[openssl] master update

Matt Caswell matt at openssl.org
Sun Sep 13 10:21:26 UTC 2020


The branch master has been updated
       via  225c9660a5a3435d9bcfc9166b9f79f132996249 (commit)
       via  89b46350a322f85924d1226f7c149e4e068d0264 (commit)
       via  0490314f651bdd2888b7839f07c7591877e59bd5 (commit)
       via  962963395c37d015474ef03c41396b78196e301c (commit)
       via  83ecb26f2b4246704ef900416d56942b86967304 (commit)
       via  c6029deab2dba334874b17a9969b6c5fbbb7f96c (commit)
       via  316054147aad943d794c5ba723e5635c31f4ca3e (commit)
       via  262cda1cdac3d5c8f2fdb3c30b6d1c1a982864d6 (commit)
       via  9cedfc90cebc905b20275d534699a1070bba65a4 (commit)
       via  add339272773072e0d8995362c6167e515377c7f (commit)
       via  15c3dcfc78553c70439d816a9c5471b8d5a6c54f (commit)
       via  e74e562f1c518839cc9b63aafd4af6644e01d9ca (commit)
       via  dd731474207126615679f4cc9ae772d7da990332 (commit)
       via  1e14bca2332a95340366324372c59e6a78ddbad7 (commit)
       via  0b282540158bc4a7a291af7427a8da76f0a4980a (commit)
       via  9d01ac71a06590e88791308f83c586c5d2113229 (commit)
       via  98c35dc48d36664c404fec2e12ce405ac0fbecc0 (commit)
       via  c5a5581127c75fe9e9d56d42dd6bd95eb679729f (commit)
       via  22fbfe6a7d13c7c9417f8a10103d28fe70991e94 (commit)
       via  02199cc39db2669933cefc6319599ba491bb3a85 (commit)
       via  fd3ed85c67174a0d3b6639ba9b237351d1c2201f (commit)
       via  904e1f92b381a15139af154ca58fd6d9f566ab2e (commit)
       via  798f932980e2fe656a8ba2a1bde453484f6f07dc (commit)
       via  b4780134df95b34ae263e966e93c83594a38de5b (commit)
       via  24c4ea958ecae0b194cc3eb812a81766cdb421f6 (commit)
       via  e144fd36ceb4d71a75b04503995a52ad6699fb22 (commit)
       via  e6623cfbffcc03e2483632359e005ca13adacc9d (commit)
       via  6ac1cd10ba8a1d92d3858e53a7aea2cf444adf26 (commit)
      from  08073700cc50bcd0df5c0ee68c100e300a320d03 (commit)


- Log -----------------------------------------------------------------
commit 225c9660a5a3435d9bcfc9166b9f79f132996249
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 10 16:34:17 2020 +0100

    Ignore unused return values from some sk_*() macros
    
    Some compilers are very picky about unused return values.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 89b46350a322f85924d1226f7c149e4e068d0264
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Sep 4 17:00:58 2020 +0100

    Don't complain about stack related macros
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 0490314f651bdd2888b7839f07c7591877e59bd5
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 4 08:53:11 2020 +0200

    Make 'make errors' work again
    
    util/mkerr.pl detects if a header is now a '.in' template, and adjusts
    the header file it reads accordingly.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 962963395c37d015474ef03c41396b78196e301c
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 4 08:51:37 2020 +0200

    Make 'make ordinals' work again
    
    'make ordinals' assumed that all headers reside in the source tree,
    which is no longer true, now that we generate a number of them.  This
    needed some refactoring.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 83ecb26f2b4246704ef900416d56942b86967304
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Sep 4 08:48:13 2020 +0200

    util/mknum.pl: Fix file opening
    
    'or' has lower priority than '||' in perl, which affects evaluation order.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit c6029deab2dba334874b17a9969b6c5fbbb7f96c
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 17:35:41 2020 +0100

    Streamline the safestack generated code
    
    The safestack code generation was generating a little too much. Some of
    it could be done with a normal macro.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 316054147aad943d794c5ba723e5635c31f4ca3e
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 17:22:30 2020 +0100

    Add a CHANGES entry for the safestack updates
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 262cda1cdac3d5c8f2fdb3c30b6d1c1a982864d6
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 17:09:18 2020 +0100

    Remove some safestack things that are no longer needed
    
    ... and add SKM_DEFINE_STACK_OF_INTERNAL
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 9cedfc90cebc905b20275d534699a1070bba65a4
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 16:39:36 2020 +0100

    Fix safestack issues in ui.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit add339272773072e0d8995362c6167e515377c7f
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 16:35:20 2020 +0100

    Fix safestack issues in pkcs12.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 15c3dcfc78553c70439d816a9c5471b8d5a6c54f
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 16:24:47 2020 +0100

    Fix safestack issues in crypto.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit e74e562f1c518839cc9b63aafd4af6644e01d9ca
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 16:14:28 2020 +0100

    Fix safestack issues in conf.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit dd731474207126615679f4cc9ae772d7da990332
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 16:06:16 2020 +0100

    Fix safestack issues in bio.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 1e14bca2332a95340366324372c59e6a78ddbad7
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 16:01:51 2020 +0100

    Fix safestack issues in ess.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 0b282540158bc4a7a291af7427a8da76f0a4980a
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 15:56:05 2020 +0100

    Fix safestack issues in asn1t.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 9d01ac71a06590e88791308f83c586c5d2113229
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 15:50:09 2020 +0100

    Fix safestack issues in ct.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 98c35dc48d36664c404fec2e12ce405ac0fbecc0
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 15:45:01 2020 +0100

    Fix safestack issues in crmf.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit c5a5581127c75fe9e9d56d42dd6bd95eb679729f
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 15:37:45 2020 +0100

    Fix safestack issues in x509_vfy.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 22fbfe6a7d13c7c9417f8a10103d28fe70991e94
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 15:31:44 2020 +0100

    Fix safestack issues in srp.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 02199cc39db2669933cefc6319599ba491bb3a85
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 15:20:03 2020 +0100

    Fix safestack issues in pkcs7.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit fd3ed85c67174a0d3b6639ba9b237351d1c2201f
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 15:05:30 2020 +0100

    Fix safestack issues in ocsp.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 904e1f92b381a15139af154ca58fd6d9f566ab2e
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 14:55:08 2020 +0100

    Fix safestack issues in cms.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 798f932980e2fe656a8ba2a1bde453484f6f07dc
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 14:45:54 2020 +0100

    Fix safestack issues in cmp.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit b4780134df95b34ae263e966e93c83594a38de5b
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 14:35:41 2020 +0100

    Fix safestack issues in asn1.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 24c4ea958ecae0b194cc3eb812a81766cdb421f6
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 14:10:41 2020 +0100

    Fix stacks of OPENSSL_STRING, OPENSSL_CSTRING and OPENSSL_BLOCK
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit e144fd36ceb4d71a75b04503995a52ad6699fb22
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 12:46:08 2020 +0100

    Fix safestack issues in x509v3.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit e6623cfbffcc03e2483632359e005ca13adacc9d
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 3 10:23:44 2020 +0100

    Fix safestack issues in x509.h
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

commit 6ac1cd10ba8a1d92d3858e53a7aea2cf444adf26
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Sep 2 16:15:06 2020 +0100

    Fix safestack issues in ssl.h
    
    We fix 3 problems with safestack:
    - Including an openssl header file without linking against libcrypto
      can cause compilation failures (even if the app does not otherwise need
      to link against libcrypto). See issue #8102
    - Recent changes means that applications in no-deprecated builds will need
      to include additional macro calls in the source code for all stacks that
      they need to use - which is an API break. This changes avoids that
      necessity.
    - It is not possible to write code using stacks that works in both a
      no-deprecated and a normal build of OpenSSL. See issue #12707.
    
    Fixes #12707
    Contains a partial fix for #8102. A similar PR will be needed for hash to
    fully fix.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12781)

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                                       |  22 ++++-
 CHANGES.md                                       |   9 +-
 Configurations/unix-Makefile.tmpl                |  58 +++++++++----
 apps/asn1pars.c                                  |   3 -
 apps/ca.c                                        |   5 --
 apps/ciphers.c                                   |   2 -
 apps/cmp.c                                       |   4 -
 apps/cmp_mock_srv.c                              |   4 -
 apps/cms.c                                       |   6 --
 apps/crl2p7.c                                    |   5 --
 apps/dgst.c                                      |   2 -
 apps/engine.c                                    |   3 -
 apps/fipsinstall.c                               |   2 -
 apps/kdf.c                                       |   2 -
 apps/lib/apps.c                                  |   9 --
 apps/lib/names.c                                 |   2 -
 apps/lib/s_cb.c                                  |   5 --
 apps/list.c                                      |   2 -
 apps/mac.c                                       |   2 -
 apps/nseq.c                                      |   2 -
 apps/ocsp.c                                      |   5 --
 apps/pkcs12.c                                    |   6 --
 apps/pkcs7.c                                     |   3 -
 apps/pkeyutl.c                                   |   2 -
 apps/provider.c                                  |   2 -
 apps/rehash.c                                    |   3 -
 apps/req.c                                       |   3 -
 apps/s_client.c                                  |   6 --
 apps/s_server.c                                  |   6 --
 apps/smime.c                                     |   3 -
 apps/verify.c                                    |   4 -
 apps/x509.c                                      |   4 -
 build.info                                       |  45 +++++++++-
 crypto/asn1/a_strnid.c                           |   2 -
 crypto/asn1/asn1_gen.c                           |   3 -
 crypto/asn1/asn1_lib.c                           |   2 -
 crypto/asn1/asn_mime.c                           |   3 -
 crypto/asn1/asn_moid.c                           |   2 -
 crypto/asn1/asn_mstbl.c                          |   1 -
 crypto/asn1/d2i_pr.c                             |   1 -
 crypto/asn1/tasn_dec.c                           |   2 -
 crypto/asn1/tasn_fre.c                           |   2 -
 crypto/asn1/tasn_new.c                           |   2 -
 crypto/cmp/cmp_asn.c                             |   2 -
 crypto/cmp/cmp_client.c                          |   7 --
 crypto/cmp/cmp_ctx.c                             |   7 --
 crypto/cmp/cmp_hdr.c                             |   3 -
 crypto/cmp/cmp_http.c                            |   2 -
 crypto/cmp/cmp_msg.c                             |  11 ---
 crypto/cmp/cmp_protect.c                         |   2 -
 crypto/cmp/cmp_server.c                          |   5 --
 crypto/cmp/cmp_status.c                          |   2 -
 crypto/cmp/cmp_util.c                            |   4 -
 crypto/cmp/cmp_vfy.c                             |   2 -
 crypto/cms/cms_env.c                             |   4 -
 crypto/cms/cms_ess.c                             |   6 --
 crypto/cms/cms_kari.c                            |   2 -
 crypto/cms/cms_lib.c                             |   4 -
 crypto/cms/cms_pwri.c                            |   2 -
 crypto/cms/cms_sd.c                              |   6 --
 crypto/cms/cms_smime.c                           |   6 --
 crypto/conf/conf_api.c                           |   2 -
 crypto/conf/conf_def.c                           |   2 -
 crypto/conf/conf_mod.c                           |   1 -
 crypto/conf/conf_ssl.c                           |   2 -
 crypto/crmf/crmf_lib.c                           |   3 -
 crypto/crmf/crmf_local.h                         |   1 -
 crypto/ct/ct_log.c                               |   2 -
 crypto/ct/ct_oct.c                               |   2 -
 crypto/ct/ct_prn.c                               |   2 -
 crypto/ct/ct_sct.c                               |   2 -
 crypto/ct/ct_x509v3.c                            |   2 -
 crypto/dso/dso_dlfcn.c                           |   2 -
 crypto/dso/dso_lib.c                             |   2 -
 crypto/dso/dso_win32.c                           |   2 -
 crypto/encode_decode/decoder_pkey.c              |   2 -
 crypto/encode_decode/encoder_pkey.c              |   2 -
 crypto/engine/eng_cnf.c                          |   2 -
 crypto/engine/eng_dyn.c                          |   2 -
 crypto/ess/ess_lib.c                             |   5 --
 crypto/evp/evp_cnf.c                             |   2 -
 crypto/evp/p_lib.c                               |   1 -
 crypto/ex_data.c                                 |   8 +-
 crypto/http/http_client.c                        |   2 -
 crypto/ocsp/ocsp_cl.c                            |   4 -
 crypto/ocsp/ocsp_ext.c                           |   3 -
 crypto/ocsp/ocsp_prn.c                           |   4 -
 crypto/ocsp/ocsp_srv.c                           |   4 -
 crypto/ocsp/ocsp_vfy.c                           |   4 -
 crypto/ocsp/v3_ocsp.c                            |   2 -
 crypto/pem/pem_info.c                            |   2 -
 crypto/pkcs12/p12_crt.c                          |   4 -
 crypto/pkcs12/p12_kiss.c                         |   4 -
 crypto/pkcs12/p12_npas.c                         |   3 -
 crypto/pkcs7/pk7_attr.c                          |   2 -
 crypto/pkcs7/pk7_doit.c                          |   5 --
 crypto/pkcs7/pk7_lib.c                           |   6 --
 crypto/pkcs7/pk7_smime.c                         |   4 -
 crypto/property/property.c                       |   2 +-
 crypto/provider_conf.c                           |   1 -
 crypto/srp/srp_vfy.c                             |   4 -
 crypto/store/store_result.c                      |   2 -
 crypto/ts/ts_conf.c                              |   4 -
 crypto/ts/ts_req_utils.c                         |   2 -
 crypto/ts/ts_rsp_print.c                         |   3 -
 crypto/ts/ts_rsp_sign.c                          |   4 -
 crypto/ts/ts_rsp_utils.c                         |   2 -
 crypto/ts/ts_rsp_verify.c                        |   7 --
 crypto/ts/ts_verify_ctx.c                        |   2 -
 crypto/ui/ui_lib.c                               |   2 -
 crypto/x509/by_dir.c                             |   2 -
 crypto/x509/by_file.c                            |   2 -
 crypto/x509/by_store.c                           |   2 -
 crypto/x509/pcy_cache.c                          |   2 -
 crypto/x509/pcy_data.c                           |   3 -
 crypto/x509/pcy_lib.c                            |   2 -
 crypto/x509/pcy_map.c                            |   3 -
 crypto/x509/pcy_node.c                           |   3 -
 crypto/x509/pcy_tree.c                           |   4 -
 crypto/x509/t_crl.c                              |   2 -
 crypto/x509/t_req.c                              |   2 -
 crypto/x509/t_x509.c                             |   3 -
 crypto/x509/v3_addr.c                            |   7 +-
 crypto/x509/v3_admis.c                           |   5 --
 crypto/x509/v3_akey.c                            |   3 -
 crypto/x509/v3_alt.c                             |   3 -
 crypto/x509/v3_asid.c                            |   4 -
 crypto/x509/v3_bcons.c                           |   2 -
 crypto/x509/v3_bitst.c                           |   2 -
 crypto/x509/v3_conf.c                            |   3 -
 crypto/x509/v3_cpols.c                           |   5 --
 crypto/x509/v3_crld.c                            |   5 --
 crypto/x509/v3_extku.c                           |   3 -
 crypto/x509/v3_info.c                            |   3 -
 crypto/x509/v3_ist.c                             |   2 -
 crypto/x509/v3_lib.c                             |   3 -
 crypto/x509/v3_ncons.c                           |   4 -
 crypto/x509/v3_pci.c                             |   2 -
 crypto/x509/v3_pcons.c                           |   2 -
 crypto/x509/v3_pmaps.c                           |   3 -
 crypto/x509/v3_prn.c                             |   3 -
 crypto/x509/v3_purp.c                            |   5 --
 crypto/x509/v3_sxnet.c                           |   3 -
 crypto/x509/v3_tlsf.c                            |   3 -
 crypto/x509/v3_utl.c                             |   6 --
 crypto/x509/x509_att.c                           |   3 -
 crypto/x509/x509_cmp.c                           |   2 -
 crypto/x509/x509_lu.c                            |   5 --
 crypto/x509/x509_obj.c                           |   2 -
 crypto/x509/x509_r2x.c                           |   2 -
 crypto/x509/x509_trs.c                           |   3 -
 crypto/x509/x509_v3.c                            |   2 -
 crypto/x509/x509_vfy.c                           |  10 +--
 crypto/x509/x509_vpm.c                           |   4 -
 crypto/x509/x509cset.c                           |   2 -
 crypto/x509/x509name.c                           |   2 -
 crypto/x509/x_attrib.c                           |   2 -
 crypto/x509/x_crl.c                              |   5 --
 crypto/x509/x_name.c                             |   5 +-
 crypto/x509/x_req.c                              |   2 -
 crypto/x509/x_x509.c                             |   4 -
 crypto/x509/x_x509a.c                            |   2 -
 engines/e_capi.c                                 |   3 -
 engines/e_loader_attic.c                         |   1 -
 fuzz/client.c                                    |   2 -
 fuzz/cmp.c                                       |   2 -
 fuzz/server.c                                    |   2 -
 include/openssl/{asn1.h => asn1.h.in}            |  36 ++++++--
 include/openssl/{asn1t.h => asn1t.h.in}          |  11 ++-
 include/openssl/{bio.h => bio.h.in}              |  10 ++-
 include/openssl/{cmp.h => cmp.h.in}              |  26 ++++--
 include/openssl/{cms.h => cms.h.in}              |  16 +++-
 include/openssl/{conf.h => conf.h.in}            |  10 ++-
 include/openssl/{crmf.h => crmf.h.in}            |  14 ++-
 include/openssl/{crypto.h => crypto.h.in}        |  12 ++-
 include/openssl/{ct.h => ct.h.in}                |  13 ++-
 include/openssl/{ess.h => ess.h.in}              |  16 +++-
 include/openssl/{ocsp.h => ocsp.h.in}            |  20 ++++-
 include/openssl/{pkcs12.h => pkcs12.h.in}        |  10 ++-
 include/openssl/{pkcs7.h => pkcs7.h.in}          |  18 +++-
 include/openssl/{safestack.h => safestack.h.in}  | 106 ++++++++++-------------
 include/openssl/{srp.h => srp.h.in}              |  20 ++++-
 include/openssl/{ssl.h => ssl.h.in}              |  16 +++-
 include/openssl/{ui.h => ui.h.in}                |  10 ++-
 include/openssl/{x509.h => x509.h.in}            |  36 ++++++--
 include/openssl/{x509_vfy.h => x509_vfy.h.in}    |  14 ++-
 include/openssl/{x509v3.h => x509v3.h.in}        |  79 +++++++++++++----
 providers/implementations/storemgmt/file_store.c |   1 -
 ssl/d1_srtp.c                                    |   2 -
 ssl/s3_lib.c                                     |   4 -
 ssl/ssl_cert.c                                   |   3 -
 ssl/ssl_ciph.c                                   |   5 +-
 ssl/ssl_conf.c                                   |   2 -
 ssl/ssl_lib.c                                    |   8 --
 ssl/ssl_rsa.c                                    |   2 -
 ssl/ssl_sess.c                                   |   2 -
 ssl/statem/extensions.c                          |   2 -
 ssl/statem/extensions_clnt.c                     |   4 -
 ssl/statem/extensions_srvr.c                     |   4 -
 ssl/statem/statem_clnt.c                         |   4 -
 ssl/statem/statem_lib.c                          |   4 -
 ssl/statem/statem_srvr.c                         |   4 -
 ssl/t1_lib.c                                     |   4 -
 test/cipherbytes_test.c                          |   2 -
 test/cipherlist_test.c                           |   2 -
 test/ciphername_test.c                           |   2 -
 test/cmp_client_test.c                           |   3 -
 test/cmp_ctx_test.c                              |   6 --
 test/cmp_hdr_test.c                              |   3 -
 test/cmp_msg_test.c                              |   2 -
 test/cmp_protect_test.c                          |   2 -
 test/cmp_status_test.c                           |   2 -
 test/cmp_testlib.c                               |   2 -
 test/cmp_vfy_test.c                              |   1 -
 test/cmsapitest.c                                |   2 -
 test/confdump.c                                  |   3 -
 test/crltest.c                                   |   3 -
 test/ct_test.c                                   |   2 -
 test/danetest.c                                  |   2 -
 test/dtls_mtu_test.c                             |   2 -
 test/evp_libctx_test.c                           |   2 -
 test/evp_test.c                                  |   2 -
 test/handshake_helper.c                          |   2 -
 test/http_test.c                                 |   2 -
 test/ocspapitest.c                               |   2 -
 test/pkcs12_helper.c                             |   5 --
 test/ssl_test.c                                  |   2 -
 test/ssl_test_ctx.c                              |   3 -
 test/sslapitest.c                                |   5 --
 test/sslcorrupttest.c                            |   2 -
 test/ssltest_old.c                               |   3 -
 test/stack_test.c                                |   4 +-
 test/v3nametest.c                                |   2 -
 test/verify_extra_test.c                         |   2 -
 util/find-doc-nits                               |   2 +
 util/mkerr.pl                                    |   5 +-
 util/mknum.pl                                    |   2 +-
 util/perl/OpenSSL/ParseC.pm                      |  37 ++++----
 util/perl/OpenSSL/stackhash.pm                   |  80 +++++++++++++++++
 239 files changed, 586 insertions(+), 822 deletions(-)
 rename include/openssl/{asn1.h => asn1.h.in} (98%)
 rename include/openssl/{asn1t.h => asn1t.h.in} (99%)
 rename include/openssl/{bio.h => bio.h.in} (99%)
 rename include/openssl/{cmp.h => cmp.h.in} (98%)
 rename include/openssl/{cms.h => cms.h.in} (98%)
 rename include/openssl/{conf.h => conf.h.in} (97%)
 rename include/openssl/{crmf.h => crmf.h.in} (97%)
 rename include/openssl/{crypto.h => crypto.h.in} (99%)
 rename include/openssl/{ct.h => ct.h.in} (99%)
 rename include/openssl/{ess.h => ess.h.in} (89%)
 rename include/openssl/{ocsp.h => ocsp.h.in} (98%)
 rename include/openssl/{pkcs12.h => pkcs12.h.in} (98%)
 rename include/openssl/{pkcs7.h => pkcs7.h.in} (98%)
 rename include/openssl/{safestack.h => safestack.h.in} (74%)
 rename include/openssl/{srp.h => srp.h.in} (95%)
 rename include/openssl/{ssl.h => ssl.h.in} (99%)
 rename include/openssl/{ui.h => ui.h.in} (99%)
 rename include/openssl/{x509.h => x509.h.in} (98%)
 rename include/openssl/{x509_vfy.h => x509_vfy.h.in} (99%)
 rename include/openssl/{x509v3.h => x509v3.h.in} (97%)
 create mode 100644 util/perl/OpenSSL/stackhash.pm

diff --git a/.gitignore b/.gitignore
index ecbc524829..8f4bc6af85 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,9 +22,29 @@
 # Auto generated headers
 /crypto/buildinf.h
 /include/crypto/*_conf.h
+/include/openssl/asn1.h
+/include/openssl/asn1t.h
+/include/openssl/bio.h
+/include/openssl/cmp.h
+/include/openssl/cms.h
+/include/openssl/conf.h
 /include/openssl/configuration.h
-/include/openssl/opensslv.h
+/include/openssl/crmf.h
+/include/openssl/crypto.h
+/include/openssl/ct.h
+/include/openssl/ess.h
 /include/openssl/fipskey.h
+/include/openssl/ocsp.h
+/include/openssl/opensslv.h
+/include/openssl/pkcs12.h
+/include/openssl/pkcs7.h
+/include/openssl/safestack.h
+/include/openssl/srp.h
+/include/openssl/ssl.h
+/include/openssl/ui.h
+/include/openssl/x509.h
+/include/openssl/x509v3.h
+/include/openssl/x509_vfy.h
 
 # Auto generated doc files
 doc/man1/openssl-*.pod
diff --git a/CHANGES.md b/CHANGES.md
index 19cccb725d..49324c4790 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,12 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Changed all "STACK" functions to be macros instead of inline functions. Macro
+   parameters are still checked for type safety at compile time via helper
+   inline functions.
+
+   *Matt Caswell*
+
  * Remove the RAND_DRBG API
 
    The RAND_DRBG API did not fit well into the new provider concept as
@@ -607,8 +613,7 @@ OpenSSL 3.0
 
    *Rich Salz*
 
- * Added documentation for the STACK API. OpenSSL only defines the STACK
-   functions where they are used.
+ * Added documentation for the STACK API.
 
    *Rich Salz*
 
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index ad5c3111e3..90ec900b6a 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -1062,7 +1062,7 @@ errors:
 
 {- use File::Basename;
 
-   our @sslheaders =
+   my @sslheaders_tmpl =
        qw( include/openssl/ssl.h
            include/openssl/ssl2.h
            include/openssl/ssl3.h
@@ -1070,7 +1070,7 @@ errors:
            include/openssl/tls1.h
            include/openssl/dtls1.h
            include/openssl/srtp.h );
-   our @cryptoheaders =
+   my @cryptoheaders_tmpl =
        qw( include/internal/dso.h
            include/internal/o_dir.h
            include/internal/err.h
@@ -1078,15 +1078,39 @@ errors:
            include/internal/pem.h
            include/internal/asn1.h
            include/internal/sslconf.h );
-   our @cryptoskipheaders = ( @sslheaders,
+   my @cryptoskipheaders = ( @sslheaders_tmpl,
        qw( include/openssl/conf_api.h
            include/openssl/ebcdic.h
            include/openssl/opensslconf.h
            include/openssl/symhacks.h ) );
-   foreach my $f ( glob(catfile($config{sourcedir},
-                                'include','openssl','*.h')) ) {
-       my $fn = "include/openssl/" . basename($f);
-       push @cryptoheaders, $fn unless grep { $_ eq $fn } @cryptoskipheaders;
+   our @cryptoheaders = ();
+   our @sslheaders = ();
+   foreach my $d ( qw( include/openssl include/internal ) ) {
+       my @header_patterns =
+           map { catfile($config{sourcedir}, $d, $_) } ( '*.h', '*.h.in' );
+       foreach my $f ( map { glob($_) } @header_patterns ) {
+           my $base = basename($f);
+           my $base_in = basename($f, '.in');
+           my $dir = catfile($config{sourcedir}, $d);
+           if ($base ne $base_in) {
+               # We have a .h.in file, which means the header file is in the
+               # build tree.
+               $base = $base_in;
+               $dir = catfile($config{builddir}, $d);
+           }
+           my $new_f = catfile($dir, $base);
+           my $fn = "$d/$base";
+           # The logic to add files to @cryptoheaders is a bit complex.  The
+           # file to be added must be either in the public header directory
+           # or one of the pre-declared internal headers, and must under no
+           # circumstances be one of those that must be skipped.
+           push @cryptoheaders, $new_f
+               if (($d eq 'include/openssl'
+                    || ( grep { $_ eq $fn } @cryptoheaders_tmpl ))
+                   && !( grep { $_ eq $fn } @cryptoskipheaders ));
+           # The logic to add files to @sslheaders is much simpler...
+           push @sslheaders, $new_f if grep { $_ eq $fn } @sslheaders_tmpl;
+       }
    }
    "";
 -}
@@ -1094,17 +1118,15 @@ CRYPTOHEADERS={- join(" \\\n" . ' ' x 14,
                       fill_lines(" ", $COLUMNS - 14, sort @cryptoheaders)) -}
 SSLHEADERS={- join(" \\\n" . ' ' x 11,
                    fill_lines(" ", $COLUMNS - 11, sort @sslheaders)) -}
-ordinals:
-	( cd $(SRCDIR); \
-          $(PERL) util/mknum.pl --version $(VERSION) --no-warnings \
-                  --ordinals util/libcrypto.num \
-                  --symhacks include/openssl/symhacks.h \
-                  $(CRYPTOHEADERS) )
-	( cd $(SRCDIR); \
-          $(PERL) util/mknum.pl --version $(VERSION) --no-warnings \
-                  --ordinals util/libssl.num \
-                  --symhacks include/openssl/symhacks.h \
-                  $(SSLHEADERS))
+ordinals: build_generated
+	$(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION) --no-warnings \
+                --ordinals $(SRCDIR)/util/libcrypto.num \
+                --symhacks $(SRCDIR)/include/openssl/symhacks.h \
+                $(CRYPTOHEADERS)
+	$(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION) --no-warnings \
+                --ordinals $(SRCDIR)/util/libssl.num \
+                --symhacks $(SRCDIR)/include/openssl/symhacks.h \
+                $(SSLHEADERS)
 
 test_ordinals:
 	( cd test; \
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 9f21f0c730..ae47aa8efc 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -18,9 +18,6 @@
 #include <openssl/pem.h>
 #include <openssl/asn1t.h>
 
-DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF_STRING()
-
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
diff --git a/apps/ca.c b/apps/ca.c
index 3c2bee8f2f..6ae52c2277 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -34,11 +34,6 @@
 #include "apps.h"
 #include "progs.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF_STRING()
-
 #ifndef W_OK
 # define F_OK 0
 # define W_OK 2
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 380091f16f..500b416046 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -15,8 +15,6 @@
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_STDNAME,
diff --git a/apps/cmp.c b/apps/cmp.c
index db0d418bd4..083425c08f 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -42,10 +42,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 static char *opt_config = NULL;
 #define CMP_SECTION "cmp"
 #define SECTION_NAME_MAX 40 /* max length of section name */
diff --git a/apps/cmp_mock_srv.c b/apps/cmp_mock_srv.c
index 3a0819008b..057f9d9a5e 100644
--- a/apps/cmp_mock_srv.c
+++ b/apps/cmp_mock_srv.c
@@ -14,10 +14,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 #include <openssl/cmperr.h>
-
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
  
 /* the context for the CMP mock server */
 typedef struct
diff --git a/apps/cms.c b/apps/cms.c
index d154f460b3..178c441f1a 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -23,12 +23,6 @@
 # include <openssl/x509v3.h>
 # include <openssl/cms.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(GENERAL_NAMES)
-DEFINE_STACK_OF_STRING()
-
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int cms_cb(int ok, X509_STORE_CTX *ctx);
 static void receipt_request_print(CMS_ContentInfo *cms);
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index e0de95a12a..9137f87239 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -19,11 +19,6 @@
 #include <openssl/pem.h>
 #include <openssl/objects.h>
 
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_INFO)
-DEFINE_STACK_OF_STRING()
-
 static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 
 typedef enum OPTION_choice {
diff --git a/apps/dgst.c b/apps/dgst.c
index 0654d4c8b9..0bbde71d4b 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -21,8 +21,6 @@
 #include <openssl/hmac.h>
 #include <ctype.h>
 
-DEFINE_STACK_OF_STRING()
-
 #undef BUFSIZE
 #define BUFSIZE 1024*8
 
diff --git a/apps/engine.c b/apps/engine.c
index d51586d855..393008d5ce 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -22,9 +22,6 @@
 #include <openssl/ssl.h>
 #include <openssl/store.h>
 
-DEFINE_STACK_OF_STRING()
-DEFINE_STACK_OF_CSTRING()
-
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index 2df7d0f024..832f560b5a 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -19,8 +19,6 @@
 #include "apps.h"
 #include "progs.h"
 
-DEFINE_STACK_OF_STRING()
-
 #define BUFSIZE 4096
 
 /* Configuration file values */
diff --git a/apps/kdf.c b/apps/kdf.c
index 8d11807f5f..ba14cfdc76 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -17,8 +17,6 @@
 #include <openssl/kdf.h>
 #include <openssl/params.h>
 
-DEFINE_STACK_OF_STRING()
-
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT,
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 5d95ce0c65..9c608e6582 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -62,15 +62,6 @@ static int WIN32_rename(const char *from, const char *to);
 #define PASS_SOURCE_SIZE_MAX 4
 
 DEFINE_STACK_OF(CONF)
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509_INFO)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(X509_POLICY_NODE)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(DIST_POINT)
-DEFINE_STACK_OF_STRING()
 
 typedef struct {
     const char *name;
diff --git a/apps/lib/names.c b/apps/lib/names.c
index 42b9e9065c..5e2e7e147c 100644
--- a/apps/lib/names.c
+++ b/apps/lib/names.c
@@ -12,8 +12,6 @@
 #include <openssl/safestack.h>
 #include "names.h"
 
-DEFINE_STACK_OF_CSTRING()
-
 #ifdef _WIN32
 # define strcasecmp _stricmp
 #endif
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 0ae851d792..ec52cef158 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -26,11 +26,6 @@
 
 #define COOKIE_SECRET_LENGTH    16
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF_STRING()
-
 VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
 
 #ifndef OPENSSL_NO_SOCK
diff --git a/apps/list.c b/apps/list.c
index c891bf7213..fd018991e1 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -25,8 +25,6 @@
 #include "opt.h"
 #include "names.h"
 
-DEFINE_STACK_OF_CSTRING()
-
 static int verbose = 0;
 
 static void legacy_cipher_fn(const EVP_CIPHER *c,
diff --git a/apps/mac.c b/apps/mac.c
index 30f0daabcc..e751dcf0b1 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -16,8 +16,6 @@
 #include <openssl/evp.h>
 #include <openssl/params.h>
 
-DEFINE_STACK_OF_STRING()
-
 #undef BUFSIZE
 #define BUFSIZE 1024*8
 
diff --git a/apps/nseq.c b/apps/nseq.c
index de189632b2..92ae7bd34d 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -14,8 +14,6 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(X509)
-
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_TOSEQ, OPT_IN, OPT_OUT,
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 4f42d66c0e..93c17f4a07 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -33,11 +33,6 @@
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
 
-DEFINE_STACK_OF(OCSP_CERTID)
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF_STRING()
-
 #if defined(__TANDEM)
 # if defined(OPENSSL_TANDEM_FLOSS)
 #  include <floss.h(floss_fork)>
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 23ffa98f77..b0f03232a7 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -20,12 +20,6 @@
 #include <openssl/pkcs12.h>
 #include <openssl/provider.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(PKCS7)
-DEFINE_STACK_OF(PKCS12_SAFEBAG)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-DEFINE_STACK_OF_STRING()
-
 #define NOKEYS          0x1
 #define NOCERTS         0x2
 #define INFO            0x4
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 95d3ca0845..e6ac26e6f9 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -20,9 +20,6 @@
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index 9bfef87311..5f53867790 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -15,8 +15,6 @@
 #include <openssl/evp.h>
 #include <sys/stat.h>
 
-DEFINE_STACK_OF_STRING()
-
 #define KEY_NONE        0
 #define KEY_PRIVKEY     1
 #define KEY_PUBKEY      2
diff --git a/apps/provider.c b/apps/provider.c
index 748b95023e..f1374a365c 100644
--- a/apps/provider.c
+++ b/apps/provider.c
@@ -24,8 +24,6 @@
 # include <string.h> /* memset */
 #endif
 
-DEFINE_STACK_OF_CSTRING()
-
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
     OPT_V = 100, OPT_VV, OPT_VVV
diff --git a/apps/rehash.c b/apps/rehash.c
index 866b8cfe20..3cbd65c860 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -42,9 +42,6 @@
 # include <openssl/pem.h>
 # include <openssl/x509.h>
 
-DEFINE_STACK_OF(X509_INFO)
-DEFINE_STACK_OF_STRING()
-
 # ifndef PATH_MAX
 #  define PATH_MAX 4096
 # endif
diff --git a/apps/req.c b/apps/req.c
index 2cc9ebf43d..cb5850c6b5 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -35,9 +35,6 @@
 # include <openssl/dsa.h>
 #endif
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF_STRING()
-
 #define BITS            "default_bits"
 #define KEYFILE         "default_keyfile"
 #define PROMPT          "prompt"
diff --git a/apps/s_client.c b/apps/s_client.c
index 2a58589ce2..ca9891aba8 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -59,12 +59,6 @@ typedef unsigned int u_int;
 # endif
 #endif
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF(SCT)
-DEFINE_STACK_OF_STRING()
-
 #undef BUFSIZZ
 #define BUFSIZZ 1024*8
 #define S_CLIENT_IRC_READ_TIMEOUT 8
diff --git a/apps/s_server.c b/apps/s_server.c
index 4c2e5b27f7..dde0ee60c0 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -60,12 +60,6 @@ typedef unsigned int u_int;
 #endif
 #include "internal/sockets.h"
 
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(SSL_CIPHER)
-DEFINE_STACK_OF_STRING()
-
 static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
 static int sv_body(int s, int stype, int prot, unsigned char *context);
 static int www_body(int s, int stype, int prot, unsigned char *context);
diff --git a/apps/smime.c b/apps/smime.c
index dbfcdbeb5a..9113038db7 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -19,9 +19,6 @@
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF_STRING()
-
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int smime_cb(int ok, X509_STORE_CTX *ctx);
 
diff --git a/apps/verify.c b/apps/verify.c
index ed20b69b17..3d4e7d4060 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -18,10 +18,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF_STRING()
-
 static int cb(int ok, X509_STORE_CTX *ctx);
 static int check(X509_STORE *ctx, const char *file,
                  STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
diff --git a/apps/x509.c b/apps/x509.c
index 169530f6d6..5627bd9dbe 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -28,10 +28,6 @@
 # include <openssl/dsa.h>
 #endif
 
-DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF_STRING()
-
 #undef POSTFIX
 #define POSTFIX ".srl"
 #define DEF_DAYS        30
diff --git a/build.info b/build.info
index 1c6787c800..8aa668e913 100644
--- a/build.info
+++ b/build.info
@@ -13,14 +13,55 @@ DEPEND[libssl]=libcrypto
 
 # Empty DEPEND "indices" means the dependencies are expected to be built
 # unconditionally before anything else.
-DEPEND[]=include/openssl/configuration.h include/openssl/opensslv.h \
+DEPEND[]=include/openssl/asn1.h \
+         include/openssl/asn1t.h \
+         include/openssl/bio.h \
+         include/openssl/cmp.h \
+         include/openssl/cms.h \
+         include/openssl/conf.h \
+         include/openssl/configuration.h \
+         include/openssl/crmf.h \
+         include/openssl/crypto.h \
+         include/openssl/ct.h \
+         include/openssl/ess.h \
          include/openssl/fipskey.h \
+         include/openssl/opensslv.h \
+         include/openssl/ocsp.h \
+         include/openssl/pkcs12.h \
+         include/openssl/pkcs7.h \
+         include/openssl/safestack.h \
+         include/openssl/srp.h \
+         include/openssl/ssl.h \
+         include/openssl/ui.h \
+         include/openssl/x509.h \
+         include/openssl/x509v3.h \
+         include/openssl/x509_vfy.h \
          include/crypto/bn_conf.h include/crypto/dso_conf.h \
          doc/man7/openssl_user_macros.pod
 
+GENERATE[include/openssl/asn1.h]=include/openssl/asn1.h.in
+GENERATE[include/openssl/asn1t.h]=include/openssl/asn1t.h.in
+GENERATE[include/openssl/bio.h]=include/openssl/bio.h.in
+GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in
+GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in
+GENERATE[include/openssl/conf.h]=include/openssl/conf.h.in
 GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
-GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
+GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in
+GENERATE[include/openssl/crypto.h]=include/openssl/crypto.h.in
+GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in
+GENERATE[include/openssl/ess.h]=include/openssl/ess.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
+GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in
+GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
+GENERATE[include/openssl/pkcs12.h]=include/openssl/pkcs12.h.in
+GENERATE[include/openssl/pkcs7.h]=include/openssl/pkcs7.h.in
+GENERATE[include/openssl/safestack.h]=include/openssl/safestack.h.in
+GENERATE[include/openssl/srp.h]=include/openssl/srp.h.in
+GENERATE[include/openssl/ssl.h]=include/openssl/ssl.h.in
+GENERATE[include/openssl/ui.h]=include/openssl/ui.h.in
+GENERATE[include/openssl/x509.h]=include/openssl/x509.h.in
+GENERATE[include/openssl/x509v3.h]=include/openssl/x509v3.h.in
+GENERATE[include/openssl/x509_vfy.h]=include/openssl/x509_vfy.h.in
 GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in
 GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in
 GENERATE[doc/man7/openssl_user_macros.pod]=doc/man7/openssl_user_macros.pod.in
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index b2be461208..5fab787f38 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -12,8 +12,6 @@
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 
-DEFINE_STACK_OF(ASN1_STRING_TABLE)
-
 static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
 static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 9723da0a3c..896fc89c46 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -23,9 +23,6 @@
 
 #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
 
-DEFINE_STACK_OF(ASN1_TYPE)
-DEFINE_STACK_OF(CONF_VALUE)
-
 #define ASN1_FLAG_EXP_MAX       20
 /* Maximum number of nested sequences */
 #define ASN1_GEN_SEQ_MAX_DEPTH  50
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 47ae801b94..1331f608f4 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -13,8 +13,6 @@
 #include <openssl/asn1.h>
 #include "asn1_local.h"
 
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
                            long max);
 static void asn1_put_length(unsigned char **pp, int length);
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 461ffbb332..596b32a57e 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -19,9 +19,6 @@
 #include "internal/bio.h"
 #include "asn1_local.h"
 
-DEFINE_STACK_OF(BIO)
-DEFINE_STACK_OF(X509_ALGOR)
-
 /*
  * Generalised MIME like utilities for streaming ASN1. Although many have a
  * PKCS7/CMS like flavour others are more general purpose.
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
index 676d1eca2d..549f8f7cb1 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -16,8 +16,6 @@
 #include "crypto/asn1.h"
 #include "crypto/objects.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 /* Simple ASN1 OID module: add all objects in a given section */
 
 static int do_create(const char *value, const char *name);
diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c
index fc21cb3098..ec08ecb3d8 100644
--- a/crypto/asn1/asn_mstbl.c
+++ b/crypto/asn1/asn_mstbl.c
@@ -13,7 +13,6 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-DEFINE_STACK_OF(CONF_VALUE)
 /* Multi string module: add table entries from a given section */
 
 static int do_tcreate(const char *value, const char *name);
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index ba81782698..fcf8d2f8d0 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -21,7 +21,6 @@
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 
-DEFINE_STACK_OF(ASN1_TYPE)
 EVP_PKEY *d2i_PrivateKey_ex(int type, EVP_PKEY **a, const unsigned char **pp,
                             long length, OPENSSL_CTX *libctx, const char *propq)
 {
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 379d1e6ee1..740707f853 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -17,8 +17,6 @@
 #include "internal/numbers.h"
 #include "asn1_local.h"
 
-DEFINE_STACK_OF(ASN1_VALUE)
-
 /*
  * Constructed types with a recursive definition (such as can be found in PKCS7)
  * could eventually exceed the stack given malicious input with excessive
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index 9bd2099c5e..3a5b29f37d 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -13,8 +13,6 @@
 #include <openssl/objects.h>
 #include "asn1_local.h"
 
-DEFINE_STACK_OF(ASN1_VALUE)
-
 /* Free up an ASN1 structure */
 
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 48ba9f3f74..5bdcf461a5 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -15,8 +15,6 @@
 #include <string.h>
 #include "asn1_local.h"
 
-DEFINE_STACK_OF(ASN1_VALUE)
-
 static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                                int embed);
 static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
index f109af0502..d9013911a0 100644
--- a/crypto/cmp/cmp_asn.c
+++ b/crypto/cmp/cmp_asn.c
@@ -17,8 +17,6 @@
 #include <openssl/cmp.h>
 #include <openssl/crmf.h>
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 /* ASN.1 declarations from RFC4210 */
 ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
     /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index fe7168916a..ef256e6c72 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -21,13 +21,6 @@
 
 #include "openssl/cmp_util.h"
 
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
-DEFINE_STACK_OF(OSSL_CMP_PKISI)
-DEFINE_STACK_OF(OSSL_CRMF_CERTID)
-
 #define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \
                         || (t) == OSSL_CMP_PKIBODY_KUP)
 
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index 6bbd3510c7..d960167bc0 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -21,13 +21,6 @@
 #include <openssl/crmf.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(POLICYINFO)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 /*
  * Get current certificate store containing trusted root CA certs
  */
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index 6bd1e581af..947f984505 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -20,9 +20,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno)
 {
     if (!ossl_assert(hdr != NULL))
diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c
index f3cd06fb23..33b5f6af7a 100644
--- a/crypto/cmp/cmp_http.c
+++ b/crypto/cmp/cmp_http.c
@@ -28,8 +28,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 /*
  * Send the PKIMessage req and on success return the response, else NULL.
  * Any previous error queue entries will likely be removed by ERR_clear_error().
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 64e00fc884..5ff8e9fc52 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -21,17 +21,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h" /* for x509_set0_libctx() */
 
-DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(OSSL_CMP_PKISI)
-DEFINE_STACK_OF(OSSL_CRMF_MSG)
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
-DEFINE_STACK_OF(OSSL_CRMF_CERTID)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
 {
     if (msg == NULL) {
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index a6a0f9f9e0..eb162e382d 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -18,8 +18,6 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
-DEFINE_STACK_OF(X509)
-
 /*
  * This function is also used by the internal verify_PBMAC() in cmp_vfy.c.
  *
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index 2ba6cb7984..e9ddf496f2 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -19,11 +19,6 @@
 #include <openssl/cmp.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(OSSL_CRMF_MSG)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
-
 /* the context for the generic CMP server */
 struct ossl_cmp_srv_ctx_st
 {
diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c
index 8f10a42fb9..c9809c5a3a 100644
--- a/crypto/cmp/cmp_status.c
+++ b/crypto/cmp/cmp_status.c
@@ -26,8 +26,6 @@
 #include <openssl/x509.h>
 #include <openssl/asn1err.h> /* for ASN1_R_TOO_SMALL and ASN1_R_TOO_LARGE */
 
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-
 /* CMP functions related to PKIStatus */
 
 int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si)
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index c2ee9b6e0d..12afe57028 100644
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -16,10 +16,6 @@
 #include <openssl/err.h> /* should be implied by cmperr.h */
 #include <openssl/x509v3.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_OBJECT)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-
 /*
  * use trace API for CMP-specific logging, prefixed by "CMP " and severity
  */
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index f5026e0bbc..00757c11ae 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -22,8 +22,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(X509)
-
 /* Verify a message protected by signature according to RFC section 5.1.3.3 */
 static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
                             const OSSL_CMP_MSG *msg, X509 *cert)
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 944846ca98..068696586e 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -19,10 +19,6 @@
 #include "crypto/x509.h"
 #include "cms_local.h"
 
-DEFINE_STACK_OF(CMS_RecipientInfo)
-DEFINE_STACK_OF(CMS_RevocationInfoChoice)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-
 /* CMS EnvelopedData Utilities */
 static void cms_env_set_version(CMS_EnvelopedData *env);
 
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index b6b2037532..fa81b65c7b 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -20,12 +20,6 @@
 #include "crypto/x509.h"
 #include "cms_local.h"
 
-DEFINE_STACK_OF(GENERAL_NAMES)
-DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-DEFINE_STACK_OF(X509)
-
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
 /* ESS services */
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index b5d85b7d67..82a03e6c6b 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -23,8 +23,6 @@
 #include "cms_local.h"
 #include "crypto/asn1.h"
 
-DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
-
 /* Key Agreement Recipient Info (KARI) routines */
 
 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 9fc8453d99..bc7da7ff94 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -21,10 +21,6 @@
 static STACK_OF(CMS_CertificateChoices)
 **cms_get0_certificate_choices(CMS_ContentInfo *cms);
 
-DEFINE_STACK_OF(CMS_RevocationInfoChoice)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-
 IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
 CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a,
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index e281bd72f2..0393608fdb 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -18,8 +18,6 @@
 #include "cms_local.h"
 #include "crypto/asn1.h"
 
-DEFINE_STACK_OF(CMS_RecipientInfo)
-
 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
                                     unsigned char *pass, ossl_ssize_t passlen)
 {
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index c11d44487b..4b6822f4fd 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -22,12 +22,6 @@
 #include "crypto/ess.h"
 #include "crypto/x509.h" /* for X509_add_cert_new() */
 
-DEFINE_STACK_OF(CMS_RevocationInfoChoice)
-DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_ALGOR)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-
 /* CMS SignedData Utilities */
 
 static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 92de68aa57..a50eee9fa9 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -16,12 +16,6 @@
 #include "cms_local.h"
 #include "crypto/asn1.h"
 
-DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
-DEFINE_STACK_OF(CMS_RecipientInfo)
-
 static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
 {
     BIO *rbio;
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index b4edfb28ae..d64cc5031a 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -16,8 +16,6 @@
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
 static void value_free_stack_doall(CONF_VALUE *a);
 
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 6f7c06afd7..63dfaef4d8 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -30,8 +30,6 @@
 # endif
 #endif
 
-DEFINE_STACK_OF(BIO)
-
 #ifndef S_ISDIR
 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
 #endif
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index a0b9fd3b61..fa7f6b9d9f 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -21,7 +21,6 @@
 #include <openssl/trace.h>
 #include <openssl/engine.h>
 
-DEFINE_STACK_OF(CONF_VALUE)
 DEFINE_STACK_OF(CONF_MODULE)
 DEFINE_STACK_OF(CONF_IMODULE)
 
diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c
index eefd279a10..5b949be616 100644
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
@@ -14,8 +14,6 @@
 #include "internal/sslconf.h"
 #include "conf_local.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 /*
  * SSL library configuration module placeholder. We load it here but defer
  * all decisions about its contents to libssl.
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index 3202f357c1..5a6cdb7e82 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -36,9 +36,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(OSSL_CRMF_MSG)
-
 /*-
  * atyp = Attribute Type
  * valt = Value Type
diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h
index b4d669875c..ee1ec7b07a 100644
--- a/crypto/crmf/crmf_local.h
+++ b/crypto/crmf/crmf_local.h
@@ -389,5 +389,4 @@ struct ossl_crmf_msg_st {
     /* 1 */
     STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *regInfo;
 } /* OSSL_CRMF_MSG */;
-/* DEFINE_STACK_OF(OSSL_CRMF_MSG) */
 #endif
diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c
index 73eeee9d7d..32a29ed699 100644
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@@ -18,8 +18,6 @@
 
 #include "internal/cryptlib.h"
 
-DEFINE_STACK_OF(CTLOG)
-
 /*
  * Information about a CT log server.
  */
diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c
index 4aca0385d0..712fc563c4 100644
--- a/crypto/ct/ct_oct.c
+++ b/crypto/ct/ct_oct.c
@@ -21,8 +21,6 @@
 
 #include "ct_local.h"
 
-DEFINE_STACK_OF(SCT)
-
 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
 {
     size_t siglen;
diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c
index a89b4aa6e7..374235b7ec 100644
--- a/crypto/ct/ct_prn.c
+++ b/crypto/ct/ct_prn.c
@@ -16,8 +16,6 @@
 
 #include "ct_local.h"
 
-DEFINE_STACK_OF(SCT)
-
 static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
 {
     int nid = SCT_get_signature_nid(sct);
diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c
index f6c262c967..1b8e1dc61e 100644
--- a/crypto/ct/ct_sct.c
+++ b/crypto/ct/ct_sct.c
@@ -19,8 +19,6 @@
 
 #include "ct_local.h"
 
-DEFINE_STACK_OF(SCT)
-
 SCT *SCT_new(void)
 {
     SCT *sct = OPENSSL_zalloc(sizeof(*sct));
diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c
index 51dd779a3a..085402b046 100644
--- a/crypto/ct/ct_x509v3.c
+++ b/crypto/ct/ct_x509v3.c
@@ -13,8 +13,6 @@
 
 #include "ct_local.h"
 
-DEFINE_STACK_OF(SCT)
-
 static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
 {
     return OPENSSL_strdup("NULL");
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
index bb34c6ed42..b34984b919 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -19,8 +19,6 @@
 #include "dso_local.h"
 #include "e_os.h"
 
-DEFINE_STACK_OF(void)
-
 #ifdef DSO_DLFCN
 
 # ifdef HAVE_DLFCN_H
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index 6c347b58d6..6e2b8d944d 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -10,8 +10,6 @@
 #include "dso_local.h"
 #include "internal/refcount.h"
 
-DEFINE_STACK_OF(void)
-
 static DSO_METHOD *default_DSO_meth = NULL;
 
 static DSO *DSO_new_method(DSO_METHOD *meth)
diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c
index 1472140e92..7248fc2878 100644
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@@ -69,8 +69,6 @@ static void *win32_globallookup(const char *name);
 
 static const char *openssl_strnchr(const char *string, int c, size_t len);
 
-DEFINE_STACK_OF(void)
-
 static DSO_METHOD dso_meth_win32 = {
     "OpenSSL 'win32' shared library method",
     win32_load,
diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c
index 64ea4e2c3f..dfc7cccab1 100644
--- a/crypto/encode_decode/decoder_pkey.c
+++ b/crypto/encode_decode/decoder_pkey.c
@@ -187,8 +187,6 @@ static void decoder_clean_EVP_PKEY_construct_arg(void *construct_data)
     }
 }
 
-DEFINE_STACK_OF_CSTRING()
-
 struct collected_data_st {
     struct decoder_EVP_PKEY_data_st *process_data;
     STACK_OF(OPENSSL_CSTRING) *names;
diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c
index 76b8386e0c..7c63a76adb 100644
--- a/crypto/encode_decode/encoder_pkey.c
+++ b/crypto/encode_decode/encoder_pkey.c
@@ -18,8 +18,6 @@
 #include "crypto/evp.h"
 #include "encoder_local.h"
 
-DEFINE_STACK_OF_CSTRING()
-
 int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
                                 const char *cipher_name,
                                 const char *propquery)
diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
index dcc30b6c62..0fb576c847 100644
--- a/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
@@ -14,8 +14,6 @@
 #include <openssl/conf.h>
 #include <openssl/trace.h>
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 /* ENGINE config module */
 
 static const char *skip_dot(const char *name)
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 73d7b14ae6..01935578c2 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -20,8 +20,6 @@
  * prototypes.
  */
 
-DEFINE_STACK_OF_STRING()
-
 /* Our ENGINE handlers */
 static int dynamic_init(ENGINE *e);
 static int dynamic_finish(ENGINE *e);
diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c
index ad0d6f332c..325acddb95 100644
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@@ -14,11 +14,6 @@
 #include "crypto/ess.h"
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(X509)
-
 static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
 static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
                                                X509 *cert, int issuer_needed);
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 455b258a9a..b6f33795a1 100644
--- a/crypto/evp/evp_cnf.c
+++ b/crypto/evp/evp_cnf.c
@@ -16,8 +16,6 @@
 #include <openssl/trace.h>
 #include "crypto/evp.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 /* Algorithm configuration module. */
 
 static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index cb72048f86..8fe702787d 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -38,7 +38,6 @@
 #include "internal/evp.h"
 #include "internal/provider.h"
 #include "evp_local.h"
-DEFINE_STACK_OF(X509_ATTRIBUTE)
 
 #include "crypto/ec.h"
 
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 80a136164a..c1467a51dc 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -10,8 +10,6 @@
 #include "crypto/cryptlib.h"
 #include "internal/thread_once.h"
 
-DEFINE_STACK_OF(void)
-
 int do_ex_data_init(OPENSSL_CTX *ctx)
 {
     OSSL_EX_DATA_GLOBAL *global = openssl_ctx_get_ex_data_global(ctx);
@@ -447,7 +445,11 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
             return 0;
         }
     }
-    sk_void_set(ad->sk, idx, val);
+    if (sk_void_set(ad->sk, idx, val) != val) {
+        /* Probably the index is out of bounds */
+        CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
     return 1;
 }
 
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 5a78d67ca4..1a68228548 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -25,8 +25,6 @@
 
 #include "http_local.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 #define HTTP_PREFIX "HTTP/"
 #define HTTP_VERSION_PATT "1." /* allow 1.x */
 #define HTTP_VERSION_STR_LEN 3
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index f45bf1d6dc..33d77af426 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -18,10 +18,6 @@
 #include <openssl/ocsp.h>
 #include "ocsp_local.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(OCSP_ONEREQ)
-DEFINE_STACK_OF(OCSP_SINGLERESP)
-
 /*
  * Utility functions related to sending OCSP requests and extracting relevant
  * information from the response.
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 77e67840b8..c2b61bd4f2 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -16,9 +16,6 @@
 #include <openssl/rand.h>
 #include <openssl/x509v3.h>
 
-DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
-
 /* Standard wrapper functions for extensions */
 
 /* OCSP request extensions */
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index c782a8e531..654ddbc7ff 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -14,10 +14,6 @@
 #include "internal/cryptlib.h"
 #include <openssl/pem.h>
 
-DEFINE_STACK_OF(OCSP_ONEREQ)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(OCSP_SINGLERESP)
-
 static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
 {
     BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index d20a714855..ee0e8a612c 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -16,10 +16,6 @@
 #include <openssl/ocsp.h>
 #include "ocsp_local.h"
 
-DEFINE_STACK_OF(OCSP_ONEREQ)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(OCSP_SINGLERESP)
-
 /*
  * Utility functions related to sending OCSP responses and extracting
  * relevant information from the request.
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index cf7602616f..3138716a0a 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -12,10 +12,6 @@
 #include <openssl/err.h>
 #include <string.h>
 
-DEFINE_STACK_OF(OCSP_ONEREQ)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(OCSP_SINGLERESP)
-
 static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                             STACK_OF(X509) *certs, unsigned long flags);
 static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c
index 1501321948..2f2684b9a4 100644
--- a/crypto/ocsp/v3_ocsp.c
+++ b/crypto/ocsp/v3_ocsp.c
@@ -16,8 +16,6 @@
 # include <openssl/x509v3.h>
 # include "../x509/ext_dat.h"
 
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
-
 /*
  * OCSP extensions and a couple of CRL entry extensions
  */
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index a3981c9dda..ef023205c0 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -23,8 +23,6 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 
-DEFINE_STACK_OF(X509_INFO)
-
 #ifndef OPENSSL_NO_STDIO
 STACK_OF(X509_INFO)
 *PEM_X509_INFO_read_with_libctx(FILE *fp, STACK_OF(X509_INFO) *sk,
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index 699f1b7d61..88571fd165 100644
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@@ -12,10 +12,6 @@
 #include <openssl/pkcs12.h>
 #include "p12_local.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(PKCS7)
-DEFINE_STACK_OF(PKCS12_SAFEBAG)
-
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
                           PKCS12_SAFEBAG *bag);
 
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index 5413aecb1c..126a6ce94b 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -12,10 +12,6 @@
 #include <openssl/pkcs12.h>
 #include "crypto/x509.h" /* for X509_add_cert_new() */
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(PKCS7)
-DEFINE_STACK_OF(PKCS12_SAFEBAG)
-
 /* Simplified PKCS#12 routines */
 
 static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index a83d745bd5..ee35c45abb 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -15,9 +15,6 @@
 #include <openssl/pkcs12.h>
 #include "p12_local.h"
 
-DEFINE_STACK_OF(PKCS7)
-DEFINE_STACK_OF(PKCS12_SAFEBAG)
-
 /* PKCS#12 password change routine */
 
 static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
index 926a02a32e..7df05c8084 100644
--- a/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
@@ -17,8 +17,6 @@
 #include <openssl/x509.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(X509_ALGOR)
-
 int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
                               STACK_OF(X509_ALGOR) *cap)
 {
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index c48c629398..bc9bfd8589 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -16,11 +16,6 @@
 #include <openssl/err.h>
 #include "pk7_local.h"
 
-DEFINE_STACK_OF(X509_ALGOR)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-DEFINE_STACK_OF(PKCS7_RECIP_INFO)
-DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
-
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
                          void *value);
 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index d891ca22e8..8f92424ad7 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -16,12 +16,6 @@
 #include "crypto/x509.h" /* for sk_X509_add1_cert() */
 #include "pk7_local.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509_ALGOR)
-DEFINE_STACK_OF(PKCS7_RECIP_INFO)
-DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
-
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 {
     int nid;
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index 1dfdd69e51..3347544bb8 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -17,10 +17,6 @@
 
 #define BUFFERSIZE 4096
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-DEFINE_STACK_OF(X509_ALGOR)
-DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
 
 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 
diff --git a/crypto/property/property.c b/crypto/property/property.c
index 608a909d49..c2238ac63d 100644
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -316,7 +316,7 @@ int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid,
 
         if (impl->method.method == method) {
             impl_free(impl);
-            sk_IMPLEMENTATION_delete(alg->impls, i);
+            (void)sk_IMPLEMENTATION_delete(alg->impls, i);
             ossl_property_unlock(store);
             return 1;
         }
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
index 5007a726d2..a8fd7b278a 100644
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -15,7 +15,6 @@
 #include "internal/provider.h"
 
 DEFINE_STACK_OF(OSSL_PROVIDER)
-DEFINE_STACK_OF(CONF_VALUE)
 
 /* PROVIDER config module */
 
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index f0ed6da6f6..6c50d06457 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -25,10 +25,6 @@
 # define SRP_RANDOM_SALT_LEN 20
 # define MAX_LEN 2500
 
-DEFINE_STACK_OF(SRP_user_pwd)
-DEFINE_STACK_OF(SRP_gN_cache)
-DEFINE_STACK_OF(SRP_gN)
-
 /*
  * Note that SRP uses its own variant of base 64 encoding. A different base64
  * alphabet is used and no padding '=' characters are added. Instead we pad to
diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c
index 47dd21acb9..0c78e94ec4 100644
--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@@ -59,8 +59,6 @@
  * reference.
  */
 
-DEFINE_STACK_OF(X509)
-
 struct extracted_param_data_st {
     int object_type;
     const char *data_type;
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index 71664fa091..5418bc8bbf 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -18,10 +18,6 @@
 #include <openssl/engine.h>
 #include <openssl/ts.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_INFO)
-DEFINE_STACK_OF(CONF_VALUE)
-
 /* Macro definitions for the configuration file. */
 #define BASE_SECTION                    "tsa"
 #define ENV_DEFAULT_TSA                 "default_tsa"
diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c
index 2d14ed1145..e4b3eee48f 100644
--- a/crypto/ts/ts_req_utils.c
+++ b/crypto/ts/ts_req_utils.c
@@ -14,8 +14,6 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
-DEFINE_STACK_OF(X509_EXTENSION)
-
 int TS_REQ_set_version(TS_REQ *a, long version)
 {
     return ASN1_INTEGER_set(a->version, version);
diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c
index b5374e0fc1..ca2d8a6dc1 100644
--- a/crypto/ts/ts_rsp_print.c
+++ b/crypto/ts/ts_rsp_print.c
@@ -15,9 +15,6 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(CONF_VALUE)
-
 struct status_map_st {
     int bit;
     const char *text;
diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c
index 33f2b511e8..0e139be5b9 100644
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@@ -17,10 +17,6 @@
 #include "ts_local.h"
 #include "crypto/ess.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(ASN1_OBJECT)
 DEFINE_STACK_OF_CONST(EVP_MD)
 
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c
index 86e1a9d49d..92dcb5bff7 100644
--- a/crypto/ts/ts_rsp_utils.c
+++ b/crypto/ts/ts_rsp_utils.c
@@ -14,8 +14,6 @@
 #include <openssl/pkcs7.h>
 #include "ts_local.h"
 
-DEFINE_STACK_OF(X509_EXTENSION)
-
 int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
 {
     TS_STATUS_INFO *new_status_info;
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index c909b211d4..69ce5dc806 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -15,13 +15,6 @@
 #include "ts_local.h"
 #include "crypto/ess.h"
 
-DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(ESS_CERT_ID)
-DEFINE_STACK_OF(ESS_CERT_ID_V2)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(GENERAL_NAME)
-
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);
 static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 2c95fd1f14..776d5cf43e 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -12,8 +12,6 @@
 #include <openssl/ts.h>
 #include "ts_local.h"
 
-DEFINE_STACK_OF(X509)
-
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 {
     TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 8c6dc6dd89..017afb7c07 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@@ -15,8 +15,6 @@
 #include <openssl/err.h>
 #include "ui_local.h"
 
-DEFINE_STACK_OF(UI_STRING)
-
 UI *UI_new(void)
 {
     return UI_new_method(NULL);
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index ff6e4cf03c..da04daf902 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -22,8 +22,6 @@
 #include "crypto/x509.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(X509_OBJECT)
-
 struct lookup_dir_hashes_st {
     unsigned long hash;
     int suffix;
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index d5e6dde4f8..a4ec328312 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -17,8 +17,6 @@
 #include <openssl/pem.h>
 #include "x509_local.h"
 
-DEFINE_STACK_OF(X509_INFO)
-
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                         long argl, char **ret);
 static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c
index debb76150d..7822da8cd5 100644
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -12,8 +12,6 @@
 #include "crypto/x509.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF_STRING()
-
 /* Generic object loader, given expected type and criterion */
 static int cache_objects(X509_LOOKUP *lctx, const char *uri,
                          const OSSL_STORE_SEARCH *criterion,
diff --git a/crypto/x509/pcy_cache.c b/crypto/x509/pcy_cache.c
index 61423bf2c2..608ccfeb1c 100644
--- a/crypto/x509/pcy_cache.c
+++ b/crypto/x509/pcy_cache.c
@@ -14,8 +14,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(POLICYINFO)
-
 static int policy_data_cmp(const X509_POLICY_DATA *const *a,
                            const X509_POLICY_DATA *const *b);
 static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
diff --git a/crypto/x509/pcy_data.c b/crypto/x509/pcy_data.c
index 6b509cf457..9499f94dff 100644
--- a/crypto/x509/pcy_data.c
+++ b/crypto/x509/pcy_data.c
@@ -13,9 +13,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(POLICYQUALINFO)
-
 /* Policy Node routines */
 
 void policy_data_free(X509_POLICY_DATA *data)
diff --git a/crypto/x509/pcy_lib.c b/crypto/x509/pcy_lib.c
index 23baa2db1b..c4740a0a30 100644
--- a/crypto/x509/pcy_lib.c
+++ b/crypto/x509/pcy_lib.c
@@ -13,8 +13,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(X509_POLICY_NODE)
-
 /* accessor functions */
 
 /* X509_POLICY_TREE stuff */
diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
index 0dec624525..a1210ef37f 100644
--- a/crypto/x509/pcy_map.c
+++ b/crypto/x509/pcy_map.c
@@ -14,9 +14,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(POLICY_MAPPING)
-DEFINE_STACK_OF(ASN1_OBJECT)
-
 /*
  * Set policy mapping entries in cache. Note: this modifies the passed
  * POLICY_MAPPINGS structure
diff --git a/crypto/x509/pcy_node.c b/crypto/x509/pcy_node.c
index baa4fa8d32..d2b43814bd 100644
--- a/crypto/x509/pcy_node.c
+++ b/crypto/x509/pcy_node.c
@@ -14,9 +14,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(X509_POLICY_NODE)
-DEFINE_STACK_OF(ASN1_OBJECT)
-
 static int node_cmp(const X509_POLICY_NODE *const *a,
                     const X509_POLICY_NODE *const *b)
 {
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
index 30879197f8..3ee30745d2 100644
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -14,10 +14,6 @@
 
 #include "pcy_local.h"
 
-DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_POLICY_NODE)
-
 static void expected_print(BIO *channel,
                            X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
                            int indent)
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index 0824bb6def..44be2f237b 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -15,8 +15,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-DEFINE_STACK_OF(X509_REVOKED)
-
 #ifndef OPENSSL_NO_STDIO
 int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 {
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index e1ee12de95..abcca0a8f5 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -17,8 +17,6 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 
-DEFINE_STACK_OF(X509_EXTENSION)
-
 #ifndef OPENSSL_NO_STDIO
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
 {
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index f0240f12c3..2d0ccd8a68 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -17,9 +17,6 @@
 #include "crypto/asn1.h"
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(ASN1_OBJECT)
-
 #ifndef OPENSSL_NO_STDIO
 int X509_print_fp(FILE *fp, X509 *x)
 {
diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c
index d965d74553..7d4e99be5a 100644
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@@ -26,11 +26,6 @@
 
 #ifndef OPENSSL_NO_RFC3779
 
-DEFINE_STACK_OF(IPAddressOrRange)
-DEFINE_STACK_OF(IPAddressFamily)
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)
-
 /*
  * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
  */
@@ -1262,7 +1257,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx,
                     || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
                                      fc->ipAddressChoice->u.addressesOrRanges,
                                      length_from_afi(X509v3_addr_get_afi(fc))))
-                    sk_IPAddressFamily_set(child, j, fp);
+                    (void)sk_IPAddressFamily_set(child, j, fp);
                 else
                     validation_err(X509_V_ERR_UNNESTED_RESOURCE);
             }
diff --git a/crypto/x509/v3_admis.c b/crypto/x509/v3_admis.c
index 2fbb11bdaf..0dfd088eb4 100644
--- a/crypto/x509/v3_admis.c
+++ b/crypto/x509/v3_admis.c
@@ -20,11 +20,6 @@
 #include "v3_admis.h"
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(ADMISSIONS)
-DEFINE_STACK_OF(PROFESSION_INFO)
-DEFINE_STACK_OF(ASN1_STRING)
-DEFINE_STACK_OF(ASN1_OBJECT)
-
 ASN1_SEQUENCE(NAMING_AUTHORITY) = {
     ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT),
     ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING),
diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c
index 65019a5a12..a3061c9a8f 100644
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@@ -15,9 +15,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
-
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                                                  AUTHORITY_KEYID *akeyid,
                                                  STACK_OF(CONF_VALUE)
diff --git a/crypto/x509/v3_alt.c b/crypto/x509/v3_alt.c
index dd45546f6c..caa2f23220 100644
--- a/crypto/x509/v3_alt.c
+++ b/crypto/x509/v3_alt.c
@@ -14,9 +14,6 @@
 #include <openssl/bio.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
-
 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx,
                                       STACK_OF(CONF_VALUE) *nval);
diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c
index 0fc7641386..93b345a0b8 100644
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@@ -56,10 +56,6 @@ IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
 IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
 IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
 
-DEFINE_STACK_OF(ASIdOrRange)
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)
-
 /*
  * i2r method for an ASIdentifierChoice.
  */
diff --git a/crypto/x509/v3_bcons.c b/crypto/x509/v3_bcons.c
index 01d38473a3..7a06a9d0ff 100644
--- a/crypto/x509/v3_bcons.c
+++ b/crypto/x509/v3_bcons.c
@@ -16,8 +16,6 @@
 #include "ext_dat.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
                                                    BASIC_CONSTRAINTS *bcons,
                                                    STACK_OF(CONF_VALUE)
diff --git a/crypto/x509/v3_bitst.c b/crypto/x509/v3_bitst.c
index 02d40863a6..21511603c2 100644
--- a/crypto/x509/v3_bitst.c
+++ b/crypto/x509/v3_bitst.c
@@ -13,8 +13,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
     {0, "SSL Client", "client"},
     {1, "SSL Server", "server"},
diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c
index 88e29f9cc4..918e96e709 100644
--- a/crypto/x509/v3_conf.c
+++ b/crypto/x509/v3_conf.c
@@ -17,9 +17,6 @@
 #include "crypto/x509.h"
 #include <openssl/x509v3.h>
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509_EXTENSION)
-
 static int v3_check_critical(const char **value);
 static int v3_check_generic(const char **value);
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index 6b507f40d7..9a227e4058 100644
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -18,11 +18,6 @@
 #include "pcy_local.h"
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(POLICYINFO)
-DEFINE_STACK_OF(POLICYQUALINFO)
-DEFINE_STACK_OF(ASN1_INTEGER)
-
 /* Certificate policies extension support: this one is a bit complex... */
 
 static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c
index 8b4e100714..81ea31b16f 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@@ -18,11 +18,6 @@
 #include "ext_dat.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(DIST_POINT)
-DEFINE_STACK_OF(X509_NAME_ENTRY)
-
 static void *v2i_crld(const X509V3_EXT_METHOD *method,
                       X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.c
index 7769bc9931..b9a1447b82 100644
--- a/crypto/x509/v3_extku.c
+++ b/crypto/x509/v3_extku.c
@@ -14,9 +14,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(CONF_VALUE)
-
 static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
                                     X509V3_CTX *ctx,
                                     STACK_OF(CONF_VALUE) *nval);
diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c
index 489daa7199..3711b51e18 100644
--- a/crypto/x509/v3_info.c
+++ b/crypto/x509/v3_info.c
@@ -15,9 +15,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
-DEFINE_STACK_OF(CONF_VALUE)
-
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
                                                        *method, AUTHORITY_INFO_ACCESS
                                                        *ainfo, STACK_OF(CONF_VALUE)
diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c
index ceb127f637..6db4f19913 100644
--- a/crypto/x509/v3_ist.c
+++ b/crypto/x509/v3_ist.c
@@ -15,8 +15,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 /*
  * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
  * This extention is required to obtain the status of a qualified certificate at Russian Federation.
diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c
index b1e32bb419..1069a9f24a 100644
--- a/crypto/x509/v3_lib.c
+++ b/crypto/x509/v3_lib.c
@@ -16,9 +16,6 @@
 
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(X509V3_EXT_METHOD)
-DEFINE_STACK_OF(X509_EXTENSION)
-
 static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
 
 static int ext_cmp(const X509V3_EXT_METHOD *const *a,
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index 8da9cca24d..6af8edecdb 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -20,10 +20,6 @@
 #include "crypto/punycode.h"
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(GENERAL_SUBTREE)
-
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                   X509V3_CTX *ctx,
                                   STACK_OF(CONF_VALUE) *nval);
diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c
index 714733684b..febb07f7d4 100644
--- a/crypto/x509/v3_pci.c
+++ b/crypto/x509/v3_pci.c
@@ -49,8 +49,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
                    BIO *out, int indent);
 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
diff --git a/crypto/x509/v3_pcons.c b/crypto/x509/v3_pcons.c
index 88a9497504..e61a14e254 100644
--- a/crypto/x509/v3_pcons.c
+++ b/crypto/x509/v3_pcons.c
@@ -15,8 +15,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
                                                     *method, void *bcons, STACK_OF(CONF_VALUE)
                                                     *extlist);
diff --git a/crypto/x509/v3_pmaps.c b/crypto/x509/v3_pmaps.c
index 23aefb196c..a2b95c48e4 100644
--- a/crypto/x509/v3_pmaps.c
+++ b/crypto/x509/v3_pmaps.c
@@ -14,9 +14,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(POLICY_MAPPING)
-DEFINE_STACK_OF(CONF_VALUE)
-
 static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c
index 4b2ad2685b..1e4516a713 100644
--- a/crypto/x509/v3_prn.c
+++ b/crypto/x509/v3_prn.c
@@ -14,9 +14,6 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509_EXTENSION)
-
 /* Extension printing routines */
 
 static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c
index 2d4098b629..92f3bbe3b0 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.c
@@ -16,11 +16,6 @@
 #include "internal/tsan_assist.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(DIST_POINT)
-DEFINE_STACK_OF(X509_PURPOSE)
-DEFINE_STACK_OF(ASN1_OBJECT)
-
 static int check_ssl_ca(const X509 *x);
 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
                                     int ca);
diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c
index d90073754e..b7623b1051 100644
--- a/crypto/x509/v3_sxnet.c
+++ b/crypto/x509/v3_sxnet.c
@@ -15,9 +15,6 @@
 #include <openssl/x509v3.h>
 #include "ext_dat.h"
 
-DEFINE_STACK_OF(SXNETID)
-DEFINE_STACK_OF(CONF_VALUE)
-
 /* Support for Thawte strong extranet extension */
 
 #define SXNET_TEST
diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c
index 81ce333a34..bc0a463dec 100644
--- a/crypto/x509/v3_tlsf.c
+++ b/crypto/x509/v3_tlsf.c
@@ -16,9 +16,6 @@
 #include "ext_dat.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(ASN1_INTEGER)
-DEFINE_STACK_OF(CONF_VALUE)
-
 static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
                                              TLS_FEATURE *tls_feature,
                                              STACK_OF(CONF_VALUE) *ext_list);
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index e31be45e03..001c5f2296 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -21,12 +21,6 @@
 #include "ext_dat.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(ACCESS_DESCRIPTION)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF_STRING()
-
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char *const *a, const char *const *b);
 static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name,
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index ce003615ec..d93d757aef 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -17,9 +17,6 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-DEFINE_STACK_OF(ASN1_TYPE)
-
 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
     return sk_X509_ATTRIBUTE_num(x);
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 32e15682b1..e74c842fdc 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -16,8 +16,6 @@
 #include <openssl/core_names.h>
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(X509)
-
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
     int i;
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index f37e09dcdf..de81fad513 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -15,11 +15,6 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
-DEFINE_STACK_OF(X509_LOOKUP)
-DEFINE_STACK_OF(X509_OBJECT)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509)
-
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 {
     X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index 7bed79a2d5..0acfaa3589 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -15,8 +15,6 @@
 #include "crypto/x509.h"
 #include "crypto/ctype.h"
 
-DEFINE_STACK_OF(X509_NAME_ENTRY)
-
 /*
  * Limit to ensure we don't overflow: much greater than
  * anything encountered in practice.
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index a284bf72ca..a03ba24926 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -17,8 +17,6 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-
 X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 {
     X509 *ret = NULL;
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index ebd45b68b0..10718c347d 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -12,9 +12,6 @@
 #include <openssl/x509v3.h>
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(X509_TRUST)
-DEFINE_STACK_OF(ASN1_OBJECT)
-
 static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
 static void trtable_free(X509_TRUST *p);
 
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index f059667263..96ba940aa4 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -17,8 +17,6 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
-DEFINE_STACK_OF(X509_EXTENSION)
-
 int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
 {
     if (x == NULL)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4a067e5ff4..5520f08e28 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -25,14 +25,6 @@
 #include "crypto/x509.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(X509_REVOKED)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(DIST_POINT)
-DEFINE_STACK_OF_STRING()
-
 /* CRL score values */
 
 /* No unhandled critical extensions */
@@ -1691,7 +1683,7 @@ static int check_policy(X509_STORE_CTX *ctx)
     ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
                             ctx->param->policies, ctx->param->flags);
     if (ctx->bare_ta_signed)
-        sk_X509_pop(ctx->chain);
+        (void)sk_X509_pop(ctx->chain);
 
     if (ret == X509_PCY_TREE_INTERNAL) {
         X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index f87dfd0726..a429d5a5ae 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -18,10 +18,6 @@
 
 #include "x509_local.h"
 
-DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(X509_VERIFY_PARAM)
-DEFINE_STACK_OF_STRING()
-
 /* X509_VERIFY_PARAM functions */
 
 #define SET_HOST 0
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index d5b3778035..22143da65e 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -16,8 +16,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(X509_REVOKED)
-
 int X509_CRL_set_version(X509_CRL *x, long version)
 {
     if (x == NULL)
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 7e2704fb68..b00e5f5b38 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -16,8 +16,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(X509_NAME_ENTRY)
-
 int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
                               char *buf, int len)
 {
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index fca6df5067..5c5e608173 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -14,8 +14,6 @@
 #include <openssl/x509.h>
 #include "x509_local.h"
 
-DEFINE_STACK_OF(ASN1_TYPE)
-
 /*-
  * X509_ATTRIBUTE: this has the following form:
  *
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index 44f374aed3..c915615acb 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -15,11 +15,6 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"
 
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(GENERAL_NAMES)
-DEFINE_STACK_OF(X509_REVOKED)
-DEFINE_STACK_OF(X509_EXTENSION)
-
 static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
                             const X509_REVOKED *const *b);
 static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 2db9aa34ca..a85b10f1cf 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -16,9 +16,6 @@
 #include "crypto/asn1.h"
 #include "x509_local.h"
 
-DEFINE_STACK_OF(X509_NAME_ENTRY)
-DEFINE_STACK_OF(ASN1_VALUE)
-
 /*
  * Maximum length of X509_NAME: much larger than anything we should
  * ever see in practice.
@@ -189,7 +186,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
             entry->set = i;
             if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
                 goto err;
-            sk_X509_NAME_ENTRY_set(entries, j, NULL);
+            (void)sk_X509_NAME_ENTRY_set(entries, j, NULL);
         }
     }
     ret = x509_name_canon(nm.x);
diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c
index 10b82df559..21215b4778 100644
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@@ -13,8 +13,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-
 /*-
  * X509_REQ_INFO is handled in an unusual way to get round
  * invalid encodings. Some broken certificate requests don't
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index 5ee284666c..315787a5aa 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -15,10 +15,6 @@
 #include <openssl/x509v3.h>
 #include "crypto/x509.h"
 
-#ifndef OPENSSL_NO_RFC3779
-DEFINE_STACK_OF(IPAddressFamily)
-#endif
-
 ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
         ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
         ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER),
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c
index f0dc9d6535..ef93db26d8 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.c
@@ -14,8 +14,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"
 
-DEFINE_STACK_OF(ASN1_OBJECT)
-
 /*
  * X509_CERT_AUX routines. These are used to encode additional user
  * modifiable data about a certificate. This data is appended to the X509
diff --git a/engines/e_capi.c b/engines/e_capi.c
index cff57d69e8..8e5693d25e 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -34,9 +34,6 @@
 #  include <openssl/rsa.h>
 #  include <openssl/dsa.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-
 /*
  * This module uses several "new" interfaces, among which is
  * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
diff --git a/engines/e_loader_attic.c b/engines/e_loader_attic.c
index 581bfb0285..be01c55718 100644
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@@ -37,7 +37,6 @@
 
 #include "e_loader_attic_err.c"
 
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OSSL_STORE_INFO)
 
 #ifdef _WIN32
diff --git a/fuzz/client.c b/fuzz/client.c
index 01bd70a49f..2c2cd90fb8 100644
--- a/fuzz/client.c
+++ b/fuzz/client.c
@@ -20,8 +20,6 @@
 
 #include "rand.inc"
 
-DEFINE_STACK_OF(SSL_COMP)
-
 /* unused, to avoid warning. */
 static int idx;
 
diff --git a/fuzz/cmp.c b/fuzz/cmp.c
index 44a0c1adeb..a0dc20c619 100644
--- a/fuzz/cmp.c
+++ b/fuzz/cmp.c
@@ -18,8 +18,6 @@
 #include "fuzzer.h"
 #include "rand.inc"
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 int FuzzerInitialize(int *argc, char ***argv)
 {
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
diff --git a/fuzz/server.c b/fuzz/server.c
index f00029b0a9..8123c90994 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -24,8 +24,6 @@
 
 #include "rand.inc"
 
-DEFINE_STACK_OF(SSL_COMP)
-
 static const uint8_t kCertificateDER[] = {
     0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
     0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h.in
similarity index 98%
rename from include/openssl/asn1.h
rename to include/openssl/asn1.h.in
index b47e8e823e..c4d6f068ae 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_ASN1_H
 # define OPENSSL_ASN1_H
 # pragma once
@@ -121,7 +127,10 @@ extern "C" {
 # define SMIME_STREAM            0x1000
 
 /* Stacks for types not otherwise defined in this header */
-DEFINE_OR_DECLARE_STACK_OF(X509_ALGOR)
+{-
+    generate_stack_macros("X509_ALGOR");
+-}
+
 
 # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
 /*
@@ -196,7 +205,9 @@ struct asn1_string_table_st {
     unsigned long flags;
 };
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_STRING_TABLE)
+{-
+    generate_stack_macros("ASN1_STRING_TABLE");
+-}
 
 /* size limits: this stuff is taken straight from RFC2459 */
 
@@ -452,7 +463,9 @@ struct asn1_type_st {
     } value;
 };
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_TYPE)
+{-
+    generate_stack_macros("ASN1_TYPE");
+-}
 
 typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
 
@@ -506,7 +519,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
 ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
 void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_OBJECT)
+{-
+    generate_stack_macros("ASN1_OBJECT");
+-}
 
 DECLARE_ASN1_FUNCTIONS(ASN1_OBJECT)
 
@@ -542,7 +557,10 @@ int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
 int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
                             BIT_STRING_BITNAME *tbl);
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_INTEGER)
+{-
+    generate_stack_macros("ASN1_INTEGER");
+-}
+
 
 DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
@@ -577,7 +595,9 @@ int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
 int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
                           int len);
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_UTF8STRING)
+{-
+    generate_stack_macros("ASN1_UTF8STRING");
+-}
 
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
@@ -588,7 +608,9 @@ DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
 int UTF8_putc(unsigned char *str, int len, unsigned long value);
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_GENERALSTRING)
+{-
+    generate_stack_macros("ASN1_GENERALSTRING");
+-}
 
 DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
 
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h.in
similarity index 99%
rename from include/openssl/asn1t.h
rename to include/openssl/asn1t.h.in
index 286db9e2eb..1eebd1f85a 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_ASN1T_H
 # define OPENSSL_ASN1T_H
 # pragma once
@@ -880,7 +886,10 @@ DECLARE_ASN1_ITEM(LONG)
 DECLARE_ASN1_ITEM(ZLONG)
 # endif
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_VALUE)
+{-
+    generate_stack_macros("ASN1_VALUE");
+-}
+
 
 /* Functions used internally by the ASN1 code */
 
diff --git a/include/openssl/bio.h b/include/openssl/bio.h.in
similarity index 99%
rename from include/openssl/bio.h
rename to include/openssl/bio.h.in
index 88e57e70a8..d7380d47e9 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -6,6 +8,9 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
 
 #ifndef OPENSSL_BIO_H
 # define OPENSSL_BIO_H
@@ -287,7 +292,10 @@ int BIO_method_type(const BIO *b);
 typedef int BIO_info_cb(BIO *, int, int);
 typedef BIO_info_cb bio_info_cb;  /* backward compatibility */
 
-DEFINE_OR_DECLARE_STACK_OF(BIO)
+{-
+    generate_stack_macros("BIO");
+-}
+
 
 /* Prefix and suffix callback in ASN1 BIO */
 typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h.in
similarity index 98%
rename from include/openssl/cmp.h
rename to include/openssl/cmp.h.in
index 9fc281a705..0df3777e3c 100644
--- a/include/openssl/cmp.h
+++ b/include/openssl/cmp.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
@@ -9,6 +11,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_CMP_H
 # define OPENSSL_CMP_H
 
@@ -210,21 +216,31 @@ typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
 DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
 typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTSTATUS)
+{-
+    generate_stack_macros("OSSL_CMP_CERTSTATUS");
+-}
 typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_ITAV)
+{-
+    generate_stack_macros("OSSL_CMP_ITAV");
+-}
 typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
 typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_PKISI)
+{-
+    generate_stack_macros("OSSL_CMP_PKISI");
+-}
 typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTREPMESSAGE)
+{-
+    generate_stack_macros("OSSL_CMP_CERTREPMESSAGE");
+-}
 typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
 typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
 typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTRESPONSE)
+{-
+    generate_stack_macros("OSSL_CMP_CERTRESPONSE");
+-}
 typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
 
 /*
diff --git a/include/openssl/cms.h b/include/openssl/cms.h.in
similarity index 98%
rename from include/openssl/cms.h
rename to include/openssl/cms.h.in
index ad6718dd6f..f89cbf96e7 100644
--- a/include/openssl/cms.h
+++ b/include/openssl/cms.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_CMS_H
 # define OPENSSL_CMS_H
 # pragma once
@@ -36,10 +42,12 @@ typedef struct CMS_Receipt_st CMS_Receipt;
 typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
 typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
 
-DEFINE_OR_DECLARE_STACK_OF(CMS_SignerInfo)
-DEFINE_OR_DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
-DEFINE_OR_DECLARE_STACK_OF(CMS_RecipientInfo)
-DEFINE_OR_DECLARE_STACK_OF(CMS_RevocationInfoChoice)
+{-
+    generate_stack_macros("CMS_SignerInfo")
+    .generate_stack_macros("CMS_RecipientEncryptedKey")
+    .generate_stack_macros("CMS_RecipientInfo")
+    .generate_stack_macros("CMS_RevocationInfoChoice");
+-}
 
 DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
diff --git a/include/openssl/conf.h b/include/openssl/conf.h.in
similarity index 97%
rename from include/openssl/conf.h
rename to include/openssl/conf.h.in
index 24cdcbb1cf..2f1fceb2fb 100644
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef  OPENSSL_CONF_H
 # define OPENSSL_CONF_H
 # pragma once
@@ -33,7 +39,9 @@ typedef struct {
     char *value;
 } CONF_VALUE;
 
-DEFINE_OR_DECLARE_STACK_OF(CONF_VALUE)
+{-
+    generate_stack_macros("CONF_VALUE");
+-}
 
 DEFINE_LHASH_OF(CONF_VALUE);
 
diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h.in
similarity index 97%
rename from include/openssl/crmf.h
rename to include/openssl/crmf.h.in
index 022f0bb9d2..bc81bf591a 100644
--- a/include/openssl/crmf.h
+++ b/include/openssl/crmf.h.in
@@ -1,4 +1,6 @@
 /*-
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
@@ -11,6 +13,10 @@
  * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_CRMF_H
 # define OPENSSL_CRMF_H
 
@@ -44,7 +50,9 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
 typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_MSG)
+{-
+    generate_stack_macros("OSSL_CRMF_MSG");
+-}
 typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
 typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
@@ -53,7 +61,9 @@ typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
 typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
 DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
-DEFINE_OR_DECLARE_STACK_OF(OSSL_CRMF_CERTID)
+{-
+    generate_stack_macros("OSSL_CRMF_CERTID");
+-}
 
 typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
 DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h.in
similarity index 99%
rename from include/openssl/crypto.h
rename to include/openssl/crypto.h.in
index a7c2863b54..51f1977274 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
@@ -8,6 +10,11 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
+
 #ifndef OPENSSL_CRYPTO_H
 # define OPENSSL_CRYPTO_H
 # pragma once
@@ -170,7 +177,10 @@ struct crypto_ex_data_st {
     STACK_OF(void) *sk;
 };
 
-DEFINE_OR_DECLARE_STACK_OF(void)
+{-
+    generate_stack_macros("void");
+-}
+
 
 /*
  * Per class, we have a STACK of function pointers.
diff --git a/include/openssl/ct.h b/include/openssl/ct.h.in
similarity index 99%
rename from include/openssl/ct.h
rename to include/openssl/ct.h.in
index a69c986f06..e72fe4b6b7 100644
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_CT_H
 # define OPENSSL_CT_H
 # pragma once
@@ -34,8 +40,11 @@ extern "C" {
 /* All hashes are SHA256 in v1 of Certificate Transparency */
 # define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
 
-DEFINE_OR_DECLARE_STACK_OF(SCT)
-DEFINE_OR_DECLARE_STACK_OF(CTLOG)
+{-
+    generate_stack_macros("SCT")
+    .generate_stack_macros("CTLOG");
+-}
+
 
 typedef enum {
     CT_LOG_ENTRY_TYPE_NOT_SET = -1,
diff --git a/include/openssl/ess.h b/include/openssl/ess.h.in
similarity index 89%
rename from include/openssl/ess.h
rename to include/openssl/ess.h.in
index 17962473c1..185bdd8f8b 100644
--- a/include/openssl/ess.h
+++ b/include/openssl/ess.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_ESS_H
 # define OPENSSL_ESS_H
 
@@ -24,12 +30,18 @@ typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
 typedef struct ESS_cert_id ESS_CERT_ID;
 typedef struct ESS_signing_cert ESS_SIGNING_CERT;
 
-DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID)
+{-
+    generate_stack_macros("ESS_CERT_ID");
+-}
+
 
 typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
 typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
 
-DEFINE_OR_DECLARE_STACK_OF(ESS_CERT_ID_V2)
+{-
+    generate_stack_macros("ESS_CERT_ID_V2");
+-}
+
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(ESS_ISSUER_SERIAL)
 DECLARE_ASN1_ENCODE_FUNCTIONS_only(ESS_ISSUER_SERIAL, ESS_ISSUER_SERIAL)
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h.in
similarity index 98%
rename from include/openssl/ocsp.h
rename to include/openssl/ocsp.h.in
index 939a90877d..bf1e5a37fd 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_OCSP_H
 # define OPENSSL_OCSP_H
 # pragma once
@@ -110,8 +116,10 @@ typedef struct ocsp_req_info_st OCSP_REQINFO;
 typedef struct ocsp_signature_st OCSP_SIGNATURE;
 typedef struct ocsp_request_st OCSP_REQUEST;
 
-DEFINE_OR_DECLARE_STACK_OF(OCSP_CERTID)
-DEFINE_OR_DECLARE_STACK_OF(OCSP_ONEREQ)
+{-
+    generate_stack_macros("OCSP_CERTID")
+    .generate_stack_macros("OCSP_ONEREQ");
+-}
 
 #  define OCSP_RESPONSE_STATUS_SUCCESSFUL           0
 #  define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
@@ -125,7 +133,9 @@ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
 #  define V_OCSP_RESPID_NAME 0
 #  define V_OCSP_RESPID_KEY  1
 
-DEFINE_OR_DECLARE_STACK_OF(OCSP_RESPID)
+{-
+    generate_stack_macros("OCSP_RESPID");
+-}
 
 typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
 
@@ -136,7 +146,9 @@ typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
 typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
 typedef struct ocsp_single_response_st OCSP_SINGLERESP;
 
-DEFINE_OR_DECLARE_STACK_OF(OCSP_SINGLERESP)
+{-
+    generate_stack_macros("OCSP_SINGLERESP");
+-}
 
 typedef struct ocsp_response_data_st OCSP_RESPDATA;
 
diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h.in
similarity index 98%
rename from include/openssl/pkcs12.h
rename to include/openssl/pkcs12.h.in
index 46e95c11b6..f829dc7439 100644
--- a/include/openssl/pkcs12.h
+++ b/include/openssl/pkcs12.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_PKCS12_H
 # define OPENSSL_PKCS12_H
 # pragma once
@@ -52,7 +58,9 @@ typedef struct PKCS12_st PKCS12;
 
 typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
 
-DEFINE_OR_DECLARE_STACK_OF(PKCS12_SAFEBAG)
+{-
+    generate_stack_macros("PKCS12_SAFEBAG");
+-}
 
 typedef struct pkcs12_bag_st PKCS12_BAGS;
 
diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h.in
similarity index 98%
rename from include/openssl/pkcs7.h
rename to include/openssl/pkcs7.h.in
index f4b75cca36..93e1f9dbef 100644
--- a/include/openssl/pkcs7.h
+++ b/include/openssl/pkcs7.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_PKCS7_H
 # define OPENSSL_PKCS7_H
 # pragma once
@@ -58,7 +64,9 @@ typedef struct pkcs7_signer_info_st {
     EVP_PKEY *pkey;
     const PKCS7_CTX *ctx;
 } PKCS7_SIGNER_INFO;
-DEFINE_OR_DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
+{-
+    generate_stack_macros("PKCS7_SIGNER_INFO");
+-}
 
 typedef struct pkcs7_recip_info_st {
     ASN1_INTEGER *version;      /* version 0 */
@@ -68,7 +76,9 @@ typedef struct pkcs7_recip_info_st {
     X509 *cert;                 /* get the pub-key from this */
     const PKCS7_CTX *ctx;
 } PKCS7_RECIP_INFO;
-DEFINE_OR_DECLARE_STACK_OF(PKCS7_RECIP_INFO)
+{-
+    generate_stack_macros("PKCS7_RECIP_INFO");
+-}
 
 
 typedef struct pkcs7_signed_st {
@@ -157,7 +167,9 @@ typedef struct pkcs7_st {
     } d;
     PKCS7_CTX ctx;
 } PKCS7;
-DEFINE_OR_DECLARE_STACK_OF(PKCS7)
+{-
+    generate_stack_macros("PKCS7");
+-}
 
 
 # define PKCS7_OP_SET_DETACHED_SIGNATURE 1
diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h.in
similarity index 74%
rename from include/openssl/safestack.h
rename to include/openssl/safestack.h.in
index c94ce78cf9..aac56608ca 100644
--- a/include/openssl/safestack.h
+++ b/include/openssl/safestack.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_string_macros
+                          generate_stack_const_string_macros
+                          generate_stack_block_macros);
+-}
+
 #ifndef OPENSSL_SAFESTACK_H
 # define OPENSSL_SAFESTACK_H
 # pragma once
@@ -25,6 +33,37 @@ extern "C" {
 
 # define STACK_OF(type) struct stack_st_##type
 
+/* Helper macro for internal use */
+# define SKM_DEFINE_STACK_OF_INTERNAL(t1, t2, t3) \
+    STACK_OF(t1); \
+    typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \
+    typedef void (*sk_##t1##_freefunc)(t3 *a); \
+    typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \
+    static ossl_unused ossl_inline t2 *ossl_check_##t1##_type(t2 *ptr) \
+    { \
+        return ptr; \
+    } \
+    static ossl_unused ossl_inline const OPENSSL_STACK *ossl_check_const_##t1##_sk_type(const STACK_OF(t1) *sk) \
+    { \
+        return (const OPENSSL_STACK *)sk; \
+    } \
+    static ossl_unused ossl_inline OPENSSL_STACK *ossl_check_##t1##_sk_type(STACK_OF(t1) *sk) \
+    { \
+        return (OPENSSL_STACK *)sk; \
+    } \
+    static ossl_unused ossl_inline OPENSSL_sk_compfunc ossl_check_##t1##_compfunc_type(sk_##t1##_compfunc cmp) \
+    { \
+        return (OPENSSL_sk_compfunc)cmp; \
+    } \
+    static ossl_unused ossl_inline OPENSSL_sk_copyfunc ossl_check_##t1##_copyfunc_type(sk_##t1##_copyfunc cpy) \
+    { \
+        return (OPENSSL_sk_copyfunc)cpy; \
+    } \
+    static ossl_unused ossl_inline OPENSSL_sk_freefunc ossl_check_##t1##_freefunc_type(sk_##t1##_freefunc fr) \
+    { \
+        return (OPENSSL_sk_freefunc)fr; \
+    }
+
 # define SKM_DEFINE_STACK_OF(t1, t2, t3) \
     STACK_OF(t1); \
     typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \
@@ -155,28 +194,6 @@ extern "C" {
 typedef char *OPENSSL_STRING;
 typedef const char *OPENSSL_CSTRING;
 
-# define DEFINE_STACK_OF_STRING() \
-        DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
-# define DEFINE_STACK_OF_CSTRING() \
-        DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
-
-/*
- * If we're building OpenSSL, or we have no-deprecated configured,
- * then we don't define the inline functions (see |SKM_DEFINE_STACK_OF|,
- * above), we just declare the stack datatypes. Otherwise, for compatibility
- * and to not remove the API's, we define the functions.  We have the
- * trailing semicolon so that uses of this never need it.
- */
-#if defined(OPENSSL_BUILDING_OPENSSL) || defined(OPENSSL_NO_DEPRECATED_3_0)
-# define DEFINE_OR_DECLARE_STACK_OF(s) STACK_OF(s);
-# define DEFINE_OR_DECLARE_STACK_OF_STRING() STACK_OF(OPENSSL_STRING);
-# define DEFINE_OR_DECLARE_STACK_OF_CSTRING() STACK_OF(OPENSSL_CSTRING);
-#else
-# define DEFINE_OR_DECLARE_STACK_OF(s) DEFINE_STACK_OF(s)
-# define DEFINE_OR_DECLARE_STACK_OF_STRING() DEFINE_STACK_OF_STRING()
-# define DEFINE_OR_DECLARE_STACK_OF_CSTRING() DEFINE_STACK_OF_CSTRING()
-#endif
-
 /*-
  * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
  * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned
@@ -184,8 +201,10 @@ typedef const char *OPENSSL_CSTRING;
  * chars. So, we have to implement STRING specially for STACK_OF. This is
  * dealt with in the autogenerated macros below.
  */
-DEFINE_OR_DECLARE_STACK_OF_STRING()
-DEFINE_OR_DECLARE_STACK_OF_CSTRING()
+{-
+    generate_stack_string_macros()
+    .generate_stack_const_string_macros();
+-}
 
 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
 /*
@@ -193,44 +212,11 @@ DEFINE_OR_DECLARE_STACK_OF_CSTRING()
  * These should also be distinguished from "normal" stacks.
  */
 typedef void *OPENSSL_BLOCK;
-DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
+{-
+    generate_stack_block_macros();
+-}
 #endif
 
-/*
- * If called without higher optimization (min. -xO3) the Oracle Developer
- * Studio compiler generates code for the defined (static inline) functions
- * above.
- * This would later lead to the linker complaining about missing symbols when
- * this header file is included but the resulting object is not linked against
- * the Crypto library (openssl#6912).
- */
-# ifdef __SUNPRO_C
-#  pragma weak OPENSSL_sk_num
-#  pragma weak OPENSSL_sk_value
-#  pragma weak OPENSSL_sk_new
-#  pragma weak OPENSSL_sk_new_null
-#  pragma weak OPENSSL_sk_new_reserve
-#  pragma weak OPENSSL_sk_reserve
-#  pragma weak OPENSSL_sk_free
-#  pragma weak OPENSSL_sk_zero
-#  pragma weak OPENSSL_sk_delete
-#  pragma weak OPENSSL_sk_delete_ptr
-#  pragma weak OPENSSL_sk_push
-#  pragma weak OPENSSL_sk_unshift
-#  pragma weak OPENSSL_sk_pop
-#  pragma weak OPENSSL_sk_shift
-#  pragma weak OPENSSL_sk_pop_free
-#  pragma weak OPENSSL_sk_insert
-#  pragma weak OPENSSL_sk_set
-#  pragma weak OPENSSL_sk_find
-#  pragma weak OPENSSL_sk_find_ex
-#  pragma weak OPENSSL_sk_sort
-#  pragma weak OPENSSL_sk_is_sorted
-#  pragma weak OPENSSL_sk_dup
-#  pragma weak OPENSSL_sk_deep_copy
-#  pragma weak OPENSSL_sk_set_cmp_func
-# endif /* __SUNPRO_C */
-
 # ifdef  __cplusplus
 }
 # endif
diff --git a/include/openssl/srp.h b/include/openssl/srp.h.in
similarity index 95%
rename from include/openssl/srp.h
rename to include/openssl/srp.h.in
index 5c8f5368f8..7ea855d9a0 100644
--- a/include/openssl/srp.h
+++ b/include/openssl/srp.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
  *
@@ -11,6 +13,10 @@
  * for the EdelKey project.
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_SRP_H
 # define OPENSSL_SRP_H
 # pragma once
@@ -37,7 +43,10 @@ typedef struct SRP_gN_cache_st {
     char *b64_bn;
     BIGNUM *bn;
 } SRP_gN_cache;
-DEFINE_OR_DECLARE_STACK_OF(SRP_gN_cache)
+{-
+    generate_stack_macros("SRP_gN_cache");
+-}
+
 
 typedef struct SRP_user_pwd_st {
     /* Owned by us. */
@@ -50,7 +59,9 @@ typedef struct SRP_user_pwd_st {
     /* Owned by us. */
     char *info;
 } SRP_user_pwd;
-DEFINE_OR_DECLARE_STACK_OF(SRP_user_pwd)
+{-
+    generate_stack_macros("SRP_user_pwd");
+-}
 
 SRP_user_pwd *SRP_user_pwd_new(void);
 void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
@@ -76,7 +87,10 @@ typedef struct SRP_gN_st {
     const BIGNUM *g;
     const BIGNUM *N;
 } SRP_gN;
-DEFINE_OR_DECLARE_STACK_OF(SRP_gN)
+{-
+    generate_stack_macros("SRP_gN");
+-}
+
 
 SRP_VBASE *SRP_VBASE_new(char *seed_key);
 void SRP_VBASE_free(SRP_VBASE *vb);
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h.in
similarity index 99%
rename from include/openssl/ssl.h
rename to include/openssl/ssl.h.in
index 0b17f22193..264b7eddb7 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
@@ -9,6 +11,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros);
+-}
+
 #ifndef OPENSSL_SSL_H
 # define OPENSSL_SSL_H
 # pragma once
@@ -240,7 +246,9 @@ typedef struct srtp_protection_profile_st {
     const char *name;
     unsigned long id;
 } SRTP_PROTECTION_PROFILE;
-DEFINE_OR_DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
+{-
+    generate_stack_macros("SRTP_PROTECTION_PROFILE");
+-}
 
 
 typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
@@ -980,8 +988,10 @@ extern "C" {
  * These need to be after the above set of includes due to a compiler bug
  * in VisualStudio 2015
  */
-DEFINE_OR_DECLARE_STACK_OF(SSL_CIPHER)
-DEFINE_OR_DECLARE_STACK_OF(SSL_COMP)
+{-
+    generate_const_stack_macros("SSL_CIPHER")
+    .generate_stack_macros("SSL_COMP");
+-}
 
 /* compatibility */
 # define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)(arg)))
diff --git a/include/openssl/ui.h b/include/openssl/ui.h.in
similarity index 99%
rename from include/openssl/ui.h
rename to include/openssl/ui.h.in
index f68a4e90a8..eb9a580fa8 100644
--- a/include/openssl/ui.h
+++ b/include/openssl/ui.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_UI_H
 # define OPENSSL_UI_H
 # pragma once
@@ -285,7 +291,9 @@ const UI_METHOD *UI_null(void);
  */
 typedef struct ui_string_st UI_STRING;
 
-DEFINE_OR_DECLARE_STACK_OF(UI_STRING)
+{-
+    generate_stack_macros("UI_STRING");
+-}
 
 /*
  * The different types of strings that are currently supported. This is only
diff --git a/include/openssl/x509.h b/include/openssl/x509.h.in
similarity index 98%
rename from include/openssl/x509.h
rename to include/openssl/x509.h.in
index bbe2d62cf9..f86d4ee7d1 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
@@ -8,6 +10,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_X509_H
 # define OPENSSL_X509_H
 # pragma once
@@ -41,10 +47,12 @@ extern "C" {
 #endif
 
 /* Needed stacks for types defined in other headers */
-DEFINE_OR_DECLARE_STACK_OF(X509_NAME)
-DEFINE_OR_DECLARE_STACK_OF(X509)
-DEFINE_OR_DECLARE_STACK_OF(X509_REVOKED)
-DEFINE_OR_DECLARE_STACK_OF(X509_CRL)
+{-
+    generate_stack_macros("X509_NAME")
+    .generate_stack_macros("X509")
+    .generate_stack_macros("X509_REVOKED")
+    .generate_stack_macros("X509_CRL");
+-}
 
 /* Flags for X509_get_signature_info() */
 /* Signature info is valid */
@@ -82,16 +90,22 @@ typedef struct X509_val_st {
 typedef struct X509_sig_st X509_SIG;
 
 typedef struct X509_name_entry_st X509_NAME_ENTRY;
-DEFINE_OR_DECLARE_STACK_OF(X509_NAME_ENTRY)
 
+{-
+    generate_stack_macros("X509_NAME_ENTRY");
+-}
 
 # define X509_EX_V_NETSCAPE_HACK         0x8000
 # define X509_EX_V_INIT                  0x0001
 typedef struct X509_extension_st X509_EXTENSION;
-DEFINE_OR_DECLARE_STACK_OF(X509_EXTENSION)
+{-
+    generate_stack_macros("X509_EXTENSION");
+-}
 typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
 typedef struct x509_attributes_st X509_ATTRIBUTE;
-DEFINE_OR_DECLARE_STACK_OF(X509_ATTRIBUTE)
+{-
+    generate_stack_macros("X509_ATTRIBUTE");
+-}
 typedef struct X509_req_info_st X509_REQ_INFO;
 typedef struct X509_req_st X509_REQ;
 typedef struct x509_cert_aux_st X509_CERT_AUX;
@@ -107,7 +121,9 @@ typedef struct x509_trust_st {
     int arg1;
     void *arg2;
 } X509_TRUST;
-DEFINE_OR_DECLARE_STACK_OF(X509_TRUST)
+{-
+    generate_stack_macros("X509_TRUST");
+-}
 
 
 /* standard trust ids */
@@ -246,7 +262,9 @@ typedef struct X509_info_st {
     int enc_len;
     char *enc_data;
 } X509_INFO;
-DEFINE_OR_DECLARE_STACK_OF(X509_INFO)
+{-
+    generate_stack_macros("X509_INFO");
+-}
 
 /*
  * The next 2 structures and their 8 routines are used to manipulate Netscape's
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h.in
similarity index 99%
rename from include/openssl/x509_vfy.h
rename to include/openssl/x509_vfy.h.in
index d43a442fc7..8a565f71a3 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_X509_VFY_H
 # define OPENSSL_X509_VFY_H
 # pragma once
@@ -60,9 +66,11 @@ typedef enum {
 #define X509_LU_FAIL    0
 #endif
 
-DEFINE_OR_DECLARE_STACK_OF(X509_LOOKUP)
-DEFINE_OR_DECLARE_STACK_OF(X509_OBJECT)
-DEFINE_OR_DECLARE_STACK_OF(X509_VERIFY_PARAM)
+{-
+    generate_stack_macros("X509_LOOKUP")
+    .generate_stack_macros("X509_OBJECT")
+    .generate_stack_macros("X509_VERIFY_PARAM");
+-}
 
 int X509_STORE_set_depth(X509_STORE *store, int depth);
 
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h.in
similarity index 97%
rename from include/openssl/x509v3.h
rename to include/openssl/x509v3.h.in
index a3ef7ced3a..7234aa2c62 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h.in
@@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
  * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -7,6 +9,10 @@
  * https://www.openssl.org/source/license.html
  */
 
+{-
+use OpenSSL::stackhash qw(generate_stack_macros);
+-}
+
 #ifndef OPENSSL_X509V3_H
 # define OPENSSL_X509V3_H
 # pragma once
@@ -97,7 +103,9 @@ struct v3_ext_ctx {
 
 typedef struct v3_ext_method X509V3_EXT_METHOD;
 
-DEFINE_OR_DECLARE_STACK_OF(X509V3_EXT_METHOD)
+{-
+    generate_stack_macros("X509V3_EXT_METHOD");
+-}
 
 /* ext_flags values */
 # define X509V3_EXT_DYNAMIC      0x1
@@ -163,15 +171,19 @@ typedef struct ACCESS_DESCRIPTION_st {
     GENERAL_NAME *location;
 } ACCESS_DESCRIPTION;
 
-DEFINE_OR_DECLARE_STACK_OF(ACCESS_DESCRIPTION)
-DEFINE_OR_DECLARE_STACK_OF(GENERAL_NAME)
+{-
+    generate_stack_macros("ACCESS_DESCRIPTION")
+    .generate_stack_macros("GENERAL_NAME");
+-}
 
 typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
 typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
 
-DEFINE_OR_DECLARE_STACK_OF(GENERAL_NAMES)
+{-
+    generate_stack_macros("GENERAL_NAMES");
+-}
 
 typedef struct DIST_POINT_NAME_st {
     int type;
@@ -204,7 +216,9 @@ struct DIST_POINT_st {
     int dp_reasons;
 };
 
-DEFINE_OR_DECLARE_STACK_OF(DIST_POINT)
+{-
+    generate_stack_macros("DIST_POINT");
+-}
 
 typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
 
@@ -221,7 +235,10 @@ typedef struct SXNET_ID_st {
     ASN1_OCTET_STRING *user;
 } SXNETID;
 
-DEFINE_OR_DECLARE_STACK_OF(SXNETID)
+{-
+    generate_stack_macros("SXNETID");
+-}
+
 
 typedef struct SXNET_st {
     ASN1_INTEGER *version;
@@ -254,14 +271,19 @@ typedef struct POLICYQUALINFO_st {
     } d;
 } POLICYQUALINFO;
 
-DEFINE_OR_DECLARE_STACK_OF(POLICYQUALINFO)
+{-
+    generate_stack_macros("POLICYQUALINFO");
+-}
+
 
 typedef struct POLICYINFO_st {
     ASN1_OBJECT *policyid;
     STACK_OF(POLICYQUALINFO) *qualifiers;
 } POLICYINFO;
 
-DEFINE_OR_DECLARE_STACK_OF(POLICYINFO)
+{-
+    generate_stack_macros("POLICYINFO");
+-}
 
 typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
 
@@ -270,7 +292,9 @@ typedef struct POLICY_MAPPING_st {
     ASN1_OBJECT *subjectDomainPolicy;
 } POLICY_MAPPING;
 
-DEFINE_OR_DECLARE_STACK_OF(POLICY_MAPPING)
+{-
+    generate_stack_macros("POLICY_MAPPING");
+-}
 
 typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
 
@@ -280,7 +304,9 @@ typedef struct GENERAL_SUBTREE_st {
     ASN1_INTEGER *maximum;
 } GENERAL_SUBTREE;
 
-DEFINE_OR_DECLARE_STACK_OF(GENERAL_SUBTREE)
+{-
+    generate_stack_macros("GENERAL_SUBTREE");
+-}
 
 struct NAME_CONSTRAINTS_st {
     STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
@@ -423,7 +449,10 @@ typedef struct x509_purpose_st {
     void *usr_data;
 } X509_PURPOSE;
 
-DEFINE_OR_DECLARE_STACK_OF(X509_PURPOSE)
+{-
+    generate_stack_macros("X509_PURPOSE");
+-}
+
 
 # define X509_PURPOSE_SSL_CLIENT         1
 # define X509_PURPOSE_SSL_SERVER         2
@@ -735,7 +764,10 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
                              unsigned long chtype);
 
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-DEFINE_OR_DECLARE_STACK_OF(X509_POLICY_NODE)
+{-
+    generate_stack_macros("X509_POLICY_NODE");
+-}
+
 
 #ifndef OPENSSL_NO_RFC3779
 typedef struct ASRange_st {
@@ -753,7 +785,9 @@ typedef struct ASIdOrRange_st {
     } u;
 } ASIdOrRange;
 
-DEFINE_OR_DECLARE_STACK_OF(ASIdOrRange)
+{-
+    generate_stack_macros("ASIdOrRange");
+-}
 
 typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
 
@@ -792,7 +826,9 @@ typedef struct IPAddressOrRange_st {
     } u;
 } IPAddressOrRange;
 
-DEFINE_OR_DECLARE_STACK_OF(IPAddressOrRange)
+{-
+    generate_stack_macros("IPAddressOrRange");
+-}
 
 typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
 
@@ -812,7 +848,10 @@ typedef struct IPAddressFamily_st {
     IPAddressChoice *ipAddressChoice;
 } IPAddressFamily;
 
-DEFINE_OR_DECLARE_STACK_OF(IPAddressFamily)
+{-
+    generate_stack_macros("IPAddressFamily");
+-}
+
 
 typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
 
@@ -886,7 +925,9 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
 
 #endif                         /* OPENSSL_NO_RFC3779 */
 
-DEFINE_OR_DECLARE_STACK_OF(ASN1_STRING)
+{-
+    generate_stack_macros("ASN1_STRING");
+-}
 
 /*
  * Admission Syntax
@@ -899,8 +940,10 @@ DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
 DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
 DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
 DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
-DEFINE_OR_DECLARE_STACK_OF(PROFESSION_INFO)
-DEFINE_OR_DECLARE_STACK_OF(ADMISSIONS)
+{-
+    generate_stack_macros("PROFESSION_INFO")
+    .generate_stack_macros("ADMISSIONS");
+-}
 typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
 
 const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 70dbac600b..ee64fd9fe8 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -33,7 +33,6 @@
 #include "prov/providercommonerr.h"
 #include "file_store_local.h"
 
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OSSL_STORE_INFO)
 
 #ifdef _WIN32
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 66c1b54eeb..87fb4a243d 100644
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -19,8 +19,6 @@
 
 #ifndef OPENSSL_NO_SRTP
 
-DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
-
 static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
     {
      "SRTP_AES128_CM_SHA1_80",
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 8f5aaaf942..88bab0edc4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -20,10 +20,6 @@
 #include <openssl/x509v3.h>
 #include "internal/cryptlib.h"
 
-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index e6262bfaeb..ace164f673 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -25,9 +25,6 @@
 #include "ssl_cert_table.h"
 #include "internal/thread_once.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-
 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
                                          int op, int bits, int nid, void *other,
                                          void *ex);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 64d773acbd..b8d22a72ce 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -25,9 +25,6 @@
 #include "internal/thread_once.h"
 #include "internal/cryptlib.h"
 
-DEFINE_STACK_OF(SSL_COMP)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
 /* NB: make sure indices in these tables match values above */
 
 typedef struct {
@@ -1382,7 +1379,7 @@ static int update_cipher_list(STACK_OF(SSL_CIPHER) **cipher_list,
     while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0
            && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls
               == TLS1_3_VERSION)
-        sk_SSL_CIPHER_delete(tmp_cipher_list, 0);
+        (void)sk_SSL_CIPHER_delete(tmp_cipher_list, 0);
 
     /* Insert the new TLSv1.3 ciphersuites */
     for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 56590da207..acf9385785 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -14,8 +14,6 @@
 #include <openssl/dh.h>
 #include "internal/nelem.h"
 
-DEFINE_STACK_OF(X509_NAME)
-
 /*
  * structure holding name tables. This is used for permitted elements in lists
  * such as TLSv1.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a036ac29e9..64ecdccb8f 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -28,14 +28,6 @@
 #include "internal/refcount.h"
 #include "internal/ktls.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(OCSP_RESPID)
-DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
-DEFINE_STACK_OF(SCT)
-
 static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t,
                                     SSL_MAC_BUF *mac, size_t macsize)
 {
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 144dd2c374..3a28b60ba6 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -17,8 +17,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 
-DEFINE_STACK_OF(X509)
-
 static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
 
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 63624e9e80..83fc149cfd 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -19,8 +19,6 @@
 #include "ssl_local.h"
 #include "statem/statem_local.h"
 
-DEFINE_STACK_OF(X509)
-
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index c842e20fbf..ec38b2f6a0 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -14,8 +14,6 @@
 #include "statem_local.h"
 #include "internal/cryptlib.h"
 
-DEFINE_STACK_OF(X509_NAME)
-
 static int final_renegotiate(SSL *s, unsigned int context, int sent);
 static int init_server_name(SSL *s, unsigned int context);
 static int final_server_name(SSL *s, unsigned int context, int sent);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index abff069ec9..189e2c9e5e 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -12,10 +12,6 @@
 #include "internal/cryptlib.h"
 #include "statem_local.h"
 
-DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-DEFINE_STACK_OF(OCSP_RESPID)
-
 EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
                                           unsigned int context, X509 *x,
                                           size_t chainidx)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index b5cd34b646..46a8e44442 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -12,10 +12,6 @@
 #include "statem_local.h"
 #include "internal/cryptlib.h"
 
-DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
-DEFINE_STACK_OF(OCSP_RESPID)
-DEFINE_STACK_OF(X509_EXTENSION)
-
 #define COOKIE_STATE_FORMAT_VERSION     0
 
 /*
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 0780e5fc9a..a3e7b5ad0a 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -28,10 +28,6 @@
 #include <openssl/trace.h>
 #include <internal/cryptlib.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(SSL_COMP)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
 static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt);
 static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);
 
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index e0ff00d1b8..6d0efb3239 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -21,10 +21,6 @@
 #include <openssl/x509.h>
 #include <openssl/trace.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
 /*
  * Map error codes to TLS/SSL alart types.
  */
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index c46254c858..a1a28e905a 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -26,10 +26,6 @@
 #include <openssl/core_names.h>
 #include <openssl/asn1t.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(SSL_COMP)
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
 #define TICKET_NONCE_SIZE       8
 
 typedef struct {
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index bf955bf3ec..f2043aef7e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -28,10 +28,6 @@
 #include "ssl_local.h"
 #include <openssl/ct.h>
 
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-
 static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
 
diff --git a/test/cipherbytes_test.c b/test/cipherbytes_test.c
index cbbfff2a41..ed4eacbdf3 100644
--- a/test/cipherbytes_test.c
+++ b/test/cipherbytes_test.c
@@ -21,8 +21,6 @@
 #include "internal/nelem.h"
 #include "testutil.h"
 
-DEFINE_STACK_OF(SSL_CIPHER)
-
 static SSL_CTX *ctx;
 static SSL *s;
 
diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index 0f337b4054..380f0727fc 100644
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -21,8 +21,6 @@
 #include "internal/nelem.h"
 #include "testutil.h"
 
-DEFINE_STACK_OF_CONST(SSL_CIPHER)
-
 typedef struct cipherlist_test_fixture {
     const char *test_case_name;
     SSL_CTX *server;
diff --git a/test/ciphername_test.c b/test/ciphername_test.c
index c82a164827..c4ec6cadd7 100644
--- a/test/ciphername_test.c
+++ b/test/ciphername_test.c
@@ -22,8 +22,6 @@
 #include "internal/nelem.h"
 #include "testutil.h"
 
-DEFINE_STACK_OF(SSL_CIPHER)
-
 typedef struct cipher_id_name {
     int id;
     const char *name;
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 9043ee1196..169f63a822 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -15,9 +15,6 @@
 
 #ifndef NDEBUG /* tests need mock server, which is available only if !NDEBUG */
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 static const char *server_key_f;
 static const char *server_cert_f;
 static const char *client_key_f;
diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
index 8b797f2e98..72972fbaca 100644
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@@ -13,12 +13,6 @@
 
 #include <openssl/x509_vfy.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(POLICYINFO)
-
 typedef struct test_fixture {
     const char *test_case_name;
     OSSL_CMP_CTX *ctx;
diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c
index 4dcf998e26..75baefb7b9 100644
--- a/test/cmp_hdr_test.c
+++ b/test/cmp_hdr_test.c
@@ -11,9 +11,6 @@
 
 #include "cmp_testlib.h"
 
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-
 static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH];
 
 typedef struct test_fixture {
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index a593f37cfc..3a0db7ece3 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -11,8 +11,6 @@
 
 #include "cmp_testlib.h"
 
-DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
-
 static const char *newkey_f;
 static const char *server_cert_f;
 static const char *pkcs10_f;
diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c
index 7132ccc5cb..8f76a14222 100644
--- a/test/cmp_protect_test.c
+++ b/test/cmp_protect_test.c
@@ -11,8 +11,6 @@
 
 #include "cmp_testlib.h"
 
-DEFINE_STACK_OF(X509)
-
 static const char *ir_protected_f;
 static const char *ir_unprotected_f;
 static const char *ip_PBM_f;
diff --git a/test/cmp_status_test.c b/test/cmp_status_test.c
index bf6699a2b1..7358f1589f 100644
--- a/test/cmp_status_test.c
+++ b/test/cmp_status_test.c
@@ -11,8 +11,6 @@
 
 #include "cmp_testlib.h"
 
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-
 typedef struct test_fixture {
     const char *test_case_name;
     int pkistatus;
diff --git a/test/cmp_testlib.c b/test/cmp_testlib.c
index 754a6ba845..7a8570afeb 100644
--- a/test/cmp_testlib.c
+++ b/test/cmp_testlib.c
@@ -12,8 +12,6 @@
 #include "cmp_testlib.h"
 #include <openssl/rsa.h> /* needed in case config no-deprecated */
 
-DEFINE_STACK_OF(X509)
-
 EVP_PKEY *load_pem_key(const char *file, OPENSSL_CTX *libctx)
 {
     EVP_PKEY *key = NULL;
diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c
index 93d57dd8bb..0559ec47c3 100644
--- a/test/cmp_vfy_test.c
+++ b/test/cmp_vfy_test.c
@@ -11,7 +11,6 @@
 
 #include "cmp_testlib.h"
 #include "../crypto/crmf/crmf_local.h" /* for manipulating POPO signature */
-DEFINE_STACK_OF(OSSL_CRMF_MSG)
 
 static const char *server_f;
 static const char *client_f;
diff --git a/test/cmsapitest.c b/test/cmsapitest.c
index f90200e9ac..a69fcc949d 100644
--- a/test/cmsapitest.c
+++ b/test/cmsapitest.c
@@ -16,8 +16,6 @@
 
 #include "testutil.h"
 
-DEFINE_STACK_OF(X509)
-
 static X509 *cert = NULL;
 static EVP_PKEY *privkey = NULL;
 
diff --git a/test/confdump.c b/test/confdump.c
index 3750d2cc8c..ba760f04a8 100644
--- a/test/confdump.c
+++ b/test/confdump.c
@@ -14,9 +14,6 @@
 #include <openssl/safestack.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF_CSTRING()
-
 static STACK_OF(OPENSSL_CSTRING) *section_names = NULL;
 
 static void collect_section_name(CONF_VALUE *v)
diff --git a/test/crltest.c b/test/crltest.c
index ff2fadaa6b..5d255d368a 100644
--- a/test/crltest.c
+++ b/test/crltest.c
@@ -17,9 +17,6 @@
 
 #include "testutil.h"
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-
 #define PARAM_TIME 1474934400 /* Sep 27th, 2016 */
 
 static const char *kCRLTestRoot[] = {
diff --git a/test/ct_test.c b/test/ct_test.c
index 2e161a74d2..d1799fa7a2 100644
--- a/test/ct_test.c
+++ b/test/ct_test.c
@@ -22,8 +22,6 @@
 
 #ifndef OPENSSL_NO_CT
 
-DEFINE_STACK_OF(SCT)
-
 /* Used when declaring buffers to read text files into */
 # define CT_TEST_MAX_FILE_SIZE 8096
 
diff --git a/test/danetest.c b/test/danetest.c
index 96b9579f3c..b0d6ffe563 100644
--- a/test/danetest.c
+++ b/test/danetest.c
@@ -26,8 +26,6 @@
 
 #include "internal/nelem.h"
 
-DEFINE_STACK_OF(X509)
-
 #define _UC(c) ((unsigned char)(c))
 
 static const char *basedomain;
diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c
index b0730077b7..588ca32c79 100644
--- a/test/dtls_mtu_test.c
+++ b/test/dtls_mtu_test.c
@@ -20,8 +20,6 @@
 /* for SSL_READ_ETM() */
 #include "../ssl/ssl_local.h"
 
-DEFINE_STACK_OF(SSL_CIPHER)
-
 static int debug = 0;
 
 static unsigned int clnt_psk_callback(SSL *ssl, const char *hint,
diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
index 3b20dad74b..823cdec8e0 100644
--- a/test/evp_libctx_test.c
+++ b/test/evp_libctx_test.c
@@ -31,8 +31,6 @@
 #include "crypto/bn_dh.h"   /* _bignum_ffdhe2048_p */
 #include "../e_os.h"        /* strcasecmp */
 
-DEFINE_STACK_OF_CSTRING()
-
 static OPENSSL_CTX *libctx = NULL;
 static OSSL_PROVIDER *nullprov = NULL;
 static OSSL_PROVIDER *libprov = NULL;
diff --git a/test/evp_test.c b/test/evp_test.c
index 52e1dd2e51..0b58d1f97e 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -27,8 +27,6 @@
 #include "testutil.h"
 #include "evp_test.h"
 
-DEFINE_STACK_OF_STRING()
-
 #define AAD_NUM 4
 
 typedef struct evp_test_method_st EVP_TEST_METHOD;
diff --git a/test/handshake_helper.c b/test/handshake_helper.c
index bc6762d475..5253f0d602 100644
--- a/test/handshake_helper.c
+++ b/test/handshake_helper.c
@@ -26,8 +26,6 @@
 #include <netinet/sctp.h>
 #endif
 
-DEFINE_STACK_OF(X509_NAME)
-
 HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
 {
     HANDSHAKE_RESULT *ret;
diff --git a/test/http_test.c b/test/http_test.c
index f073dcd7ff..437fca97dc 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -15,8 +15,6 @@
 
 #include "testutil.h"
 
-DEFINE_STACK_OF(CONF_VALUE)
-
 static const ASN1_ITEM *x509_it = NULL;
 static X509 *x509 = NULL;
 #define SERVER "mock.server"
diff --git a/test/ocspapitest.c b/test/ocspapitest.c
index 4ea6c636d4..9e8c306259 100644
--- a/test/ocspapitest.c
+++ b/test/ocspapitest.c
@@ -18,8 +18,6 @@
 
 #include "testutil.h"
 
-DEFINE_STACK_OF(X509)
-
 static const char *certstr;
 static const char *privkeystr;
 
diff --git a/test/pkcs12_helper.c b/test/pkcs12_helper.c
index 22bebe8e2b..dd64a2a716 100644
--- a/test/pkcs12_helper.c
+++ b/test/pkcs12_helper.c
@@ -21,11 +21,6 @@
 #include "testutil.h"
 #include "pkcs12_helper.h"
 
-
-DEFINE_STACK_OF(PKCS7)
-DEFINE_STACK_OF(PKCS12_SAFEBAG)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
-
 /* Set this to > 0 write test data to file */
 int write_files = 0;
 
diff --git a/test/ssl_test.c b/test/ssl_test.c
index 18e92c7f77..1fbe938309 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -19,8 +19,6 @@
 #include "ssl_test_ctx.h"
 #include "testutil.h"
 
-DEFINE_STACK_OF(X509_NAME)
-
 static CONF *conf = NULL;
 static OSSL_PROVIDER *defctxnull = NULL, *thisprov = NULL;
 static OPENSSL_CTX *libctx = NULL;
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 726ee37583..f440601799 100644
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -20,9 +20,6 @@
 # define strcasecmp _stricmp
 #endif
 
-DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509_NAME)
-
 static const int default_app_data_size = 256;
 /* Default set to be as small as possible to exercise fragmentation. */
 static const int default_max_fragment_size = 512;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 240cadde90..75d3c6fbfc 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -47,9 +47,6 @@ int tls_provider_init(const OSSL_CORE_HANDLE *handle,
                       const OSSL_DISPATCH *in,
                       const OSSL_DISPATCH **out,
                       void **provctx);
-DEFINE_STACK_OF(OCSP_RESPID)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
 
 static OPENSSL_CTX *libctx = NULL;
 static OSSL_PROVIDER *defctxnull = NULL;
@@ -5942,8 +5939,6 @@ static int test_pha_key_update(void)
 
 static SRP_VBASE *vbase = NULL;
 
-DEFINE_STACK_OF(SRP_user_pwd)
-
 static int ssl_srp_cb(SSL *s, int *ad, void *arg)
 {
     int ret = SSL3_AL_FATAL;
diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c
index 641ecf331d..ca9e8bfd73 100644
--- a/test/sslcorrupttest.c
+++ b/test/sslcorrupttest.c
@@ -11,8 +11,6 @@
 #include "ssltestlib.h"
 #include "testutil.h"
 
-DEFINE_STACK_OF(SSL_CIPHER)
-
 static int docorrupt = 0;
 
 static void copy_flags(BIO *bio)
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 4f340fc2e0..d1733912bc 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -81,9 +81,6 @@
 # include <unistd.h>
 #endif
 
-DEFINE_STACK_OF(SSL_COMP)
-DEFINE_STACK_OF_STRING()
-
 static SSL_CTX *s_ctx = NULL;
 static SSL_CTX *s_ctx2 = NULL;
 
diff --git a/test/stack_test.c b/test/stack_test.c
index 1f4cb1cafa..3aa0b08a43 100644
--- a/test/stack_test.c
+++ b/test/stack_test.c
@@ -131,7 +131,7 @@ static int test_int_stack(int reserve)
     /* sorting */
     if (!TEST_false(sk_sint_is_sorted(s)))
         goto end;
-    sk_sint_set_cmp_func(s, &int_compare);
+    (void)sk_sint_set_cmp_func(s, &int_compare);
     sk_sint_sort(s);
     if (!TEST_true(sk_sint_is_sorted(s)))
         goto end;
@@ -237,7 +237,7 @@ static int test_uchar_stack(int reserve)
         goto end;
 
     /* set */
-    sk_uchar_set(r, 1, v + 1);
+    (void)sk_uchar_set(r, 1, v + 1);
     for (i = 0; i < 2; i++)
         if (!TEST_ptr_eq(sk_uchar_value(r, i), v + i)) {
             TEST_info("uchar set %d", i);
diff --git a/test/v3nametest.c b/test/v3nametest.c
index a5fa482215..9b81988ddd 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -19,8 +19,6 @@
 # define strcasecmp _stricmp
 #endif
 
-DEFINE_STACK_OF(GENERAL_NAME)
-
 static const char *const names[] = {
     "a", "b", ".", "*", "@",
     ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",
diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c
index 99a6361142..668b62d408 100644
--- a/test/verify_extra_test.c
+++ b/test/verify_extra_test.c
@@ -16,8 +16,6 @@
 #include <openssl/err.h>
 #include "testutil.h"
 
-DEFINE_STACK_OF(X509)
-
 static const char *root_f;
 static const char *roots_f;
 static const char *untrusted_f;
diff --git a/util/find-doc-nits b/util/find-doc-nits
index 031076f05d..006edbd184 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -98,6 +98,8 @@ my $ignored = qr/(?| ^i2d_
                  |   \Q_fnsig(3)\E$
                  |   ^IMPLEMENT_
                  |   ^_?DECLARE_
+                 |   ^sk_
+                 |   ^SKM_DEFINE_STACK_OF_INTERNAL
                  )/x;
 
 # Collect all POD files, both internal and public, and regardless of location
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 44332d423e..16ca06ef83 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -263,7 +263,9 @@ while ( ( my $hdr, my $lib ) = each %libinc ) {
     my $linenr = 0;
     my $cpp = 0;
 
-    open(IN, "<$hdr") || die "Can't open $hdr, $!,";
+    open(IN, "<$hdr")
+        || open(IN, "<$hdr.in")
+        || die "Can't open $hdr or $hdr.in, $!,";
     while ( <IN> ) {
         $linenr++;
 
@@ -435,7 +437,6 @@ foreach my $lib ( keys %errorfile ) {
     # Rewrite the header file
 
     my $hfile = $hinc{$lib};
-    $hfile =~ s/.h$/err.h/ if $internal;
     open( OUT, ">$hfile" ) || die "Can't write to $hfile, $!,";
     print OUT <<"EOF";
 /*
diff --git a/util/mknum.pl b/util/mknum.pl
index 871c07055b..4ee87c29a8 100644
--- a/util/mknum.pl
+++ b/util/mknum.pl
@@ -54,7 +54,7 @@ $ordinals->invalidate();
 
 foreach my $f (($symhacks_file // (), @ARGV)) {
     print STDERR $f," ","-" x (69 - length($f)),"\n" if $verbose;
-    open IN, $f || die "Couldn't open $f: $!\n";
+    open IN, $f or die "Couldn't open $f: $!\n";
     foreach (parse(<IN>, { filename => $f,
                            warnings => $warnings,
                            verbose => $verbose,
diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm
index dd1da99f58..c5be9b8c2a 100644
--- a/util/perl/OpenSSL/ParseC.pm
+++ b/util/perl/OpenSSL/ParseC.pm
@@ -357,6 +357,21 @@ static ossl_inline STACK_OF($1) *sk_$1_deep_copy(const STACK_OF($1) *sk,
                                                  sk_$1_freefunc freefunc);
 static ossl_inline sk_$1_compfunc sk_$1_set_cmp_func(STACK_OF($1) *sk,
                                                      sk_$1_compfunc compare);
+EOF
+      }
+    },
+    { regexp   => qr/SKM_DEFINE_STACK_OF_INTERNAL<<<\((.*),\s*(.*),\s*(.*)\)>>>/,
+      massager => sub {
+          return (<<"EOF");
+STACK_OF($1);
+typedef int (*sk_$1_compfunc)(const $3 * const *a, const $3 *const *b);
+typedef void (*sk_$1_freefunc)($3 *a);
+typedef $3 * (*sk_$1_copyfunc)(const $3 *a);
+static ossl_unused ossl_inline $2 *ossl_check_$1_type($2 *ptr);
+static ossl_unused ossl_inline const OPENSSL_STACK *ossl_check_const_$1_sk_type(const STACK_OF($1) *sk);
+static ossl_unused ossl_inline OPENSSL_sk_compfunc ossl_check_$1_compfunc_type(sk_$1_compfunc cmp);
+static ossl_unused ossl_inline OPENSSL_sk_copyfunc ossl_check_$1_copyfunc_type(sk_$1_copyfunc cpy);
+static ossl_unused ossl_inline OPENSSL_sk_freefunc ossl_check_$1_freefunc_type(sk_$1_freefunc fr);
 EOF
       }
     },
@@ -372,28 +387,6 @@ EOF
     { regexp   => qr/DEFINE_STACK_OF_CONST<<<\((.*)\)>>>/,
       massager => sub { return ("SKM_DEFINE_STACK_OF($1,const $1,$1)"); },
     },
-    { regexp   => qr/DEFINE_STACK_OF_STRING<<<\((.*?)\)>>>/,
-      massager => sub {
-          return ("DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)");
-      }
-    },
-    { regexp   => qr/DEFINE_STACK_OF_CSTRING<<<\((.*?)\)>>>/,
-      massager => sub {
-          return ("DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)");
-      }
-    },
-    # DEFINE_OR_DECLARE macro calls must be interpretted as DEFINE macro
-    # calls, because that's what they look like to the external apps.
-    # (if that ever changes, we must change the substitutions to STACK_OF)
-    { regexp   => qr/DEFINE_OR_DECLARE_STACK_OF<<<\((.*?)\)>>>/,
-      massager => sub { return ("DEFINE_STACK_OF($1)"); }
-    },
-    { regexp   => qr/DEFINE_OR_DECLARE_STACK_OF_STRING<<<\(\)>>>/,
-      massager => sub { return ("DEFINE_STACK_OF_STRING()"); },
-    },
-    { regexp   => qr/DEFINE_OR_DECLARE_STACK_OF_CSTRING<<<\(\)>>>/,
-      massager => sub { return ("DEFINE_STACK_OF_CSTRING()"); },
-    },
 
     #####
     # ASN1 stuff
diff --git a/util/perl/OpenSSL/stackhash.pm b/util/perl/OpenSSL/stackhash.pm
new file mode 100644
index 0000000000..fd7a8cbd06
--- /dev/null
+++ b/util/perl/OpenSSL/stackhash.pm
@@ -0,0 +1,80 @@
+#! /usr/bin/env perl
+# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::stackhash;
+
+use strict;
+use warnings;
+
+require Exporter;
+our @ISA = qw(Exporter);
+our @EXPORT_OK = qw(generate_stack_macros generate_const_stack_macros
+                    generate_stack_string_macros
+                    generate_stack_const_string_macros
+                    generate_stack_block_macros);
+
+sub generate_stack_macros_int {
+    my $nametype = shift;
+    my $realtype = shift;
+    my $plaintype = shift;
+
+    my $macros = <<END_MACROS;
+SKM_DEFINE_STACK_OF_INTERNAL(${nametype}, ${realtype}, ${plaintype})
+#define sk_${nametype}_num(sk) OPENSSL_sk_num(ossl_check_const_${nametype}_sk_type(sk))
+#define sk_${nametype}_value(sk, idx) ((${realtype} *)OPENSSL_sk_value(ossl_check_const_${nametype}_sk_type(sk), (idx)))
+#define sk_${nametype}_new(cmp) ((STACK_OF(${nametype}) *)OPENSSL_sk_new(ossl_check_${nametype}_compfunc_type(cmp)))
+#define sk_${nametype}_new_null() ((STACK_OF(${nametype}) *)OPENSSL_sk_new_null())
+#define sk_${nametype}_new_reserve(cmp, n) ((STACK_OF(${nametype}) *)OPENSSL_sk_new_reserve(ossl_check_${nametype}_compfunc_type(cmp), (n)))
+#define sk_${nametype}_reserve(sk, n) OPENSSL_sk_reserve(ossl_check_${nametype}_sk_type(sk), (n))
+#define sk_${nametype}_free(sk) OPENSSL_sk_free(ossl_check_${nametype}_sk_type(sk))
+#define sk_${nametype}_zero(sk) OPENSSL_sk_zero(ossl_check_${nametype}_sk_type(sk))
+#define sk_${nametype}_delete(sk, i) ((${realtype} *)OPENSSL_sk_delete(ossl_check_${nametype}_sk_type(sk), (i)))
+#define sk_${nametype}_delete_ptr(sk, ptr) ((${realtype} *)OPENSSL_sk_delete_ptr(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr)))
+#define sk_${nametype}_push(sk, ptr) OPENSSL_sk_push(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))
+#define sk_${nametype}_unshift(sk, ptr) OPENSSL_sk_unshift(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))
+#define sk_${nametype}_pop(sk) ((${realtype} *)OPENSSL_sk_pop(ossl_check_${nametype}_sk_type(sk)))
+#define sk_${nametype}_shift(sk) ((${realtype} *)OPENSSL_sk_shift(ossl_check_${nametype}_sk_type(sk)))
+#define sk_${nametype}_pop_free(sk, freefunc) OPENSSL_sk_pop_free(ossl_check_${nametype}_sk_type(sk),ossl_check_${nametype}_freefunc_type(freefunc))
+#define sk_${nametype}_insert(sk, ptr, idx) OPENSSL_sk_insert(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr), (idx))
+#define sk_${nametype}_set(sk, idx, ptr) ((${realtype} *)OPENSSL_sk_set(ossl_check_${nametype}_sk_type(sk), (idx), ossl_check_${nametype}_type(ptr)))
+#define sk_${nametype}_find(sk, ptr) OPENSSL_sk_find(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))
+#define sk_${nametype}_find_ex(sk, ptr) OPENSSL_sk_find_ex(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_type(ptr))
+#define sk_${nametype}_sort(sk) OPENSSL_sk_sort(ossl_check_${nametype}_sk_type(sk))
+#define sk_${nametype}_is_sorted(sk) OPENSSL_sk_is_sorted(ossl_check_const_${nametype}_sk_type(sk))
+#define sk_${nametype}_dup(sk) ((STACK_OF(${nametype}) *)OPENSSL_sk_dup(ossl_check_const_${nametype}_sk_type(sk)))
+#define sk_${nametype}_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(${nametype}) *)OPENSSL_sk_deep_copy(ossl_check_const_${nametype}_sk_type(sk), ossl_check_${nametype}_copyfunc_type(copyfunc), ossl_check_${nametype}_freefunc_type(freefunc)))
+#define sk_${nametype}_set_cmp_func(sk, cmp) ((sk_${nametype}_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_${nametype}_sk_type(sk), ossl_check_${nametype}_compfunc_type(cmp)))
+END_MACROS
+
+    return $macros;
+}
+
+sub generate_stack_macros {
+    my $type = shift;
+
+    return generate_stack_macros_int($type, $type, $type);
+}
+
+sub generate_const_stack_macros {
+    my $type = shift;
+
+    return generate_stack_macros_int($type, "const $type", $type);
+}
+
+sub generate_stack_string_macros {
+    return generate_stack_macros_int("OPENSSL_STRING", "char", "char");
+}
+
+sub generate_stack_const_string_macros {
+    return generate_stack_macros_int("OPENSSL_CSTRING", "const char", "char");
+}
+
+sub generate_stack_block_macros {
+    return generate_stack_macros_int("OPENSSL_BLOCK", "void", "void");
+}
+1;


More information about the openssl-commits mailing list