[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Fri Apr 24 14:43:54 UTC 2020


The branch master has been updated
       via  852c2ed260860b6b85c84f9fe96fb4d23d49c9f2 (commit)
      from  4692e98bdbaebb6f078e89a75c54395839e68b24 (commit)


- Log -----------------------------------------------------------------
commit 852c2ed260860b6b85c84f9fe96fb4d23d49c9f2
Author: Rich Salz <rsalz at akamai.com>
Date:   Thu Dec 19 17:30:24 2019 -0500

    In OpenSSL builds, declare STACK for datatypes ...
    
    ... and only *define* them in the source files that need them.
    Use DEFINE_OR_DECLARE which is set appropriately for internal builds
    and not non-deprecated builds.
    
    Deprecate stack-of-block
    
    Better documentation
    
    Move some ASN1 struct typedefs to types.h
    
    Update ParseC to handle this.  Most of all, ParseC needed to be more
    consistent.  The handlers are "recursive", in so far that they are called
    again and again until they terminate, which depends entirely on what the
    "massager" returns.  There's a comment at the beginning of ParseC that
    explains how that works. {Richard Levtte}
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/10669)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                            |  5 ++++
 Configurations/00-base-templates.conf |  4 +--
 apps/asn1pars.c                       |  3 +++
 apps/ca.c                             |  5 ++++
 apps/ciphers.c                        |  2 ++
 apps/cmp_mock_srv.c                   |  4 +++
 apps/cms.c                            |  6 +++++
 apps/crl2p7.c                         |  5 ++++
 apps/dgst.c                           |  2 ++
 apps/engine.c                         |  3 +++
 apps/fipsinstall.c                    |  2 ++
 apps/kdf.c                            |  2 ++
 apps/lib/apps.c                       | 11 +++++++++
 apps/lib/names.c                      |  2 ++
 apps/lib/s_cb.c                       |  5 ++++
 apps/list.c                           |  2 ++
 apps/mac.c                            |  2 ++
 apps/nseq.c                           |  2 ++
 apps/ocsp.c                           |  5 ++++
 apps/pkcs12.c                         |  6 +++++
 apps/pkcs7.c                          |  3 +++
 apps/pkeyutl.c                        |  2 ++
 apps/provider.c                       |  2 ++
 apps/rehash.c                         |  2 ++
 apps/req.c                            |  2 ++
 apps/s_client.c                       |  6 +++++
 apps/s_server.c                       |  6 +++++
 apps/smime.c                          |  3 +++
 apps/verify.c                         |  4 +++
 apps/x509.c                           |  4 +++
 crypto/asn1/a_strnid.c                |  2 ++
 crypto/asn1/asn1_gen.c                |  3 +++
 crypto/asn1/asn1_lib.c                |  2 ++
 crypto/asn1/asn_mime.c                |  3 +++
 crypto/asn1/asn_moid.c                |  2 ++
 crypto/asn1/asn_mstbl.c               |  1 +
 crypto/asn1/d2i_pr.c                  |  1 +
 crypto/asn1/tasn_dec.c                |  1 +
 crypto/asn1/tasn_fre.c                |  2 ++
 crypto/asn1/tasn_new.c                |  2 ++
 crypto/cmp/cmp_asn.c                  |  2 ++
 crypto/cmp/cmp_client.c               |  6 +++++
 crypto/cmp/cmp_ctx.c                  | 11 ++++++++-
 crypto/cmp/cmp_hdr.c                  |  3 +++
 crypto/cmp/cmp_http.c                 |  2 ++
 crypto/cmp/cmp_msg.c                  | 10 ++++++++
 crypto/cmp/cmp_protect.c              |  2 ++
 crypto/cmp/cmp_server.c               |  5 ++++
 crypto/cmp/cmp_status.c               |  2 ++
 crypto/cmp/cmp_util.c                 |  4 +++
 crypto/cmp/cmp_vfy.c                  |  2 ++
 crypto/cms/cms_env.c                  |  4 +++
 crypto/cms/cms_ess.c                  |  3 +++
 crypto/cms/cms_kari.c                 |  2 ++
 crypto/cms/cms_lib.c                  |  4 +++
 crypto/cms/cms_pwri.c                 |  2 ++
 crypto/cms/cms_sd.c                   |  6 +++++
 crypto/cms/cms_smime.c                |  6 +++++
 crypto/conf/conf_api.c                |  2 ++
 crypto/conf/conf_def.c                |  2 ++
 crypto/conf/conf_mod.c                |  4 +++
 crypto/conf/conf_ssl.c                |  2 ++
 crypto/crmf/crmf_lib.c                |  3 +++
 crypto/ct/ct_log.c                    |  2 ++
 crypto/ct/ct_oct.c                    |  2 ++
 crypto/ct/ct_prn.c                    |  2 ++
 crypto/ct/ct_sct.c                    |  2 ++
 crypto/ct/ct_x509v3.c                 |  2 ++
 crypto/dso/dso_dlfcn.c                |  2 ++
 crypto/dso/dso_lib.c                  |  2 ++
 crypto/dso/dso_win32.c                |  2 ++
 crypto/engine/eng_cnf.c               |  2 ++
 crypto/engine/eng_dyn.c               |  2 ++
 crypto/ess/ess_lib.c                  |  5 ++++
 crypto/evp/evp_cnf.c                  |  2 ++
 crypto/evp/p_lib.c                    |  1 +
 crypto/ex_data.c                      |  2 ++
 crypto/http/http_client.c             |  2 ++
 crypto/ocsp/ocsp_cl.c                 |  4 +++
 crypto/ocsp/ocsp_ext.c                |  3 +++
 crypto/ocsp/ocsp_prn.c                |  4 +++
 crypto/ocsp/ocsp_srv.c                |  4 +++
 crypto/ocsp/ocsp_vfy.c                |  4 +++
 crypto/ocsp/v3_ocsp.c                 |  2 ++
 crypto/pem/pem_info.c                 |  2 ++
 crypto/pkcs12/p12_crt.c               |  4 +++
 crypto/pkcs12/p12_kiss.c              |  4 +++
 crypto/pkcs12/p12_npas.c              |  3 +++
 crypto/pkcs7/pk7_attr.c               |  2 ++
 crypto/pkcs7/pk7_doit.c               |  5 ++++
 crypto/pkcs7/pk7_lib.c                |  6 +++++
 crypto/pkcs7/pk7_smime.c              |  6 ++++-
 crypto/provider_conf.c                |  4 ++-
 crypto/srp/srp_vfy.c                  |  4 +++
 crypto/store/loader_file.c            |  2 ++
 crypto/ts/ts_conf.c                   |  4 +++
 crypto/ts/ts_req_utils.c              |  2 ++
 crypto/ts/ts_rsp_print.c              |  3 +++
 crypto/ts/ts_rsp_sign.c               |  6 +++++
 crypto/ts/ts_rsp_utils.c              |  2 ++
 crypto/ts/ts_rsp_verify.c             |  7 ++++++
 crypto/ts/ts_verify_ctx.c             |  2 ++
 crypto/ui/ui_lib.c                    |  2 ++
 crypto/x509/by_dir.c                  |  2 ++
 crypto/x509/by_file.c                 |  2 ++
 crypto/x509/by_store.c                |  2 ++
 crypto/x509/pcy_cache.c               |  2 ++
 crypto/x509/pcy_data.c                |  3 +++
 crypto/x509/pcy_lib.c                 |  2 ++
 crypto/x509/pcy_map.c                 |  3 +++
 crypto/x509/pcy_node.c                |  3 +++
 crypto/x509/pcy_tree.c                |  4 +++
 crypto/x509/t_crl.c                   |  2 ++
 crypto/x509/t_req.c                   |  2 ++
 crypto/x509/t_x509.c                  |  3 +++
 crypto/x509/v3_addr.c                 |  5 ++++
 crypto/x509/v3_admis.c                |  4 +++
 crypto/x509/v3_akey.c                 |  3 +++
 crypto/x509/v3_alt.c                  |  3 +++
 crypto/x509/v3_asid.c                 |  4 +++
 crypto/x509/v3_bcons.c                |  2 ++
 crypto/x509/v3_bitst.c                |  2 ++
 crypto/x509/v3_conf.c                 |  3 +++
 crypto/x509/v3_cpols.c                |  5 ++++
 crypto/x509/v3_crld.c                 |  5 ++++
 crypto/x509/v3_extku.c                |  3 +++
 crypto/x509/v3_info.c                 |  3 +++
 crypto/x509/v3_ist.c                  |  2 ++
 crypto/x509/v3_lib.c                  |  3 +++
 crypto/x509/v3_ncons.c                |  4 +++
 crypto/x509/v3_pci.c                  |  2 ++
 crypto/x509/v3_pcons.c                |  2 ++
 crypto/x509/v3_pmaps.c                |  3 +++
 crypto/x509/v3_prn.c                  |  3 +++
 crypto/x509/v3_purp.c                 |  5 ++++
 crypto/x509/v3_sxnet.c                |  3 +++
 crypto/x509/v3_tlsf.c                 |  3 +++
 crypto/x509/v3_utl.c                  |  6 +++++
 crypto/x509/x509_att.c                |  3 +++
 crypto/x509/x509_cmp.c                |  2 ++
 crypto/x509/x509_lu.c                 |  5 ++++
 crypto/x509/x509_obj.c                |  2 ++
 crypto/x509/x509_r2x.c                |  2 ++
 crypto/x509/x509_trs.c                |  3 +++
 crypto/x509/x509_v3.c                 |  2 ++
 crypto/x509/x509_vfy.c                |  7 ++++++
 crypto/x509/x509_vpm.c                |  4 +++
 crypto/x509/x509cset.c                |  2 ++
 crypto/x509/x509name.c                |  2 ++
 crypto/x509/x_attrib.c                |  2 ++
 crypto/x509/x_crl.c                   |  5 ++++
 crypto/x509/x_name.c                  |  3 +++
 crypto/x509/x_req.c                   |  2 ++
 crypto/x509/x_x509.c                  |  2 ++
 crypto/x509/x_x509a.c                 |  2 ++
 doc/man3/DEFINE_STACK_OF.pod          | 32 +++++++++++++-----------
 engines/e_capi.c                      |  3 +++
 fuzz/client.c                         |  2 ++
 fuzz/cmp.c                            |  2 ++
 fuzz/server.c                         |  2 ++
 include/openssl/asn1.h                | 26 +++++++++-----------
 include/openssl/asn1t.h               |  2 +-
 include/openssl/bio.h                 |  2 +-
 include/openssl/cmp.h                 | 11 +++++----
 include/openssl/cms.h                 |  9 ++++---
 include/openssl/conf.h                |  7 +++---
 include/openssl/crmf.h                |  5 ++--
 include/openssl/crypto.h              |  3 ++-
 include/openssl/ct.h                  |  6 ++---
 include/openssl/ess.h                 |  6 ++---
 include/openssl/ocsp.h                | 13 ++++------
 include/openssl/pkcs12.h              |  4 +--
 include/openssl/pkcs7.h               |  8 +++---
 include/openssl/safestack.h           | 34 ++++++++++++++++++++++----
 include/openssl/srp.h                 |  9 +++----
 include/openssl/ssl.h                 |  9 +++----
 include/openssl/ts.h                  |  4 +--
 include/openssl/types.h               |  2 ++
 include/openssl/ui.h                  |  3 ++-
 include/openssl/x509.h                | 31 +++++++----------------
 include/openssl/x509_vfy.h            |  6 ++---
 include/openssl/x509v3.h              | 46 +++++++++++++++--------------------
 ssl/d1_srtp.c                         |  2 ++
 ssl/s3_lib.c                          |  4 +++
 ssl/ssl_cert.c                        |  3 +++
 ssl/ssl_ciph.c                        |  3 +++
 ssl/ssl_conf.c                        |  2 ++
 ssl/ssl_lib.c                         |  8 ++++++
 ssl/ssl_rsa.c                         |  2 ++
 ssl/ssl_sess.c                        |  2 ++
 ssl/statem/extensions.c               |  2 ++
 ssl/statem/extensions_clnt.c          |  4 +++
 ssl/statem/extensions_srvr.c          |  4 +++
 ssl/statem/statem_clnt.c              |  4 +++
 ssl/statem/statem_lib.c               |  4 +++
 ssl/statem/statem_srvr.c              |  4 +++
 ssl/t1_lib.c                          |  4 +++
 test/cipherbytes_test.c               |  2 ++
 test/cipherlist_test.c                |  2 ++
 test/ciphername_test.c                |  2 ++
 test/cmp_client_test.c                |  3 +++
 test/cmp_ctx_test.c                   |  6 +++++
 test/cmp_hdr_test.c                   |  3 +++
 test/cmp_msg_test.c                   |  2 ++
 test/cmp_protect_test.c               |  2 ++
 test/cmp_status_test.c                |  2 ++
 test/cmp_testlib.c                    |  2 ++
 test/cmp_vfy_test.c                   |  1 +
 test/cmsapitest.c                     |  2 ++
 test/confdump.c                       |  3 +++
 test/crltest.c                        |  3 +++
 test/ct_test.c                        |  3 +++
 test/danetest.c                       |  2 ++
 test/dtls_mtu_test.c                  |  2 ++
 test/evp_test.c                       |  2 ++
 test/handshake_helper.c               |  2 ++
 test/http_test.c                      |  2 ++
 test/ocspapitest.c                    |  2 ++
 test/ssl_test.c                       |  2 ++
 test/ssl_test_ctx.c                   |  3 +++
 test/sslapitest.c                     |  6 +++++
 test/sslcorrupttest.c                 |  2 ++
 test/ssltest_old.c                    |  3 +++
 test/v3nametest.c                     |  2 ++
 test/verify_extra_test.c              |  2 ++
 util/missingmacro.txt                 |  5 ++++
 util/perl/OpenSSL/ParseC.pm           | 22 +++++++++++++++++
 227 files changed, 797 insertions(+), 140 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 78e8f88c62..45789ed612 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -417,6 +417,11 @@ OpenSSL 3.0
    replaced with no-ops.
 
    *Rich Salz*
+ 
+ * Added documentation for the STACK API. OpenSSL only defines the STACK
+   functions where they are used.
+  
+   *Rich Salz*
 
  * Introduced a new method type and API, OSSL_SERIALIZER, to
    represent generic serializers.  An implementation is expected to
diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf
index 451a808f1e..821a211cc8 100644
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
@@ -10,7 +10,7 @@ my %targets=(
 	includes	=> [],
 	lib_cflags	=> "",
 	lib_cppflags	=> "",
-	lib_defines	=> [ 'OPENSSL_BUILDING_OPENSSL' ],
+	lib_defines	=> [],
 	thread_scheme	=> "(unknown)", # Assume we don't know
 	thread_defines	=> [],
 
@@ -47,7 +47,7 @@ my %targets=(
 
 	defines		=>
 	    sub {
-                my @defs = ();
+                my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
                 push @defs, "ZLIB" unless $disabled{zlib};
                 push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
                 return [ @defs ];
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 342e12d9b2..4b34e7e622 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -18,6 +18,9 @@
 #include <openssl/pem.h>
 #include <openssl/asn1t.h>
 
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF_STRING()
+
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
diff --git a/apps/ca.c b/apps/ca.c
index a3f2c6887a..e2fb43fd7e 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -34,6 +34,11 @@
 #include "apps.h"
 #include "progs.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF_STRING()
+
 #ifndef W_OK
 # define F_OK 0
 # define W_OK 2
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 500b416046..380091f16f 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -15,6 +15,8 @@
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_STDNAME,
diff --git a/apps/cmp_mock_srv.c b/apps/cmp_mock_srv.c
index 8ffe4ca5a8..b45f98551c 100644
--- a/apps/cmp_mock_srv.c
+++ b/apps/cmp_mock_srv.c
@@ -15,6 +15,10 @@
 #include <openssl/err.h>
 #include <openssl/cmperr.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+ 
 /* the context for the CMP mock server */
 typedef struct
 {
diff --git a/apps/cms.c b/apps/cms.c
index 0d89085cc7..0c8af3dab7 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -23,6 +23,12 @@
 # include <openssl/x509v3.h>
 # include <openssl/cms.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(GENERAL_NAMES)
+DEFINE_STACK_OF_STRING()
+
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int cms_cb(int ok, X509_STORE_CTX *ctx);
 static void receipt_request_print(CMS_ContentInfo *cms);
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 9137f87239..e0de95a12a 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -19,6 +19,11 @@
 #include <openssl/pem.h>
 #include <openssl/objects.h>
 
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_INFO)
+DEFINE_STACK_OF_STRING()
+
 static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 
 typedef enum OPTION_choice {
diff --git a/apps/dgst.c b/apps/dgst.c
index 23faa340b2..90aaf982ae 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -21,6 +21,8 @@
 #include <openssl/hmac.h>
 #include <ctype.h>
 
+DEFINE_STACK_OF_STRING()
+
 #undef BUFSIZE
 #define BUFSIZE 1024*8
 
diff --git a/apps/engine.c b/apps/engine.c
index 2b295fde67..6d788ac852 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -19,6 +19,9 @@
 #include <openssl/ssl.h>
 #include <openssl/store.h>
 
+DEFINE_STACK_OF_STRING()
+DEFINE_STACK_OF_CSTRING()
+
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index 157f08b11f..1eb183f361 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -18,6 +18,8 @@
 #include "apps.h"
 #include "progs.h"
 
+DEFINE_STACK_OF_STRING()
+
 #define BUFSIZE 4096
 #define DEFAULT_MAC_NAME "HMAC"
 #define DEFAULT_FIPS_SECTION "fips_check_section"
diff --git a/apps/kdf.c b/apps/kdf.c
index 0b577b2bcd..9a69682b57 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -17,6 +17,8 @@
 #include <openssl/kdf.h>
 #include <openssl/params.h>
 
+DEFINE_STACK_OF_STRING()
+
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT,
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 13ca7a12f1..5395d842eb 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -57,6 +57,17 @@ static int WIN32_rename(const char *from, const char *to);
 
 #define PASS_SOURCE_SIZE_MAX 4
 
+DEFINE_STACK_OF(CONF)
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(X509_INFO)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(X509_POLICY_NODE)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(DIST_POINT)
+DEFINE_STACK_OF_STRING()
+
 typedef struct {
     const char *name;
     unsigned long flag;
diff --git a/apps/lib/names.c b/apps/lib/names.c
index 09ee16fd37..a1116d68f8 100644
--- a/apps/lib/names.c
+++ b/apps/lib/names.c
@@ -12,6 +12,8 @@
 #include <openssl/safestack.h>
 #include "names.h"
 
+DEFINE_STACK_OF_CSTRING()
+
 #ifdef _WIN32
 # define strcasecmp _stricmp
 #endif
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 16ce65d448..5f2f2792fa 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -26,6 +26,11 @@
 
 #define COOKIE_SECRET_LENGTH    16
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(X509_NAME)
+DEFINE_STACK_OF_STRING()
+
 VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
 
 #ifndef OPENSSL_NO_SOCK
diff --git a/apps/list.c b/apps/list.c
index b30632a65a..a28f6b673e 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -19,6 +19,8 @@
 #include "opt.h"
 #include "names.h"
 
+DEFINE_STACK_OF_CSTRING()
+
 static int verbose = 0;
 
 static void legacy_cipher_fn(const EVP_CIPHER *c,
diff --git a/apps/mac.c b/apps/mac.c
index 6e322fd2fe..07a6e915e3 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -16,6 +16,8 @@
 #include <openssl/evp.h>
 #include <openssl/params.h>
 
+DEFINE_STACK_OF_STRING()
+
 #undef BUFSIZE
 #define BUFSIZE 1024*8
 
diff --git a/apps/nseq.c b/apps/nseq.c
index 92ae7bd34d..de189632b2 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -14,6 +14,8 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 
+DEFINE_STACK_OF(X509)
+
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_TOSEQ, OPT_IN, OPT_OUT,
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 7bd1765b30..d85892202a 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -33,6 +33,11 @@
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
 
+DEFINE_STACK_OF(OCSP_CERTID)
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF_STRING()
+
 #ifndef HAVE_FORK
 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
 #  define HAVE_FORK 0
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 69bbe94cf9..18f9550ded 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -19,6 +19,12 @@
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(PKCS7)
+DEFINE_STACK_OF(PKCS12_SAFEBAG)
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+DEFINE_STACK_OF_STRING()
+
 #define NOKEYS          0x1
 #define NOCERTS         0x2
 #define INFO            0x4
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index dba9751e9b..2416584dd6 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -20,6 +20,9 @@
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 34251d5aeb..1e3802045f 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -15,6 +15,8 @@
 #include <openssl/evp.h>
 #include <sys/stat.h>
 
+DEFINE_STACK_OF_STRING()
+
 #define KEY_NONE        0
 #define KEY_PRIVKEY     1
 #define KEY_PUBKEY      2
diff --git a/apps/provider.c b/apps/provider.c
index 87231cd2df..de8fd34cf3 100644
--- a/apps/provider.c
+++ b/apps/provider.c
@@ -20,6 +20,8 @@
 #include <openssl/core.h>
 #include <openssl/core_numbers.h>
 
+DEFINE_STACK_OF_CSTRING()
+
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_V = 100, OPT_VV, OPT_VVV
diff --git a/apps/rehash.c b/apps/rehash.c
index e21b1b84ae..866b8cfe20 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -42,6 +42,8 @@
 # include <openssl/pem.h>
 # include <openssl/x509.h>
 
+DEFINE_STACK_OF(X509_INFO)
+DEFINE_STACK_OF_STRING()
 
 # ifndef PATH_MAX
 #  define PATH_MAX 4096
diff --git a/apps/req.c b/apps/req.c
index 3d40f0c80b..9ab120c34f 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -32,6 +32,8 @@
 # include <openssl/dsa.h>
 #endif
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF_STRING()
 
 #define BITS            "default_bits"
 #define KEYFILE         "default_keyfile"
diff --git a/apps/s_client.c b/apps/s_client.c
index ff06f4ee4c..a28b2867a3 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -56,6 +56,12 @@ typedef unsigned int u_int;
 # endif
 #endif
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(X509_NAME)
+DEFINE_STACK_OF(SCT)
+DEFINE_STACK_OF_STRING()
+
 #undef BUFSIZZ
 #define BUFSIZZ 1024*8
 #define S_CLIENT_IRC_READ_TIMEOUT 8
diff --git a/apps/s_server.c b/apps/s_server.c
index dd661ee4eb..14550aebc2 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -60,6 +60,12 @@ typedef unsigned int u_int;
 #endif
 #include "internal/sockets.h"
 
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(SSL_CIPHER)
+DEFINE_STACK_OF_STRING()
+
 static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
 static int sv_body(int s, int stype, int prot, unsigned char *context);
 static int www_body(int s, int stype, int prot, unsigned char *context);
diff --git a/apps/smime.c b/apps/smime.c
index 27fc7905c0..50f03fdc04 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -19,6 +19,9 @@
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF_STRING()
+
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int smime_cb(int ok, X509_STORE_CTX *ctx);
 
diff --git a/apps/verify.c b/apps/verify.c
index 0e423ca80b..558866806f 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -18,6 +18,10 @@
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF_STRING()
+
 static int cb(int ok, X509_STORE_CTX *ctx);
 static int check(X509_STORE *ctx, const char *file,
                  STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
diff --git a/apps/x509.c b/apps/x509.c
index bff698f97d..16c1f95754 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -28,6 +28,10 @@
 # include <openssl/dsa.h>
 #endif
 
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF_STRING()
+
 #undef POSTFIX
 #define POSTFIX ".srl"
 #define DEF_DAYS        30
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index ab54739714..518d408937 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -12,6 +12,8 @@
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 
+DEFINE_STACK_OF(ASN1_STRING_TABLE)
+
 static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
 static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 7b50a0ce63..c5fb8f91b1 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -23,6 +23,9 @@
 
 #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
 
+DEFINE_STACK_OF(ASN1_TYPE)
+DEFINE_STACK_OF(CONF_VALUE)
+
 #define ASN1_FLAG_EXP_MAX       20
 /* Maximum number of nested sequences */
 #define ASN1_GEN_SEQ_MAX_DEPTH  50
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 1331f608f4..47ae801b94 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -13,6 +13,8 @@
 #include <openssl/asn1.h>
 #include "asn1_local.h"
 
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
                            long max);
 static void asn1_put_length(unsigned char **pp, int length);
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 30da0298c0..4eb92d6844 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -18,6 +18,9 @@
 #include "internal/bio.h"
 #include "asn1_local.h"
 
+DEFINE_STACK_OF(BIO)
+DEFINE_STACK_OF(X509_ALGOR)
+
 /*
  * Generalised MIME like utilities for streaming ASN1. Although many have a
  * PKCS7/CMS like flavour others are more general purpose.
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
index 90f8076048..02ca99db79 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -16,6 +16,8 @@
 #include "crypto/asn1.h"
 #include "crypto/objects.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 /* Simple ASN1 OID module: add all objects in a given section */
 
 static int do_create(const char *value, const char *name);
diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c
index 3139ab07cc..dedf1c3240 100644
--- a/crypto/asn1/asn_mstbl.c
+++ b/crypto/asn1/asn_mstbl.c
@@ -13,6 +13,7 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
 /* Multi string module: add table entries from a given section */
 
 static int do_tcreate(const char *value, const char *name);
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index a4f3dd5359..c7346f5424 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -18,6 +18,7 @@
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 
+DEFINE_STACK_OF(ASN1_TYPE)
 EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
                             long length, OPENSSL_CTX *libctx, const char *propq)
 {
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index f720c6020a..421991146d 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -17,6 +17,7 @@
 #include "internal/numbers.h"
 #include "asn1_local.h"
 
+DEFINE_STACK_OF(ASN1_VALUE)
 
 /*
  * Constructed types with a recursive definition (such as can be found in PKCS7)
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index e8d57bdaad..a8cd914f4e 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -13,6 +13,8 @@
 #include <openssl/objects.h>
 #include "asn1_local.h"
 
+DEFINE_STACK_OF(ASN1_VALUE)
+
 /* Free up an ASN1 structure */
 
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 155080dda1..a6335691a0 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -15,6 +15,8 @@
 #include <string.h>
 #include "asn1_local.h"
 
+DEFINE_STACK_OF(ASN1_VALUE)
+
 static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                                int embed);
 static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
index ae318db6ca..703bd8cded 100644
--- a/crypto/cmp/cmp_asn.c
+++ b/crypto/cmp/cmp_asn.c
@@ -17,6 +17,8 @@
 #include <openssl/cmp.h>
 #include <openssl/crmf.h>
 
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+
 /* ASN.1 declarations from RFC4210 */
 ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
     /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 6e9929028b..f561f72eb1 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -21,6 +21,12 @@
 
 #include "openssl/cmp_util.h"
 
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+DEFINE_STACK_OF(OSSL_CMP_PKISI)
+DEFINE_STACK_OF(OSSL_CRMF_CERTID)
+
 #define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \
                         || (t) == OSSL_CMP_PKIBODY_KUP)
 
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index e34ad84797..aa18338db5 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -20,7 +20,16 @@
 #include <openssl/crmf.h>
 #include <openssl/err.h>
 
-/* Get current certificate store containing trusted root CA certs */
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(POLICYINFO)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+
+/*
+ * Get current certificate store containing trusted root CA certs
+ */
 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx)
 {
     if (ctx == NULL) {
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index 99953d9c1e..c2493420f8 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -20,6 +20,9 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+
 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
 {
     if (!ossl_assert(hdr != NULL))
diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c
index 6b3849fcc1..4c9f542b49 100644
--- a/crypto/cmp/cmp_http.c
+++ b/crypto/cmp/cmp_http.c
@@ -28,6 +28,8 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 /*
  * Send the PKIMessage req and on success return the response, else NULL.
  * Any previous error queue entries will likely be removed by ERR_clear_error().
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index d98cefe7d3..dc11b54d2b 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -20,6 +20,16 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(OSSL_CMP_PKISI)
+DEFINE_STACK_OF(OSSL_CRMF_MSG)
+DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+DEFINE_STACK_OF(OSSL_CRMF_CERTID)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
 {
     if (msg == NULL) {
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index e1dc8e5fa1..3e0c22bb80 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -18,6 +18,8 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+DEFINE_STACK_OF(X509)
+
 /*
  * This function is also used for verification from cmp_vfy.
  *
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index 2cb264a004..4da9a4436f 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -19,6 +19,11 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
+DEFINE_STACK_OF(OSSL_CRMF_MSG)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
+
 /* the context for the generic CMP server */
 struct ossl_cmp_srv_ctx_st
 {
diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c
index c9809c5a3a..8f10a42fb9 100644
--- a/crypto/cmp/cmp_status.c
+++ b/crypto/cmp/cmp_status.c
@@ -26,6 +26,8 @@
 #include <openssl/x509.h>
 #include <openssl/asn1err.h> /* for ASN1_R_TOO_SMALL and ASN1_R_TOO_LARGE */
 
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
 /* CMP functions related to PKIStatus */
 
 int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index 785a1bea5f..570e14cd24 100644
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -16,6 +16,10 @@
 #include <openssl/err.h> /* should be implied by cmperr.h */
 #include <openssl/x509v3.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_OBJECT)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
 /*
  * use trace API for CMP-specific logging, prefixed by "CMP " and severity
  */
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 137b65b06b..c124b0636f 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -22,6 +22,8 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509)
+
 /*
  * Verify a message protected by signature according to section 5.1.3.3
  * (sha1+RSA/DSA or any other algorithm supported by OpenSSL).
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index af53fc82bb..a5ef2ddee5 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -18,6 +18,10 @@
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 
+DEFINE_STACK_OF(CMS_RecipientInfo)
+DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+
 /* CMS EnvelopedData Utilities */
 
 static void cms_env_set_version(CMS_EnvelopedData *env);
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 00a08aafea..12243dd869 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -19,6 +19,9 @@
 #include "crypto/ess.h"
 #include "crypto/cms.h"
 
+DEFINE_STACK_OF(GENERAL_NAMES)
+DEFINE_STACK_OF(CMS_SignerInfo)
+
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
 /* ESS services */
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 14a884caeb..4e837718dc 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -17,6 +17,8 @@
 #include "cms_local.h"
 #include "crypto/asn1.h"
 
+DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
+
 /* Key Agreement Recipient Info (KARI) routines */
 
 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 835e34887d..89dfc15081 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -16,6 +16,10 @@
 #include <openssl/cms.h>
 #include "cms_local.h"
 
+DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
 IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index a4c32dcdc9..dee4a53ca1 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -18,6 +18,8 @@
 #include "cms_local.h"
 #include "crypto/asn1.h"
 
+DEFINE_STACK_OF(CMS_RecipientInfo)
+
 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
                                     unsigned char *pass, ossl_ssize_t passlen)
 {
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 4a40226cf5..a5342c4a00 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -21,6 +21,12 @@
 #include "crypto/cms.h"
 #include "crypto/ess.h"
 
+DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_ALGOR)
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+
 /* CMS SignedData Utilities */
 
 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index f07064ea61..dbdc815e97 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -16,6 +16,12 @@
 #include "cms_local.h"
 #include "crypto/asn1.h"
 
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
+DEFINE_STACK_OF(CMS_RecipientInfo)
+
 static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
 {
     BIO *rbio;
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 4c7349a305..827b4032c7 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -16,6 +16,8 @@
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
 static void value_free_stack_doall(CONF_VALUE *a);
 
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 9718b73a18..9dbda10edf 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -27,6 +27,8 @@
 # endif
 #endif
 
+DEFINE_STACK_OF(BIO)
+
 #ifndef S_ISDIR
 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
 #endif
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 2bbf43b908..504d9b181a 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -18,6 +18,10 @@
 #include <openssl/trace.h>
 #include <openssl/engine.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(CONF_MODULE)
+DEFINE_STACK_OF(CONF_IMODULE)
+
 #define DSO_mod_init_name "OPENSSL_init"
 #define DSO_mod_finish_name "OPENSSL_finish"
 
diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c
index 5855c50c7b..14d5dc1d5b 100644
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
@@ -14,6 +14,8 @@
 #include "internal/sslconf.h"
 #include "conf_local.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 /*
  * SSL library configuration module placeholder. We load it here but defer
  * all decisions about its contents to libssl.
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index 8c59e3d0d9..89eb2c3775 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -36,6 +36,9 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(OSSL_CRMF_MSG)
+
 /*-
  * atyp = Attribute Type
  * valt = Value Type
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index 32a29ed699..73eeee9d7d 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -18,6 +18,8 @@
 
 #include "internal/cryptlib.h"
 
+DEFINE_STACK_OF(CTLOG)
+
 /*
  * Information about a CT log server.
  */
diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
index bd8d1bb1df..dfc6e99e2a 100644
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -21,6 +21,8 @@
 
 #include "ct_local.h"
 
+DEFINE_STACK_OF(SCT)
+
 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
 {
     size_t siglen;
diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c
index 4c5760d694..e2ab6b2fd5 100644
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
@@ -16,6 +16,8 @@
 
 #include "ct_local.h"
 
+DEFINE_STACK_OF(SCT)
+
 static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
 {
     int nid = SCT_get_signature_nid(sct);
diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c
index 1b8e1dc61e..f6c262c967 100644
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
@@ -19,6 +19,8 @@
 
 #include "ct_local.h"
 
+DEFINE_STACK_OF(SCT)
+
 SCT *SCT_new(void)
 {
     SCT *sct = OPENSSL_zalloc(sizeof(*sct));
diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
index 1665b985eb..55190debc1 100644
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -13,6 +13,8 @@
 
 #include "ct_local.h"
 
+DEFINE_STACK_OF(SCT)
+
 static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
 {
     return OPENSSL_strdup("NULL");
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
index b01c2f6ac5..57fa43fa41 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -19,6 +19,8 @@
 #include "dso_local.h"
 #include "e_os.h"
 
+DEFINE_STACK_OF(void)
+
 #ifdef DSO_DLFCN
 
 # ifdef HAVE_DLFCN_H
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index a464c391be..82215dde7d 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -10,6 +10,8 @@
 #include "dso_local.h"
 #include "internal/refcount.h"
 
+DEFINE_STACK_OF(void)
+
 static DSO_METHOD *default_DSO_meth = NULL;
 
 static DSO *DSO_new_method(DSO_METHOD *meth)
diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c
index adf2e63688..5826d410b5 100644
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@@ -69,6 +69,8 @@ static void *win32_globallookup(const char *name);
 
 static const char *openssl_strnchr(const char *string, int c, size_t len);
 
+DEFINE_STACK_OF(void)
+
 static DSO_METHOD dso_meth_win32 = {
     "OpenSSL 'win32' shared library method",
     win32_load,
diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
index 221981942c..de215952ab 100644
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
@@ -11,6 +11,8 @@
 #include <openssl/conf.h>
 #include <openssl/trace.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 /* ENGINE config module */
 
 static const char *skip_dot(const char *name)
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 15504410d9..f7595b7420 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -17,6 +17,8 @@
  * prototypes.
  */
 
+DEFINE_STACK_OF_STRING()
+
 /* Our ENGINE handlers */
 static int dynamic_init(ENGINE *e);
 static int dynamic_finish(ENGINE *e);
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index a2d6bfe7a9..9d9defa9d7 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -13,6 +13,11 @@
 #include <openssl/ess.h>
 #include "crypto/ess.h"
 
+DEFINE_STACK_OF(ESS_CERT_ID)
+DEFINE_STACK_OF(ESS_CERT_ID_V2)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(GENERAL_NAME)
+
 static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
 static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
                                                X509 *cert, int issuer_needed);
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 7cfa0a27fe..fa35fd168c 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -15,6 +15,8 @@
 #include <openssl/x509v3.h>
 #include <openssl/trace.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 /* Algorithm configuration module. */
 
 /* TODO(3.0): the config module functions should be passed a library context */
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 277f808f60..fcf369ad5d 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -36,6 +36,7 @@
 #include "internal/evp.h"
 #include "internal/provider.h"
 #include "evp_local.h"
+DEFINE_STACK_OF(X509_ATTRIBUTE)
 
 #include "crypto/ec.h"
 
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index d672b464a6..6200d05529 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -10,6 +10,8 @@
 #include "crypto/cryptlib.h"
 #include "internal/thread_once.h"
 
+DEFINE_STACK_OF(void)
+
 int do_ex_data_init(OPENSSL_CTX *ctx)
 {
     OSSL_EX_DATA_GLOBAL *global = openssl_ctx_get_ex_data_global(ctx);
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 4c123f81d3..98be2c4947 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -25,6 +25,8 @@
 
 #include "http_local.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 #define HTTP_PREFIX "HTTP/"
 #define HTTP_VERSION_PATT "1." /* allow 1.x */
 #define HTTP_VERSION_STR_LEN 3
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index ec657900a5..95b16dce55 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -18,6 +18,10 @@
 #include <openssl/ocsp.h>
 #include "ocsp_local.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OCSP_ONEREQ)
+DEFINE_STACK_OF(OCSP_SINGLERESP)
+
 /*
  * Utility functions related to sending OCSP requests and extracting relevant
  * information from the response.
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index c2b61bd4f2..77e67840b8 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -16,6 +16,9 @@
 #include <openssl/rand.h>
 #include <openssl/x509v3.h>
 
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
+
 /* Standard wrapper functions for extensions */
 
 /* OCSP request extensions */
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index 6d527dfcc8..170fb275a6 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -14,6 +14,10 @@
 #include "internal/cryptlib.h"
 #include <openssl/pem.h>
 
+DEFINE_STACK_OF(OCSP_ONEREQ)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OCSP_SINGLERESP)
+
 static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
 {
     BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index b9253b36d9..3cfe3649cc 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -16,6 +16,10 @@
 #include <openssl/ocsp.h>
 #include "ocsp_local.h"
 
+DEFINE_STACK_OF(OCSP_ONEREQ)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OCSP_SINGLERESP)
+
 /*
  * Utility functions related to sending OCSP responses and extracting
  * relevant information from the request.
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index c7a22a1f97..0dccb24eb5 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -12,6 +12,10 @@
 #include <openssl/err.h>
 #include <string.h>
 
+DEFINE_STACK_OF(OCSP_ONEREQ)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OCSP_SINGLERESP)
+
 static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                             STACK_OF(X509) *certs, unsigned long flags);
 static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
index 9648ba9412..33451ec4a5 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -16,6 +16,8 @@
 # include <openssl/x509v3.h>
 # include "../x509/ext_dat.h"
 
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
+
 /*
  * OCSP extensions and a couple of CRL entry extensions
  */
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 90162d7ddb..f6a5dedc48 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -23,6 +23,8 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 
+DEFINE_STACK_OF(X509_INFO)
+
 #ifndef OPENSSL_NO_STDIO
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                         pem_password_cb *cb, void *u)
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 0e8b419d0f..f75b2437c9 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -12,6 +12,10 @@
 #include <openssl/pkcs12.h>
 #include "p12_local.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(PKCS7)
+DEFINE_STACK_OF(PKCS12_SAFEBAG)
+
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
                           PKCS12_SAFEBAG *bag);
 
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index a9a3ff54f3..9a12ef1035 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -11,6 +11,10 @@
 #include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(PKCS7)
+DEFINE_STACK_OF(PKCS12_SAFEBAG)
+
 /* Simplified PKCS#12 routines */
 
 static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index 7c916d46cd..838abe352a 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -15,6 +15,9 @@
 #include <openssl/pkcs12.h>
 #include "p12_local.h"
 
+DEFINE_STACK_OF(PKCS7)
+DEFINE_STACK_OF(PKCS12_SAFEBAG)
+
 /* PKCS#12 password change routine */
 
 static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
index e7bc808cc4..1c95a3cfce 100644
--- a/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
@@ -17,6 +17,8 @@
 #include <openssl/x509.h>
 #include <openssl/err.h>
 
+DEFINE_STACK_OF(X509_ALGOR)
+
 int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
                               STACK_OF(X509_ALGOR) *cap)
 {
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 2cf62b62cd..9fb3ffc1a2 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -15,6 +15,11 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 
+DEFINE_STACK_OF(X509_ALGOR)
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+DEFINE_STACK_OF(PKCS7_RECIP_INFO)
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
                          void *value);
 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index ca039656f0..0eb140e6ae 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -14,6 +14,12 @@
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(X509_ALGOR)
+DEFINE_STACK_OF(PKCS7_RECIP_INFO)
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 {
     int nid;
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 43ad266a6c..3ef59c57ba 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -14,9 +14,13 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-
 #define BUFFERSIZE 4096
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+DEFINE_STACK_OF(X509_ALGOR)
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+
 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
index 1dd5b1d1d4..ce09fae7d3 100644
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -14,9 +14,11 @@
 #include <openssl/safestack.h>
 #include "internal/provider.h"
 
+DEFINE_STACK_OF(OSSL_PROVIDER)
+DEFINE_STACK_OF(CONF_VALUE)
+
 /* PROVIDER config module */
 
-DEFINE_STACK_OF(OSSL_PROVIDER)
 static STACK_OF(OSSL_PROVIDER) *activated_providers = NULL;
 
 static const char *skip_dot(const char *name)
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 6c50d06457..f0ed6da6f6 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -25,6 +25,10 @@
 # define SRP_RANDOM_SALT_LEN 20
 # define MAX_LEN 2500
 
+DEFINE_STACK_OF(SRP_user_pwd)
+DEFINE_STACK_OF(SRP_gN_cache)
+DEFINE_STACK_OF(SRP_gN)
+
 /*
  * Note that SRP uses its own variant of base 64 encoding. A different base64
  * alphabet is used and no padding '=' characters are added. Instead we pad to
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 9b7f8fb8ae..02178b29a8 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -32,6 +32,8 @@
 #include "crypto/evp.h"
 #include "store_local.h"
 
+DEFINE_STACK_OF(X509)
+
 #ifdef _WIN32
 # define stat    _stat
 #endif
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index 4117ccdd87..8d2d7129f9 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -15,6 +15,10 @@
 #include <openssl/engine.h>
 #include <openssl/ts.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_INFO)
+DEFINE_STACK_OF(CONF_VALUE)
+
 /* Macro definitions for the configuration file. */
 #define BASE_SECTION                    "tsa"
 #define ENV_DEFAULT_TSA                 "default_tsa"
diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c
index 8b95097935..ec36868d88 100644
--- a/crypto/ts/ts_req_utils.c
+++ b/crypto/ts/ts_req_utils.c
@@ -14,6 +14,8 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
+DEFINE_STACK_OF(X509_EXTENSION)
+
 int TS_REQ_set_version(TS_REQ *a, long version)
 {
     return ASN1_INTEGER_set(a->version, version);
diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c
index 8593e2d9e3..5334cea534 100644
--- a/crypto/ts/ts_rsp_print.c
+++ b/crypto/ts/ts_rsp_print.c
@@ -15,6 +15,9 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(CONF_VALUE)
+
 struct status_map_st {
     int bit;
     const char *text;
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index ed0979e584..ba69cbece2 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -17,6 +17,12 @@
 #include "ts_local.h"
 #include "crypto/ess.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF_CONST(EVP_MD)
+
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
 static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
 static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c
index 6017e8d16d..b9ec82a2e6 100644
--- a/crypto/ts/ts_rsp_utils.c
+++ b/crypto/ts/ts_rsp_utils.c
@@ -14,6 +14,8 @@
 #include <openssl/pkcs7.h>
 #include "ts_local.h"
 
+DEFINE_STACK_OF(X509_EXTENSION)
+
 int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
 {
     TS_STATUS_INFO *new_status_info;
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 1f20fb9c0e..b872f75bea 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -15,6 +15,13 @@
 #include "ts_local.h"
 #include "crypto/ess.h"
 
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(ESS_CERT_ID)
+DEFINE_STACK_OF(ESS_CERT_ID_V2)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(GENERAL_NAME)
+
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);
 static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 3c8340137f..2205345b0f 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -12,6 +12,8 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
+DEFINE_STACK_OF(X509)
+
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 {
     TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 97a75eab66..85bf8c1f80 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -15,6 +15,8 @@
 #include <openssl/err.h>
 #include "ui_local.h"
 
+DEFINE_STACK_OF(UI_STRING)
+
 UI *UI_new(void)
 {
     return UI_new_method(NULL);
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 4479d6ad98..43b175e2dc 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -22,6 +22,8 @@
 #include "crypto/x509.h"
 #include "x509_local.h"
 
+DEFINE_STACK_OF(X509_OBJECT)
+
 struct lookup_dir_hashes_st {
     unsigned long hash;
     int suffix;
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 93a1af87c6..178ec2aeb5 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -17,6 +17,8 @@
 #include <openssl/pem.h>
 #include "x509_local.h"
 
+DEFINE_STACK_OF(X509_INFO)
+
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                         long argl, char **ret);
 static X509_LOOKUP_METHOD x509_file_lookup = {
diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c
index 8a8c50b653..7141c1bd2f 100644
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -12,6 +12,8 @@
 #include "crypto/x509.h"
 #include "x509_local.h"
 
+DEFINE_STACK_OF_STRING()
+
 /* Generic object loader, given expected type and criterion */
 static int cache_objects(X509_LOOKUP *lctx, const char *uri,
                          const OSSL_STORE_SEARCH *criterion,
diff --git a/crypto/x509/pcy_cache.c b/crypto/x509/pcy_cache.c
index e65931e456..a7bcfe6013 100644
--- a/crypto/x509/pcy_cache.c
+++ b/crypto/x509/pcy_cache.c
@@ -14,6 +14,8 @@
 
 #include "pcy_local.h"
 
+DEFINE_STACK_OF(POLICYINFO)
+
 static int policy_data_cmp(const X509_POLICY_DATA *const *a,
                            const X509_POLICY_DATA *const *b);
 static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
diff --git a/crypto/x509/pcy_data.c b/crypto/x509/pcy_data.c
index cc3fc201f9..0a98a11169 100644
--- a/crypto/x509/pcy_data.c
+++ b/crypto/x509/pcy_data.c
@@ -13,6 +13,9 @@
 
 #include "pcy_local.h"
 
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF(POLICYQUALINFO)
+
 /* Policy Node routines */
 
 void policy_data_free(X509_POLICY_DATA *data)
diff --git a/crypto/x509/pcy_lib.c b/crypto/x509/pcy_lib.c
index c4740a0a30..23baa2db1b 100644
--- a/crypto/x509/pcy_lib.c
+++ b/crypto/x509/pcy_lib.c
@@ -13,6 +13,8 @@
 
 #include "pcy_local.h"
 
+DEFINE_STACK_OF(X509_POLICY_NODE)
+
 /* accessor functions */
 
 /* X509_POLICY_TREE stuff */
diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
index 258792be6f..76cca2f842 100644
--- a/crypto/x509/pcy_map.c
+++ b/crypto/x509/pcy_map.c
@@ -14,6 +14,9 @@
 
 #include "pcy_local.h"
 
+DEFINE_STACK_OF(POLICY_MAPPING)
+DEFINE_STACK_OF(ASN1_OBJECT)
+
 /*
  * Set policy mapping entries in cache. Note: this modifies the passed
  * POLICY_MAPPINGS structure
diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
index fc06a31c51..5afd08121a 100644
--- a/crypto/x509/pcy_node.c
+++ b/crypto/x509/pcy_node.c
@@ -14,6 +14,9 @@
 
 #include "pcy_local.h"
 
+DEFINE_STACK_OF(X509_POLICY_NODE)
+DEFINE_STACK_OF(ASN1_OBJECT)
+
 static int node_cmp(const X509_POLICY_NODE *const *a,
                     const X509_POLICY_NODE *const *b)
 {
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
index fa11e5e47a..f9519d3a19 100644
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -14,6 +14,10 @@
 
 #include "pcy_local.h"
 
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_POLICY_NODE)
+
 static void expected_print(BIO *channel,
                            X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
                            int indent)
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index 33b871eb30..f6705286f2 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -15,6 +15,8 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+DEFINE_STACK_OF(X509_REVOKED)
+
 #ifndef OPENSSL_NO_STDIO
 int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 {
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index 8af6510bf5..4cf6493b79 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -17,6 +17,8 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 
+DEFINE_STACK_OF(X509_EXTENSION)
+
 #ifndef OPENSSL_NO_STDIO
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
 {
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 5e95395438..e3c21b084d 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -17,6 +17,9 @@
 #include "crypto/asn1.h"
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(ASN1_OBJECT)
+
 #ifndef OPENSSL_NO_STDIO
 int X509_print_fp(FILE *fp, X509 *x)
 {
diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c
index 766c5bc106..51f5cd8fa9 100644
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@@ -25,6 +25,11 @@
 
 #ifndef OPENSSL_NO_RFC3779
 
+DEFINE_STACK_OF(IPAddressOrRange)
+DEFINE_STACK_OF(IPAddressFamily)
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(X509)
+
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
  */
diff --git a/crypto/x509/v3_admis.c b/crypto/x509/v3_admis.c
index 104b58f259..4cccaf644f 100644
--- a/crypto/x509/v3_admis.c
+++ b/crypto/x509/v3_admis.c
@@ -20,6 +20,10 @@
 #include "v3_admis.h"
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(ADMISSIONS)
+DEFINE_STACK_OF(PROFESSION_INFO)
+DEFINE_STACK_OF(ASN1_STRING)
+DEFINE_STACK_OF(ASN1_OBJECT)
 
 ASN1_SEQUENCE(NAMING_AUTHORITY) = {
     ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT),
diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c
index 4898869b0b..bd231f65a0 100644
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@@ -15,6 +15,9 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(GENERAL_NAME)
+
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                                                  AUTHORITY_KEYID *akeyid,
                                                  STACK_OF(CONF_VALUE)
diff --git a/crypto/x509/v3_alt.c b/crypto/x509/v3_alt.c
index a910d5d718..67d8acc81b 100644
--- a/crypto/x509/v3_alt.c
+++ b/crypto/x509/v3_alt.c
@@ -13,6 +13,9 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(GENERAL_NAME)
+
 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx,
                                       STACK_OF(CONF_VALUE) *nval);
diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c
index 6cb5cd5546..798185a7b4 100644
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@@ -55,6 +55,10 @@ IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
 IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
 IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
 
+DEFINE_STACK_OF(ASIdOrRange)
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(X509)
+
 /*
  * i2r method for an ASIdentifierChoice.
  */
diff --git a/crypto/x509/v3_bcons.c b/crypto/x509/v3_bcons.c
index 02e300229c..0ba3c0cc1b 100644
--- a/crypto/x509/v3_bcons.c
+++ b/crypto/x509/v3_bcons.c
@@ -15,6 +15,8 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
                                                    BASIC_CONSTRAINTS *bcons,
                                                    STACK_OF(CONF_VALUE)
diff --git a/crypto/x509/v3_bitst.c b/crypto/x509/v3_bitst.c
index 81cdcfb6cf..b0a807d35a 100644
--- a/crypto/x509/v3_bitst.c
+++ b/crypto/x509/v3_bitst.c
@@ -13,6 +13,8 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
     {0, "SSL Client", "client"},
     {1, "SSL Server", "server"},
diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c
index 47b1cfc90b..38e364709a 100644
--- a/crypto/x509/v3_conf.c
+++ b/crypto/x509/v3_conf.c
@@ -17,6 +17,9 @@
 #include "crypto/x509.h"
 #include <openssl/x509v3.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(X509_EXTENSION)
+
 static int v3_check_critical(const char **value);
 static int v3_check_generic(const char **value);
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index 470088c90a..a5f1453492 100644
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -17,6 +17,11 @@
 #include "pcy_local.h"
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(POLICYINFO)
+DEFINE_STACK_OF(POLICYQUALINFO)
+DEFINE_STACK_OF(ASN1_INTEGER)
+
 /* Certificate policies extension support: this one is a bit complex... */
 
 static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index b23a9619e1..21a1bfcd7d 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -17,6 +17,11 @@
 #include "crypto/x509.h"
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(DIST_POINT)
+DEFINE_STACK_OF(X509_NAME_ENTRY)
+
 static void *v2i_crld(const X509V3_EXT_METHOD *method,
                       X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.c
index 8d0dfcf300..b60d999402 100644
--- a/crypto/x509/v3_extku.c
+++ b/crypto/x509/v3_extku.c
@@ -14,6 +14,9 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF(CONF_VALUE)
+
 static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
                                     X509V3_CTX *ctx,
                                     STACK_OF(CONF_VALUE) *nval);
diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c
index c50cfd1f34..4acc514af2 100644
--- a/crypto/x509/v3_info.c
+++ b/crypto/x509/v3_info.c
@@ -15,6 +15,9 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
+DEFINE_STACK_OF(CONF_VALUE)
+
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
                                                        *method, AUTHORITY_INFO_ACCESS
                                                        *ainfo, STACK_OF(CONF_VALUE)
diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c
index 6db4f19913..ceb127f637 100644
--- a/crypto/x509/v3_ist.c
+++ b/crypto/x509/v3_ist.c
@@ -15,6 +15,8 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 /*
  * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
  * This extention is required to obtain the status of a qualified certificate at Russian Federation.
diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c
index 71ba7a3282..a3bb8be8ec 100644
--- a/crypto/x509/v3_lib.c
+++ b/crypto/x509/v3_lib.c
@@ -16,6 +16,9 @@
 
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(X509V3_EXT_METHOD)
+DEFINE_STACK_OF(X509_EXTENSION)
+
 static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
 
 static int ext_cmp(const X509V3_EXT_METHOD *const *a,
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index d6a286c094..88ad8ba74f 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -19,6 +19,10 @@
 #include "crypto/x509.h"
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(GENERAL_SUBTREE)
+
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                   X509V3_CTX *ctx,
                                   STACK_OF(CONF_VALUE) *nval);
diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c
index fb5f35a5ab..4e02f9c546 100644
--- a/crypto/x509/v3_pci.c
+++ b/crypto/x509/v3_pci.c
@@ -49,6 +49,8 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
                    BIO *out, int indent);
 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
diff --git a/crypto/x509/v3_pcons.c b/crypto/x509/v3_pcons.c
index 33c08cfdaa..43e5bc555b 100644
--- a/crypto/x509/v3_pcons.c
+++ b/crypto/x509/v3_pcons.c
@@ -15,6 +15,8 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
                                                     *method, void *bcons, STACK_OF(CONF_VALUE)
                                                     *extlist);
diff --git a/crypto/x509/v3_pmaps.c b/crypto/x509/v3_pmaps.c
index 2b4784027c..9dcd459852 100644
--- a/crypto/x509/v3_pmaps.c
+++ b/crypto/x509/v3_pmaps.c
@@ -14,6 +14,9 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(POLICY_MAPPING)
+DEFINE_STACK_OF(CONF_VALUE)
+
 static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c
index 2ef76c1b5b..e5f062b668 100644
--- a/crypto/x509/v3_prn.c
+++ b/crypto/x509/v3_prn.c
@@ -14,6 +14,9 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(X509_EXTENSION)
+
 /* Extension printing routines */
 
 static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index 687d065303..b3401035f1 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -15,6 +15,11 @@
 #include "crypto/x509.h"
 #include "internal/tsan_assist.h"
 
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(DIST_POINT)
+DEFINE_STACK_OF(X509_PURPOSE)
+DEFINE_STACK_OF(ASN1_OBJECT)
+
 static int check_ssl_ca(const X509 *x);
 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
                                     int ca);
diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c
index 072b8efe82..364348d9dc 100644
--- a/crypto/x509/v3_sxnet.c
+++ b/crypto/x509/v3_sxnet.c
@@ -15,6 +15,9 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(SXNETID)
+DEFINE_STACK_OF(CONF_VALUE)
+
 /* Support for Thawte strong extranet extension */
 
 #define SXNET_TEST
diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c
index 28e83bb2ae..597e8eda5e 100644
--- a/crypto/x509/v3_tlsf.c
+++ b/crypto/x509/v3_tlsf.c
@@ -15,6 +15,9 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(ASN1_INTEGER)
+DEFINE_STACK_OF(CONF_VALUE)
+
 static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
                                              TLS_FEATURE *tls_feature,
                                              STACK_OF(CONF_VALUE) *ext_list);
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index c7f54aa0d4..4be395397c 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -20,6 +20,12 @@
 #include <openssl/bn.h>
 #include "ext_dat.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF_STRING()
+
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char *const *a, const char *const *b);
 static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name,
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index c8b2d0f8a8..03b90262ee 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -17,6 +17,9 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+DEFINE_STACK_OF(ASN1_TYPE)
+
 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
     return sk_X509_ATTRIBUTE_num(x);
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 654b7b5a68..05615c1e19 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -16,6 +16,8 @@
 #include <openssl/core_names.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509)
+
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
     int i;
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 64791f24a5..421f26ba16 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -15,6 +15,11 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
+DEFINE_STACK_OF(X509_LOOKUP)
+DEFINE_STACK_OF(X509_OBJECT)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(X509)
+
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 {
     X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index 9d8f48d2ee..1229c01b6b 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -14,6 +14,8 @@
 #include <openssl/buffer.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509_NAME_ENTRY)
+
 /*
  * Limit to ensure we don't overflow: much greater than
  * anything encountered in practice.
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index a03ba24926..a284bf72ca 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -17,6 +17,8 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+
 X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 {
     X509 *ret = NULL;
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 10718c347d..ebd45b68b0 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -12,6 +12,9 @@
 #include <openssl/x509v3.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509_TRUST)
+DEFINE_STACK_OF(ASN1_OBJECT)
+
 static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
 static void trtable_free(X509_TRUST *p);
 
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 715c3594d4..31438d2017 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -17,6 +17,8 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
+DEFINE_STACK_OF(X509_EXTENSION)
+
 int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
 {
     if (x == NULL)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 99479444e6..e5fbd2afd1 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -25,6 +25,13 @@
 #include "crypto/x509.h"
 #include "x509_local.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_REVOKED)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(DIST_POINT)
+DEFINE_STACK_OF_STRING()
+
 /* CRL score values */
 
 /* No unhandled critical extensions */
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index f6555dd20c..c3af2d3d78 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -18,6 +18,10 @@
 
 #include "x509_local.h"
 
+DEFINE_STACK_OF(ASN1_OBJECT)
+DEFINE_STACK_OF(X509_VERIFY_PARAM)
+DEFINE_STACK_OF_STRING()
+
 /* X509_VERIFY_PARAM functions */
 
 #define SET_HOST 0
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 22143da65e..d5b3778035 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -16,6 +16,8 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509_REVOKED)
+
 int X509_CRL_set_version(X509_CRL *x, long version)
 {
     if (x == NULL)
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index b00e5f5b38..7e2704fb68 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -16,6 +16,8 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509_NAME_ENTRY)
+
 int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
                               char *buf, int len)
 {
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index b30234112f..99609cfca6 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -14,6 +14,8 @@
 #include <openssl/x509.h>
 #include "x509_local.h"
 
+DEFINE_STACK_OF(ASN1_TYPE)
+
 /*-
  * X509_ATTRIBUTE: this has the following form:
  *
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 0f53be710f..0d3e1fedb4 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -15,6 +15,11 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(GENERAL_NAMES)
+DEFINE_STACK_OF(X509_REVOKED)
+DEFINE_STACK_OF(X509_EXTENSION)
+
 static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
                             const X509_REVOKED *const *b);
 static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 692bd6566a..2db9aa34ca 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -16,6 +16,9 @@
 #include "crypto/asn1.h"
 #include "x509_local.h"
 
+DEFINE_STACK_OF(X509_NAME_ENTRY)
+DEFINE_STACK_OF(ASN1_VALUE)
+
 /*
  * Maximum length of X509_NAME: much larger than anything we should
  * ever see in practice.
diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c
index 21215b4778..10b82df559 100644
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@@ -13,6 +13,8 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+
 /*-
  * X509_REQ_INFO is handled in an unusual way to get round
  * invalid encodings. Some broken certificate requests don't
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index e9317dc1d9..8cfdbc9fe6 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -15,6 +15,8 @@
 #include <openssl/x509v3.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(IPAddressFamily)
+
 ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
         ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
         ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER),
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
index 18d09e300e..957386b8e2 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -14,6 +14,8 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
+DEFINE_STACK_OF(ASN1_OBJECT)
+
 /*
  * X509_CERT_AUX routines. These are used to encode additional user
  * modifiable data about a certificate. This data is appended to the X509
diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod
index 4dd3de843f..6c165c0043 100644
--- a/doc/man3/DEFINE_STACK_OF.pod
+++ b/doc/man3/DEFINE_STACK_OF.pod
@@ -64,27 +64,31 @@ functions that wrap around the utility B<OPENSSL_sk_> API.
 In the description here, B<I<TYPE>> is used
 as a placeholder for any of the OpenSSL datatypes, such as B<X509>.
 
-STACK_OF() returns the name for a stack of the specified B<I<TYPE>>.
-DEFINE_STACK_OF() creates set of functions for a stack of B<I<TYPE>>. This
-will mean that type B<I<TYPE>> is stored in each stack, the type is referenced by
+The STACK_OF() macro returns the name for a stack of the specified B<I<TYPE>>.
+This is an opaque pointer to a structure declaration.
+This can be used in every header file that references the stack.
+There are several B<DEFINE...> macros that create static inline functions
+for all of the functions described on this page.
+This should normally be used in one source file, and the stack manipulation
+is wrapped with application-specific functions.
+
+DEFINE_STACK_OF() creates set of functions for a stack of B<I<TYPE>> elements.
+The type is referenced by
 B<STACK_OF>(B<I<TYPE>>) and each function name begins with B<sk_I<TYPE>_>.
-For example:
-
- TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
-
 DEFINE_STACK_OF_CONST() is identical to DEFINE_STACK_OF() except
-each element is constant. For example:
+each element is constant.
 
+ /* DEFINE_STACK_OF(TYPE) */
+ TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
+ /* DEFINE_STACK_OF_CONST(TYPE) */
  const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx);
 
-DEFINE_SPECIAL_STACK_OF() defines a stack of B<I<TYPE>> but
-each function uses B<FUNCNAME> in the function name. For example:
+DEFINE_SPECIAL_STACK_OF() and DEFINE_SPECIAL_STACK_OF_CONST() are similar
+except B<FUNCNAME> is used in the function names:
 
+ /* DEFINE_SPECIAL_STACK_OF(TYPE, FUNCNAME) */
  TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
-
-DEFINE_SPECIAL_STACK_OF_CONST() is similar except that each element is
-constant:
-
+ /* DEFINE_SPECIAL_STACK_OF(TYPE, FUNCNAME) */
  const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx);
 
 B<sk_I<TYPE>_num>() returns the number of elements in I<sk> or -1 if I<sk> is
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 74b79e31c6..c8d181c93a 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -31,6 +31,9 @@
 #  include <openssl/rsa.h>
 #  include <openssl/dsa.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_NAME)
+
 /*
  * This module uses several "new" interfaces, among which is
  * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
diff --git a/fuzz/client.c b/fuzz/client.c
index 451989773a..f80e8a0a48 100644
--- a/fuzz/client.c
+++ b/fuzz/client.c
@@ -20,6 +20,8 @@
 
 #include "rand.inc"
 
+DEFINE_STACK_OF(SSL_COMP)
+
 /* unused, to avoid warning. */
 static int idx;
 
diff --git a/fuzz/cmp.c b/fuzz/cmp.c
index 0088dd9478..6883a286ff 100644
--- a/fuzz/cmp.c
+++ b/fuzz/cmp.c
@@ -18,6 +18,8 @@
 #include "fuzzer.h"
 #include "rand.inc"
 
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+
 int FuzzerInitialize(int *argc, char ***argv)
 {
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
diff --git a/fuzz/server.c b/fuzz/server.c
index 335f1f165d..fe4fa5c70b 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -24,6 +24,8 @@
 
 #include "rand.inc"
 
+DEFINE_STACK_OF(SSL_COMP)
+
 static const uint8_t kCertificateDER[] = {
     0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
     0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index f58781272d..a5b14152a9 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -119,8 +119,14 @@ extern "C" {
 # define SMIME_OLDMIME           0x400
 # define SMIME_CRLFEOL           0x800
 # define SMIME_STREAM            0x1000
-    struct X509_algor_st;
-DEFINE_STACK_OF(X509_ALGOR)
+
+DEFINE_OR_DECLARE_STACK_OF(ASN1_GENERALSTRING)
+DEFINE_OR_DECLARE_STACK_OF(ASN1_INTEGER)
+DEFINE_OR_DECLARE_STACK_OF(ASN1_OBJECT)
+DEFINE_OR_DECLARE_STACK_OF(ASN1_STRING_TABLE)
+DEFINE_OR_DECLARE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_OR_DECLARE_STACK_OF(X509_ALGOR)
+DEFINE_OR_DECLARE_STACK_OF(ASN1_TYPE)
 
 # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
 /*
@@ -187,15 +193,14 @@ typedef struct ASN1_ENCODING_st {
  (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
 # define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
 
-typedef struct asn1_string_table_st {
+struct asn1_string_table_st {
     int nid;
     long minsize;
     long maxsize;
     unsigned long mask;
     unsigned long flags;
-} ASN1_STRING_TABLE;
+};
 
-DEFINE_STACK_OF(ASN1_STRING_TABLE)
 
 /* size limits: this stuff is taken straight from RFC2459 */
 
@@ -419,13 +424,8 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
                                 ASN1_STRFLGS_DUMP_UNKNOWN | \
                                 ASN1_STRFLGS_DUMP_DER)
 
-DEFINE_STACK_OF(ASN1_INTEGER)
-
-DEFINE_STACK_OF(ASN1_GENERALSTRING)
 
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-
-typedef struct asn1_type_st {
+struct asn1_type_st {
     int type;
     union {
         char *ptr;
@@ -454,9 +454,8 @@ typedef struct asn1_type_st {
         ASN1_STRING *sequence;
         ASN1_VALUE *asn1_value;
     } value;
-} ASN1_TYPE;
+};
 
-DEFINE_STACK_OF(ASN1_TYPE)
 
 typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
 
@@ -511,7 +510,6 @@ ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
 void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
 
 DECLARE_ASN1_FUNCTIONS(ASN1_OBJECT)
-DEFINE_STACK_OF(ASN1_OBJECT)
 
 ASN1_STRING *ASN1_STRING_new(void);
 void ASN1_STRING_free(ASN1_STRING *a);
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 837fd427b0..286db9e2eb 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -880,7 +880,7 @@ DECLARE_ASN1_ITEM(LONG)
 DECLARE_ASN1_ITEM(ZLONG)
 # endif
 
-DEFINE_STACK_OF(ASN1_VALUE)
+DEFINE_OR_DECLARE_STACK_OF(ASN1_VALUE)
 
 /* Functions used internally by the ASN1 code */
 
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index edc9fbd6b4..b4047d55b9 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -286,7 +286,7 @@ int BIO_method_type(const BIO *b);
 typedef int BIO_info_cb(BIO *, int, int);
 typedef BIO_info_cb bio_info_cb;  /* backward compatibility */
 
-DEFINE_STACK_OF(BIO)
+DEFINE_OR_DECLARE_STACK_OF(BIO)
 
 /* Prefix and suffix callback in ASN1 BIO */
 typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h
index 6a5da278d1..76ba0e3bf1 100644
--- a/include/openssl/cmp.h
+++ b/include/openssl/cmp.h
@@ -202,6 +202,12 @@ DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
 #  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
 #  define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
 
+DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTSTATUS)
+DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_ITAV)
+DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_PKISI)
+DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTREPMESSAGE)
+DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+
 /* data type declarations */
 typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
 typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER;
@@ -210,21 +216,16 @@ typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
 DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
 typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
-DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
 typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
 typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
 typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
-DEFINE_STACK_OF(OSSL_CMP_PKISI)
 typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
-DEFINE_STACK_OF(OSSL_CMP_CERTREPMESSAGE)
 typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
 typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
 typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
 typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
 
 /*
diff --git a/include/openssl/cms.h b/include/openssl/cms.h
index c7e5abcf51..a0f4b6a0ec 100644
--- a/include/openssl/cms.h
+++ b/include/openssl/cms.h
@@ -36,10 +36,11 @@ typedef struct CMS_Receipt_st CMS_Receipt;
 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
 
-DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
-DEFINE_STACK_OF(CMS_RecipientInfo)
-DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+DEFINE_OR_DECLARE_STACK_OF(CMS_SignerInfo)
+DEFINE_OR_DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
+DEFINE_OR_DECLARE_STACK_OF(CMS_RecipientInfo)
+DEFINE_OR_DECLARE_STACK_OF(CMS_RevocationInfoChoice)
+
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
diff --git a/include/openssl/conf.h b/include/openssl/conf.h
index d15d47873f..6a36a85b0f 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -33,7 +33,9 @@ typedef struct {
     char *value;
 } CONF_VALUE;
 
-DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_OR_DECLARE_STACK_OF(CONF_VALUE)
+DEFINE_OR_DECLARE_STACK_OF(CONF_MODULE)
+
 DEFINE_LHASH_OF(CONF_VALUE);
 
 struct conf_st;
@@ -58,8 +60,7 @@ struct conf_method_st {
 typedef struct conf_imodule_st CONF_IMODULE;
 typedef struct conf_module_st CONF_MODULE;
 
-DEFINE_STACK_OF(CONF_MODULE)
-DEFINE_STACK_OF(CONF_IMODULE)
+STACK_OF(CONF_IMODULE);
 
 /* DSO module function typedefs */
 typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h
index 02ed3af761..4908ebd563 100644
--- a/include/openssl/crmf.h
+++ b/include/openssl/crmf.h
@@ -30,6 +30,9 @@
 extern "C" {
 #  endif
 
+DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_MSG)
+DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_CERTID)
+
 #  define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE          0
 #  define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE    1
 #  define OSSL_CRMF_POPOPRIVKEY_DHMAC                2
@@ -43,7 +46,6 @@ typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
-DEFINE_STACK_OF(OSSL_CRMF_MSG)
 typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
 typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
@@ -51,7 +53,6 @@ typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
 typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
 typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
-DEFINE_STACK_OF(OSSL_CRMF_CERTID)
 
 typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index e20d17b5d9..0b3a20dfd2 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -169,7 +169,8 @@ struct crypto_ex_data_st {
     OPENSSL_CTX *ctx;
     STACK_OF(void) *sk;
 };
-DEFINE_STACK_OF(void)
+
+DEFINE_OR_DECLARE_STACK_OF(void)
 
 /*
  * Per class, we have a STACK of function pointers.
diff --git a/include/openssl/ct.h b/include/openssl/ct.h
index c3447004e6..280f7ceecf 100644
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -34,6 +34,9 @@ extern "C" {
 /* All hashes are SHA256 in v1 of Certificate Transparency */
 # define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
 
+DEFINE_OR_DECLARE_STACK_OF(SCT)
+DEFINE_OR_DECLARE_STACK_OF(CTLOG)
+
 typedef enum {
     CT_LOG_ENTRY_TYPE_NOT_SET = -1,
     CT_LOG_ENTRY_TYPE_X509 = 0,
@@ -61,9 +64,6 @@ typedef enum {
     SCT_VALIDATION_STATUS_UNKNOWN_VERSION
 } sct_validation_status_t;
 
-DEFINE_STACK_OF(SCT)
-DEFINE_STACK_OF(CTLOG)
-
 /******************************************
  * CT policy evaluation context functions *
  ******************************************/
diff --git a/include/openssl/ess.h b/include/openssl/ess.h
index c20bf8201d..5a31f678c1 100644
--- a/include/openssl/ess.h
+++ b/include/openssl/ess.h
@@ -19,16 +19,16 @@ extern "C" {
 # include <openssl/x509.h>
 # include <openssl/esserr.h>
 
+DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID)
+DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID_V2)
+
 typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
 typedef struct ESS_cert_id ESS_CERT_ID;
 typedef struct ESS_signing_cert ESS_SIGNING_CERT;
 
-DEFINE_STACK_OF(ESS_CERT_ID)
-
 typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
 typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
 
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL)
 DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL)
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index b9f55c0123..d40e843e8f 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -102,14 +102,13 @@ extern "C" {
 #  define OCSP_RESPID_KEY                 0x400
 #  define OCSP_NOTIME                     0x800
 
-typedef struct ocsp_cert_id_st OCSP_CERTID;
-
-DEFINE_STACK_OF(OCSP_CERTID)
+DEFINE_OR_DECLARE_STACK_OF(OCSP_CERTID)
+DEFINE_OR_DECLARE_STACK_OF(OCSP_ONEREQ)
+DEFINE_OR_DECLARE_STACK_OF(OCSP_RESPID)
+DEFINE_OR_DECLARE_STACK_OF(OCSP_SINGLERESP)
 
+typedef struct ocsp_cert_id_st OCSP_CERTID;
 typedef struct ocsp_one_request_st OCSP_ONEREQ;
-
-DEFINE_STACK_OF(OCSP_ONEREQ)
-
 typedef struct ocsp_req_info_st OCSP_REQINFO;
 typedef struct ocsp_signature_st OCSP_SIGNATURE;
 typedef struct ocsp_request_st OCSP_REQUEST;
@@ -126,7 +125,6 @@ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
 #  define V_OCSP_RESPID_NAME 0
 #  define V_OCSP_RESPID_KEY  1
 
-DEFINE_STACK_OF(OCSP_RESPID)
 
 typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
 
@@ -137,7 +135,6 @@ typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
 typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
 typedef struct ocsp_single_response_st OCSP_SINGLERESP;
 
-DEFINE_STACK_OF(OCSP_SINGLERESP)
 
 typedef struct ocsp_response_data_st OCSP_RESPDATA;
 
diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h
index 51d6e8a485..474992e479 100644
--- a/include/openssl/pkcs12.h
+++ b/include/openssl/pkcs12.h
@@ -46,14 +46,14 @@ extern "C" {
 # define KEY_EX  0x10
 # define KEY_SIG 0x80
 
+DEFINE_OR_DECLARE_STACK_OF(PKCS12_SAFEBAG)
+
 typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
 
 typedef struct PKCS12_st PKCS12;
 
 typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
 
-DEFINE_STACK_OF(PKCS12_SAFEBAG)
-
 typedef struct pkcs12_bag_st PKCS12_BAGS;
 
 # define PKCS12_ERROR    0
diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h
index 7c079a2ec5..4d114d75e7 100644
--- a/include/openssl/pkcs7.h
+++ b/include/openssl/pkcs7.h
@@ -28,6 +28,7 @@
 extern "C" {
 #endif
 
+
 /*-
 Encryption_ID           DES-CBC
 Digest_ID               MD5
@@ -51,8 +52,7 @@ typedef struct pkcs7_signer_info_st {
     /* The private key to sign with */
     EVP_PKEY *pkey;
 } PKCS7_SIGNER_INFO;
-
-DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+DEFINE_OR_DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
 
 typedef struct pkcs7_recip_info_st {
     ASN1_INTEGER *version;      /* version 0 */
@@ -61,8 +61,8 @@ typedef struct pkcs7_recip_info_st {
     ASN1_OCTET_STRING *enc_key;
     X509 *cert;                 /* get the pub-key from this */
 } PKCS7_RECIP_INFO;
+DEFINE_OR_DECLARE_STACK_OF(PKCS7_RECIP_INFO)
 
-DEFINE_STACK_OF(PKCS7_RECIP_INFO)
 
 typedef struct pkcs7_signed_st {
     ASN1_INTEGER *version;      /* version 1 */
@@ -148,8 +148,8 @@ typedef struct pkcs7_st {
         ASN1_TYPE *other;
     } d;
 } PKCS7;
+DEFINE_OR_DECLARE_STACK_OF(PKCS7)
 
-DEFINE_STACK_OF(PKCS7)
 
 # define PKCS7_OP_SET_DETACHED_SIGNATURE 1
 # define PKCS7_OP_GET_DETACHED_SIGNATURE 2
diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h
index b8de23cf3a..5d099e6246 100644
--- a/include/openssl/safestack.h
+++ b/include/openssl/safestack.h
@@ -132,11 +132,11 @@ extern "C" {
         return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \
     }
 
-# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
 # define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
+# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t)
+# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
 # define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \
             SKM_DEFINE_STACK_OF(t1, const t2, t2)
-# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t)
 
 /*-
  * Strings are special: normally an lhash entry will point to a single
@@ -155,6 +155,28 @@ extern "C" {
 typedef char *OPENSSL_STRING;
 typedef const char *OPENSSL_CSTRING;
 
+# define DEFINE_STACK_OF_STRING() \
+        DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
+# define DEFINE_STACK_OF_CSTRING() \
+        DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
+
+/*
+ * If we're building OpenSSL, or we have no-deprecated configured,
+ * then we don't define the inline functions (see |SKM_DEFINE_STACK_OF|,
+ * above), we just declare the stack datatypes. Otherwise, for compatibility
+ * and to not remove the API's, we define the functions.  We have the
+ * trailing semicolon so that uses of this never need it.
+ */
+#if defined(OPENSSL_BUILDING_OPENSSL) || defined(OPENSSL_NO_DEPRECATED_3_0)
+# define DEFINE_OR_DECLARE_STACK_OF(s) STACK_OF(s);
+# define DEFINE_OR_DECLARE_STACK_OF_STRING() STACK_OF(OPENSSL_STRING);
+# define DEFINE_OR_DECLARE_STACK_OF_CSTRING() STACK_OF(OPENSSL_CSTRING);
+#else
+# define DEFINE_OR_DECLARE_STACK_OF(s) DEFINE_STACK_OF(s)
+# define DEFINE_OR_DECLARE_STACK_OF_STRING() DEFINE_STACK_OF_STRING()
+# define DEFINE_OR_DECLARE_STACK_OF_CSTRING() DEFINE_STACK_OF_CSTRING()
+#endif
+
 /*-
  * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
  * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned
@@ -162,15 +184,17 @@ typedef const char *OPENSSL_CSTRING;
  * chars. So, we have to implement STRING specially for STACK_OF. This is
  * dealt with in the autogenerated macros below.
  */
-DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
-DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
+DEFINE_OR_DECLARE_STACK_OF_STRING()
+DEFINE_OR_DECLARE_STACK_OF_CSTRING()
 
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
 /*
- * Similarly, we sometimes use a block of characters, NOT nul-terminated.
+ * This is not used by OpenSSL.  A block of bytes,  NOT nul-terminated.
  * These should also be distinguished from "normal" stacks.
  */
 typedef void *OPENSSL_BLOCK;
 DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
+#endif
 
 /*
  * If called without higher optimization (min. -xO3) the Oracle Developer
diff --git a/include/openssl/srp.h b/include/openssl/srp.h
index 56d294b77a..dc7bce935e 100644
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h
@@ -33,14 +33,15 @@
 extern "C" {
 # endif
 
+DEFINE_OR_DECLARE_STACK_OF(SRP_gN_cache)
+DEFINE_OR_DECLARE_STACK_OF(SRP_user_pwd)
+DEFINE_OR_DECLARE_STACK_OF(SRP_gN)
+
 typedef struct SRP_gN_cache_st {
     char *b64_bn;
     BIGNUM *bn;
 } SRP_gN_cache;
 
-
-DEFINE_STACK_OF(SRP_gN_cache)
-
 typedef struct SRP_user_pwd_st {
     /* Owned by us. */
     char *id;
@@ -60,7 +61,6 @@ void SRP_user_pwd_set_gN(SRP_user_pwd *user_pwd, const BIGNUM *g, const BIGNUM *
 int SRP_user_pwd_set1_ids(SRP_user_pwd *user_pwd, const char *id, const char *info);
 int SRP_user_pwd_set0_sv(SRP_user_pwd *user_pwd, BIGNUM *s, BIGNUM *v);
 
-DEFINE_STACK_OF(SRP_user_pwd)
 
 typedef struct SRP_VBASE_st {
     STACK_OF(SRP_user_pwd) *users_pwd;
@@ -80,7 +80,6 @@ typedef struct SRP_gN_st {
     const BIGNUM *N;
 } SRP_gN;
 
-DEFINE_STACK_OF(SRP_gN)
 
 SRP_VBASE *SRP_VBASE_new(char *seed_key);
 void SRP_VBASE_free(SRP_VBASE *vb);
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e75394676f..7a2b418bf7 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -230,8 +230,10 @@ typedef struct tls_sigalgs_st TLS_SIGALGS;
 typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
 typedef struct ssl_comp_st SSL_COMP;
 
-STACK_OF(SSL_CIPHER);
-STACK_OF(SSL_COMP);
+DEFINE_OR_DECLARE_STACK_OF(SSL_CIPHER)
+DEFINE_OR_DECLARE_STACK_OF(SSL_COMP)
+DEFINE_OR_DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
+DEFINE_OR_DECLARE_STACK_OF(SSL_COMP)
 
 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
 typedef struct srtp_protection_profile_st {
@@ -239,7 +241,6 @@ typedef struct srtp_protection_profile_st {
     unsigned long id;
 } SRTP_PROTECTION_PROFILE;
 
-DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
 
 typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
                                             int len, void *arg);
@@ -979,8 +980,6 @@ extern "C" {
  * These need to be after the above set of includes due to a compiler bug
  * in VisualStudio 2015
  */
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-DEFINE_STACK_OF(SSL_COMP)
 
 /* compatibility */
 # define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)(arg)))
diff --git a/include/openssl/ts.h b/include/openssl/ts.h
index 1229838da6..bf8f236cf3 100644
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -37,6 +37,8 @@ extern "C" {
 # include <openssl/x509.h>
 # include <openssl/x509v3.h>
 
+DEFINE_OR_DECLARE_STACK_OF(EVP_MD)
+
 typedef struct TS_msg_imprint_st TS_MSG_IMPRINT;
 typedef struct TS_req_st TS_REQ;
 typedef struct TS_accuracy_st TS_ACCURACY;
@@ -264,8 +266,6 @@ typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
 
 typedef struct TS_resp_ctx TS_RESP_CTX;
 
-DEFINE_STACK_OF_CONST(EVP_MD)
-
 /* Creates a response context that can be used for generating responses. */
 TS_RESP_CTX *TS_RESP_CTX_new(void);
 void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
diff --git a/include/openssl/types.h b/include/openssl/types.h
index 2b1d0820cf..27f90a7bdf 100644
--- a/include/openssl/types.h
+++ b/include/openssl/types.h
@@ -60,7 +60,9 @@ typedef int ASN1_BOOLEAN;
 typedef int ASN1_NULL;
 # endif
 
+typedef struct asn1_type_st ASN1_TYPE;
 typedef struct asn1_object_st ASN1_OBJECT;
+typedef struct asn1_string_table_st ASN1_STRING_TABLE;
 
 typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct asn1_pctx_st ASN1_PCTX;
diff --git a/include/openssl/ui.h b/include/openssl/ui.h
index 254ec6c29d..fa55d92ac8 100644
--- a/include/openssl/ui.h
+++ b/include/openssl/ui.h
@@ -283,7 +283,8 @@ const UI_METHOD *UI_null(void);
  * about a string or a prompt, including test data for a verification prompt.
  */
 typedef struct ui_string_st UI_STRING;
-DEFINE_STACK_OF(UI_STRING)
+
+DEFINE_OR_DECLARE_STACK_OF(UI_STRING)
 
 /*
  * The different types of strings that are currently supported. This is only
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index c54a91b671..310980299e 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -78,32 +78,24 @@ typedef struct X509_sig_st X509_SIG;
 
 typedef struct X509_name_entry_st X509_NAME_ENTRY;
 
-DEFINE_STACK_OF(X509_NAME_ENTRY)
-
-DEFINE_STACK_OF(X509_NAME)
+DEFINE_OR_DECLARE_STACK_OF(X509_NAME_ENTRY)
+DEFINE_OR_DECLARE_STACK_OF(X509_NAME)
+DEFINE_OR_DECLARE_STACK_OF(X509)
+DEFINE_OR_DECLARE_STACK_OF(X509_REVOKED)
+DEFINE_OR_DECLARE_STACK_OF(X509_CRL)
 
 # define X509_EX_V_NETSCAPE_HACK         0x8000
 # define X509_EX_V_INIT                  0x0001
 typedef struct X509_extension_st X509_EXTENSION;
-
+DEFINE_OR_DECLARE_STACK_OF(X509_EXTENSION)
 typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
-
-DEFINE_STACK_OF(X509_EXTENSION)
-
 typedef struct x509_attributes_st X509_ATTRIBUTE;
-
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-
+DEFINE_OR_DECLARE_STACK_OF(X509_ATTRIBUTE)
 typedef struct X509_req_info_st X509_REQ_INFO;
-
 typedef struct X509_req_st X509_REQ;
-
 typedef struct x509_cert_aux_st X509_CERT_AUX;
-
 typedef struct x509_cinf_st X509_CINF;
 
-DEFINE_STACK_OF(X509)
-
 /* This is used for a table of trust checking functions */
 
 typedef struct x509_trust_st {
@@ -114,8 +106,8 @@ typedef struct x509_trust_st {
     int arg1;
     void *arg2;
 } X509_TRUST;
+DEFINE_OR_DECLARE_STACK_OF(X509_TRUST)
 
-DEFINE_STACK_OF(X509_TRUST)
 
 /* standard trust ids */
 
@@ -227,12 +219,8 @@ DEFINE_STACK_OF(X509_TRUST)
                         XN_FLAG_FN_LN | \
                         XN_FLAG_FN_ALIGN)
 
-DEFINE_STACK_OF(X509_REVOKED)
-
 typedef struct X509_crl_info_st X509_CRL_INFO;
 
-DEFINE_STACK_OF(X509_CRL)
-
 typedef struct private_key_st {
     int version;
     /* The PKCS#8 data types */
@@ -256,8 +244,7 @@ typedef struct X509_info_st {
     int enc_len;
     char *enc_data;
 } X509_INFO;
-
-DEFINE_STACK_OF(X509_INFO)
+DEFINE_OR_DECLARE_STACK_OF(X509_INFO)
 
 /*
  * The next 2 structures and their 8 routines are used to manipulate Netscape's
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 5822eab52d..84b076a1cb 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -60,9 +60,9 @@ typedef enum {
 #define X509_LU_FAIL    0
 #endif
 
-DEFINE_STACK_OF(X509_LOOKUP)
-DEFINE_STACK_OF(X509_OBJECT)
-DEFINE_STACK_OF(X509_VERIFY_PARAM)
+DEFINE_OR_DECLARE_STACK_OF(X509_LOOKUP)
+DEFINE_OR_DECLARE_STACK_OF(X509_OBJECT)
+DEFINE_OR_DECLARE_STACK_OF(X509_VERIFY_PARAM)
 
 int X509_STORE_set_depth(X509_STORE *store, int depth);
 
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 6f4743d150..e4f09adfce 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -25,6 +25,25 @@
 extern "C" {
 #endif
 
+DEFINE_OR_DECLARE_STACK_OF(GENERAL_NAME)
+DEFINE_OR_DECLARE_STACK_OF(X509V3_EXT_METHOD)
+DEFINE_OR_DECLARE_STACK_OF(GENERAL_NAMES)
+DEFINE_OR_DECLARE_STACK_OF(ACCESS_DESCRIPTION)
+DEFINE_OR_DECLARE_STACK_OF(DIST_POINT)
+DEFINE_OR_DECLARE_STACK_OF(SXNETID)
+DEFINE_OR_DECLARE_STACK_OF(POLICYQUALINFO)
+DEFINE_OR_DECLARE_STACK_OF(POLICYINFO)
+DEFINE_OR_DECLARE_STACK_OF(POLICY_MAPPING)
+DEFINE_OR_DECLARE_STACK_OF(GENERAL_SUBTREE)
+DEFINE_OR_DECLARE_STACK_OF(X509_PURPOSE)
+DEFINE_OR_DECLARE_STACK_OF(X509_POLICY_NODE)
+DEFINE_OR_DECLARE_STACK_OF(ASIdOrRange)
+DEFINE_OR_DECLARE_STACK_OF(IPAddressOrRange)
+DEFINE_OR_DECLARE_STACK_OF(IPAddressFamily)
+DEFINE_OR_DECLARE_STACK_OF(ASN1_STRING)
+DEFINE_OR_DECLARE_STACK_OF(ADMISSIONS)
+DEFINE_OR_DECLARE_STACK_OF(PROFESSION_INFO)
+
 /* Forward reference */
 struct v3_ext_method;
 struct v3_ext_ctx;
@@ -97,8 +116,6 @@ struct v3_ext_ctx {
 
 typedef struct v3_ext_method X509V3_EXT_METHOD;
 
-DEFINE_STACK_OF(X509V3_EXT_METHOD)
-
 /* ext_flags values */
 # define X509V3_EXT_DYNAMIC      0x1
 # define X509V3_EXT_CTX_DEP      0x2
@@ -169,11 +186,7 @@ typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
 
 typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
 
-DEFINE_STACK_OF(GENERAL_NAME)
 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-DEFINE_STACK_OF(GENERAL_NAMES)
-
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
 
 typedef struct DIST_POINT_NAME_st {
     int type;
@@ -208,8 +221,6 @@ struct DIST_POINT_st {
 
 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
 
-DEFINE_STACK_OF(DIST_POINT)
-
 struct AUTHORITY_KEYID_st {
     ASN1_OCTET_STRING *keyid;
     GENERAL_NAMES *issuer;
@@ -223,8 +234,6 @@ typedef struct SXNET_ID_st {
     ASN1_OCTET_STRING *user;
 } SXNETID;
 
-DEFINE_STACK_OF(SXNETID)
-
 typedef struct SXNET_st {
     ASN1_INTEGER *version;
     STACK_OF(SXNETID) *ids;
@@ -256,8 +265,6 @@ typedef struct POLICYQUALINFO_st {
     } d;
 } POLICYQUALINFO;
 
-DEFINE_STACK_OF(POLICYQUALINFO)
-
 typedef struct POLICYINFO_st {
     ASN1_OBJECT *policyid;
     STACK_OF(POLICYQUALINFO) *qualifiers;
@@ -265,15 +272,11 @@ typedef struct POLICYINFO_st {
 
 typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
 
-DEFINE_STACK_OF(POLICYINFO)
-
 typedef struct POLICY_MAPPING_st {
     ASN1_OBJECT *issuerDomainPolicy;
     ASN1_OBJECT *subjectDomainPolicy;
 } POLICY_MAPPING;
 
-DEFINE_STACK_OF(POLICY_MAPPING)
-
 typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
 
 typedef struct GENERAL_SUBTREE_st {
@@ -282,8 +285,6 @@ typedef struct GENERAL_SUBTREE_st {
     ASN1_INTEGER *maximum;
 } GENERAL_SUBTREE;
 
-DEFINE_STACK_OF(GENERAL_SUBTREE)
-
 struct NAME_CONSTRAINTS_st {
     STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
     STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
@@ -458,8 +459,6 @@ typedef struct x509_purpose_st {
 # define X509V3_ADD_DELETE               5L
 # define X509V3_ADD_SILENT               0x10
 
-DEFINE_STACK_OF(X509_PURPOSE)
-
 DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
 
 DECLARE_ASN1_FUNCTIONS(SXNET)
@@ -736,7 +735,6 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
                              unsigned long chtype);
 
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-DEFINE_STACK_OF(X509_POLICY_NODE)
 
 #ifndef OPENSSL_NO_RFC3779
 typedef struct ASRange_st {
@@ -755,7 +753,6 @@ typedef struct ASIdOrRange_st {
 } ASIdOrRange;
 
 typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
-DEFINE_STACK_OF(ASIdOrRange)
 
 # define ASIdentifierChoice_inherit              0
 # define ASIdentifierChoice_asIdsOrRanges        1
@@ -793,7 +790,6 @@ typedef struct IPAddressOrRange_st {
 } IPAddressOrRange;
 
 typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
-DEFINE_STACK_OF(IPAddressOrRange)
 
 # define IPAddressChoice_inherit                 0
 # define IPAddressChoice_addressesOrRanges       1
@@ -812,7 +808,6 @@ typedef struct IPAddressFamily_st {
 } IPAddressFamily;
 
 typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
-DEFINE_STACK_OF(IPAddressFamily)
 
 DECLARE_ASN1_FUNCTIONS(IPAddressRange)
 DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
@@ -884,7 +879,6 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
 
 #endif                         /* OPENSSL_NO_RFC3779 */
 
-DEFINE_STACK_OF(ASN1_STRING)
 
 /*
  * Admission Syntax
@@ -897,8 +891,6 @@ DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
 DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
 DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
 DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
-DEFINE_STACK_OF(ADMISSIONS)
-DEFINE_STACK_OF(PROFESSION_INFO)
 typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
 
 const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 6498f84de6..c46bc2e641 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -19,6 +19,8 @@
 
 #ifndef OPENSSL_NO_SRTP
 
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
 static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
     {
      "SRTP_AES128_CM_SHA1_80",
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index fde68943a9..2b49e7e51a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -20,6 +20,10 @@
 #include <openssl/x509v3.h>
 #include "internal/cryptlib.h"
 
+DEFINE_STACK_OF(X509_NAME)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+
 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index b2ef4759d6..51bfa439f0 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -25,6 +25,9 @@
 #include "ssl_cert_table.h"
 #include "internal/thread_once.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_NAME)
+
 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
                                          int op, int bits, int nid, void *other,
                                          void *ex);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 066c38a7cc..9ee1fc7fa9 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -22,6 +22,9 @@
 #include "internal/thread_once.h"
 #include "internal/cryptlib.h"
 
+DEFINE_STACK_OF(SSL_COMP)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+
 /* NB: make sure indices in these tables match values above */
 
 typedef struct {
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index cccda866eb..9408acc89e 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -14,6 +14,8 @@
 #include <openssl/dh.h>
 #include "internal/nelem.h"
 
+DEFINE_STACK_OF(X509_NAME)
+
 /*
  * structure holding name tables. This is used for permitted elements in lists
  * such as TLSv1.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index edfd69cd90..63cbb3d904 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -26,6 +26,14 @@
 #include "internal/refcount.h"
 #include "internal/ktls.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_NAME)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(OCSP_RESPID)
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+DEFINE_STACK_OF(SCT)
+
 static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
 {
     (void)r;
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index e0b4887061..7a699747d3 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -17,6 +17,8 @@
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 
+DEFINE_STACK_OF(X509)
+
 static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
 
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 5fc09d5d68..2062879406 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -16,6 +16,8 @@
 #include "ssl_local.h"
 #include "statem/statem_local.h"
 
+DEFINE_STACK_OF(X509)
+
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 6bd16091d7..3c023486da 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -14,6 +14,8 @@
 #include "statem_local.h"
 #include "internal/cryptlib.h"
 
+DEFINE_STACK_OF(X509_NAME)
+
 static int final_renegotiate(SSL *s, unsigned int context, int sent);
 static int init_server_name(SSL *s, unsigned int context);
 static int final_server_name(SSL *s, unsigned int context, int sent);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index b8fcd8caa5..764c52322d 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -12,6 +12,10 @@
 #include "internal/cryptlib.h"
 #include "statem_local.h"
 
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(OCSP_RESPID)
+
 EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
                                           unsigned int context, X509 *x,
                                           size_t chainidx)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 9a11bc8656..e33b671a05 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -12,6 +12,10 @@
 #include "statem_local.h"
 #include "internal/cryptlib.h"
 
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+DEFINE_STACK_OF(OCSP_RESPID)
+DEFINE_STACK_OF(X509_EXTENSION)
+
 #define COOKIE_STATE_FORMAT_VERSION     0
 
 /*
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index eb4d416b6b..4e43117ca2 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -25,6 +25,10 @@
 #include <openssl/trace.h>
 #include <internal/cryptlib.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(SSL_COMP)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+
 static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt);
 static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);
 
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 1df15c39db..262fe355f3 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -21,6 +21,10 @@
 #include <openssl/x509.h>
 #include <openssl/trace.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_NAME)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+
 /*
  * Map error codes to TLS/SSL alart types.
  */
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 83dbf67a7e..c463f22ce2 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -26,6 +26,10 @@
 #include <openssl/core_names.h>
 #include <openssl/asn1t.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(SSL_COMP)
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+
 #define TICKET_NONCE_SIZE       8
 
 typedef struct {
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dc9cd6f1eb..7a5041b634 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -26,6 +26,10 @@
 #include "ssl_local.h"
 #include <openssl/ct.h>
 
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_NAME)
+
 static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
 
diff --git a/test/cipherbytes_test.c b/test/cipherbytes_test.c
index 370d033a4d..9e2c5eaaea 100644
--- a/test/cipherbytes_test.c
+++ b/test/cipherbytes_test.c
@@ -21,6 +21,8 @@
 #include "internal/nelem.h"
 #include "testutil.h"
 
+DEFINE_STACK_OF(SSL_CIPHER)
+
 static SSL_CTX *ctx;
 static SSL *s;
 
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index b950411c38..3bc103c737 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -21,6 +21,8 @@
 #include "internal/nelem.h"
 #include "testutil.h"
 
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+
 typedef struct cipherlist_test_fixture {
     const char *test_case_name;
     SSL_CTX *server;
diff --git a/test/ciphername_test.c b/test/ciphername_test.c
index c4ec6cadd7..c82a164827 100644
--- a/test/ciphername_test.c
+++ b/test/ciphername_test.c
@@ -22,6 +22,8 @@
 #include "internal/nelem.h"
 #include "testutil.h"
 
+DEFINE_STACK_OF(SSL_CIPHER)
+
 typedef struct cipher_id_name {
     int id;
     const char *name;
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 44d09e0446..b10662349c 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -15,6 +15,9 @@
 
 #ifndef NDEBUG /* tests need mock server, which is available only if !NDEBUG */
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+
 static const char *server_key_f;
 static const char *server_cert_f;
 static const char *client_key_f;
diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
index 470ab63b13..a2a8adc856 100644
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@@ -13,6 +13,12 @@
 
 #include <openssl/x509_vfy.h>
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+DEFINE_STACK_OF(POLICYINFO)
+
 typedef struct test_fixture {
     const char *test_case_name;
     OSSL_CMP_CTX *ctx;
diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c
index 6e78432d47..cd30c49762 100644
--- a/test/cmp_hdr_test.c
+++ b/test/cmp_hdr_test.c
@@ -11,6 +11,9 @@
 
 #include "cmp_testlib.h"
 
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
 
 typedef struct test_fixture {
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index 6aadd439bc..413e284fcc 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -11,6 +11,8 @@
 
 #include "cmp_testlib.h"
 
+DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+
 static const char *server_cert_f;
 static const char *pkcs10_f;
 
diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c
index fc006ac6ca..ce5a6cb420 100644
--- a/test/cmp_protect_test.c
+++ b/test/cmp_protect_test.c
@@ -11,6 +11,8 @@
 
 #include "cmp_testlib.h"
 
+DEFINE_STACK_OF(X509)
+
 static const char *ir_protected_f;
 static const char *ir_unprotected_f;
 static const char *ip_PBM_f;
diff --git a/test/cmp_status_test.c b/test/cmp_status_test.c
index 7358f1589f..bf6699a2b1 100644
--- a/test/cmp_status_test.c
+++ b/test/cmp_status_test.c
@@ -11,6 +11,8 @@
 
 #include "cmp_testlib.h"
 
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
 typedef struct test_fixture {
     const char *test_case_name;
     int pkistatus;
diff --git a/test/cmp_testlib.c b/test/cmp_testlib.c
index bb3351b4b0..d25ab7468b 100644
--- a/test/cmp_testlib.c
+++ b/test/cmp_testlib.c
@@ -12,6 +12,8 @@
 #include "cmp_testlib.h"
 #include <openssl/rsa.h> /* needed in case config no-deprecated */
 
+DEFINE_STACK_OF(X509)
+
 EVP_PKEY *load_pem_key(const char *file)
 {
     EVP_PKEY *key = NULL;
diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c
index 5f43f1e2ec..c74dd2faec 100644
--- a/test/cmp_vfy_test.c
+++ b/test/cmp_vfy_test.c
@@ -11,6 +11,7 @@
 
 #include "cmp_testlib.h"
 #include "../crypto/crmf/crmf_local.h" /* for manipulating POPO signature */
+DEFINE_STACK_OF(OSSL_CRMF_MSG)
 
 static const char *server_f;
 static const char *client_f;
diff --git a/test/cmsapitest.c b/test/cmsapitest.c
index ad1cbd1c14..2ac330a8fa 100644
--- a/test/cmsapitest.c
+++ b/test/cmsapitest.c
@@ -16,6 +16,8 @@
 
 #include "testutil.h"
 
+DEFINE_STACK_OF(X509)
+
 static X509 *cert = NULL;
 static EVP_PKEY *privkey = NULL;
 
diff --git a/test/confdump.c b/test/confdump.c
index dbf6244653..48b3779df7 100644
--- a/test/confdump.c
+++ b/test/confdump.c
@@ -14,6 +14,9 @@
 #include <openssl/safestack.h>
 #include <openssl/err.h>
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF_CSTRING()
+
 static STACK_OF(OPENSSL_CSTRING) *section_names = NULL;
 
 static void collect_section_name(CONF_VALUE *v)
diff --git a/test/crltest.c b/test/crltest.c
index 6a2ef4e90d..ac2d27b328 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -17,6 +17,9 @@
 
 #include "testutil.h"
 
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_CRL)
+
 #define PARAM_TIME 1474934400 /* Sep 27th, 2016 */
 
 static const char *kCRLTestRoot[] = {
diff --git a/test/ct_test.c b/test/ct_test.c
index bd098c5d6a..79ffcbf9a2 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -21,6 +21,9 @@
 #include <openssl/crypto.h>
 
 #ifndef OPENSSL_NO_CT
+
+DEFINE_STACK_OF(SCT)
+
 /* Used when declaring buffers to read text files into */
 # define CT_TEST_MAX_FILE_SIZE 8096
 
diff --git a/test/danetest.c b/test/danetest.c
index b0d6ffe563..96b9579f3c 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -26,6 +26,8 @@
 
 #include "internal/nelem.h"
 
+DEFINE_STACK_OF(X509)
+
 #define _UC(c) ((unsigned char)(c))
 
 static const char *basedomain;
diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c
index 33603baed6..b45df8a2e9 100644
--- a/test/dtls_mtu_test.c
+++ b/test/dtls_mtu_test.c
@@ -20,6 +20,8 @@
 /* for SSL_READ_ETM() */
 #include "../ssl/ssl_local.h"
 
+DEFINE_STACK_OF(SSL_CIPHER)
+
 static int debug = 0;
 
 static unsigned int clnt_psk_callback(SSL *ssl, const char *hint,
diff --git a/test/evp_test.c b/test/evp_test.c
index 71e4716292..6727a007a0 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -25,6 +25,8 @@
 #include "testutil.h"
 #include "evp_test.h"
 
+DEFINE_STACK_OF_STRING()
+
 #define AAD_NUM 4
 
 typedef struct evp_test_method_st EVP_TEST_METHOD;
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index d46db3f298..32aa12c466 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -26,6 +26,8 @@
 #include <netinet/sctp.h>
 #endif
 
+DEFINE_STACK_OF(X509_NAME)
+
 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
 {
     HANDSHAKE_RESULT *ret;
diff --git a/test/http_test.c b/test/http_test.c
index 6449c6f61e..f0b12a7dd0 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -15,6 +15,8 @@
 
 #include "testutil.h"
 
+DEFINE_STACK_OF(CONF_VALUE)
+
 static const ASN1_ITEM *x509_it = NULL;
 static X509 *x509 = NULL;
 #define SERVER "mock.server"
diff --git a/test/ocspapitest.c b/test/ocspapitest.c
index 9e8c306259..4ea6c636d4 100644
--- a/test/ocspapitest.c
+++ b/test/ocspapitest.c
@@ -18,6 +18,8 @@
 
 #include "testutil.h"
 
+DEFINE_STACK_OF(X509)
+
 static const char *certstr;
 static const char *privkeystr;
 
diff --git a/test/ssl_test.c b/test/ssl_test.c
index c671feaf21..731f569743 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -19,6 +19,8 @@
 #include "ssl_test_ctx.h"
 #include "testutil.h"
 
+DEFINE_STACK_OF(X509_NAME)
+
 static CONF *conf = NULL;
 static OSSL_PROVIDER *defctxnull = NULL, *thisprov = NULL;
 static OPENSSL_CTX *libctx = NULL;
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 6a3b66bcb9..f591adf90b 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -20,6 +20,9 @@
 # define strcasecmp _stricmp
 #endif
 
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(X509_NAME)
+
 static const int default_app_data_size = 256;
 /* Default set to be as small as possible to exercise fragmentation. */
 static const int default_max_fragment_size = 512;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index d1635585e8..f9349bc59b 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -37,6 +37,10 @@
 #include "internal/ktls.h"
 #include "../ssl/ssl_local.h"
 
+DEFINE_STACK_OF(OCSP_RESPID)
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_NAME)
+
 static OPENSSL_CTX *libctx = NULL;
 static OSSL_PROVIDER *defctxnull = NULL;
 
@@ -5518,6 +5522,8 @@ static int test_pha_key_update(void)
 
 static SRP_VBASE *vbase = NULL;
 
+DEFINE_STACK_OF(SRP_user_pwd)
+
 static int ssl_srp_cb(SSL *s, int *ad, void *arg)
 {
     int ret = SSL3_AL_FATAL;
diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c
index 135fe48509..476a1758ad 100644
--- a/test/sslcorrupttest.c
+++ b/test/sslcorrupttest.c
@@ -11,6 +11,8 @@
 #include "ssltestlib.h"
 #include "testutil.h"
 
+DEFINE_STACK_OF(SSL_CIPHER)
+
 static int docorrupt = 0;
 
 static void copy_flags(BIO *bio)
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index dca0694ecf..d45b2786d3 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -81,6 +81,9 @@
 # include <unistd.h>
 #endif
 
+DEFINE_STACK_OF(SSL_COMP)
+DEFINE_STACK_OF_STRING()
+
 static SSL_CTX *s_ctx = NULL;
 static SSL_CTX *s_ctx2 = NULL;
 
diff --git a/test/v3nametest.c b/test/v3nametest.c
index d17ab7146a..507b0fcf9f 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -19,6 +19,8 @@
 # define strcasecmp _stricmp
 #endif
 
+DEFINE_STACK_OF(GENERAL_NAME)
+
 static const char *const names[] = {
     "a", "b", ".", "*", "@",
     ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",
diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
index 3dd4562714..6cce626026 100644
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -16,6 +16,8 @@
 #include <openssl/err.h>
 #include "testutil.h"
 
+DEFINE_STACK_OF(X509)
+
 static const char *roots_f;
 static const char *untrusted_f;
 static const char *bad_f;
diff --git a/util/missingmacro.txt b/util/missingmacro.txt
index ed0f61056f..2b02fef5f5 100644
--- a/util/missingmacro.txt
+++ b/util/missingmacro.txt
@@ -124,6 +124,11 @@ PKCS7_get_detached(3)
 PKCS7_is_detached(3)
 STACK_OF(3)
 SKM_DEFINE_STACK_OF(3)
+DEFINE_OR_DECLARE_STACK_OF(3)
+DEFINE_OR_DECLARE_STACK_OF_STRING(3)
+DEFINE_OR_DECLARE_STACK_OF_CSTRING(3)
+DEFINE_STACK_OF_STRING(3)
+DEFINE_STACK_OF_CSTRING(3)
 U64(3)
 SSL_set_mtu(3)
 DTLS_set_link_mtu(3)
diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm
index 6d615016b4..6d060bb77a 100644
--- a/util/perl/OpenSSL/ParseC.pm
+++ b/util/perl/OpenSSL/ParseC.pm
@@ -372,6 +372,28 @@ EOF
     { regexp   => qr/DEFINE_STACK_OF_CONST<<<\((.*)\)>>>/,
       massager => sub { return ("SKM_DEFINE_STACK_OF($1,const $1,$1)"); },
     },
+    { regexp   => qr/DEFINE_STACK_OF_STRING<<<\((.*?)\)>>>/,
+      massager => sub {
+          return ("DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)");
+      }
+    },
+    { regexp   => qr/DEFINE_STACK_OF_CSTRING<<<\((.*?)\)>>>/,
+      massager => sub {
+          return ("DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)");
+      }
+    },
+    # DEFINE_OR_DECLARE macro calls must be interpretted as DEFINE macro
+    # calls, because that's what they look like to the external apps.
+    # (if that ever changes, we must change the substitutions to STACK_OF)
+    { regexp   => qr/DEFINE_OR_DECLARE_STACK_OF<<<\((.*?)\)>>>/,
+      massager => sub { return ("DEFINE_STACK_OF($1)"); }
+    },
+    { regexp   => qr/DEFINE_OR_DECLARE_STACK_OF_STRING<<<\(\)>>>/,
+      massager => sub { return ("DEFINE_STACK_OF_STRING()"); },
+    },
+    { regexp   => qr/DEFINE_OR_DECLARE_STACK_OF_CSTRING<<<\(\)>>>/,
+      massager => sub { return ("DEFINE_STACK_OF_CSTRING()"); },
+    },
 
     #####
     # ASN1 stuff


More information about the openssl-commits mailing list