From 5ce278a77bd7d23bcf965cfa37afb7b937c1a17d Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Wed, 4 Jun 2008 11:01:43 +0000
Subject: More type-checking.

---
 CHANGES                   |   8 +
 Makefile.org              |   2 +-
 apps/Makefile             |  41 ++--
 apps/asn1pars.c           |  16 +-
 apps/ca.c                 |  23 ++-
 apps/cms.c                |  66 +++---
 apps/crl2p7.c             |  12 +-
 apps/dgst.c               |  22 +-
 apps/engine.c             |  42 ++--
 apps/ocsp.c               |  24 ++-
 apps/pkcs12.c             |  12 +-
 apps/req.c                |  12 +-
 apps/s_server.c           |   6 +-
 apps/smime.c              |  36 ++--
 apps/x509.c               |   7 +-
 crypto/asn1/a_set.c       |  42 ++--
 crypto/asn1/ameth_lib.c   |  18 +-
 crypto/asn1/asn1.h        |  18 +-
 crypto/asn1/asn_pack.c    |   8 +-
 crypto/asn1/tasn_dec.c    |  10 +-
 crypto/asn1/tasn_prn.c    |   7 +-
 crypto/asn1/x_name.c      |  71 ++++---
 crypto/conf/conf_api.c    |  36 ++--
 crypto/cryptlib.c         |  11 +-
 crypto/crypto.h           |   3 +-
 crypto/dh/Makefile        |  20 +-
 crypto/dsa/Makefile       |  11 +-
 crypto/dso/dso.h          |   2 +-
 crypto/dso/dso_dlfcn.c    |  16 +-
 crypto/dso/dso_lib.c      |   4 +-
 crypto/ecdh/Makefile      |  32 ++-
 crypto/ecdsa/Makefile     |  48 +++--
 crypto/engine/Makefile    | 404 +++++++++++++++++++++++-------------
 crypto/engine/eng_dyn.c   |  14 +-
 crypto/engine/engine.h    |   3 +-
 crypto/evp/Makefile       |  68 ++++---
 crypto/evp/evp_pbe.c      |  34 ++--
 crypto/evp/pmeth_lib.c    |  15 +-
 crypto/ex_data.c          |  16 +-
 crypto/lhash/lhash.h      |  17 --
 crypto/objects/obj_xref.c |  36 ++--
 crypto/pem/pem.h          |   7 +-
 crypto/rand/Makefile      |  17 +-
 crypto/rsa/Makefile       |  13 +-
 crypto/stack/safestack.h  | 508 ++++++++++++++++++++++++++++++++++++++--------
 crypto/stack/stack.c      |  69 +++----
 crypto/stack/stack.h      |  50 ++---
 crypto/store/store.h      |   3 +-
 crypto/store/str_lib.c    |  10 +-
 crypto/store/str_mem.c    |  56 ++---
 crypto/txt_db/txt_db.c    |  37 ++--
 crypto/txt_db/txt_db.h    |   5 +-
 crypto/x509v3/v3_utl.c    |  41 ++--
 crypto/x509v3/x509v3.h    |   8 +-
 engines/Makefile          | 115 ++++++++---
 ssl/Makefile              |  93 ++++-----
 test/Makefile             |  53 +++--
 util/mkstack.pl           |  24 ++-
 58 files changed, 1518 insertions(+), 884 deletions(-)

diff --git a/CHANGES b/CHANGES
index 78272fac5b..e27817c12d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 0.9.8g and 0.9.9  [xx XXX xxxx]
 
+  *) Removed effectively defunct crypto/store from the build.
+     [Ben Laurie]
+
+  *) Revamp of STACK to provide stronger type-checking. Still to come:
+     TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
+     ASN1_STRING, CONF_VALUE.
+     [Ben Laurie]
+
   *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
      RAM on SSL connections.  This option can save about 34k per idle SSL.
      [Nick Mathewson]
diff --git a/Makefile.org b/Makefile.org
index e5317ca4d8..d3dc117eec 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -119,7 +119,7 @@ SDIRS=  \
 	bn ec rsa dsa ecdsa dh ecdh dso engine \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-	store cms pqueue ts 
+	cms pqueue ts 
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 
diff --git a/apps/Makefile b/apps/Makefile
index 1ef5c14f88..1718538c26 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -362,10 +362,10 @@ dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c
+dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+dsaparam.o: dsaparam.c
 ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -470,10 +470,10 @@ gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-gendh.o: ../include/openssl/x509v3.h apps.h gendh.c
+gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+gendh.o: gendh.c
 gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -522,10 +522,10 @@ genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c
+genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+genrsa.o: genrsa.c
 nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -741,10 +741,9 @@ req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
 req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
 req.o: ../include/openssl/sha.h ../include/openssl/stack.h
-req.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-req.o: ../include/openssl/x509v3.h apps.h req.c
+req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+req.o: ../include/openssl/ui.h ../include/openssl/x509.h
+req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
 rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -839,11 +838,11 @@ s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
 s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_server.o: ../include/openssl/stack.h ../include/openssl/store.h
-s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
+s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+s_server.o: s_apps.h s_server.c timeouts.h
 s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index b1a7c8e5db..a6a484507c 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -96,7 +96,7 @@ int MAIN(int argc, char **argv)
 	unsigned char *tmpbuf;
 	const unsigned char *ctmpbuf;
 	BUF_MEM *buf=NULL;
-	STACK *osk=NULL;
+	STACK_OF(STRING) *osk=NULL;
 	ASN1_TYPE *at=NULL;
 
 	informat=FORMAT_PEM;
@@ -113,7 +113,7 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-	if ((osk=sk_new_null()) == NULL)
+	if ((osk=sk_STRING_new_null()) == NULL)
 		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto end;
@@ -169,7 +169,7 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-strparse") == 0)
 			{
 			if (--argc < 1) goto bad;
-			sk_push(osk,*(++argv));
+			sk_STRING_push(osk,*(++argv));
 			}
 		else if (strcmp(*argv,"-genstr") == 0)
 			{
@@ -302,18 +302,18 @@ bad:
 
 	/* If any structs to parse go through in sequence */
 
-	if (sk_num(osk))
+	if (sk_STRING_num(osk))
 		{
 		tmpbuf=(unsigned char *)str;
 		tmplen=num;
-		for (i=0; i<sk_num(osk); i++)
+		for (i=0; i<sk_STRING_num(osk); i++)
 			{
 			ASN1_TYPE *atmp;
 			int typ;
-			j=atoi(sk_value(osk,i));
+			j=atoi(sk_STRING_value(osk,i));
 			if (j == 0)
 				{
-				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
+				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_STRING_value(osk,i));
 				continue;
 				}
 			tmpbuf+=j;
@@ -378,7 +378,7 @@ end:
 		ERR_print_errors(bio_err);
 	if (buf != NULL) BUF_MEM_free(buf);
 	if (at != NULL) ASN1_TYPE_free(at);
-	if (osk != NULL) sk_free(osk);
+	if (osk != NULL) sk_STRING_free(osk);
 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
diff --git a/apps/ca.c b/apps/ca.c
index 7bc3e28575..0967b34a21 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -306,7 +306,8 @@ int MAIN(int argc, char **argv)
 	ASN1_TIME *tmptm;
 	ASN1_INTEGER *tmpser;
 	char *f;
-	const char *p, **pp;
+	const char *p;
+	char * const *pp;
 	int i,j;
 	const EVP_MD *dgst=NULL;
 	STACK_OF(CONF_VALUE) *attribs=NULL;
@@ -555,8 +556,10 @@ bad:
 
 	if (badops)
 		{
-		for (pp=ca_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
+		const char **pp2;
+
+		for (pp2=ca_usage; (*pp2 != NULL); pp2++)
+			BIO_printf(bio_err,"%s",*pp2);
 		goto err;
 		}
 
@@ -876,9 +879,9 @@ bad:
 	if (db == NULL) goto err;
 
 	/* Lets check some fields */
-	for (i=0; i<sk_num(db->db->data); i++)
+	for (i=0; i<sk_PSTRING_num(db->db->data); i++)
 		{
-		pp=(const char **)sk_value(db->db->data,i);
+		pp=sk_PSTRING_value(db->db->data,i);
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
@@ -931,7 +934,7 @@ bad:
 #endif
 		TXT_DB_write(out,db->db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
-			db->db->data->num);
+			   sk_PSTRING_num(db->db->data));
 		BIO_printf(bio_err,"generating index\n");
 		}
 	
@@ -1401,9 +1404,9 @@ bad:
 
 		ASN1_TIME_free(tmptm);
 
-		for (i=0; i<sk_num(db->db->data); i++)
+		for (i=0; i<sk_PSTRING_num(db->db->data); i++)
 			{
-			pp=(const char **)sk_value(db->db->data,i);
+			pp=sk_PSTRING_value(db->db->data,i);
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
@@ -2630,9 +2633,9 @@ static int do_updatedb (CA_DB *db)
 	else
 		a_y2k = 0;
 
-	for (i = 0; i < sk_num(db->db->data); i++)
+	for (i = 0; i < sk_PSTRING_num(db->db->data); i++)
 		{
-		rrow = (char **) sk_value(db->db->data, i);
+		rrow = sk_PSTRING_value(db->db->data, i);
 
 		if (rrow[DB_type][0] == 'V')
 		 	{
diff --git a/apps/cms.c b/apps/cms.c
index 42bdb69eb2..868de4e918 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -71,8 +71,9 @@
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int cms_cb(int ok, X509_STORE_CTX *ctx);
 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
-static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
-								STACK *rr_from);
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to,
+						int rr_allorfirst,
+						STACK_OF(STRING) *rr_from);
 
 #define SMIME_OP	0x10
 #define SMIME_IP	0x20
@@ -105,7 +106,7 @@ int MAIN(int argc, char **argv)
 	const char *inmode = "r", *outmode = "w";
 	char *infile = NULL, *outfile = NULL, *rctfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
-	STACK *sksigners = NULL, *skkeys = NULL;
+	STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
 	char *certsoutfile = NULL;
 	const EVP_CIPHER *cipher = NULL;
@@ -118,7 +119,7 @@ int MAIN(int argc, char **argv)
 	int badarg = 0;
 	int flags = CMS_DETACHED, noout = 0, print = 0;
 	int rr_print = 0, rr_allorfirst = -1;
-	STACK *rr_to = NULL, *rr_from = NULL;
+	STACK_OF(STRING) *rr_to = NULL, *rr_from = NULL;
 	CMS_ReceiptRequest *rr = NULL;
 	char *to = NULL, *from = NULL, *subject = NULL;
 	char *CAfile = NULL, *CApath = NULL;
@@ -275,8 +276,8 @@ int MAIN(int argc, char **argv)
 				goto argerr;
 			args++;
 			if (!rr_from)
-				rr_from = sk_new_null();
-			sk_push(rr_from, *args);
+				rr_from = sk_STRING_new_null();
+			sk_STRING_push(rr_from, *args);
 			}
 		else if (!strcmp(*args,"-receipt_request_to"))
 			{
@@ -284,8 +285,8 @@ int MAIN(int argc, char **argv)
 				goto argerr;
 			args++;
 			if (!rr_to)
-				rr_to = sk_new_null();
-			sk_push(rr_to, *args);
+				rr_to = sk_STRING_new_null();
+			sk_STRING_push(rr_to, *args);
 			}
 		else if (!strcmp (*args, "-print"))
 				{
@@ -381,13 +382,13 @@ int MAIN(int argc, char **argv)
 			if (signerfile)
 				{
 				if (!sksigners)
-					sksigners = sk_new_null();
-				sk_push(sksigners, signerfile);
+					sksigners = sk_STRING_new_null();
+				sk_STRING_push(sksigners, signerfile);
 				if (!keyfile)
 					keyfile = signerfile;
 				if (!skkeys)
-					skkeys = sk_new_null();
-				sk_push(skkeys, keyfile);
+					skkeys = sk_STRING_new_null();
+				sk_STRING_push(skkeys, keyfile);
 				keyfile = NULL;
 				}
 			signerfile = *++args;
@@ -429,12 +430,12 @@ int MAIN(int argc, char **argv)
 					goto argerr;
 					}
 				if (!sksigners)
-					sksigners = sk_new_null();
-				sk_push(sksigners, signerfile);
+					sksigners = sk_STRING_new_null();
+				sk_STRING_push(sksigners, signerfile);
 				signerfile = NULL;
 				if (!skkeys)
-					skkeys = sk_new_null();
-				sk_push(skkeys, keyfile);
+					skkeys = sk_STRING_new_null();
+				sk_STRING_push(skkeys, keyfile);
 				}
 			keyfile = *++args;
 			}
@@ -533,13 +534,13 @@ int MAIN(int argc, char **argv)
 		if (signerfile)
 			{
 			if (!sksigners)
-				sksigners = sk_new_null();
-			sk_push(sksigners, signerfile);
+				sksigners = sk_STRING_new_null();
+			sk_STRING_push(sksigners, signerfile);
 			if (!skkeys)
-				skkeys = sk_new_null();
+				skkeys = sk_STRING_new_null();
 			if (!keyfile)
 				keyfile = signerfile;
-			sk_push(skkeys, keyfile);
+			sk_STRING_push(skkeys, keyfile);
 			}
 		if (!sksigners)
 			{
@@ -974,11 +975,11 @@ int MAIN(int argc, char **argv)
 			}
 		else
 			flags |= CMS_REUSE_DIGEST;
-		for (i = 0; i < sk_num(sksigners); i++)
+		for (i = 0; i < sk_STRING_num(sksigners); i++)
 			{
 			CMS_SignerInfo *si;
-			signerfile = sk_value(sksigners, i);
-			keyfile = sk_value(skkeys, i);
+			signerfile = sk_STRING_value(sksigners, i);
+			keyfile = sk_STRING_value(skkeys, i);
 			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
 					e, "signer certificate");
 			if (!signer)
@@ -1152,9 +1153,9 @@ end:
 	if (vpm)
 		X509_VERIFY_PARAM_free(vpm);
 	if (sksigners)
-		sk_free(sksigners);
+		sk_STRING_free(sksigners);
 	if (skkeys)
-		sk_free(skkeys);
+		sk_STRING_free(skkeys);
 	if (secret_key)
 		OPENSSL_free(secret_key);
 	if (secret_keyid)
@@ -1164,9 +1165,9 @@ end:
 	if (rr)
 		CMS_ReceiptRequest_free(rr);
 	if (rr_to)
-		sk_free(rr_to);
+		sk_STRING_free(rr_to);
 	if (rr_from)
-		sk_free(rr_from);
+		sk_STRING_free(rr_from);
 	X509_STORE_free(store);
 	X509_free(cert);
 	X509_free(recip);
@@ -1286,7 +1287,7 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
 		}
 	}
 
-static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(STRING) *ns)
 	{
 	int i;
 	STACK_OF(GENERAL_NAMES) *ret;
@@ -1295,9 +1296,9 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
 	ret = sk_GENERAL_NAMES_new_null();
 	if (!ret)
 		goto err;
-	for (i = 0; i < sk_num(ns); i++)
+	for (i = 0; i < sk_STRING_num(ns); i++)
 		{
-		char *str = sk_value(ns, i);
+		char *str = sk_STRING_value(ns, i);
 		gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
 		if (!gen)
 			goto err;
@@ -1325,8 +1326,9 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
 	}
 
 
-static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
-								STACK *rr_from)
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(STRING) *rr_to,
+						int rr_allorfirst,
+						STACK_OF(STRING) *rr_from)
 	{
 	STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
 	CMS_ReceiptRequest *rr;
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 15138acb47..194971d5d9 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -92,7 +92,7 @@ int MAIN(int argc, char **argv)
 	PKCS7 *p7 = NULL;
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
-	STACK *certflst=NULL;
+	STACK_OF(STRING) *certflst=NULL;
 	STACK_OF(X509_CRL) *crl_stack=NULL;
 	STACK_OF(X509) *cert_stack=NULL;
 	int ret=1,nocrl=0;
@@ -140,8 +140,8 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			if(!certflst) certflst = sk_new_null();
-			sk_push(certflst,*(++argv));
+			if(!certflst) certflst = sk_STRING_new_null();
+			sk_STRING_push(certflst,*(++argv));
 			}
 		else
 			{
@@ -226,8 +226,8 @@ bad:
 	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
 	p7s->cert=cert_stack;
 
-	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
-		certfile = sk_value(certflst, i);
+	if(certflst) for(i = 0; i < sk_STRING_num(certflst); i++) {
+		certfile = sk_STRING_value(certflst, i);
 		if (add_certs_from_file(cert_stack,certfile) < 0)
 			{
 			BIO_printf(bio_err, "error loading certificates\n");
@@ -236,7 +236,7 @@ bad:
 			}
 	}
 
-	sk_free(certflst);
+	sk_STRING_free(certflst);
 
 	if (outfile == NULL)
 		{
diff --git a/apps/dgst.c b/apps/dgst.c
index b22b008c76..96e72c6657 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -107,7 +107,7 @@ int MAIN(int argc, char **argv)
 #endif
 	char *hmac_key=NULL;
 	char *mac_name=NULL;
-	STACK *sigopts = NULL, *macopts = NULL;
+	STACK_OF(STRING) *sigopts = NULL, *macopts = NULL;
 
 	apps_startup();
 
@@ -210,8 +210,8 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1)
 				break;
 			if (!sigopts)
-				sigopts = sk_new_null();
-			if (!sigopts || !sk_push(sigopts, *(++argv)))
+				sigopts = sk_STRING_new_null();
+			if (!sigopts || !sk_STRING_push(sigopts, *(++argv)))
 				break;
 			}
 		else if (strcmp(*argv,"-macopt") == 0)
@@ -219,8 +219,8 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1)
 				break;
 			if (!macopts)
-				macopts = sk_new_null();
-			if (!macopts || !sk_push(macopts, *(++argv)))
+				macopts = sk_STRING_new_null();
+			if (!macopts || !sk_STRING_push(macopts, *(++argv)))
 				break;
 			}
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@@ -372,9 +372,9 @@ int MAIN(int argc, char **argv)
 		if (macopts)
 			{
 			char *macopt;
-			for (i = 0; i < sk_num(macopts); i++)
+			for (i = 0; i < sk_STRING_num(macopts); i++)
 				{
-				macopt = sk_value(macopts, i);
+				macopt = sk_STRING_value(macopts, i);
 				if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
 					{
 					BIO_printf(bio_err,
@@ -431,9 +431,9 @@ int MAIN(int argc, char **argv)
 		if (sigopts)
 			{
 			char *sigopt;
-			for (i = 0; i < sk_num(sigopts); i++)
+			for (i = 0; i < sk_STRING_num(sigopts); i++)
 				{
-				sigopt = sk_value(sigopts, i);
+				sigopt = sk_STRING_value(sigopts, i);
 				if (pkey_ctrl_string(pctx, sigopt) <= 0)
 					{
 					BIO_printf(bio_err,
@@ -538,9 +538,9 @@ end:
 	BIO_free_all(out);
 	EVP_PKEY_free(sigkey);
 	if (sigopts)
-		sk_free(sigopts);
+		sk_STRING_free(sigopts);
 	if (macopts)
-		sk_free(macopts);
+		sk_STRING_free(macopts);
 	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
 	apps_shutdown();
diff --git a/apps/engine.c b/apps/engine.c
index a93ea4de3c..b51244acc8 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -92,7 +92,7 @@ static const char *engine_usage[]={
 NULL
 };
 
-static void identity(void *ptr)
+static void identity(char *ptr)
 	{
 	return;
 	}
@@ -200,7 +200,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
 	char *desc = NULL;
 	int flags;
 	int xpos = 0;
-	STACK *cmds = NULL;
+	STACK_OF(STRING) *cmds = NULL;
 	if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
 			((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
 					0, NULL, NULL)) <= 0))
@@ -211,7 +211,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
 		return 1;
 		}
 
-	cmds = sk_new_null();
+	cmds = sk_STRING_new_null();
 
 	if(!cmds)
 		goto err;
@@ -284,15 +284,17 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent
 		BIO_printf(bio_out, "\n");
 	ret = 1;
 err:
-	if(cmds) sk_pop_free(cmds, identity);
+	if(cmds) sk_STRING_pop_free(cmds, identity);
 	if(name) OPENSSL_free(name);
 	if(desc) OPENSSL_free(desc);
 	return ret;
 	}
 
-static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
+static void util_do_cmds(ENGINE *e, STACK_OF(STRING) *cmds, BIO *bio_out,
+			 const char *indent)
 	{
-	int loop, res, num = sk_num(cmds);
+	int loop, res, num = sk_STRING_num(cmds);
+
 	if(num < 0)
 		{
 		BIO_printf(bio_out, "[Error]: internal stack error\n");
@@ -302,7 +304,7 @@ static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *inden
 		{
 		char buf[256];
 		const char *cmd, *arg;
-		cmd = sk_value(cmds, loop);
+		cmd = sk_STRING_value(cmds, loop);
 		res = 1; /* assume success */
 		/* Check if this command has no ":arg" */
 		if((arg = strstr(cmd, ":")) == NULL)
@@ -342,9 +344,9 @@ int MAIN(int argc, char **argv)
 	const char **pp;
 	int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
 	ENGINE *e;
-	STACK *engines = sk_new_null();
-	STACK *pre_cmds = sk_new_null();
-	STACK *post_cmds = sk_new_null();
+	STACK_OF(STRING) *engines = sk_STRING_new_null();
+	STACK_OF(STRING) *pre_cmds = sk_STRING_new_null();
+	STACK_OF(STRING) *post_cmds = sk_STRING_new_null();
 	int badops=1;
 	BIO *bio_out=NULL;
 	const char *indent = "     ";
@@ -391,20 +393,20 @@ int MAIN(int argc, char **argv)
 			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
-			sk_push(pre_cmds,*argv);
+			sk_STRING_push(pre_cmds,*argv);
 			}
 		else if (strcmp(*argv,"-post") == 0)
 			{
 			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
-			sk_push(post_cmds,*argv);
+			sk_STRING_push(post_cmds,*argv);
 			}
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 				(strcmp(*argv,"-?") == 0))
 			goto skip_arg_loop;
 		else
-			sk_push(engines,*argv);
+			sk_STRING_push(engines,*argv);
 		argc--;
 		argv++;
 		}
@@ -419,17 +421,17 @@ skip_arg_loop:
 		goto end;
 		}
 
-	if (sk_num(engines) == 0)
+	if (sk_STRING_num(engines) == 0)
 		{
 		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
 			{
-			sk_push(engines,(char *)ENGINE_get_id(e));
+			sk_STRING_push(engines,(char *)ENGINE_get_id(e));
 			}
 		}
 
-	for (i=0; i<sk_num(engines); i++)
+	for (i=0; i<sk_STRING_num(engines); i++)
 		{
-		const char *id = sk_value(engines,i);
+		const char *id = sk_STRING_value(engines,i);
 		if ((e = ENGINE_by_id(id)) != NULL)
 			{
 			const char *name = ENGINE_get_name(e);
@@ -531,9 +533,9 @@ skip_pmeths:
 end:
 
 	ERR_print_errors(bio_err);
-	sk_pop_free(engines, identity);
-	sk_pop_free(pre_cmds, identity);
-	sk_pop_free(post_cmds, identity);
+	sk_STRING_pop_free(engines, identity);
+	sk_STRING_pop_free(pre_cmds, identity);
+	sk_STRING_pop_free(post_cmds, identity);
 	if (bio_out != NULL) BIO_free_all(bio_out);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index eb38e4da6d..af92ae679a 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -92,8 +92,9 @@ static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_m
 static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer,
 				STACK_OF(OCSP_CERTID) *ids);
 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-				STACK *names, STACK_OF(OCSP_CERTID) *ids,
-				long nsec, long maxage);
+			      STACK_OF(STRING) *names,
+			      STACK_OF(OCSP_CERTID) *ids, long nsec,
+			      long maxage);
 
 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
 			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
@@ -145,7 +146,7 @@ int MAIN(int argc, char **argv)
 	int badarg = 0;
 	int i;
 	int ignore_err = 0;
-	STACK *reqnames = NULL;
+	STACK_OF(STRING) *reqnames = NULL;
 	STACK_OF(OCSP_CERTID) *ids = NULL;
 
 	X509 *rca_cert = NULL;
@@ -162,7 +163,7 @@ int MAIN(int argc, char **argv)
 	SSL_load_error_strings();
 	OpenSSL_add_ssl_algorithms();
 	args = argv + 1;
-	reqnames = sk_new_null();
+	reqnames = sk_STRING_new_null();
 	ids = sk_OCSP_CERTID_new_null();
 	while (!badarg && *args && *args[0] == '-')
 		{
@@ -424,7 +425,7 @@ int MAIN(int argc, char **argv)
 				if (!cert_id_md) cert_id_md = EVP_sha1();
 				if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
 					goto end;
-				if(!sk_push(reqnames, *args))
+				if(!sk_STRING_push(reqnames, *args))
 					goto end;
 				}
 			else badarg = 1;
@@ -437,7 +438,7 @@ int MAIN(int argc, char **argv)
 				if (!cert_id_md) cert_id_md = EVP_sha1();
 				if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
 					goto end;
-				if(!sk_push(reqnames, *args))
+				if(!sk_STRING_push(reqnames, *args))
 					goto end;
 				}
 			else badarg = 1;
@@ -893,7 +894,7 @@ end:
 	OCSP_REQUEST_free(req);
 	OCSP_RESPONSE_free(resp);
 	OCSP_BASICRESP_free(bs);
-	sk_free(reqnames);
+	sk_STRING_free(reqnames);
 	sk_OCSP_CERTID_free(ids);
 	sk_X509_pop_free(sign_other, X509_free);
 	sk_X509_pop_free(verify_other, X509_free);
@@ -963,8 +964,9 @@ static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_i
 	}
 
 static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-					STACK *names, STACK_OF(OCSP_CERTID) *ids,
-					long nsec, long maxage)
+			      STACK_OF(STRING) *names,
+			      STACK_OF(OCSP_CERTID) *ids, long nsec,
+			      long maxage)
 	{
 	OCSP_CERTID *id;
 	char *name;
@@ -974,13 +976,13 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 
 	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
 
-	if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
+	if (!bs || !req || !sk_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
 		return 1;
 
 	for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
 		{
 		id = sk_OCSP_CERTID_value(ids, i);
-		name = sk_value(names, i);
+		name = sk_STRING_value(names, i);
 		BIO_printf(out, "%s: ", name);
 
 		if(!OCSP_resp_find_status(bs, id, &status, &reason,
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 1a63bf2ea4..4b7a99540f 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -116,7 +116,7 @@ int MAIN(int argc, char **argv)
     int ret = 1;
     int macver = 1;
     int noprompt = 0;
-    STACK *canames = NULL;
+    STACK_OF(STRING) *canames = NULL;
     char *cpass = NULL, *mpass = NULL;
     char *passargin = NULL, *passargout = NULL, *passarg = NULL;
     char *passin = NULL, *passout = NULL;
@@ -219,8 +219,8 @@ int MAIN(int argc, char **argv)
 		} else if (!strcmp (*args, "-caname")) {
 		    if (args[1]) {
 			args++;	
-			if (!canames) canames = sk_new_null();
-			sk_push(canames, *args);
+			if (!canames) canames = sk_STRING_new_null();
+			sk_STRING_push(canames, *args);
 		    } else badarg = 1;
 		} else if (!strcmp (*args, "-in")) {
 		    if (args[1]) {
@@ -545,9 +545,9 @@ int MAIN(int argc, char **argv)
 
 	/* Add any CA names */
 
-	for (i = 0; i < sk_num(canames); i++)
+	for (i = 0; i < sk_STRING_num(canames); i++)
 		{
-		catmp = (unsigned char *)sk_value(canames, i);
+		catmp = (unsigned char *)sk_STRING_value(canames, i);
 		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
 		}
 
@@ -681,7 +681,7 @@ int MAIN(int argc, char **argv)
 #endif
     BIO_free(in);
     BIO_free_all(out);
-    if (canames) sk_free(canames);
+    if (canames) sk_STRING_free(canames);
     if(passin) OPENSSL_free(passin);
     if(passout) OPENSSL_free(passout);
     apps_shutdown();
diff --git a/apps/req.c b/apps/req.c
index 7953f9ddc1..75d87808f2 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -165,7 +165,7 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY_CTX *genctx = NULL;
 	const char *keyalg = NULL;
 	char *keyalgstr = NULL;
-	STACK *pkeyopts = NULL;
+	STACK_OF(STRING) *pkeyopts = NULL;
 	EVP_PKEY *pkey=NULL;
 	int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
 	long newkey = -1;
@@ -306,8 +306,8 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1)
 				goto bad;
 			if (!pkeyopts)
-				pkeyopts = sk_new_null();
-			if (!pkeyopts || !sk_push(pkeyopts, *(++argv)))
+				pkeyopts = sk_STRING_new_null();
+			if (!pkeyopts || !sk_STRING_push(pkeyopts, *(++argv)))
 				goto bad;
 			}
 		else if (strcmp(*argv,"-batch") == 0)
@@ -667,9 +667,9 @@ bad:
 		if (pkeyopts)
 			{
 			char *genopt;
-			for (i = 0; i < sk_num(pkeyopts); i++)
+			for (i = 0; i < sk_STRING_num(pkeyopts); i++)
 				{
-				genopt = sk_value(pkeyopts, i);
+				genopt = sk_STRING_value(pkeyopts, i);
 				if (pkey_ctrl_string(genctx, genopt) <= 0)
 					{
 					BIO_printf(bio_err,
@@ -1083,7 +1083,7 @@ end:
 	if (genctx)
 		EVP_PKEY_CTX_free(genctx);
 	if (pkeyopts)
-		sk_free(pkeyopts);
+		sk_STRING_free(pkeyopts);
 #ifndef OPENSSL_NO_ENGINE
 	if (gen_eng)
 		ENGINE_free(gen_eng);
diff --git a/apps/s_server.c b/apps/s_server.c
index a7a728c268..27e520a9f3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -705,7 +705,7 @@ static int cert_status_cb(SSL *s, void *arg)
 	int use_ssl;
 	unsigned char *rspder = NULL;
 	int rspderlen;
-	STACK *aia = NULL;
+	STACK_OF(STRING) *aia = NULL;
 	X509 *x = NULL;
 	X509_STORE_CTX inctx;
 	X509_OBJECT obj;
@@ -727,7 +727,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 	aia = X509_get1_ocsp(x);
 	if (aia)
 		{
-		if (!OCSP_parse_url(sk_value(aia, 0),
+		if (!OCSP_parse_url(sk_STRING_value(aia, 0),
 			&host, &port, &path, &use_ssl))
 			{
 			BIO_puts(err, "cert_status: can't parse AIA URL\n");
@@ -735,7 +735,7 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
 			}
 		if (srctx->verbose)
 			BIO_printf(err, "cert_status: AIA URL: %s\n",
-					sk_value(aia, 0));
+					sk_STRING_value(aia, 0));
 		}
 	else
 		{
diff --git a/apps/smime.c b/apps/smime.c
index af2960685f..3aa8b70d5b 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -93,7 +93,7 @@ int MAIN(int argc, char **argv)
 	const char *inmode = "r", *outmode = "w";
 	char *infile = NULL, *outfile = NULL;
 	char *signerfile = NULL, *recipfile = NULL;
-	STACK *sksigners = NULL, *skkeys = NULL;
+	STACK_OF(STRING) *sksigners = NULL, *skkeys = NULL;
 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
 	const EVP_CIPHER *cipher = NULL;
 	PKCS7 *p7 = NULL;
@@ -260,13 +260,13 @@ int MAIN(int argc, char **argv)
 			if (signerfile)
 				{
 				if (!sksigners)
-					sksigners = sk_new_null();
-				sk_push(sksigners, signerfile);
+					sksigners = sk_STRING_new_null();
+				sk_STRING_push(sksigners, signerfile);
 				if (!keyfile)
 					keyfile = signerfile;
 				if (!skkeys)
-					skkeys = sk_new_null();
-				sk_push(skkeys, keyfile);
+					skkeys = sk_STRING_new_null();
+				sk_STRING_push(skkeys, keyfile);
 				keyfile = NULL;
 				}
 			signerfile = *++args;
@@ -302,12 +302,12 @@ int MAIN(int argc, char **argv)
 					goto argerr;
 					}
 				if (!sksigners)
-					sksigners = sk_new_null();
-				sk_push(sksigners, signerfile);
+					sksigners = sk_STRING_new_null();
+				sk_STRING_push(sksigners, signerfile);
 				signerfile = NULL;
 				if (!skkeys)
-					skkeys = sk_new_null();
-				sk_push(skkeys, keyfile);
+					skkeys = sk_STRING_new_null();
+				sk_STRING_push(skkeys, keyfile);
 				}
 			keyfile = *++args;
 			}
@@ -389,13 +389,13 @@ int MAIN(int argc, char **argv)
 		if (signerfile)
 			{
 			if (!sksigners)
-				sksigners = sk_new_null();
-			sk_push(sksigners, signerfile);
+				sksigners = sk_STRING_new_null();
+			sk_STRING_push(sksigners, signerfile);
 			if (!skkeys)
-				skkeys = sk_new_null();
+				skkeys = sk_STRING_new_null();
 			if (!keyfile)
 				keyfile = signerfile;
-			sk_push(skkeys, keyfile);
+			sk_STRING_push(skkeys, keyfile);
 			}
 		if (!sksigners)
 			{
@@ -707,10 +707,10 @@ int MAIN(int argc, char **argv)
 			}
 		else
 			flags |= PKCS7_REUSE_DIGEST;
-		for (i = 0; i < sk_num(sksigners); i++)
+		for (i = 0; i < sk_STRING_num(sksigners); i++)
 			{
-			signerfile = sk_value(sksigners, i);
-			keyfile = sk_value(skkeys, i);
+			signerfile = sk_STRING_value(sksigners, i);
+			keyfile = sk_STRING_value(skkeys, i);
 			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
 					e, "signer certificate");
 			if (!signer)
@@ -807,9 +807,9 @@ end:
 	if (vpm)
 		X509_VERIFY_PARAM_free(vpm);
 	if (sksigners)
-		sk_free(sksigners);
+		sk_STRING_free(sksigners);
 	if (skkeys)
-		sk_free(skkeys);
+		sk_STRING_free(skkeys);
 	X509_STORE_free(store);
 	X509_free(cert);
 	X509_free(recip);
diff --git a/apps/x509.c b/apps/x509.c
index 1fa93aaeba..e08fdac8b9 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -738,13 +738,14 @@ bad:
 			else if ((email == i) || (ocsp_uri == i))
 				{
 				int j;
-				STACK *emlst;
+				STACK_OF(STRING) *emlst;
 				if (email == i)
 					emlst = X509_get1_email(x);
 				else
 					emlst = X509_get1_ocsp(x);
-				for (j = 0; j < sk_num(emlst); j++)
-					BIO_printf(STDout, "%s\n", sk_value(emlst, j));
+				for (j = 0; j < sk_STRING_num(emlst); j++)
+					BIO_printf(STDout, "%s\n",
+						   sk_STRING_value(emlst, j));
 				X509_email_free(emlst);
 				}
 			else if (aliasout == i)
diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c
index 958558c204..2405ce1ec2 100644
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -85,8 +85,9 @@ static int SetBlobCmp(const void *elem1, const void *elem2 )
     }
 
 /* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
-		 int ex_class, int is_set)
+int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
+		 i2d_of_void *i2d, int ex_tag, int ex_class,
+		 int is_set)
 	{
 	int ret=0,r;
 	int i;
@@ -96,8 +97,8 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
         int totSize;
 
 	if (a == NULL) return(0);
-	for (i=sk_num(a)-1; i>=0; i--)
-		ret+=i2d(sk_value(a,i),NULL);
+	for (i=sk_BLOCK_num(a)-1; i>=0; i--)
+		ret+=i2d(sk_BLOCK_value(a,i),NULL);
 	r=ASN1_object_size(1,ret,ex_tag);
 	if (pp == NULL) return(r);
 
@@ -108,10 +109,10 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
 	/* And then again by Ben */
 	/* And again by Steve */
 
-	if(!is_set || (sk_num(a) < 2))
+	if(!is_set || (sk_BLOCK_num(a) < 2))
 		{
-		for (i=0; i<sk_num(a); i++)
-                	i2d(sk_value(a,i),&p);
+		for (i=0; i<sk_BLOCK_num(a); i++)
+                	i2d(sk_BLOCK_value(a,i),&p);
 
 		*pp=p;
 		return(r);
@@ -119,17 +120,17 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
 
         pStart  = p; /* Catch the beg of Setblobs*/
 		/* In this array we will store the SET blobs */
-		rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+		rgSetBlob = OPENSSL_malloc(sk_BLOCK_num(a) * sizeof(MYBLOB));
 		if (rgSetBlob == NULL)
 			{
 			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
 			return(0);
 			}
 
-        for (i=0; i<sk_num(a); i++)
+        for (i=0; i<sk_BLOCK_num(a); i++)
 	        {
                 rgSetBlob[i].pbData = p;  /* catch each set encode blob */
-                i2d(sk_value(a,i),&p);
+                i2d(sk_BLOCK_value(a,i),&p);
                 rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
 SetBlob
 */
@@ -139,7 +140,7 @@ SetBlob
 
  /* Now we have to sort the blobs. I am using a simple algo.
     *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
-        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+        qsort( rgSetBlob, sk_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
 		if (!(pTempMem = OPENSSL_malloc(totSize)))
 			{
 			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
@@ -148,7 +149,7 @@ SetBlob
 
 /* Copy to temp mem */
         p = pTempMem;
-        for(i=0; i<sk_num(a); ++i)
+        for(i=0; i<sk_BLOCK_num(a); ++i)
 		{
                 memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
                 p += rgSetBlob[i].cbData;
@@ -162,16 +163,17 @@ SetBlob
         return(r);
         }
 
-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
-		    d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
-		    int ex_class)
+STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
+			      long length, d2i_of_void *d2i,
+			      void (*free_func)(BLOCK), int ex_tag,
+			      int ex_class)
 	{
 	ASN1_const_CTX c;
-	STACK *ret=NULL;
+	STACK_OF(BLOCK) *ret=NULL;
 
 	if ((a == NULL) || ((*a) == NULL))
 		{
-		if ((ret=sk_new_null()) == NULL)
+		if ((ret=sk_BLOCK_new_null()) == NULL)
 			{
 			ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -219,7 +221,7 @@ STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
 			asn1_add_error(*pp,(int)(c.q- *pp));
 			goto err;
 			}
-		if (!sk_push(ret,s)) goto err;
+		if (!sk_BLOCK_push(ret,s)) goto err;
 		}
 	if (a != NULL) (*a)=ret;
 	*pp=c.p;
@@ -228,9 +230,9 @@ err:
 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
 		{
 		if (free_func != NULL)
-			sk_pop_free(ret,free_func);
+			sk_BLOCK_pop_free(ret,free_func);
 		else
-			sk_free(ret);
+			sk_BLOCK_free(ret);
 		}
 	return(NULL);
 	}
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index cfaef87555..d155791324 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -94,7 +94,8 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] =
 	};
 
 typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
-static STACK *app_methods = NULL;
+DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD);
+static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
 
 
 
@@ -121,7 +122,7 @@ int EVP_PKEY_asn1_get_count(void)
 	{
 	int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
 	if (app_methods)
-		num += sk_num(app_methods);
+		num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
 	return num;
 	}
 
@@ -133,7 +134,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
 	if (idx < num)
 		return standard_methods[idx];
 	idx -= num;
-	return (const EVP_PKEY_ASN1_METHOD *)sk_value(app_methods, idx);
+	return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
 	}
 
 static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
@@ -143,10 +144,9 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
 	if (app_methods)
 		{
 		int idx;
-		idx = sk_find(app_methods, (char *)&tmp);
+		idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
 		if (idx >= 0)
-			return (EVP_PKEY_ASN1_METHOD *)
-				sk_value(app_methods, idx);
+			return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
 		}
 	ret = (EVP_PKEY_ASN1_METHOD **) OBJ_bsearch((char *)&t,
         		(char *)standard_methods,
@@ -234,13 +234,13 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
 	{
 	if (app_methods == NULL)
 		{
-		app_methods = sk_new((sk_cmp_fn_type *)ameth_cmp);
+		app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
 		if (!app_methods)
 			return 0;
 		}
-	if (!sk_push(app_methods, (char *)ameth))
+	if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
 		return 0;
-	sk_sort(app_methods);
+	sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
 	return 1;
 	}
 
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 2e7e9b6810..86c5933e98 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -879,11 +879,13 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 
-int i2d_ASN1_SET(STACK *a, unsigned char **pp,
-		 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
-STACK *	d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
-		     d2i_of_void *d2i, void (*free_func)(void *),
-		     int ex_tag, int ex_class);
+int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
+		 i2d_of_void *i2d, int ex_tag, int ex_class,
+		 int is_set);
+STACK_OF(BLOCK) *d2i_ASN1_SET(STACK_OF(BLOCK) **a, const unsigned char **pp,
+			      long length, d2i_of_void *d2i,
+			      void (*free_func)(BLOCK), int ex_tag,
+			      int ex_class);
 
 #ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
@@ -1035,9 +1037,9 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
 	unsigned char *data, int max_len);
 
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
-		       d2i_of_void *d2i, void (*free_func)(void *));
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
+				 d2i_of_void *d2i, void (*free_func)(BLOCK));
+unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
 			     unsigned char **buf, int *len );
 void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
index e8b671b7b5..1e268dee46 100644
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
@@ -66,10 +66,10 @@
 
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
 
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
-		       d2i_of_void *d2i,void (*free_func)(void *))
+STACK_OF(BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
+				 d2i_of_void *d2i, void (*free_func)(BLOCK))
 {
-    STACK *sk;
+    STACK_OF(BLOCK) *sk;
     const unsigned char *pbuf;
     pbuf =  buf;
     if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
@@ -82,7 +82,7 @@ STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
  * OPENSSL_malloc'ed buffer
  */
 
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK_OF(BLOCK) *safes, i2d_of_void *i2d,
 			     unsigned char **buf, int *len)
 {
 	int safelen;
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index f4831440fa..6f3ab00b36 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -668,11 +668,12 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
 		else
 			{
 			/* We've got a valid STACK: free up any items present */
-			STACK *sktmp = (STACK *)*val;
+			STACK_OF(ASN1_VALUE) *sktmp
+			    = (STACK_OF(ASN1_VALUE) *)*val;
 			ASN1_VALUE *vtmp;
-			while(sk_num(sktmp) > 0)
+			while(sk_ASN1_VALUE_num(sktmp) > 0)
 				{
-				vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+				vtmp = sk_ASN1_VALUE_pop(sktmp);
 				ASN1_item_ex_free(&vtmp,
 						ASN1_ITEM_ptr(tt->item));
 				}
@@ -713,7 +714,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
 				goto err;
 				}
 			len -= p - q;
-			if (!sk_push((STACK *)*val, (char *)skfield))
+			if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
+						skfield))
 				{
 				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
 						ERR_R_MALLOC_FAILURE);
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
index d2830a5ead..361e93c59f 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -354,6 +354,8 @@ int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
 		{
 		char *tname;
 		ASN1_VALUE *skitem;
+		STACK_OF(ASN1_VALUE) *stack;
+
 		/* SET OF, SEQUENCE OF */
 		if (fname)
 			{
@@ -371,12 +373,13 @@ int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
 					fname) <= 0)
 				return 0;
 			}
-		for(i = 0; i < sk_num((STACK *)*fld); i++)
+		stack = (STACK_OF(ASN1_VALUE) *)*fld;
+		for(i = 0; i < sk_ASN1_VALUE_num(stack); i++)
 			{
 			if ((i > 0) && (BIO_puts(out, "\n") <= 0))
 				return 0;
 
-			skitem = (ASN1_VALUE *)sk_value((STACK *)*fld, i);
+			skitem = sk_ASN1_VALUE_value(stack, i);
 			if (!asn1_item_print_ctx(out, &skitem, indent + 2,
 				ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, pctx))
 				return 0;
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index 193f6d4403..3c9344c17f 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -63,6 +63,9 @@
 #include <openssl/x509.h>
 #include "asn1_locl.h"
 
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
+DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY);
+
 static int x509_name_ex_d2i(ASN1_VALUE **val,
 				const unsigned char **in, long len,
 				const ASN1_ITEM *it,
@@ -76,7 +79,8 @@ static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 static int x509_name_encode(X509_NAME *a);
 static int x509_name_canon(X509_NAME *a);
 static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
-static int i2d_name_canon(STACK *intname, unsigned char **in);
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
+			  unsigned char **in);
 
 
 static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
@@ -165,27 +169,13 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 	*pval = NULL;
 }
 
-/* Used with sk_pop_free() to free up the internal representation.
- * NB: we only free the STACK and not its contents because it is
- * already present in the X509_NAME structure.
- */
-
-static void sk_internal_free(void *a)
-{
-	sk_free(a);
-}
-
-static void canon_free(void *a)
-{
-	sk_X509_NAME_ENTRY_pop_free(a, X509_NAME_ENTRY_free);
-}
-
 static int x509_name_ex_d2i(ASN1_VALUE **val,
 			const unsigned char **in, long len, const ASN1_ITEM *it,
 				int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
 	const unsigned char *p = *in, *q;
-	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+	union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+		ASN1_VALUE *a; } intname = {NULL};
 	union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
 	int i, j, ret;
 	STACK_OF(X509_NAME_ENTRY) *entries;
@@ -206,8 +196,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
 	memcpy(nm.x->bytes->data, q, p - q);
 
 	/* Convert internal representation to X509_NAME structure */
-	for(i = 0; i < sk_num(intname.s); i++) {
-		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+	for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+		entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
 		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
 			entry = sk_X509_NAME_ENTRY_value(entries, j);
 			entry->set = i;
@@ -216,7 +206,7 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
 		}
 		sk_X509_NAME_ENTRY_free(entries);
 	}
-	sk_free(intname.s);
+	sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
 	ret = x509_name_canon(nm.x);
 	if (!ret)
 		goto err;
@@ -249,22 +239,30 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
 	return ret;
 }
 
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+	{
+	sk_X509_NAME_ENTRY_free(ne);
+	}
+
 static int x509_name_encode(X509_NAME *a)
 {
-	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+	union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+		ASN1_VALUE *a; } intname = {NULL};
 	int len;
 	unsigned char *p;
 	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
 	X509_NAME_ENTRY *entry;
 	int i, set = -1;
-	intname.s = sk_new_null();
+	intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
 	if(!intname.s) goto memerr;
 	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
 		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
 		if(entry->set != set) {
 			entries = sk_X509_NAME_ENTRY_new_null();
 			if(!entries) goto memerr;
-			if(!sk_push(intname.s, (char *)entries)) goto memerr;
+			if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+							     entries))
+				goto memerr;
 			set = entry->set;
 		}
 		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
@@ -275,11 +273,13 @@ static int x509_name_encode(X509_NAME *a)
 	p=(unsigned char *)a->bytes->data;
 	ASN1_item_ex_i2d(&intname.a,
 			 &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-	sk_pop_free(intname.s, sk_internal_free);
+	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+					     local_sk_X509_NAME_ENTRY_free);
 	a->modified = 0;
 	return len;
-	memerr:
-	sk_pop_free(intname.s, sk_internal_free);
+memerr:
+	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+					     local_sk_X509_NAME_ENTRY_free);
 	ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
 	return -1;
 }
@@ -311,10 +311,11 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
 static int x509_name_canon(X509_NAME *a)
 	{
 	unsigned char *p;
-	STACK *intname = NULL;
+	STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
 	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
 	X509_NAME_ENTRY *entry, *tmpentry = NULL;
 	int i, set = -1, ret = 0;
+
 	if (a->canon_enc)
 		{
 		OPENSSL_free(a->canon_enc);
@@ -326,7 +327,7 @@ static int x509_name_canon(X509_NAME *a)
 		a->canon_enclen = 0;
 		return 1;
 		}
-	intname = sk_new_null();
+	intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
 	if(!intname)
 		goto err;
 	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++)
@@ -337,7 +338,7 @@ static int x509_name_canon(X509_NAME *a)
 			entries = sk_X509_NAME_ENTRY_new_null();
 			if(!entries)
 				goto err;
-			if(!sk_push(intname, (char *)entries))
+			if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
 				goto err;
 			set = entry->set;
 			}
@@ -370,7 +371,8 @@ static int x509_name_canon(X509_NAME *a)
 	if (tmpentry)
 		X509_NAME_ENTRY_free(tmpentry);
 	if (intname)
-		sk_pop_free(intname, canon_free);
+		sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+						local_sk_X509_NAME_ENTRY_free);
 	return ret;
 	}
 
@@ -467,14 +469,17 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 
 	}
 
-static int i2d_name_canon(STACK *intname, unsigned char **in)
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
+			  unsigned char **in)
 	{
 	int i, len, ltmp;
 	ASN1_VALUE *v;
+	STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
+
 	len = 0;
-	for (i = 0; i < sk_num(intname); i++)
+	for (i = 0; i < sk_ASN1_VALUE_num(intname); i++)
 		{
-		v = (ASN1_VALUE *)sk_value(intname, i);
+		v = sk_ASN1_VALUE_value(intname, i);
 		ltmp = ASN1_item_ex_i2d(&v, in,
 			ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
 		if (ltmp < 0)
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 2438f8771e..53d7945da4 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -71,12 +71,10 @@
 
 static void value_free_hash_doall_arg(CONF_VALUE *a,
 				      LHASH_OF(CONF_VALUE) *conf);
-static void value_free_stack_doall_arg(CONF_VALUE *a,
-				       LHASH_OF(CONF_VALUE) *conf);
+static void value_free_stack_doall(CONF_VALUE *a);
 static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE,
 				    LHASH_OF(CONF_VALUE))
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE,
-				    LHASH_OF(CONF_VALUE))
+static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE)
 
 /* Up until OpenSSL 0.9.5a, this was get_section */
 CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
@@ -229,15 +227,14 @@ void _CONF_free_data(CONF *conf)
 	lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make
 				  * sure the 'OPENSSL_free()' works as
 				  * expected */
-	lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
+	lh_CONF_VALUE_doall_arg(conf->data,
+				LHASH_DOALL_ARG_FN(value_free_hash),
 				LHASH_OF(CONF_VALUE), conf->data);
 
 	/* We now have only 'section' entries in the hash table.
 	 * Due to problems with */
 
-	lh_CONF_VALUE_doall_arg(conf->data,
-				LHASH_DOALL_ARG_FN(value_free_stack),
-				LHASH_OF(CONF_VALUE), conf->data);
+	lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack));
 	lh_CONF_VALUE_free(conf->data);
 	}
 
@@ -247,24 +244,23 @@ static void value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
 		lh_CONF_VALUE_delete(conf,a);
 	}
 
-static void value_free_stack_doall_arg(CONF_VALUE *a,
-				       LHASH_OF(CONF_VALUE) *conf)
+static void value_free_stack_doall(CONF_VALUE *a)
 	{
 	CONF_VALUE *vv;
-	STACK *sk;
+	STACK_OF(CONF_VALUE) *sk;
 	int i;
 
 	if (a->name != NULL) return;
 
-	sk=(STACK *)a->value;
-	for (i=sk_num(sk)-1; i>=0; i--)
+	sk=(STACK_OF(CONF_VALUE) *)a->value;
+	for (i=sk_CONF_VALUE_num(sk)-1; i>=0; i--)
 		{
-		vv=(CONF_VALUE *)sk_value(sk,i);
+		vv=sk_CONF_VALUE_value(sk,i);
 		OPENSSL_free(vv->value);
 		OPENSSL_free(vv->name);
 		OPENSSL_free(vv);
 		}
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_CONF_VALUE_free(sk);
 	OPENSSL_free(a->section);
 	OPENSSL_free(a);
 	}
@@ -272,16 +268,16 @@ static void value_free_stack_doall_arg(CONF_VALUE *a,
 /* Up until OpenSSL 0.9.5a, this was new_section */
 CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
 	{
-	STACK *sk=NULL;
+	STACK_OF(CONF_VALUE) *sk=NULL;
 	int ok=0,i;
 	CONF_VALUE *v=NULL,*vv;
 
-	if ((sk=sk_new_null()) == NULL)
+	if ((sk=sk_CONF_VALUE_new_null()) == NULL)
 		goto err;
-	if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+	if ((v=OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
 		goto err;
 	i=strlen(section)+1;
-	if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
+	if ((v->section=OPENSSL_malloc(i)) == NULL)
 		goto err;
 
 	memcpy(v->section,section,i);
@@ -294,7 +290,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
 err:
 	if (!ok)
 		{
-		if (sk != NULL) sk_free(sk);
+		if (sk != NULL) sk_CONF_VALUE_free(sk);
 		if (v != NULL) OPENSSL_free(v);
 		v=NULL;
 		}
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index cb858d5519..b8c2ee80f6 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -122,7 +122,6 @@ static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
 
 DECLARE_STACK_OF(CRYPTO_dynlock)
-IMPLEMENT_STACK_OF(CRYPTO_dynlock)
 
 /* real #defines in crypto.h, keep these upto date */
 static const char* const lock_names[CRYPTO_NUM_LOCKS] =
@@ -173,7 +172,7 @@ static const char* const lock_names[CRYPTO_NUM_LOCKS] =
 
 /* This is for applications to allocate new type names in the non-dynamic
    array of lock names.  These are numbered with positive numbers.  */
-static STACK *app_locks=NULL;
+static STACK_OF(STRING) *app_locks=NULL;
 
 /* For applications that want a more dynamic way of handling threads, the
    following stack is used.  These are externally numbered with negative
@@ -207,7 +206,7 @@ int CRYPTO_get_new_lockid(char *name)
 	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
 #endif
 
-	if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
+	if ((app_locks == NULL) && ((app_locks=sk_STRING_new_null()) == NULL))
 		{
 		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
 		return(0);
@@ -217,7 +216,7 @@ int CRYPTO_get_new_lockid(char *name)
 		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
 		return(0);
 		}
-	i=sk_push(app_locks,str);
+	i=sk_STRING_push(app_locks,str);
 	if (!i)
 		OPENSSL_free(str);
 	else
@@ -587,10 +586,10 @@ const char *CRYPTO_get_lock_name(int type)
 		return("dynamic");
 	else if (type < CRYPTO_NUM_LOCKS)
 		return(lock_names[type]);
-	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+	else if (type-CRYPTO_NUM_LOCKS > sk_STRING_num(app_locks))
 		return("ERROR");
 	else
-		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+		return(sk_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS));
 	}
 
 #if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 437ed63df1..4fa540527e 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -282,9 +282,10 @@ typedef struct bio_st BIO_dummy;
 
 struct crypto_ex_data_st
 	{
-	STACK *sk;
+	STACK_OF(void) *sk;
 	int dummy; /* gcc is screwing up this data structure :-( */
 	};
+DECLARE_STACK_OF(void)
 
 /* This stuff is basically class callback functions
  * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile
index a082a5e90a..eb1f0a12a9 100644
--- a/crypto/dh/Makefile
+++ b/crypto/dh/Makefile
@@ -140,14 +140,20 @@ dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
 dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
-dh_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
 dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_lib.c
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+dh_lib.o: ../cryptlib.h dh_lib.c
 dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
 dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile
index 1c9a301f54..a5c97bd6ac 100644
--- a/crypto/dsa/Makefile
+++ b/crypto/dsa/Makefile
@@ -142,11 +142,16 @@ dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 dsa_lib.o: ../cryptlib.h dsa_lib.c
 dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h
index d1d5facb8b..839f2e0617 100644
--- a/crypto/dso/dso.h
+++ b/crypto/dso/dso.h
@@ -188,7 +188,7 @@ struct dso_st
 	 * for use in the dso_bind handler. All in all, let each
 	 * method control its own destiny. "Handles" and such go in
 	 * a STACK. */
-	STACK *meth_data;
+	STACK_OF(void) *meth_data;
 	int references;
 	int flags;
 	/* For use by applications etc ... use this for your bits'n'pieces,
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
index d36e0b0f3a..168c25b9e8 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -183,7 +183,7 @@ static int dlfcn_load(DSO *dso)
 		ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
 		goto err;
 		}
-	if(!sk_push(dso->meth_data, (char *)ptr))
+	if(!sk_void_push(dso->meth_data, (char *)ptr))
 		{
 		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
 		goto err;
@@ -208,15 +208,15 @@ static int dlfcn_unload(DSO *dso)
 		DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-	if(sk_num(dso->meth_data) < 1)
+	if(sk_void_num(dso->meth_data) < 1)
 		return(1);
-	ptr = (void *)sk_pop(dso->meth_data);
+	ptr = sk_void_pop(dso->meth_data);
 	if(ptr == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
 		/* Should push the value back onto the stack in
 		 * case of a retry. */
-		sk_push(dso->meth_data, (char *)ptr);
+		sk_void_push(dso->meth_data, ptr);
 		return(0);
 		}
 	/* For now I'm not aware of any errors associated with dlclose() */
@@ -233,12 +233,12 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname)
 		DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
 		return(NULL);
 		}
-	if(sk_num(dso->meth_data) < 1)
+	if(sk_void_num(dso->meth_data) < 1)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
 		return(NULL);
 		}
-	ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+	ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
 	if(ptr == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
@@ -264,12 +264,12 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
 		return(NULL);
 		}
-	if(sk_num(dso->meth_data) < 1)
+	if(sk_void_num(dso->meth_data) < 1)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
 		return(NULL);
 		}
-	ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+	ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
 	if(ptr == NULL)
 		{
 		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index 1e3d81ce4c..75ac66707d 100644
--- a/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
@@ -107,7 +107,7 @@ DSO *DSO_new_method(DSO_METHOD *meth)
 		return(NULL);
 		}
 	memset(ret, 0, sizeof(DSO));
-	ret->meth_data = sk_new_null();
+	ret->meth_data = sk_void_new_null();
 	if(ret->meth_data == NULL)
 		{
 		/* sk_new doesn't generate any errors so we do */
@@ -163,7 +163,7 @@ int DSO_free(DSO *dso)
 		return(0);
 		}
 	
-	sk_free(dso->meth_data);
+	sk_void_free(dso->meth_data);
 	if(dso->filename != NULL)
 		OPENSSL_free(dso->filename);
 	if(dso->loaded_filename != NULL)
diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile
index 95aa69fea5..65d8904ee8 100644
--- a/crypto/ecdh/Makefile
+++ b/crypto/ecdh/Makefile
@@ -84,20 +84,30 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ