grpc 1.55.0 → 1.56.0

data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c

@@ -62,6 +62,8 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
+#include <limits.h>
+
 #include "internal.h"
 
 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
@@ -83,17 +85,13 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
                        X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
                        void *asn, EVP_MD_CTX *ctx) {
-  EVP_PKEY *pkey;
-  unsigned char *buf_in = NULL, *buf_out = NULL;
-  size_t inl = 0, outl = 0;
-
+  int ret = 0;
+  uint8_t *in = NULL, *out = NULL;
   if (signature->type != V_ASN1_BIT_STRING) {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
     goto err;
   }
 
-  pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
-
   // Write out the requested copies of the AlgorithmIdentifier.
   if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) {
     goto err;
@@ -102,26 +100,37 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
     goto err;
   }
 
-  inl = ASN1_item_i2d(asn, &buf_in, it);
-  outl = EVP_PKEY_size(pkey);
-  buf_out = OPENSSL_malloc((unsigned int)outl);
-  if ((buf_in == NULL) || (buf_out == NULL)) {
-    outl = 0;
+  int in_len = ASN1_item_i2d(asn, &in, it);
+  if (in_len < 0) {
+    goto err;
+  }
+
+  EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
+  size_t out_len = EVP_PKEY_size(pkey);
+  if (out_len > INT_MAX) {
+    OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW);
     goto err;
   }
 
-  if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
-    outl = 0;
+  out = OPENSSL_malloc(out_len);
+  if (out == NULL) {
+    goto err;
+  }
+
+  if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) {
     OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB);
     goto err;
   }
-  ASN1_STRING_set0(signature, buf_out, outl);
-  buf_out = NULL;
+
+  ASN1_STRING_set0(signature, out, (int)out_len);
+  out = NULL;
   signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
   signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  ret = (int)out_len;
+
 err:
   EVP_MD_CTX_cleanup(ctx);
-  OPENSSL_free(buf_in);
-  OPENSSL_free(buf_out);
-  return outl;
+  OPENSSL_free(in);
+  OPENSSL_free(out);
+  return ret;
 }

data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c

@@ -509,7 +509,7 @@ static int generate_v3(CBB *cbb, const char *str, const X509V3_CTX *cnf,
                CBB_flush(cbb);
       }
       if (format == ASN1_GEN_FORMAT_HEX) {
-        long len;
+        size_t len;
         uint8_t *data = x509v3_hex_to_bytes(value, &len);
         if (data == NULL) {
           OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);

data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c

@@ -56,6 +56,7 @@
 
 #include <openssl/x509.h>
 
+#include <assert.h>
 #include <inttypes.h>
 #include <string.h>
 
@@ -84,8 +85,7 @@ static int do_indent(BIO *out, int indent) {
 
 static int do_name_ex(BIO *out, const X509_NAME *n, int indent,
                       unsigned long flags) {
-  int i, prev = -1, orflags, cnt;
-  int fn_opt, fn_nid;
+  int prev = -1, orflags;
   char objtmp[80];
   const char *objbuf;
   int outlen, len;
@@ -142,10 +142,8 @@ static int do_name_ex(BIO *out, const X509_NAME *n, int indent,
     sep_eq_len = 1;
   }
 
-  fn_opt = flags & XN_FLAG_FN_MASK;
-
-  cnt = X509_NAME_entry_count(n);
-  for (i = 0; i < cnt; i++) {
+  int cnt = X509_NAME_entry_count(n);
+  for (int i = 0; i < cnt; i++) {
     const X509_NAME_ENTRY *ent;
     if (flags & XN_FLAG_DN_REV) {
       ent = X509_NAME_get_entry(n, cnt - i - 1);
@@ -172,40 +170,20 @@ static int do_name_ex(BIO *out, const X509_NAME *n, int indent,
     prev = X509_NAME_ENTRY_set(ent);
     const ASN1_OBJECT *fn = X509_NAME_ENTRY_get_object(ent);
     const ASN1_STRING *val = X509_NAME_ENTRY_get_data(ent);
-    fn_nid = OBJ_obj2nid(fn);
-    if (fn_opt != XN_FLAG_FN_NONE) {
-      int objlen, fld_len;
-      if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
-        OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
-        fld_len = 0;  // XXX: what should this be?
-        objbuf = objtmp;
-      } else {
-        if (fn_opt == XN_FLAG_FN_SN) {
-          fld_len = FN_WIDTH_SN;
-          objbuf = OBJ_nid2sn(fn_nid);
-        } else if (fn_opt == XN_FLAG_FN_LN) {
-          fld_len = FN_WIDTH_LN;
-          objbuf = OBJ_nid2ln(fn_nid);
-        } else {
-          fld_len = 0;  // XXX: what should this be?
-          objbuf = "";
-        }
-      }
-      objlen = strlen(objbuf);
-      if (!maybe_write(out, objbuf, objlen)) {
-        return -1;
-      }
-      if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
-        if (!do_indent(out, fld_len - objlen)) {
-          return -1;
-        }
-        outlen += fld_len - objlen;
-      }
-      if (!maybe_write(out, sep_eq, sep_eq_len)) {
-        return -1;
-      }
-      outlen += objlen + sep_eq_len;
+    assert((flags & XN_FLAG_FN_MASK) == XN_FLAG_FN_SN);
+    int fn_nid = OBJ_obj2nid(fn);
+    if (fn_nid == NID_undef) {
+      OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
+      objbuf = objtmp;
+    } else {
+      objbuf = OBJ_nid2sn(fn_nid);
+    }
+    int objlen = strlen(objbuf);
+    if (!maybe_write(out, objbuf, objlen) ||
+        !maybe_write(out, sep_eq, sep_eq_len)) {
+      return -1;
     }
+    outlen += objlen + sep_eq_len;
     // If the field name is unknown then fix up the DER dump flag. We
     // might want to limit this further so it will DER dump on anything
     // other than a few 'standard' fields.

data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c

@@ -91,14 +91,8 @@ int X509_print(BIO *bp, X509 *x) {
 
 int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
                   unsigned long cflag) {
-  long l;
-  int ret = 0, i;
-  char *m = NULL, mlch = ' ';
+  char mlch = ' ';
   int nmindent = 0;
-  X509_CINF *ci;
-  EVP_PKEY *pkey = NULL;
-  const char *neg;
-
   if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
     mlch = '\n';
     nmindent = 12;
@@ -108,26 +102,26 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
     nmindent = 16;
   }
 
-  ci = x->cert_info;
+  const X509_CINF *ci = x->cert_info;
   if (!(cflag & X509_FLAG_NO_HEADER)) {
     if (BIO_write(bp, "Certificate:\n", 13) <= 0) {
-      goto err;
+      return 0;
     }
     if (BIO_write(bp, "    Data:\n", 10) <= 0) {
-      goto err;
+      return 0;
     }
   }
   if (!(cflag & X509_FLAG_NO_VERSION)) {
-    l = X509_get_version(x);
+    long l = X509_get_version(x);
     assert(X509_VERSION_1 <= l && l <= X509_VERSION_3);
     if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1,
                    (unsigned long)l) <= 0) {
-      goto err;
+      return 0;
     }
   }
   if (!(cflag & X509_FLAG_NO_SERIAL)) {
     if (BIO_write(bp, "        Serial Number:", 22) <= 0) {
-      goto err;
+      return 0;
     }
 
     const ASN1_INTEGER *serial = X509_get0_serialNumber(x);
@@ -136,19 +130,20 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
       assert(serial->type != V_ASN1_NEG_INTEGER);
       if (BIO_printf(bp, " %" PRIu64 " (0x%" PRIx64 ")\n", serial_u64,
                      serial_u64) <= 0) {
-        goto err;
+        return 0;
       }
     } else {
       ERR_clear_error();  // Clear |ASN1_INTEGER_get_uint64|'s error.
-      neg = (serial->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
+      const char *neg =
+          (serial->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
       if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) {
-        goto err;
+        return 0;
       }
 
-      for (i = 0; i < serial->length; i++) {
+      for (int i = 0; i < serial->length; i++) {
         if (BIO_printf(bp, "%02x%c", serial->data[i],
                        ((i + 1 == serial->length) ? '\n' : ':')) <= 0) {
-          goto err;
+          return 0;
         }
       }
     }
@@ -156,69 +151,69 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
 
   if (!(cflag & X509_FLAG_NO_SIGNAME)) {
     if (X509_signature_print(bp, ci->signature, NULL) <= 0) {
-      goto err;
+      return 0;
     }
   }
 
   if (!(cflag & X509_FLAG_NO_ISSUER)) {
     if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0) {
-      goto err;
+      return 0;
     }
     if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) <
         0) {
-      goto err;
+      return 0;
     }
     if (BIO_write(bp, "\n", 1) <= 0) {
-      goto err;
+      return 0;
     }
   }
   if (!(cflag & X509_FLAG_NO_VALIDITY)) {
     if (BIO_write(bp, "        Validity\n", 17) <= 0) {
-      goto err;
+      return 0;
     }
     if (BIO_write(bp, "            Not Before: ", 24) <= 0) {
-      goto err;
+      return 0;
     }
     if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) {
-      goto err;
+      return 0;
     }
     if (BIO_write(bp, "\n            Not After : ", 25) <= 0) {
-      goto err;
+      return 0;
     }
     if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) {
-      goto err;
+      return 0;
     }
     if (BIO_write(bp, "\n", 1) <= 0) {
-      goto err;
+      return 0;
     }
   }
   if (!(cflag & X509_FLAG_NO_SUBJECT)) {
     if (BIO_printf(bp, "        Subject:%c", mlch) <= 0) {
-      goto err;
+      return 0;
     }
     if (X509_NAME_print_ex(bp, X509_get_subject_name(x), nmindent, nmflags) <
         0) {
-      goto err;
+      return 0;
     }
     if (BIO_write(bp, "\n", 1) <= 0) {
-      goto err;
+      return 0;
     }
   }
   if (!(cflag & X509_FLAG_NO_PUBKEY)) {
     if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0) {
-      goto err;
+      return 0;
     }
     if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) {
-      goto err;
+      return 0;
     }
     if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) {
-      goto err;
+      return 0;
     }
     if (BIO_puts(bp, "\n") <= 0) {
-      goto err;
+      return 0;
     }
 
-    pkey = X509_get_pubkey(x);
+    EVP_PKEY *pkey = X509_get_pubkey(x);
     if (pkey == NULL) {
       BIO_printf(bp, "%12sUnable to load Public Key\n", "");
       ERR_print_errors(bp);
@@ -231,18 +226,18 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
   if (!(cflag & X509_FLAG_NO_IDS)) {
     if (ci->issuerUID) {
       if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) {
-        goto err;
+        return 0;
       }
       if (!X509_signature_dump(bp, ci->issuerUID, 12)) {
-        goto err;
+        return 0;
       }
     }
     if (ci->subjectUID) {
       if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) {
-        goto err;
+        return 0;
       }
       if (!X509_signature_dump(bp, ci->subjectUID, 12)) {
-        goto err;
+        return 0;
       }
     }
   }
@@ -253,20 +248,16 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
 
   if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
     if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) {
-      goto err;
+      return 0;
     }
   }
   if (!(cflag & X509_FLAG_NO_AUX)) {
     if (!X509_CERT_AUX_print(bp, x->aux, 0)) {
-      goto err;
+      return 0;
     }
   }
-  ret = 1;
-err:
-  if (m != NULL) {
-    OPENSSL_free(m);
-  }
-  return ret;
+
+  return 1;
 }
 
 int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c

@@ -56,153 +56,13 @@
 
 #include <openssl/asn1.h>
 #include <openssl/err.h>
-#include <openssl/evp.h>
 #include <openssl/obj.h>
-#include <openssl/stack.h>
 #include <openssl/x509.h>
 
 #include "../asn1/internal.h"
 #include "internal.h"
 
 
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) {
-  return sk_X509_ATTRIBUTE_num(x);
-}
-
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-                           int lastpos) {
-  const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
-  if (obj == NULL) {
-    return -1;
-  }
-  return X509at_get_attr_by_OBJ(x, obj, lastpos);
-}
-
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
-                           const ASN1_OBJECT *obj, int lastpos) {
-  int n;
-  X509_ATTRIBUTE *ex;
-
-  if (sk == NULL) {
-    return -1;
-  }
-  lastpos++;
-  if (lastpos < 0) {
-    lastpos = 0;
-  }
-  n = sk_X509_ATTRIBUTE_num(sk);
-  for (; lastpos < n; lastpos++) {
-    ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
-    if (OBJ_cmp(ex->object, obj) == 0) {
-      return lastpos;
-    }
-  }
-  return -1;
-}
-
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) {
-  if (x == NULL || loc < 0 || sk_X509_ATTRIBUTE_num(x) <= (size_t)loc) {
-    return NULL;
-  } else {
-    return sk_X509_ATTRIBUTE_value(x, loc);
-  }
-}
-
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) {
-  X509_ATTRIBUTE *ret;
-
-  if (x == NULL || loc < 0 || sk_X509_ATTRIBUTE_num(x) <= (size_t)loc) {
-    return NULL;
-  }
-  ret = sk_X509_ATTRIBUTE_delete(x, loc);
-  return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-                                           X509_ATTRIBUTE *attr) {
-  X509_ATTRIBUTE *new_attr = NULL;
-  STACK_OF(X509_ATTRIBUTE) *sk = NULL;
-
-  if (x == NULL) {
-    OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
-    goto err;
-  }
-
-  if (*x == NULL) {
-    if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) {
-      goto err;
-    }
-  } else {
-    sk = *x;
-  }
-
-  if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL) {
-    goto err;
-  }
-  if (!sk_X509_ATTRIBUTE_push(sk, new_attr)) {
-    goto err;
-  }
-  if (*x == NULL) {
-    *x = sk;
-  }
-  return sk;
-err:
-  if (new_attr != NULL) {
-    X509_ATTRIBUTE_free(new_attr);
-  }
-  if (sk != NULL) {
-    sk_X509_ATTRIBUTE_free(sk);
-  }
-  return NULL;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-                                                  const ASN1_OBJECT *obj,
-                                                  int type,
-                                                  const unsigned char *bytes,
-                                                  int len) {
-  X509_ATTRIBUTE *attr;
-  STACK_OF(X509_ATTRIBUTE) *ret;
-  attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
-  if (!attr) {
-    return 0;
-  }
-  ret = X509at_add1_attr(x, attr);
-  X509_ATTRIBUTE_free(attr);
-  return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-                                                  int nid, int type,
-                                                  const unsigned char *bytes,
-                                                  int len) {
-  X509_ATTRIBUTE *attr;
-  STACK_OF(X509_ATTRIBUTE) *ret;
-  attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
-  if (!attr) {
-    return 0;
-  }
-  ret = X509at_add1_attr(x, attr);
-  X509_ATTRIBUTE_free(attr);
-  return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-                                                  const char *attrname,
-                                                  int type,
-                                                  const unsigned char *bytes,
-                                                  int len) {
-  X509_ATTRIBUTE *attr;
-  STACK_OF(X509_ATTRIBUTE) *ret;
-  attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
-  if (!attr) {
-    return 0;
-  }
-  ret = X509at_add1_attr(x, attr);
-  X509_ATTRIBUTE_free(attr);
-  return ret;
-}
-
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
                                              int attrtype, const void *data,
                                              int len) {

data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c

@@ -160,62 +160,111 @@ int X509_REQ_add_extensions(X509_REQ *req,
   return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
 }
 
-// Request attribute functions
-
 int X509_REQ_get_attr_count(const X509_REQ *req) {
-  return X509at_get_attr_count(req->req_info->attributes);
+  return sk_X509_ATTRIBUTE_num(req->req_info->attributes);
 }
 
 int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) {
-  return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
+  const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
+  if (obj == NULL) {
+    return -1;
+  }
+  return X509_REQ_get_attr_by_OBJ(req, obj, lastpos);
 }
 
 int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
                              int lastpos) {
-  return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
+  if (req->req_info->attributes == NULL) {
+    return -1;
+  }
+  lastpos++;
+  if (lastpos < 0) {
+    lastpos = 0;
+  }
+  int n = sk_X509_ATTRIBUTE_num(req->req_info->attributes);
+  for (; lastpos < n; lastpos++) {
+    const X509_ATTRIBUTE *attr =
+        sk_X509_ATTRIBUTE_value(req->req_info->attributes, lastpos);
+    if (OBJ_cmp(attr->object, obj) == 0) {
+      return lastpos;
+    }
+  }
+  return -1;
 }
 
 X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) {
-  return X509at_get_attr(req->req_info->attributes, loc);
+  if (req->req_info->attributes == NULL || loc < 0 ||
+      sk_X509_ATTRIBUTE_num(req->req_info->attributes) <= (size_t)loc) {
+    return NULL;
+  }
+  return sk_X509_ATTRIBUTE_value(req->req_info->attributes, loc);
 }
 
 X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) {
-  return X509at_delete_attr(req->req_info->attributes, loc);
+  if (req->req_info->attributes == NULL || loc < 0 ||
+      sk_X509_ATTRIBUTE_num(req->req_info->attributes) <= (size_t)loc) {
+    return NULL;
+  }
+  return sk_X509_ATTRIBUTE_delete(req->req_info->attributes, loc);
 }
 
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) {
-  if (X509at_add1_attr(&req->req_info->attributes, attr)) {
-    return 1;
+static int X509_REQ_add0_attr(X509_REQ *req, X509_ATTRIBUTE *attr) {
+  if (req->req_info->attributes == NULL) {
+    req->req_info->attributes = sk_X509_ATTRIBUTE_new_null();
   }
-  return 0;
+  if (req->req_info->attributes == NULL ||
+      !sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) {
+    return 0;
+  }
+
+  return 1;
+}
+
+int X509_REQ_add1_attr(X509_REQ *req, const X509_ATTRIBUTE *attr) {
+  X509_ATTRIBUTE *new_attr = X509_ATTRIBUTE_dup(attr);
+  if (new_attr == NULL || !X509_REQ_add0_attr(req, new_attr)) {
+    X509_ATTRIBUTE_free(new_attr);
+    return 0;
+  }
+
+  return 1;
 }
 
 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj,
                               int attrtype, const unsigned char *data,
                               int len) {
-  if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, attrtype, data,
-                              len)) {
-    return 1;
+  X509_ATTRIBUTE *attr =
+      X509_ATTRIBUTE_create_by_OBJ(NULL, obj, attrtype, data, len);
+  if (attr == NULL || !X509_REQ_add0_attr(req, attr)) {
+    X509_ATTRIBUTE_free(attr);
+    return 0;
   }
-  return 0;
+
+  return 1;
 }
 
 int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int attrtype,
                               const unsigned char *data, int len) {
-  if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, attrtype, data,
-                              len)) {
-    return 1;
+  X509_ATTRIBUTE *attr =
+      X509_ATTRIBUTE_create_by_NID(NULL, nid, attrtype, data, len);
+  if (attr == NULL || !X509_REQ_add0_attr(req, attr)) {
+    X509_ATTRIBUTE_free(attr);
+    return 0;
   }
-  return 0;
+
+  return 1;
 }
 
 int X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int attrtype,
                               const unsigned char *data, int len) {
-  if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, attrtype,
-                              data, len)) {
-    return 1;
+  X509_ATTRIBUTE *attr =
+      X509_ATTRIBUTE_create_by_txt(NULL, attrname, attrtype, data, len);
+  if (attr == NULL || !X509_REQ_add0_attr(req, attr)) {
+    X509_ATTRIBUTE_free(attr);
+    return 0;
   }
-  return 0;
+
+  return 1;
 }
 
 void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,