@ static void
 test_crypto_aes(void *arg)
 {
   char *data1 = NULL, *data2 = NULL, *data3 = NULL;
-  crypto_cipher_env_t *env1 = NULL, *env2 = NULL;
+  crypto_cipher_t *env1 = NULL, *env2 = NULL;
   int i, j;
   char *mem_op_hex_tmp=NULL;
 
@@ -118,9 +118,9 @@ test_crypto_aes(void *arg)
 
   memset(data2, 0, 1024);
   memset(data3, 0, 1024);
-  env1 = crypto_new_cipher_env();
+  env1 = crypto_cipher_new();
   test_neq(env1, 0);
-  env2 = crypto_new_cipher_env();
+  env2 = crypto_cipher_new();
   test_neq(env2, 0);
   j = crypto_cipher_generate_key(env1);
   crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
@@ -151,11 +151,11 @@ test_crypto_aes(void *arg)
   test_memeq(data1, data3, 1024-5);
   /* Now make sure that when we encrypt with different chunk sizes, we get
      the same results. */
-  crypto_free_cipher_env(env2);
+  crypto_cipher_free(env2);
   env2 = NULL;
 
   memset(data3, 0, 1024);
-  env2 = crypto_new_cipher_env();
+  env2 = crypto_cipher_new();
   test_neq(env2, 0);
   crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
   crypto_cipher_encrypt_init_cipher(env2);
@@ -168,13 +168,13 @@ test_crypto_aes(void *arg)
     }
   }
   test_memeq(data2, data3, 1024-16);
-  crypto_free_cipher_env(env1);
+  crypto_cipher_free(env1);
   env1 = NULL;
-  crypto_free_cipher_env(env2);
+  crypto_cipher_free(env2);
   env2 = NULL;
 
   /* NIST test vector for aes. */
-  env1 = crypto_new_cipher_env(); /* IV starts at 0 */
+  env1 = crypto_cipher_new(); /* IV starts at 0 */
   crypto_cipher_set_key(env1, "\x80\x00\x00\x00\x00\x00\x00\x00"
                               "\x00\x00\x00\x00\x00\x00\x00\x00");
   crypto_cipher_encrypt_init_cipher(env1);
@@ -222,9 +222,9 @@ test_crypto_aes(void *arg)
  done:
   tor_free(mem_op_hex_tmp);
   if (env1)
-    crypto_free_cipher_env(env1);
+    crypto_cipher_free(env1);
   if (env2)
-    crypto_free_cipher_env(env2);
+    crypto_cipher_free(env2);
   tor_free(data1);
   tor_free(data2);
   tor_free(data3);
@@ -234,7 +234,7 @@ test_crypto_aes(void *arg)
 static void
 test_crypto_sha(void)
 {
-  crypto_digest_env_t *d1 = NULL, *d2 = NULL;
+  crypto_digest_t *d1 = NULL, *d2 = NULL;
   int i;
   char key[160];
   char digest[32];
@@ -351,7 +351,7 @@ test_crypto_sha(void)
                  "bfdc63644f0713938a7f51535c3a35e2");
 
   /* Incremental digest code. */
-  d1 = crypto_new_digest_env();
+  d1 = crypto_digest_new();
   test_assert(d1);
   crypto_digest_add_bytes(d1, "abcdef", 6);
   d2 = crypto_digest_dup(d1);
@@ -368,11 +368,11 @@ test_crypto_sha(void)
   crypto_digest_get_digest(d1, d_out1, sizeof(d_out1));
   crypto_digest(d_out2, "abcdef", 6);
   test_memeq(d_out1, d_out2, DIGEST_LEN);
-  crypto_free_digest_env(d1);
-  crypto_free_digest_env(d2);
+  crypto_digest_free(d1);
+  crypto_digest_free(d2);
 
   /* Incremental digest code with sha256 */
-  d1 = crypto_new_digest256_env(DIGEST_SHA256);
+  d1 = crypto_digest256_new(DIGEST_SHA256);
   test_assert(d1);
   crypto_digest_add_bytes(d1, "abcdef", 6);
   d2 = crypto_digest_dup(d1);
@@ -392,9 +392,9 @@ test_crypto_sha(void)
 
  done:
   if (d1)
-    crypto_free_digest_env(d1);
+    crypto_digest_free(d1);
   if (d2)
-    crypto_free_digest_env(d2);
+    crypto_digest_free(d2);
   tor_free(mem_op_hex_tmp);
 }
 
@@ -402,7 +402,7 @@ test_crypto_sha(void)
 static void
 test_crypto_pk(void)
 {
-  crypto_pk_env_t *pk1 = NULL, *pk2 = NULL;
+  crypto_pk_t *pk1 = NULL, *pk2 = NULL;
   char *encoded = NULL;
   char data1[1024], data2[1024], data3[1024];
   size_t size;
@@ -410,7 +410,7 @@ test_crypto_pk(void)
 
   /* Public-key ciphers */
   pk1 = pk_generate(0);
-  pk2 = crypto_new_pk_env();
+  pk2 = crypto_pk_new();
   test_assert(pk1 && pk2);
   test_assert(! crypto_pk_write_public_key_to_string(pk1, &encoded, &size));
   test_assert(! crypto_pk_read_public_key_from_string(pk2, encoded, size));
@@ -476,7 +476,7 @@ test_crypto_pk(void)
   /*XXXX test failed signing*/
 
   /* Try encoding */
-  crypto_free_pk_env(pk2);
+  crypto_pk_free(pk2);
   pk2 = NULL;
   i = crypto_pk_asn1_encode(pk1, data1, 1024);
   test_assert(i>0);
@@ -504,7 +504,7 @@ test_crypto_pk(void)
   }
 
   /* Try copy_full */
-  crypto_free_pk_env(pk2);
+  crypto_pk_free(pk2);
   pk2 = crypto_pk_copy_full(pk1);
   test_assert(pk2 != NULL);
   test_neq_ptr(pk1, pk2);
@@ -512,9 +512,9 @@ test_crypto_pk(void)
 
  done:
   if (pk1)
-    crypto_free_pk_env(pk1);
+    crypto_pk_free(pk1);
   if (pk2)
-    crypto_free_pk_env(pk2);
+    crypto_pk_free(pk2);
   tor_free(encoded);
 }
 
@@ -677,7 +677,7 @@ test_crypto_s2k(void)
 static void
 test_crypto_aes_iv(void *arg)
 {
-  crypto_cipher_env_t *cipher;
+  crypto_cipher_t *cipher;
   char *plain, *encrypted1, *encrypted2, *decrypted1, *decrypted2;
   char plain_1[1], plain_15[15], plain_16[16], plain_17[17];
   char key1[16], key2[16];
@@ -704,7 +704,7 @@ test_crypto_aes_iv(void *arg)
   cipher = crypto_create_init_cipher(key1, 1);
   encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 4095,
                                                  plain, 4095);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(encrypted_size, 16 + 4095);
   tt_assert(encrypted_size > 0); /* This is obviously true, since 4111 is
@@ -713,7 +713,7 @@ test_crypto_aes_iv(void *arg)
   cipher = crypto_create_init_cipher(key1, 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095,
                                              encrypted1, encrypted_size);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(decrypted_size, 4095);
   tt_assert(decrypted_size > 0);
@@ -722,14 +722,14 @@ test_crypto_aes_iv(void *arg)
   cipher = crypto_create_init_cipher(key1, 1);
   encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted2, 16 + 4095,
                                              plain, 4095);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(encrypted_size, 16 + 4095);
   tt_assert(encrypted_size > 0);
   cipher = crypto_create_init_cipher(key1, 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095,
                                              encrypted2, encrypted_size);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(decrypted_size, 4095);
   tt_assert(decrypted_size > 0);
@@ -739,7 +739,7 @@ test_crypto_aes_iv(void *arg)
   cipher = crypto_create_init_cipher(key2, 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095,
                                              encrypted1, encrypted_size);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_memneq(plain, decrypted2, encrypted_size);
   /* Alter the initialization vector. */
@@ -747,21 +747,21 @@ test_crypto_aes_iv(void *arg)
   cipher = crypto_create_init_cipher(key1, 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095,
                                              encrypted1, encrypted_size);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_memneq(plain, decrypted2, 4095);
   /* Special length case: 1. */
   cipher = crypto_create_init_cipher(key1, 1);
   encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 1,
                                              plain_1, 1);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(encrypted_size, 16 + 1);
   tt_assert(encrypted_size > 0);
   cipher = crypto_create_init_cipher(key1, 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 1,
                                              encrypted1, encrypted_size);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(decrypted_size, 1);
   tt_assert(decrypted_size > 0);
@@ -770,14 +770,14 @@ test_crypto_aes_iv(void *arg)
   cipher = crypto_create_init_cipher(key1, 1);
   encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 15,
                                              plain_15, 15);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(encrypted_size, 16 + 15);
   tt_assert(encrypted_size > 0);
   cipher = crypto_create_init_cipher(key1, 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 15,
                                              encrypted1, encrypted_size);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(decrypted_size, 15);
   tt_assert(decrypted_size > 0);
@@ -786,14 +786,14 @@ test_crypto_aes_iv(void *arg)
   cipher = crypto_create_init_cipher(key1, 1);
   encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 16,
                                              plain_16, 16);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(encrypted_size, 16 + 16);
   tt_assert(encrypted_size > 0);
   cipher = crypto_create_init_cipher(key1, 0);
   decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 16,
                                              encrypted1, encrypted_size);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(decrypted_size, 16);
   tt_assert(decrypted_size > 0);
@@ -802,7 +802,7 @@ test_crypto_aes_iv(void *arg)
   cipher = crypto_create_init_cipher(key1, 1);
   encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 17,
                                              plain_17, 17);
-  crypto_free_cipher_env(cipher);
+  crypto_cipher_free(cipher);
   cipher = NULL;
   test_eq(encrypted_size, 16 + 17);
   tt_assert(encrypted_size > 0);
@@ -821,7 +821,7 @@ test_crypto_aes_iv(void *arg)
   tor_free(decrypted1);
   tor_free(decrypted2);
   if (cipher)
-    crypto_free_cipher_env(cipher);
+    crypto_cipher_free(cipher);
 }
 
 /** Test base32 decoding. */
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index 42d368c..fb23519 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -76,7 +76,7 @@ test_dir_formats(void)
   char *pk1_str = NULL, *pk2_str = NULL, *pk3_str = NULL, *cp;
   size_t pk1_str_len, pk2_str_len, pk3_str_len;
   routerinfo_t *r1=NULL, *r2=NULL;
-  crypto_pk_env_t *pk1 = NULL, *pk2 = NULL, *pk3 = NULL;
+  crypto_pk_t *pk1 = NULL, *pk2 = NULL, *pk3 = NULL;
   routerinfo_t *rp1 = NULL;
   addr_policy_t *ex1, *ex2;
   routerlist_t *dir1 = NULL, *dir2 = NULL;
@@ -127,7 +127,7 @@ test_dir_formats(void)
   r2->onion_pkey = crypto_pk_dup_key(pk2);
   r2->identity_pkey = crypto_pk_dup_key(pk1);
   r2->bandwidthrate = r2->bandwidthburst = r2->bandwidthcapacity = 3000;
-  r2->exit_policy = smartlist_create();
+  r2->exit_policy = smartlist_new();
   smartlist_add(r2->exit_policy, ex2);
   smartlist_add(r2->exit_policy, ex1);
   r2->nickname = tor_strdup("Fred");
@@ -213,7 +213,7 @@ test_dir_formats(void)
 
   /* Okay, now for the directories. */
   {
-    fingerprint_list = smartlist_create();
+    fingerprint_list = smartlist_new();
     crypto_pk_get_fingerprint(pk2, buf, 1);
     add_fingerprint_to_dir("Magri", buf, fingerprint_list);
     crypto_pk_get_fingerprint(pk1, buf, 1);
@@ -250,9 +250,9 @@ test_dir_formats(void)
   tor_free(pk1_str);
   tor_free(pk2_str);
   tor_free(pk3_str);
-  if (pk1) crypto_free_pk_env(pk1);
-  if (pk2) crypto_free_pk_env(pk2);
-  if (pk3) crypto_free_pk_env(pk3);
+  if (pk1) crypto_pk_free(pk1);
+  if (pk2) crypto_pk_free(pk2);
+  if (pk3) crypto_pk_free(pk3);
   if (rp1) routerinfo_free(rp1);
   tor_free(dir1); /* XXXX And more !*/
   tor_free(dir2); /* And more !*/
@@ -378,7 +378,7 @@ test_dir_versions(void)
 static void
 test_dir_fp_pairs(void)
 {
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
   fp_pair_t *pair;
 
   dir_split_resource_into_fingerprint_pairs(
@@ -406,7 +406,7 @@ test_dir_fp_pairs(void)
 static void
 test_dir_split_fps(void *testdata)
 {
-  smartlist_t *sl = smartlist_create();
+  smartlist_t *sl = smartlist_new();
   char *mem_op_hex_tmp = NULL;
   (void)testdata;
 
@@ -594,7 +594,7 @@ static void
 test_dir_param_voting(void)
 {
   networkstatus_t vote1, vote2, vote3, vote4;
-  smartlist_t *votes = smartlist_create();
+  smartlist_t *votes = smartlist_new();
   char *res = NULL;
 
   /* dirvote_compute_params only looks at the net_params field of the votes,
@@ -604,10 +604,10 @@ test_dir_param_voting(void)
   memset(&vote2, 0, sizeof(vote2));
   memset(&vote3, 0, sizeof(vote3));
   memset(&vote4, 0, sizeof(vote4));
-  vote1.net_params = smartlist_create();
-  vote2.net_params = smartlist_create();
-  vote3.net_params = smartlist_create();
-  vote4.net_params = smartlist_create();
+  vote1.net_params = smartlist_new();
+  vote2.net_params = smartlist_new();
+  vote3.net_params = smartlist_new();
+  vote4.net_params = smartlist_new();
   smartlist_split_string(vote1.net_params,
                          "ab=90 abcd=20 cw=50 x-yz=-99", NULL, 0, 0);
   smartlist_split_string(vote2.net_params,
@@ -759,7 +759,7 @@ generate_ri_from_rs(const vote_routerstatus_t *vrs)
     tor_strdup("123456789012345678901234567890123");
   r->cache_info.signed_descriptor_len =
     strlen(r->cache_info.signed_descriptor_body);
-  r->exit_policy = smartlist_create();
+  r->exit_policy = smartlist_new();
   r->cache_info.published_on = ++published + time(NULL);
   return r;
 }
@@ -772,7 +772,7 @@ get_detached_sigs(networkstatus_t *ns, networkstatus_t *ns2)
   char *r;
   smartlist_t *sl;
   tor_assert(ns && ns->flavor == FLAV_NS);
-  sl = smartlist_create();
+  sl = smartlist_new();
   smartlist_add(sl,ns);
   if (ns2)
     smartlist_add(sl,ns2);
@@ -787,8 +787,8 @@ static void
 test_dir_v3_networkstatus(void)
 {
   authority_cert_t *cert1=NULL, *cert2=NULL, *cert3=NULL;
-  crypto_pk_env_t *sign_skey_1=NULL, *sign_skey_2=NULL, *sign_skey_3=NULL;
-  crypto_pk_env_t *sign_skey_leg1=NULL;
+  crypto_pk_t *sign_skey_1=NULL, *sign_skey_2=NULL, *sign_skey_3=NULL;
+  crypto_pk_t *sign_skey_leg1=NULL;
   const char *msg=NULL;
 
   time_t now = time(NULL);
@@ -799,7 +799,7 @@ test_dir_v3_networkstatus(void)
   vote_routerstatus_t *vrs;
   routerstatus_t *rs;
   char *v1_text=NULL, *v2_text=NULL, *v3_text=NULL, *consensus_text=NULL, *cp;
-  smartlist_t *votes = smartlist_create();
+  smartlist_t *votes = smartlist_new();
 
   /* For generating the two other consensuses. */
   char *detached_text1=NULL, *detached_text2=NULL;
@@ -817,9 +817,9 @@ test_dir_v3_networkstatus(void)
   test_assert(cert2);
   cert3 = authority_cert_parse_from_string(AUTHORITY_CERT_3, NULL);
   test_assert(cert3);
-  sign_skey_1 = crypto_new_pk_env();
-  sign_skey_2 = crypto_new_pk_env();
-  sign_skey_3 = crypto_new_pk_env();
+  sign_skey_1 = crypto_pk_new();
+  sign_skey_2 = crypto_pk_new();
+  sign_skey_3 = crypto_pk_new();
   sign_skey_leg1 = pk_generate(4);
 
   test_assert(!crypto_pk_read_private_key_from_string(sign_skey_1,
@@ -843,15 +843,15 @@ test_dir_v3_networkstatus(void)
   vote->valid_until = now+3000;
   vote->vote_seconds = 100;
   vote->dist_seconds = 200;
-  vote->supported_methods = smartlist_create();
+  vote->supported_methods = smartlist_new();
   smartlist_split_string(vote->supported_methods, "1 2 3", NULL, 0, -1);
   vote->client_versions = tor_strdup("0.1.2.14,0.1.2.15");
   vote->server_versions = tor_strdup("0.1.2.14,0.1.2.15,0.1.2.16");
-  vote->known_flags = smartlist_create();
+  vote->known_flags = smartlist_new();
   smartlist_split_string(vote->known_flags,
                      "Authority Exit Fast Guard Running Stable V2Dir Valid",
                      0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
-  vote->voters = smartlist_create();
+  vote->voters = smartlist_new();
   voter = tor_malloc_zero(sizeof(networkstatus_voter_info_t));
   voter->nickname = tor_strdup("Voter1");
   voter->address = tor_strdup("1.2.3.4");
@@ -862,10 +862,10 @@ test_dir_v3_networkstatus(void)
   crypto_pk_get_digest(cert1->identity_key, voter->identity_digest);
   smartlist_add(vote->voters, voter);
   vote->cert = authority_cert_dup(cert1);
-  vote->net_params = smartlist_create();
+  vote->net_params = smartlist_new();
   smartlist_split_string(vote->net_params, "circuitwindow=101 foo=990",
                          NULL, 0, 0);
-  vote->routerstatus_list = smartlist_create();
+  vote->routerstatus_list = smartlist_new();
   /* add the first routerstatus. */
   vrs = tor_malloc_zero(sizeof(vote_routerstatus_t));
   rs = &vrs->status;
@@ -1007,7 +1007,7 @@ test_dir_v3_networkstatus(void)
   vote->dist_seconds = 300;
   authority_cert_free(vote->cert);
   vote->cert = authority_cert_dup(cert2);
-  vote->net_params = smartlist_create();
+  vote->net_params = smartlist_new();
   smartlist_split_string(vote->net_params, "bar=2000000000 circuitwindow=20",
                          NULL, 0, 0);
   tor_free(vote->client_versions);
@@ -1048,7 +1048,7 @@ test_dir_v3_networkstatus(void)
   vote->dist_seconds = 250;
   authority_cert_free(vote->cert);
   vote->cert = authority_cert_dup(cert3);
-  vote->net_params = smartlist_create();
+  vote->net_params = smartlist_new();
   smartlist_split_string(vote->net_params, "circuitwindow=80 foo=660",
                          NULL, 0, 0);
   smartlist_add(vote->supported_methods, tor_strdup("4"));
@@ -1347,13 +1347,13 @@ test_dir_v3_networkstatus(void)
   if (con_md)
     networkstatus_vote_free(con_md);
   if (sign_skey_1)
-    crypto_free_pk_env(sign_skey_1);
+    crypto_pk_free(sign_skey_1);
   if (sign_skey_2)
-    crypto_free_pk_env(sign_skey_2);
+    crypto_pk_free(sign_skey_2);
   if (sign_skey_3)
-    crypto_free_pk_env(sign_skey_3);
+    crypto_pk_free(sign_skey_3);
   if (sign_skey_leg1)
-    crypto_free_pk_env(sign_skey_leg1);
+    crypto_pk_free(sign_skey_leg1);
   if (cert1)
     authority_cert_free(cert1);
   if (cert2)
diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c
index b807265..dcc6f9c 100644
--- a/src/test/test_microdesc.c
+++ b/src/test/test_microdesc.c
@@ -88,7 +88,7 @@ test_md_cache(void *data)
   smartlist_free(added);
   added = NULL;
 
-  wanted = smartlist_create();
+  wanted = smartlist_new();
   added = microdescs_add_to_cache(mc, test_md2, NULL, SAVED_NOWHERE, 0,
                                   time2, wanted);
   /* Should fail, since we didn't list test_md2's digest in wanted */
diff --git a/src/test/test_pt.c b/src/test/test_pt.c
index 45f4411..9d6aa09 100644
--- a/src/test/test_pt.c
+++ b/src/test/test_pt.c
@@ -25,7 +25,7 @@ test_pt_parsing(void)
 
   managed_proxy_t *mp = tor_malloc(sizeof(managed_proxy_t));
   mp->conf_state = PT_PROTO_INFANT;
-  mp->transports = smartlist_create();
+  mp->transports = smartlist_new();
 
   /* incomplete cmethod */
   strcpy(line,"CMETHOD trebuchet");
@@ -93,7 +93,7 @@ test_pt_protocol(void)
 
   managed_proxy_t *mp = tor_malloc_zero(sizeof(managed_proxy_t));
   mp->conf_state = PT_PROTO_LAUNCHED;
-  mp->transports = smartlist_create();
+  mp->transports = smartlist_new();
 
   /* various wrong protocol runs: */
 
diff --git a/src/test/test_util.c b/src/test/test_util.c
index 4fc8b84..670d87d 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -397,7 +397,7 @@ test_util_strmisc(void)
 
   /* Test wrap_string */
   {
-    smartlist_t *sl = smartlist_create();
+    smartlist_t *sl = smartlist_new();
     wrap_string(sl, "This is a test of string wrapping functionality: woot.",
                 10, "", "");
     cp = smartlist_join_strings(sl, "", 0, NULL);
@@ -928,7 +928,7 @@ test_util_mempool(void)
   test_eq(pool->item_alloc_size & 0x03, 0);
   test_assert(pool->new_chunk_capacity < 60);
 
-  allocated = smartlist_create();
+  allocated = smartlist_new();
   for (i = 0; i < 20000; ++i) {
     if (smartlist_len(allocated) < 20 || crypto_rand_int(2)) {
       void *m = mp_pool_get(pool);
@@ -1685,7 +1685,7 @@ test_util_split_lines(void *ptr)
   (void)ptr;
 
   for (i=0; tests[i].orig_line; i++) {
-    sl = smartlist_create();
+    sl = smartlist_new();
     /* Allocate space for string and trailing NULL */
     orig_line = tor_memdup(tests[i].orig_line, tests[i].orig_length + 1);
     tor_split_lines(sl, orig_line, tests[i].orig_length);
diff --git a/src/tools/tor-checkkey.c b/src/tools/tor-checkkey.c
index 94c8cbd..21de48d 100644
--- a/src/tools/tor-checkkey.c
+++ b/src/tools/tor-checkkey.c
@@ -15,7 +15,7 @@
 int
 main(int c, char **v)
 {
-  crypto_pk_env_t *env;
+  crypto_pk_t *env;
   char *str;
   RSA *rsa;
   int wantdigest=0;
@@ -56,7 +56,7 @@ main(int c, char **v)
     return 1;
   }
 
-  env = crypto_new_pk_env();
+  env = crypto_pk_new();
   if (crypto_pk_read_public_key_from_string(env, str, strlen(str))<0) {
     fprintf(stderr, "Couldn't parse key.\n");
     return 1;
@@ -69,7 +69,7 @@ main(int c, char **v)
       return 1;
     printf("%s\n",digest);
   } else {
-    rsa = _crypto_pk_env_get_rsa(env);
+    rsa = _crypto_pk_get_rsa(env);
     str = BN_bn2hex(rsa->n);
 
     printf("%s\n", str);
diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c
index 57f82b1..b5c96e5 100644
--- a/src/tools/tor-gencert.c
+++ b/src/tools/tor-gencert.c
@@ -222,13 +222,13 @@ static RSA *
 generate_key(int bits)
 {
   RSA *rsa = NULL;
-  crypto_pk_env_t *env = crypto_new_pk_env();
+  crypto_pk_t *env = crypto_pk_new();
   if (crypto_pk_generate_key_with_bits(env,bits)<0)
     goto done;
-  rsa = _crypto_pk_env_get_rsa(env);
+  rsa = _crypto_pk_get_rsa(env);
   rsa = RSAPrivateKey_dup(rsa);
  done:
-  crypto_free_pk_env(env);
+  crypto_pk_free(env);
   return rsa;
 }
 
@@ -399,10 +399,10 @@ static int
 get_fingerprint(EVP_PKEY *pkey, char *out)
 {
   int r = 1;
-  crypto_pk_env_t *pk = _crypto_new_pk_env_rsa(EVP_PKEY_get1_RSA(pkey));
+  crypto_pk_t *pk = _crypto_new_pk_from_rsa(EVP_PKEY_get1_RSA(pkey));
   if (pk) {
     r = crypto_pk_get_fingerprint(pk, out, 0);
-    crypto_free_pk_env(pk);
+    crypto_pk_free(pk);
   }
   return r;
 }
@@ -412,10 +412,10 @@ static int
 get_digest(EVP_PKEY *pkey, char *out)
 {
   int r = 1;
-  crypto_pk_env_t *pk = _crypto_new_pk_env_rsa(EVP_PKEY_get1_RSA(pkey));
+  crypto_pk_t *pk = _crypto_new_pk_from_rsa(EVP_PKEY_get1_RSA(pkey));
   if (pk) {
     r = crypto_pk_get_digest(pk, out);
-    crypto_free_pk_env(pk);
+    crypto_pk_free(pk);
   }
   return r;
 }





More information about the tor-commits mailing list