Fix safestack issues in x509.h

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
3 years ago · e6623cfbff
parent 6ac1cd10ba
commit e6623cfbff
106 changed files with 30 additions and 193 deletions
--- a/.gitignore
+++ b/.gitignore
@ -26,6 +26,7 @@
 /include/openssl/opensslv.h
 /include/openssl/fipskey.h
 /include/openssl/ssl.h
+/include/openssl/x509.h

 # Auto generated doc files
 doc/man1/openssl-*.pod
--- a/apps/ca.c
+++ b/apps/ca.c
@ -34,8 +34,6 @@
 #include "apps.h"
 #include "progs.h"

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(CONF_VALUE)
 DEFINE_STACK_OF_STRING()

--- a/apps/cmp.c
+++ b/apps/cmp.c
@ -42,8 +42,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)

 static char *opt_config = NULL;
--- a/apps/cmp_mock_srv.c
+++ b/apps/cmp_mock_srv.c
@ -15,7 +15,6 @@
 #include <openssl/err.h>
 #include <openssl/cmperr.h>

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)
 DEFINE_STACK_OF(ASN1_UTF8STRING)
 
--- a/apps/cms.c
+++ b/apps/cms.c
@ -23,7 +23,6 @@
 # include <openssl/x509v3.h>
 # include <openssl/cms.h>

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(CMS_SignerInfo)
 DEFINE_STACK_OF(GENERAL_NAME)
 DEFINE_STACK_OF(GENERAL_NAMES)
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@ -19,9 +19,6 @@
 #include <openssl/pem.h>
 #include <openssl/objects.h>

-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_INFO)
 DEFINE_STACK_OF_STRING()

 static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@ -63,10 +63,6 @@ static int WIN32_rename(const char *from, const char *to);

 DEFINE_STACK_OF(CONF)
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509_INFO)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(X509_POLICY_NODE)
 DEFINE_STACK_OF(GENERAL_NAME)
 DEFINE_STACK_OF(DIST_POINT)
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@ -26,9 +26,6 @@

 #define COOKIE_SECRET_LENGTH    16

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509_NAME)
 DEFINE_STACK_OF_STRING()

 VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
--- a/apps/nseq.c
+++ b/apps/nseq.c
@ -14,8 +14,6 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>

-DEFINE_STACK_OF(X509)
-
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_TOSEQ, OPT_IN, OPT_OUT,
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@ -35,7 +35,6 @@

 DEFINE_STACK_OF(OCSP_CERTID)
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF_STRING()

 #if defined(__TANDEM)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -20,10 +20,8 @@
 #include <openssl/pkcs12.h>
 #include <openssl/provider.h>

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(PKCS7)
 DEFINE_STACK_OF(PKCS12_SAFEBAG)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
 DEFINE_STACK_OF_STRING()

 #define NOKEYS          0x1
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@ -20,9 +20,6 @@
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-
 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
--- a/apps/rehash.c
+++ b/apps/rehash.c
@ -42,7 +42,6 @@
 # include <openssl/pem.h>
 # include <openssl/x509.h>

-DEFINE_STACK_OF(X509_INFO)
 DEFINE_STACK_OF_STRING()

 # ifndef PATH_MAX
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -59,9 +59,6 @@ typedef unsigned int u_int;
 # endif
 #endif

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509_NAME)
 DEFINE_STACK_OF(SCT)
 DEFINE_STACK_OF_STRING()

--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -60,9 +60,6 @@ typedef unsigned int u_int;
 #endif
 #include "internal/sockets.h"

-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF_STRING()

 static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
--- a/apps/smime.c
+++ b/apps/smime.c
@ -19,7 +19,6 @@
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF_STRING()

 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
--- a/apps/verify.c
+++ b/apps/verify.c
@ -18,8 +18,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
 DEFINE_STACK_OF_STRING()

 static int cb(int ok, X509_STORE_CTX *ctx);
--- a/apps/x509.c
+++ b/apps/x509.c
@ -29,7 +29,6 @@
 #endif

 DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF_STRING()

 #undef POSTFIX
--- a/build.info
+++ b/build.info
@ -16,6 +16,7 @@ DEPEND[libssl]=libcrypto
 DEPEND[]=include/openssl/configuration.h include/openssl/opensslv.h \
         include/openssl/fipskey.h \
         include/openssl/ssl.h \
+         include/openssl/x509.h \
         include/crypto/bn_conf.h include/crypto/dso_conf.h \
         doc/man7/openssl_user_macros.pod

@ -23,6 +24,7 @@ GENERATE[include/openssl/configuration.h]=include/openssl/configuration.h.in
 GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in
 GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in
 GENERATE[include/openssl/ssl.h]=include/openssl/ssl.h.in
+GENERATE[include/openssl/x509.h]=include/openssl/x509.h.in
 GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in
 GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in
 GENERATE[doc/man7/openssl_user_macros.pod]=doc/man7/openssl_user_macros.pod.in
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@ -22,8 +22,6 @@
 #include "openssl/cmp_util.h"

 DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
 DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
 DEFINE_STACK_OF(OSSL_CMP_PKISI)
 DEFINE_STACK_OF(OSSL_CRMF_CERTID)
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@ -21,8 +21,6 @@
 #include <openssl/crmf.h>
 #include <openssl/err.h>

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(POLICYINFO)
 DEFINE_STACK_OF(ASN1_UTF8STRING)
 DEFINE_STACK_OF(GENERAL_NAME)
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@ -24,8 +24,6 @@
 DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)
 DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(OSSL_CMP_PKISI)
 DEFINE_STACK_OF(OSSL_CRMF_MSG)
 DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE)
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@ -18,8 +18,6 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>

-DEFINE_STACK_OF(X509)
-
 /*
 * This function is also used by the internal verify_PBMAC() in cmp_vfy.c.
 *
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@ -20,7 +20,6 @@
 #include <openssl/err.h>

 DEFINE_STACK_OF(OSSL_CRMF_MSG)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)
 DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS)

--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@ -16,7 +16,6 @@
 #include <openssl/err.h> /* should be implied by cmperr.h */
 #include <openssl/x509v3.h>

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(X509_OBJECT)
 DEFINE_STACK_OF(ASN1_UTF8STRING)

--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@ -22,8 +22,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"

-DEFINE_STACK_OF(X509)
-
 /* Verify a message protected by signature according to RFC section 5.1.3.3 */
 static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
                            const OSSL_CMP_MSG *msg, X509 *cert)
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@ -21,7 +21,6 @@

 DEFINE_STACK_OF(CMS_RecipientInfo)
 DEFINE_STACK_OF(CMS_RevocationInfoChoice)
-DEFINE_STACK_OF(X509_ATTRIBUTE)

 /* CMS EnvelopedData Utilities */
 static void cms_env_set_version(CMS_EnvelopedData *env);
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@ -24,7 +24,6 @@ DEFINE_STACK_OF(GENERAL_NAMES)
 DEFINE_STACK_OF(CMS_SignerInfo)
 DEFINE_STACK_OF(ESS_CERT_ID)
 DEFINE_STACK_OF(ESS_CERT_ID_V2)
-DEFINE_STACK_OF(X509)

 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)

--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@ -22,8 +22,6 @@ static STACK_OF(CMS_CertificateChoices)
 **cms_get0_certificate_choices(CMS_ContentInfo *cms);

 DEFINE_STACK_OF(CMS_RevocationInfoChoice)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)

 IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)

--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@ -24,9 +24,7 @@

 DEFINE_STACK_OF(CMS_RevocationInfoChoice)
 DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(X509_ALGOR)
-DEFINE_STACK_OF(X509_ATTRIBUTE)

 /* CMS SignedData Utilities */

--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@ -17,8 +17,6 @@
 #include "crypto/asn1.h"

 DEFINE_STACK_OF(CMS_SignerInfo)
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
 DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
 DEFINE_STACK_OF(CMS_RecipientInfo)

--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@ -36,7 +36,6 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>

-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(OSSL_CRMF_MSG)

 /*-
--- a/crypto/ess/ess_lib.c
+++ b/crypto/ess/ess_lib.c
@ -17,7 +17,6 @@
 DEFINE_STACK_OF(ESS_CERT_ID)
 DEFINE_STACK_OF(ESS_CERT_ID_V2)
 DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(X509)

 static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
 static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg,
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@ -38,7 +38,6 @@
 #include "internal/evp.h"
 #include "internal/provider.h"
 #include "evp_local.h"
-DEFINE_STACK_OF(X509_ATTRIBUTE)

 #include "crypto/ec.h"

--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@ -18,7 +18,6 @@
 #include <openssl/ocsp.h>
 #include "ocsp_local.h"

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OCSP_ONEREQ)
 DEFINE_STACK_OF(OCSP_SINGLERESP)

--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@ -15,7 +15,6 @@
 #include <openssl/pem.h>

 DEFINE_STACK_OF(OCSP_ONEREQ)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OCSP_SINGLERESP)

 static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@ -17,7 +17,6 @@
 #include "ocsp_local.h"

 DEFINE_STACK_OF(OCSP_ONEREQ)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OCSP_SINGLERESP)

 /*
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@ -13,7 +13,6 @@
 #include <string.h>

 DEFINE_STACK_OF(OCSP_ONEREQ)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OCSP_SINGLERESP)

 static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@ -23,8 +23,6 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>

-DEFINE_STACK_OF(X509_INFO)
-
 #ifndef OPENSSL_NO_STDIO
 STACK_OF(X509_INFO)
 *PEM_X509_INFO_read_with_libctx(FILE *fp, STACK_OF(X509_INFO) *sk,
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@ -12,7 +12,6 @@
 #include <openssl/pkcs12.h>
 #include "p12_local.h"

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(PKCS7)
 DEFINE_STACK_OF(PKCS12_SAFEBAG)

--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@ -12,7 +12,6 @@
 #include <openssl/pkcs12.h>
 #include "crypto/x509.h" /* for X509_add_cert_new() */

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(PKCS7)
 DEFINE_STACK_OF(PKCS12_SAFEBAG)

--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@ -17,7 +17,6 @@
 #include "pk7_local.h"

 DEFINE_STACK_OF(X509_ALGOR)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
 DEFINE_STACK_OF(PKCS7_RECIP_INFO)
 DEFINE_STACK_OF(PKCS7_SIGNER_INFO)

--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@ -16,8 +16,6 @@
 #include "crypto/x509.h" /* for sk_X509_add1_cert() */
 #include "pk7_local.h"

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_CRL)
 DEFINE_STACK_OF(X509_ALGOR)
 DEFINE_STACK_OF(PKCS7_RECIP_INFO)
 DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@ -17,8 +17,6 @@

 #define BUFFERSIZE 4096

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_ATTRIBUTE)
 DEFINE_STACK_OF(X509_ALGOR)
 DEFINE_STACK_OF(PKCS7_SIGNER_INFO)

--- a/crypto/store/store_result.c
+++ b/crypto/store/store_result.c
@ -59,8 +59,6 @@
 * reference.
 */

-DEFINE_STACK_OF(X509)
-
 struct extracted_param_data_st {
    int object_type;
    const char *data_type;
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@ -18,8 +18,6 @@
 #include <openssl/engine.h>
 #include <openssl/ts.h>

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_INFO)
 DEFINE_STACK_OF(CONF_VALUE)

 /* Macro definitions for the configuration file. */
--- a/crypto/ts/ts_req_utils.c
+++ b/crypto/ts/ts_req_utils.c
@ -14,8 +14,6 @@
 #include <openssl/ts.h>
 #include "ts_local.h"

-DEFINE_STACK_OF(X509_EXTENSION)
-
 int TS_REQ_set_version(TS_REQ *a, long version)
 {
    return ASN1_INTEGER_set(a->version, version);
--- a/crypto/ts/ts_rsp_sign.c
+++ b/crypto/ts/ts_rsp_sign.c
@ -17,8 +17,6 @@
 #include "ts_local.h"
 #include "crypto/ess.h"

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(ASN1_UTF8STRING)
 DEFINE_STACK_OF(ASN1_OBJECT)
 DEFINE_STACK_OF_CONST(EVP_MD)
--- a/crypto/ts/ts_rsp_utils.c
+++ b/crypto/ts/ts_rsp_utils.c
@ -14,8 +14,6 @@
 #include <openssl/pkcs7.h>
 #include "ts_local.h"

-DEFINE_STACK_OF(X509_EXTENSION)
-
 int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
 {
    TS_STATUS_INFO *new_status_info;
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@ -16,7 +16,6 @@
 #include "crypto/ess.h"

 DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(ESS_CERT_ID)
 DEFINE_STACK_OF(ESS_CERT_ID_V2)
 DEFINE_STACK_OF(ASN1_UTF8STRING)
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@ -12,8 +12,6 @@
 #include <openssl/ts.h>
 #include "ts_local.h"

-DEFINE_STACK_OF(X509)
-
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 {
    TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@ -17,8 +17,6 @@
 #include <openssl/pem.h>
 #include "x509_local.h"

-DEFINE_STACK_OF(X509_INFO)
-
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                        long argl, char **ret);
 static int by_file_ctrl_with_libctx(X509_LOOKUP *ctx, int cmd,
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@ -15,7 +15,6 @@
 #include "pcy_local.h"

 DEFINE_STACK_OF(ASN1_OBJECT)
-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(X509_POLICY_NODE)

 static void expected_print(BIO *channel,
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@ -15,8 +15,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>

-DEFINE_STACK_OF(X509_REVOKED)
-
 #ifndef OPENSSL_NO_STDIO
 int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 {
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@ -17,8 +17,6 @@
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>

-DEFINE_STACK_OF(X509_EXTENSION)
-
 #ifndef OPENSSL_NO_STDIO
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
 {
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@ -17,7 +17,6 @@
 #include "crypto/asn1.h"
 #include "crypto/x509.h"

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(ASN1_OBJECT)

 #ifndef OPENSSL_NO_STDIO
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@ -29,7 +29,6 @@
 DEFINE_STACK_OF(IPAddressOrRange)
 DEFINE_STACK_OF(IPAddressFamily)
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)

 /*
 * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
--- a/crypto/x509/v3_asid.c
+++ b/crypto/x509/v3_asid.c
@ -58,7 +58,6 @@ IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)

 DEFINE_STACK_OF(ASIdOrRange)
 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509)

 /*
 * i2r method for an ASIdentifierChoice.
--- a/crypto/x509/v3_conf.c
+++ b/crypto/x509/v3_conf.c
@ -18,7 +18,6 @@
 #include <openssl/x509v3.h>

 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509_EXTENSION)

 static int v3_check_critical(const char **value);
 static int v3_check_generic(const char **value);
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.c
@ -21,7 +21,6 @@
 DEFINE_STACK_OF(CONF_VALUE)
 DEFINE_STACK_OF(GENERAL_NAME)
 DEFINE_STACK_OF(DIST_POINT)
-DEFINE_STACK_OF(X509_NAME_ENTRY)

 static void *v2i_crld(const X509V3_EXT_METHOD *method,
                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
--- a/crypto/x509/v3_lib.c
+++ b/crypto/x509/v3_lib.c
@ -17,7 +17,6 @@
 #include "ext_dat.h"

 DEFINE_STACK_OF(X509V3_EXT_METHOD)
-DEFINE_STACK_OF(X509_EXTENSION)

 static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;

--- a/crypto/x509/v3_prn.c
+++ b/crypto/x509/v3_prn.c
@ -15,7 +15,6 @@
 #include <openssl/x509v3.h>

 DEFINE_STACK_OF(CONF_VALUE)
-DEFINE_STACK_OF(X509_EXTENSION)

 /* Extension printing routines */

--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@ -24,7 +24,6 @@
 DEFINE_STACK_OF(CONF_VALUE)
 DEFINE_STACK_OF(GENERAL_NAME)
 DEFINE_STACK_OF(ACCESS_DESCRIPTION)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF_STRING()

 static char *strip_spaces(char *name);
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@ -17,7 +17,6 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"

-DEFINE_STACK_OF(X509_ATTRIBUTE)
 DEFINE_STACK_OF(ASN1_TYPE)

 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@ -16,8 +16,6 @@
 #include <openssl/core_names.h>
 #include "crypto/x509.h"

-DEFINE_STACK_OF(X509)
-
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
    int i;
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@ -17,8 +17,6 @@

 DEFINE_STACK_OF(X509_LOOKUP)
 DEFINE_STACK_OF(X509_OBJECT)
-DEFINE_STACK_OF(X509_CRL)
-DEFINE_STACK_OF(X509)

 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 {
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@ -15,8 +15,6 @@
 #include "crypto/x509.h"
 #include "crypto/ctype.h"

-DEFINE_STACK_OF(X509_NAME_ENTRY)
-
 /*
 * Limit to ensure we don't overflow: much greater than
 * anything encountered in practice.
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@ -17,8 +17,6 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>

-DEFINE_STACK_OF(X509_ATTRIBUTE)
-
 X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 {
    X509 *ret = NULL;
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@ -12,7 +12,6 @@
 #include <openssl/x509v3.h>
 #include "crypto/x509.h"

-DEFINE_STACK_OF(X509_TRUST)
 DEFINE_STACK_OF(ASN1_OBJECT)

 static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@ -17,8 +17,6 @@
 #include <openssl/x509v3.h>
 #include "x509_local.h"

-DEFINE_STACK_OF(X509_EXTENSION)
-
 int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
 {
    if (x == NULL)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -25,11 +25,7 @@
 #include "crypto/x509.h"
 #include "x509_local.h"

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(X509_REVOKED)
 DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(X509_CRL)
 DEFINE_STACK_OF(DIST_POINT)
 DEFINE_STACK_OF_STRING()

--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@ -16,8 +16,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"

-DEFINE_STACK_OF(X509_REVOKED)
-
 int X509_CRL_set_version(X509_CRL *x, long version)
 {
    if (x == NULL)
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@ -16,8 +16,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"

-DEFINE_STACK_OF(X509_NAME_ENTRY)
-
 int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
                              char *buf, int len)
 {
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@ -17,8 +17,6 @@

 DEFINE_STACK_OF(GENERAL_NAME)
 DEFINE_STACK_OF(GENERAL_NAMES)
-DEFINE_STACK_OF(X509_REVOKED)
-DEFINE_STACK_OF(X509_EXTENSION)

 static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
                            const X509_REVOKED *const *b);
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@ -16,7 +16,6 @@
 #include "crypto/asn1.h"
 #include "x509_local.h"

-DEFINE_STACK_OF(X509_NAME_ENTRY)
 DEFINE_STACK_OF(ASN1_VALUE)

 /*
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@ -13,8 +13,6 @@
 #include <openssl/x509.h>
 #include "crypto/x509.h"

-DEFINE_STACK_OF(X509_ATTRIBUTE)
-
 /*-
 * X509_REQ_INFO is handled in an unusual way to get round
 * invalid encodings. Some broken certificate requests don't
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@ -34,9 +34,6 @@
 #  include <openssl/rsa.h>
 #  include <openssl/dsa.h>

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-
 /*
 * This module uses several "new" interfaces, among which is
 * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
--- a/engines/e_loader_attic.c
+++ b/engines/e_loader_attic.c
@ -37,7 +37,6 @@

 #include "e_loader_attic_err.c"

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OSSL_STORE_INFO)

 #ifdef _WIN32
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@ -1,4 +1,6 @@
 /*
+ * {- join("\n * ", @autowarntext) -}
+ *
 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 *
@ -8,6 +10,10 @@
 * https://www.openssl.org/source/license.html
 */

+{-
+use OpenSSL::stackhash qw(generate_stack_macros generate_const_stack_macros);
+-}
+
 #ifndef OPENSSL_X509_H
 # define OPENSSL_X509_H
 # pragma once
@ -41,10 +47,12 @@ extern "C" {
 #endif

 /* Needed stacks for types defined in other headers */
-DEFINE_OR_DECLARE_STACK_OF(X509_NAME)
-DEFINE_OR_DECLARE_STACK_OF(X509)
-DEFINE_OR_DECLARE_STACK_OF(X509_REVOKED)
-DEFINE_OR_DECLARE_STACK_OF(X509_CRL)
+{-
+    generate_stack_macros("X509_NAME")
+    .generate_stack_macros("X509")
+    .generate_stack_macros("X509_REVOKED")
+    .generate_stack_macros("X509_CRL");
+-}

 /* Flags for X509_get_signature_info() */
 /* Signature info is valid */
@ -82,16 +90,22 @@ typedef struct X509_val_st {
 typedef struct X509_sig_st X509_SIG;

 typedef struct X509_name_entry_st X509_NAME_ENTRY;
-DEFINE_OR_DECLARE_STACK_OF(X509_NAME_ENTRY)

+{-
+    generate_stack_macros("X509_NAME_ENTRY");
+-}

 # define X509_EX_V_NETSCAPE_HACK         0x8000
 # define X509_EX_V_INIT                  0x0001
 typedef struct X509_extension_st X509_EXTENSION;
-DEFINE_OR_DECLARE_STACK_OF(X509_EXTENSION)
+{-
+    generate_stack_macros("X509_EXTENSION");
+-}
 typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
 typedef struct x509_attributes_st X509_ATTRIBUTE;
-DEFINE_OR_DECLARE_STACK_OF(X509_ATTRIBUTE)
+{-
+    generate_stack_macros("X509_ATTRIBUTE");
+-}
 typedef struct X509_req_info_st X509_REQ_INFO;
 typedef struct X509_req_st X509_REQ;
 typedef struct x509_cert_aux_st X509_CERT_AUX;
@ -107,7 +121,9 @@ typedef struct x509_trust_st {
    int arg1;
    void *arg2;
 } X509_TRUST;
-DEFINE_OR_DECLARE_STACK_OF(X509_TRUST)
+{-
+    generate_stack_macros("X509_TRUST");
+-}


 /* standard trust ids */
@ -246,7 +262,9 @@ typedef struct X509_info_st {
    int enc_len;
    char *enc_data;
 } X509_INFO;
-DEFINE_OR_DECLARE_STACK_OF(X509_INFO)
+{-
+    generate_stack_macros("X509_INFO");
+-}

 /*
 * The next 2 structures and their 8 routines are used to manipulate Netscape's
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@ -33,7 +33,6 @@
 #include "prov/providercommonerr.h"
 #include "file_store_local.h"

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OSSL_STORE_INFO)

 #ifdef _WIN32
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -20,9 +20,6 @@
 #include <openssl/x509v3.h>
 #include "internal/cryptlib.h"

-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF(X509)
-
 #define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
 #define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
 #define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@ -25,9 +25,6 @@
 #include "ssl_cert_table.h"
 #include "internal/thread_once.h"

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-
 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
                                         int op, int bits, int nid, void *other,
                                         void *ex);
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@ -14,8 +14,6 @@
 #include <openssl/dh.h>
 #include "internal/nelem.h"

-DEFINE_STACK_OF(X509_NAME)
-
 /*
 * structure holding name tables. This is used for permitted elements in lists
 * such as TLSv1.
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -28,9 +28,6 @@
 #include "internal/refcount.h"
 #include "internal/ktls.h"

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(OCSP_RESPID)
 DEFINE_STACK_OF(SCT)

--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@ -17,8 +17,6 @@
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>

-DEFINE_STACK_OF(X509)
-
 static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);

--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -19,8 +19,6 @@
 #include "ssl_local.h"
 #include "statem/statem_local.h"

-DEFINE_STACK_OF(X509)
-
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@ -14,8 +14,6 @@
 #include "statem_local.h"
 #include "internal/cryptlib.h"

-DEFINE_STACK_OF(X509_NAME)
-
 static int final_renegotiate(SSL *s, unsigned int context, int sent);
 static int init_server_name(SSL *s, unsigned int context);
 static int final_server_name(SSL *s, unsigned int context, int sent);
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@ -13,7 +13,6 @@
 #include "internal/cryptlib.h"

 DEFINE_STACK_OF(OCSP_RESPID)
-DEFINE_STACK_OF(X509_EXTENSION)

 #define COOKIE_STATE_FORMAT_VERSION     0

--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@ -28,8 +28,6 @@
 #include <openssl/trace.h>
 #include <internal/cryptlib.h>

-DEFINE_STACK_OF(X509)
-
 static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt);
 static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);

--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@ -21,9 +21,6 @@
 #include <openssl/x509.h>
 #include <openssl/trace.h>

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-
 /*
 * Map error codes to TLS/SSL alart types.
 */
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@ -26,8 +26,6 @@
 #include <openssl/core_names.h>
 #include <openssl/asn1t.h>

-DEFINE_STACK_OF(X509)
-
 #define TICKET_NONCE_SIZE       8

 typedef struct {
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -28,9 +28,6 @@
 #include "ssl_local.h"
 #include <openssl/ct.h>

-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_NAME)
-
 static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);

--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@ -15,7 +15,6 @@

 #ifndef NDEBUG /* tests need mock server, which is available only if !NDEBUG */

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)

 static const char *server_key_f;
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@ -13,9 +13,7 @@

 #include <openssl/x509_vfy.h>

-DEFINE_STACK_OF(X509)
 DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(X509_EXTENSION)
 DEFINE_STACK_OF(OSSL_CMP_ITAV)
 DEFINE_STACK_OF(POLICYINFO)

--- a/test/cmp_protect_test.c
+++ b/test/cmp_protect_test.c
@ -11,8 +11,6 @@

 #include "cmp_testlib.h"

-DEFINE_STACK_OF(X509)
-
 static const char *ir_protected_f;
 static const char *ir_unprotected_f;
 static const char *ip_PBM_f;
--- a/test/cmp_testlib.c
+++ b/test/cmp_testlib.c
@ -12,8 +12,6 @@
 #include "cmp_testlib.h"
 #include <openssl/rsa.h> /* needed in case config no-deprecated */