From 66ab08b1cfb7f57ee9299d6efc322aca385e4fba Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 21 Jun 1999 23:59:09 +0000
Subject: [PATCH] Implement STACK_OF(ANS1_OBJECT) for extended key usage
 extension, change the documentation to reflect the STACK_OF(CONF_VALUE)
 change to the CONF lib and use ANSI typedefs for X509V3_EXT_I2D and
 X509V3_EXT_FREE.

---
 crypto/asn1/a_object.c   |  2 ++
 crypto/asn1/asn1.h       |  3 +++
 crypto/x509v3/v3_akey.c  |  4 ++--
 crypto/x509v3/v3_alt.c   | 24 ++++++++++----------
 crypto/x509v3/v3_bcons.c |  4 ++--
 crypto/x509v3/v3_cpols.c |  4 ++--
 crypto/x509v3/v3_crld.c  |  4 ++--
 crypto/x509v3/v3_enum.c  |  7 +++---
 crypto/x509v3/v3_extku.c | 49 ++++++++++++++++++++--------------------
 crypto/x509v3/v3_int.c   |  5 ++--
 crypto/x509v3/v3_pku.c   |  8 +++----
 crypto/x509v3/v3_skey.c  |  5 ++--
 crypto/x509v3/v3_sxnet.c | 13 ++++++-----
 crypto/x509v3/v3_utl.c   |  2 +-
 crypto/x509v3/x509v3.h   | 27 ++++++++++++----------
 doc/openssl.txt          | 37 +++++++++++++++++-------------
 16 files changed, 108 insertions(+), 90 deletions(-)

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index 5f721026b..3a8ae0305 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -368,3 +368,5 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
 	return(OBJ_dup(&o));
 	}
 
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index f55663e0f..5c2d8999b 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -497,6 +497,9 @@ int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
 
+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
 ASN1_STRING *	ASN1_STRING_new(void );
 void		ASN1_STRING_free(ASN1_STRING *a);
 ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index 8b1deca8d..4099e6019 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -71,9 +71,9 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 X509V3_EXT_METHOD v3_akey_id = {
 NID_authority_key_identifier, X509V3_EXT_MULTILINE,
 (X509V3_EXT_NEW)AUTHORITY_KEYID_new,
-AUTHORITY_KEYID_free,
+(X509V3_EXT_FREE)AUTHORITY_KEYID_free,
 (X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
-i2d_AUTHORITY_KEYID,
+(X509V3_EXT_I2D)i2d_AUTHORITY_KEYID,
 NULL, NULL,
 (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
 (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 741d120e9..b5e1f8af9 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -61,25 +61,25 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
-static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
 static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens);
 X509V3_EXT_METHOD v3_alt[] = {
 { NID_subject_alt_name, 0,
 (X509V3_EXT_NEW)GENERAL_NAMES_new,
-GENERAL_NAMES_free,
+(X509V3_EXT_FREE)GENERAL_NAMES_free,
 (X509V3_EXT_D2I)d2i_GENERAL_NAMES,
-i2d_GENERAL_NAMES,
+(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
 NULL, NULL,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_subject_alt,
 NULL, NULL, NULL},
 { NID_issuer_alt_name, 0,
 (X509V3_EXT_NEW)GENERAL_NAMES_new,
-GENERAL_NAMES_free,
+(X509V3_EXT_FREE)GENERAL_NAMES_free,
 (X509V3_EXT_D2I)d2i_GENERAL_NAMES,
-i2d_GENERAL_NAMES,
+(X509V3_EXT_I2D)i2d_GENERAL_NAMES,
 NULL, NULL,
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_issuer_alt,
@@ -156,7 +156,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
 }
 
 static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
-						 X509V3_CTX *ctx, STACK *nval)
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	STACK_OF(GENERAL_NAME) *gens = NULL;
 	CONF_VALUE *cnf;
@@ -165,8 +165,8 @@ static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method,
 		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	for(i = 0; i < sk_num(nval); i++) {
-		cnf = (CONF_VALUE *)sk_value(nval, i);
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
 		if(!name_cmp(cnf->name, "issuer") && cnf->value &&
 						!strcmp(cnf->value, "copy")) {
 			if(!copy_issuer(ctx, gens)) goto err;
@@ -221,7 +221,7 @@ static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens)
 }
 
 static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
-						 X509V3_CTX *ctx, STACK *nval)
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
 	STACK_OF(GENERAL_NAME) *gens = NULL;
 	CONF_VALUE *cnf;
@@ -230,8 +230,8 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method,
 		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
 		return NULL;
 	}
-	for(i = 0; i < sk_num(nval); i++) {
-		cnf = (CONF_VALUE *)sk_value(nval, i);
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
 		if(!name_cmp(cnf->name, "email") && cnf->value &&
 						!strcmp(cnf->value, "copy")) {
 			if(!copy_email(ctx, gens)) goto err;
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
index 5af27025c..de2f855c3 100644
--- a/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
@@ -70,9 +70,9 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V
 X509V3_EXT_METHOD v3_bcons = {
 NID_basic_constraints, 0,
 (X509V3_EXT_NEW)BASIC_CONSTRAINTS_new,
-BASIC_CONSTRAINTS_free,
+(X509V3_EXT_FREE)BASIC_CONSTRAINTS_free,
 (X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS,
-i2d_BASIC_CONSTRAINTS,
+(X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS,
 NULL, NULL,
 (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
 (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 26a5df12e..b4d488354 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -78,9 +78,9 @@ static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos);
 X509V3_EXT_METHOD v3_cpols = {
 NID_certificate_policies, 0,
 (X509V3_EXT_NEW)CERTIFICATEPOLICIES_new,
-CERTIFICATEPOLICIES_free,
+(X509V3_EXT_FREE)CERTIFICATEPOLICIES_free,
 (X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES,
-i2d_CERTIFICATEPOLICIES,
+(X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES,
 NULL, NULL,
 NULL, NULL,
 (X509V3_EXT_I2R)i2r_certpol,
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index 7551a1dd3..897ffb63e 100644
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -71,9 +71,9 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
 X509V3_EXT_METHOD v3_crld = {
 NID_crl_distribution_points, X509V3_EXT_MULTILINE,
 (X509V3_EXT_NEW)CRL_DIST_POINTS_new,
-CRL_DIST_POINTS_free,
+(X509V3_EXT_FREE)CRL_DIST_POINTS_free,
 (X509V3_EXT_D2I)d2i_CRL_DIST_POINTS,
-i2d_CRL_DIST_POINTS,
+(X509V3_EXT_I2D)i2d_CRL_DIST_POINTS,
 NULL, NULL,
 (X509V3_EXT_I2V)i2v_crld,
 (X509V3_EXT_V2I)v2i_crld,
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
index 05af992f6..db423548f 100644
--- a/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
@@ -76,12 +76,13 @@ static ENUMERATED_NAMES crl_reasons[] = {
 
 X509V3_EXT_METHOD v3_crl_reason = { 
 NID_crl_reason, 0,
-(X509V3_EXT_NEW)asn1_enumerated_new, ASN1_STRING_free,
+(X509V3_EXT_NEW)asn1_enumerated_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
 (X509V3_EXT_D2I)d2i_ASN1_ENUMERATED,
-i2d_ASN1_ENUMERATED,
+(X509V3_EXT_I2D)i2d_ASN1_ENUMERATED,
 (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
 (X509V3_EXT_S2I)NULL,
-NULL, NULL, NULL, NULL, (char *)crl_reasons};
+NULL, NULL, NULL, NULL, crl_reasons};
 
 
 static ASN1_ENUMERATED *asn1_enumerated_new(void)
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
index e149cd687..e039d21cb 100644
--- a/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
@@ -63,16 +63,16 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-						STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
-				STACK *eku, STACK_OF(CONF_VALUE) *extlist);
+		STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist);
 X509V3_EXT_METHOD v3_ext_ku = {
 NID_ext_key_usage, 0,
 (X509V3_EXT_NEW)ext_ku_new,
-ext_ku_free,
+(X509V3_EXT_FREE)ext_ku_free,
 (X509V3_EXT_D2I)d2i_ext_ku,
-i2d_ext_ku,
+(X509V3_EXT_I2D)i2d_ext_ku,
 NULL, NULL,
 (X509V3_EXT_I2V)i2v_ext_ku,
 (X509V3_EXT_V2I)v2i_ext_ku,
@@ -80,55 +80,56 @@ NULL,NULL,
 NULL
 };
 
-STACK *ext_ku_new(void)
+STACK_OF(ASN1_OBJECT) *ext_ku_new(void)
 {
-	return sk_new_null();
+	return sk_ASN1_OBJECT_new_null();
 }
 
-void ext_ku_free(STACK *eku)
+void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku)
 {
-	sk_pop_free(eku, ASN1_OBJECT_free);
+	sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free);
 	return;
 }
 
-int i2d_ext_ku(STACK *a, unsigned char **pp)
+int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp)
 {
-	return i2d_ASN1_SET(a, pp, i2d_ASN1_OBJECT, V_ASN1_SEQUENCE,
-						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
+	return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT,
+				V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
 }
 
-STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length)
+STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
+					unsigned char **pp, long length)
 {
-	return d2i_ASN1_SET(a, pp, length, (char *(*)())(d2i_ASN1_OBJECT),
+	return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT,
 			 ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 }
 
 
 
-static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method, STACK *eku,
-	     STACK_OF(CONF_VALUE) *ext_list)
+static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method,
+		STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list)
 {
 int i;
 ASN1_OBJECT *obj;
 char obj_tmp[80];
-for(i = 0; i < sk_num(eku); i++) {
-	obj = (ASN1_OBJECT *)sk_value(eku, i);
+for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+	obj = sk_ASN1_OBJECT_value(eku, i);
 	i2t_ASN1_OBJECT(obj_tmp, 80, obj);
 	X509V3_add_value(NULL, obj_tmp, &ext_list);
 }
 return ext_list;
 }
 
-static STACK *v2i_ext_ku(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-						STACK_OF(CONF_VALUE) *nval)
+static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-STACK *extku;
+STACK_OF(ASN1_OBJECT) *extku;
 char *extval;
 ASN1_OBJECT *objtmp;
 CONF_VALUE *val;
 int i;
 
-if(!(extku = sk_new(NULL))) {
+if(!(extku = sk_ASN1_OBJECT_new(NULL))) {
 	X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
 	return NULL;
 }
@@ -138,12 +139,12 @@ for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
 	if(val->value) extval = val->value;
 	else extval = val->name;
 	if(!(objtmp = OBJ_txt2obj(extval, 0))) {
-		sk_pop_free(extku, ASN1_OBJECT_free);
+		sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
 		X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
 		X509V3_conf_err(val);
 		return NULL;
 	}
-	sk_push(extku, (char *)objtmp);
+	sk_ASN1_OBJECT_push(extku, objtmp);
 }
 return extku;
 }
diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
index b27c0f4cc..637dd5e12 100644
--- a/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
@@ -64,9 +64,10 @@ static ASN1_INTEGER *asn1_integer_new(void);
 
 X509V3_EXT_METHOD v3_crl_num = { 
 NID_crl_number, 0,
-(X509V3_EXT_NEW)asn1_integer_new, ASN1_STRING_free,
+(X509V3_EXT_NEW)asn1_integer_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
 (X509V3_EXT_D2I)d2i_ASN1_INTEGER,
-i2d_ASN1_INTEGER,
+(X509V3_EXT_I2D)i2d_ASN1_INTEGER,
 (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
 (X509V3_EXT_S2I)NULL,
 NULL, NULL, NULL, NULL, NULL};
diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c
index 0ee8c3c5f..c13e7d8f4 100644
--- a/crypto/x509v3/v3_pku.c
+++ b/crypto/x509v3/v3_pku.c
@@ -64,14 +64,14 @@
 
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
 /*
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 */
 X509V3_EXT_METHOD v3_pkey_usage_period = {
 NID_private_key_usage_period, 0,
 (X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new,
-PKEY_USAGE_PERIOD_free,
+(X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free,
 (X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD,
-i2d_PKEY_USAGE_PERIOD,
+(X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD,
 NULL, NULL, NULL, NULL,
 (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
 NULL
@@ -144,7 +144,7 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
 X509V3_EXT_METHOD *method;
 X509V3_CTX *ctx;
-STACK *values;
+STACK_OF(CONF_VALUE) *values;
 {
 return NULL;
 }
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index cca2eb9ae..fb3e36014 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -65,9 +65,10 @@ static ASN1_OCTET_STRING *octet_string_new(void);
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 X509V3_EXT_METHOD v3_skey_id = { 
 NID_subject_key_identifier, 0,
-(X509V3_EXT_NEW)octet_string_new, ASN1_STRING_free,
+(X509V3_EXT_NEW)octet_string_new,
+(X509V3_EXT_FREE)ASN1_STRING_free,
 (X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING,
-i2d_ASN1_OCTET_STRING,
+(X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING,
 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
 (X509V3_EXT_S2I)s2i_skey_id,
 NULL, NULL, NULL, NULL, NULL};
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
index a35e80145..0f198f62f 100644
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -69,14 +69,15 @@
 
 static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
 #ifdef SXNET_TEST
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *nval);
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+						STACK_OF(CONF_VALUE) *nval);
 #endif
 X509V3_EXT_METHOD v3_sxnet = {
 NID_sxnet, X509V3_EXT_MULTILINE,
 (X509V3_EXT_NEW)SXNET_new,
-SXNET_free,
+(X509V3_EXT_FREE)SXNET_free,
 (X509V3_EXT_D2I)d2i_SXNET,
-i2d_SXNET,
+(X509V3_EXT_I2D)i2d_SXNET,
 NULL, NULL,
 NULL, 
 #ifdef SXNET_TEST
@@ -206,13 +207,13 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
 
 
 static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-	     STACK *nval)
+	     STACK_OF(CONF_VALUE) *nval)
 {
 	CONF_VALUE *cnf;
 	SXNET *sx = NULL;
 	int i;
-	for(i = 0; i < sk_num(nval); i++) {
-		cnf = (CONF_VALUE *)sk_value(nval, i);
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
 		if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
 								 return NULL;
 	}
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index af2a10512..40f71c71b 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -96,7 +96,7 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value,
     return X509V3_add_value(name,(const char *)value,extlist);
     }
 
-/* Free function for STACK of CONF_VALUE */
+/* Free function for STACK_OF(CONF_VALUE) */
 
 void X509V3_conf_free(CONF_VALUE *conf)
 {
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index d213df3ab..4eb04a5a8 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -72,10 +72,10 @@ struct v3_ext_ctx;
 
 /* Useful typedefs */
 
-typedef void * (*X509V3_EXT_NEW)();
-typedef void (*X509V3_EXT_FREE)();
-typedef char * (*X509V3_EXT_D2I)();
-typedef int (*X509V3_EXT_I2D)();
+typedef void * (*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE)(void *);
+typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
+typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
 typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
 typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
 typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
@@ -255,9 +255,10 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 #define X509V3_set_ctx_nodb(ctx) ctx->db = NULL;
 
 #define EXT_BITSTRING(nid, table) { nid, 0, \
-			(X509V3_EXT_NEW)asn1_bit_string_new, ASN1_STRING_free, \
+			(X509V3_EXT_NEW)asn1_bit_string_new, \
+			(X509V3_EXT_FREE)ASN1_STRING_free, \
 			(X509V3_EXT_D2I)d2i_ASN1_BIT_STRING, \
-			i2d_ASN1_BIT_STRING, \
+			(X509V3_EXT_I2D)i2d_ASN1_BIT_STRING, \
 			NULL, NULL, \
 			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
 			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
@@ -265,9 +266,10 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
 			(char *)table}
 
 #define EXT_IA5STRING(nid) { nid, 0, \
-			(X509V3_EXT_NEW)ia5string_new, ASN1_STRING_free, \
+			(X509V3_EXT_NEW)ia5string_new, \
+			(X509V3_EXT_FREE)ASN1_STRING_free, \
 			(X509V3_EXT_D2I)d2i_ASN1_IA5STRING, \
-			i2d_ASN1_IA5STRING, \
+			(X509V3_EXT_I2D)i2d_ASN1_IA5STRING, \
 			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
 			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
 			NULL, NULL, NULL, NULL, \
@@ -329,10 +331,11 @@ STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 
-int i2d_ext_ku(STACK *a, unsigned char **pp);
-STACK *d2i_ext_ku(STACK **a, unsigned char **pp, long length);
-void ext_ku_free(STACK *a);
-STACK *ext_ku_new(void);
+int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp);
+STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a,
+					unsigned char **pp, long length);
+void ext_ku_free(STACK_OF(ASN1_OBJECT) *a);
+STACK_OF(ASN1_OBJECT) *ext_ku_new(void);
 
 int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp);
 STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void);
diff --git a/doc/openssl.txt b/doc/openssl.txt
index 07b0f8ec4..91b85e5f1 100644
--- a/doc/openssl.txt
+++ b/doc/openssl.txt
@@ -581,11 +581,11 @@ void X509V3_string_free(X509V3_CTX *ctx, char *str);
 
 This function frees up the string returned by the above function.
 
-STACK * X509V3_get_section(X509V3_CTX *ctx, char *section);
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
 
-This function returns a whole section as a STACK of CONF_VALUE structures.
+This function returns a whole section as a STACK_OF(CONF_VALUE) .
 
-void X509V3_section_free( X509V3_CTX *ctx, STACK *section);
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
 
 This function frees up the STACK returned by the above function.
 
@@ -595,9 +595,9 @@ be set to an X509V3_CTX_METHOD structure. This structure contains the following
 function pointers:
 
 char * (*get_string)(void *db, char *section, char *value);
-STACK * (*get_section)(void *db, char *section);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
 void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK *section);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
 
 these will be called and passed the 'db' element in the X509V3_CTX structure
 to access the database. If a given function is not implemented or not required
@@ -646,24 +646,28 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
 
 This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
 
-int X509V3_add_value(const char *name, const char *value, STACK **extlist);
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist);
 
 This simply adds a string name and value pair.
 
 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-                           STACK **extlist);
+                          			STACK_OF(CONF_VALUE) **extlist);
 
 The same as above but for an unsigned character value.
 
-int X509V3_add_value_bool(const char *name, int asn1_bool, STACK **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
 
 This adds either "TRUE" or "FALSE" depending on the value of 'ans1_bool'
 
-int X509V3_add_value_bool_nf(char *name, int asn1_bool, STACK **extlist);
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
 
 This is the same as above except it adds nothing if asn1_bool is FALSE.
 
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, STACK **extlist);
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+						STACK_OF(CONF_VALUE) **extlist);
 
 This function adds the value of the ASN1_INTEGER in decimal form.
 
@@ -678,8 +682,8 @@ Currently there are three types of supported extensions.
 String extensions are simple strings where the value is placed directly in the
 extensions, and the string returned is printed out.
 
-Multi value extensions are passed a STACK of name and value pairs or return
-such a STACK.
+Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
+or return a STACK_OF(CONF_VALUE).
 
 Raw extensions are just passed a BIO or a value and it is the extensions
 responsiblity to handle all the necessary printing.
@@ -776,7 +780,7 @@ This function takes the string representation in the ext parameter and returns
 an allocated internal structure: ext_free() will be used on this internal
 structure after use.
 
-i2v and v2i handle a stack of CONF_VALUE structures:
+i2v and v2i handle a STACK_OF(CONF_VALUE):
 
 typedef struct
 {
@@ -787,16 +791,17 @@ typedef struct
 
 Only the name and value members are currently used.
 
-STACK * i2v(struct v3_ext_method *method, void *ext);
+STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
 
 This function is passed the internal structure in the ext parameter and
 returns a STACK of CONF_VALUE structures. The values of name, value,
 section and the structure itself will be freed up with Free after use.
 Several helper functions are available to add values to this STACK.
 
-void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values);
+void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
+						STACK_OF(CONF_VALUE) *values);
 
-This function takes a STACK of CONF_VALUE structures and should set the
+This function takes a STACK_OF(CONF_VALUE) structures and should set the
 values of the external structure. This typically uses the name element to
 determine which structure element to set and the value element to determine
 what to set it to. Several helper functions are available for this