diff options
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | Configurations/descrip.mms.tmpl | 2 | ||||
-rw-r--r-- | Configurations/unix-Makefile.tmpl | 3 | ||||
-rw-r--r-- | Configurations/windows-makefile.tmpl | 1 | ||||
-rwxr-xr-x | Configure | 19 | ||||
-rw-r--r-- | INSTALL | 14 | ||||
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | apps/openssl.c | 9 | ||||
-rw-r--r-- | crypto/build.info | 2 | ||||
-rw-r--r-- | crypto/ex_data.c | 9 | ||||
-rw-r--r-- | crypto/mem.c | 94 | ||||
-rw-r--r-- | crypto/mem_dbg.c | 503 | ||||
-rw-r--r-- | crypto/objects/o_names.c | 12 | ||||
-rw-r--r-- | crypto/provider_core.c | 1 | ||||
-rw-r--r-- | doc/man3/OPENSSL_malloc.pod | 70 | ||||
-rw-r--r-- | doc/man7/provider-base.pod | 3 | ||||
-rw-r--r-- | include/openssl/core_numbers.h | 2 | ||||
-rw-r--r-- | include/openssl/crypto.h | 38 | ||||
-rw-r--r-- | providers/fips/fipsprov.c | 9 | ||||
-rw-r--r-- | providers/fips/selftest.c | 3 | ||||
-rw-r--r-- | ssl/ssl_ciph.c | 7 | ||||
-rw-r--r-- | test/asynctest.c | 5 | ||||
-rw-r--r-- | test/bio_memleak_test.c | 7 | ||||
-rw-r--r-- | test/sslapitest.c | 8 | ||||
-rw-r--r-- | test/sslbuffertest.c | 7 | ||||
-rw-r--r-- | test/ssltest_old.c | 11 | ||||
-rw-r--r-- | test/testutil/driver.c | 28 | ||||
-rw-r--r-- | util/libcrypto.num | 16 |
28 files changed, 114 insertions, 775 deletions
@@ -41,6 +41,10 @@ (CVE-2019-1551) [Andy Polyakov] + *) Most memory-debug features have been deprecated, and the functionality + replaced with no-ops. + [Rich Salz] + *) Introduced a new method type and API, OSSL_SERIALIZER, to represent generic serializers. An implementation is expected to be able to serialize an object associated with a given name (such diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index cb1fd9c5b5..f9f3aea4f4 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -446,10 +446,8 @@ test : tests DEFINE RESULT_D {- builddir(qw(test test-runs)) -} DEFINE OPENSSL_ENGINES {- builddir("engines") -} DEFINE OPENSSL_MODULES {- builddir("providers") -} - DEFINE OPENSSL_DEBUG_MEMORY "on" IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)" $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS) - DEASSIGN OPENSSL_DEBUG_MEMORY DEASSIGN OPENSSL_MODULES DEASSIGN OPENSSL_ENGINES DEASSIGN BLDTOP diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index c3c83f95cd..b1c087272d 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -459,8 +459,7 @@ test: tests EXE_EXT={- platform->binext() -} \ OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines 2>/dev/null && pwd` \ OPENSSL_MODULES=`cd ../$(BLDDIR)/providers 2>/dev/null && pwd` \ - OPENSSL_DEBUG_MEMORY=on \ - $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) + $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @echo "Tests are not supported with your chosen Configure options" @ : {- output_on() if !$disabled{tests}; "" -} diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 7bc09df78d..e25ccd0d5d 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -379,7 +379,6 @@ test: tests set PERL=$(PERL) set OPENSSL_ENGINES=$(MAKEDIR)\engines set OPENSSL_MODULES=$(MAKEDIR)\providers - set OPENSSL_DEBUG_MEMORY=on "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @$(ECHO) "Tests are not supported with your chosen Configure options" @@ -170,10 +170,6 @@ my @cl_devteam_warn = qw( /WX ); -# This adds backtrace information to the memory leak info. Is only used -# when crypto-mdebug-backtrace is enabled. -my $memleak_devteam_backtrace = "-rdynamic"; - my $strict_warnings = 0; # As for $BSDthreads. Idea is to maintain "collective" set of flags, @@ -345,7 +341,6 @@ my @dtls = qw(dtls1 dtls1_2); # For developers: keep it sorted alphabetically my @disablables = ( - "ktls", "afalgeng", "aria", "asan", @@ -392,6 +387,7 @@ my @disablables = ( "fuzz-afl", "gost", "idea", + "ktls", "legacy", "makedepend", "md2", @@ -1517,19 +1513,6 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings' : ( $_ ) } @{$config{CFLAGS}} ]; -unless ($disabled{"crypto-mdebug-backtrace"}) - { - foreach my $wopt (split /\s+/, $memleak_devteam_backtrace) - { - push @{$config{cflags}}, $wopt - unless grep { $_ eq $wopt } @{$config{cflags}}; - } - if ($target =~ /^BSD-/) - { - push @{$config{ex_libs}}, "-lexecinfo"; - } - } - unless ($disabled{afalgeng}) { $config{afalgeng}=""; if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { @@ -344,19 +344,11 @@ work if the zlib or zlib-dynamic options are also chosen. enable-crypto-mdebug - Build support for debugging memory allocated via - OPENSSL_malloc() or OPENSSL_zalloc(). + This now only enables the failed-malloc feature. enable-crypto-mdebug-backtrace - As for crypto-mdebug, but additionally provide backtrace - information for allocated memory. - TO BE USED WITH CARE: this uses GNU C functionality, and - is therefore not usable for non-GNU config targets. If - your build complains about the use of '-rdynamic' or the - lack of header file execinfo.h, this option is not for you. - ALSO NOTE that even though execinfo.h is available on your - system (through Gnulib), the functions might just be stubs - that do nothing. + This is a no-op; the project uses the compiler's + address/leak sanitizer instead. no-ct Don't build support for Certificate Transparency. @@ -7,6 +7,8 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development] + o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly + disabled; the project uses address sanitize/leak-detect instead. o Added OSSL_SERIALIZER, a generic serializer API. o Added error raising macros, ERR_raise() and ERR_raise_data(). o Deprecated ERR_put_error(). diff --git a/apps/openssl.c b/apps/openssl.c index 769555e5e1..d60267d742 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -258,11 +258,6 @@ int main(int argc, char *argv[]) setup_trace(getenv("OPENSSL_TRACE")); #endif - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - if (getenv("OPENSSL_FIPS")) { BIO_printf(bio_err, "FIPS mode not supported.\n"); return 1; @@ -379,10 +374,6 @@ int main(int argc, char *argv[]) BIO_free(bio_in); BIO_free_all(bio_out); apps_shutdown(); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = 1; -#endif BIO_free(bio_err); EXIT(ret); } diff --git a/crypto/build.info b/crypto/build.info index 5beaf528be..758a75ec6b 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -73,7 +73,7 @@ $UTIL_COMMON=\ $UTIL_DEFINE=$CPUIDDEF SOURCE[../libcrypto]=$UTIL_COMMON \ - mem.c mem_sec.c mem_dbg.c \ + mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \ $UPLINKSRC diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 58614b68a3..3cffef897b 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -38,13 +38,8 @@ static EX_CALLBACKS *get_and_lock(OPENSSL_CTX *ctx, int class_index) global = openssl_ctx_get_ex_data_global(ctx); if (global == NULL || global->ex_data_lock == NULL) { /* - * This can happen in normal operation when using CRYPTO_mem_leaks(). - * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans - * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets - * freed, which also attempts to free the ex_data. However - * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e. - * before OPENSSL_cleanup() is called), so if we get here we can safely - * ignore this operation. We just treat it as an error. + * If we get here, someone (who?) cleaned up the lock, so just + * treat it as an error. */ return NULL; } diff --git a/crypto/mem.c b/crypto/mem.c index d3cac29b21..f5e8f2445a 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -14,9 +14,6 @@ #include <stdlib.h> #include <limits.h> #include <openssl/crypto.h> -#if !defined(OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE) && !defined(FIPS_MODE) -# include <execinfo.h> -#endif /* * the following pointers may be changed as long as 'allow_customize' is set @@ -43,7 +40,6 @@ static char *md_failstring; static long md_count; static int md_fail_percent = 0; static int md_tracefd = -1; -static int call_malloc_debug = 1; static void parseit(void); static int shouldfail(void); @@ -51,7 +47,6 @@ static int shouldfail(void); # define FAILTEST() if (shouldfail()) return NULL #else -static int call_malloc_debug = 0; # define INCREMENT(x) /* empty */ # define FAILTEST() /* empty */ @@ -73,14 +68,6 @@ int CRYPTO_set_mem_functions( return 1; } -int CRYPTO_set_mem_debug(int flag) -{ - if (!allow_customize) - return 0; - call_malloc_debug = flag; - return 1; -} - void CRYPTO_get_mem_functions( void *(**m)(size_t, const char *, int), void *(**r)(void *, size_t, const char *, int), @@ -209,18 +196,8 @@ void *CRYPTO_malloc(size_t num, const char *file, int line) */ allow_customize = 0; } -#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE) - if (call_malloc_debug) { - CRYPTO_mem_debug_malloc(NULL, num, 0, file, line); - ret = malloc(num); - CRYPTO_mem_debug_malloc(ret, num, 1, file, line); - } else { - ret = malloc(num); - } -#else (void)(file); (void)(line); ret = malloc(num); -#endif return ret; } @@ -250,17 +227,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) return NULL; } -#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE) - if (call_malloc_debug) { - void *ret; - CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line); - ret = realloc(str, num); - CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line); - return ret; - } -#else (void)(file); (void)(line); -#endif return realloc(str, num); } @@ -300,17 +267,7 @@ void CRYPTO_free(void *str, const char *file, int line) return; } -#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE) - if (call_malloc_debug) { - CRYPTO_mem_debug_free(str, 0, file, line); - free(str); - CRYPTO_mem_debug_free(str, 1, file, line); - } else { - free(str); - } -#else free(str); -#endif } void CRYPTO_clear_free(void *str, size_t num, const char *file, int line) @@ -321,3 +278,54 @@ void CRYPTO_clear_free(void *str, size_t num, const char *file, int line) OPENSSL_cleanse(str, num); CRYPTO_free(str, file, line); } + +#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) + +# ifndef OPENSSL_NO_DEPRECATED_3_0 +int CRYPTO_mem_ctrl(int mode) +{ + (void)mode; + return -1; +} + +int CRYPTO_set_mem_debug(int flag) +{ + (void)flag; + return -1; +} + +int CRYPTO_mem_debug_push(const char *info, const char *file, int line) +{ + (void)info; (void)file; (void)line; + return -1; +} + +int CRYPTO_mem_debug_pop(void) +{ + return -1; +} + +int CRYPTO_mem_leaks(BIO *b) +{ + (void)b; + return -1; +} + +# ifndef OPENSSL_NO_STDIO +int CRYPTO_mem_leaks_fp(FILE *fp) +{ + (void)fp; + return -1; +} +# endif + +int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), + void *u) +{ + (void)cb; (void)u; + return -1; +} + +# endif + +#endif diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c deleted file mode 100644 index 561dd80437..0000000000 --- a/crypto/mem_dbg.c +++ /dev/null @@ -1,503 +0,0 @@ -/* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include <stdlib.h> -#include <time.h> -#include "internal/cryptlib.h" -#include "internal/thread_once.h" -#include <openssl/crypto.h> -#include <openssl/buffer.h> -#include "internal/bio.h" -#include <openssl/lhash.h> - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE -# include <execinfo.h> -#endif - -/* - * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when - * the application asks for it (usually after library initialisation for - * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only - * temporarily when the library thinks that certain allocations should not be - * checked (e.g. the data structures used for memory checking). It is not - * suitable as an initial state: the library will unexpectedly enable memory - * checking when it executes one of those sections that want to disable - * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes - * no sense whatsoever. - */ -#ifndef OPENSSL_NO_CRYPTO_MDEBUG -static int mh_mode = CRYPTO_MEM_CHECK_OFF; -#endif - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG -static unsigned long order = 0; /* number of memory requests */ - -static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT; -CRYPTO_RWLOCK *memdbg_lock; -static CRYPTO_RWLOCK *long_memdbg_lock; - -/* memory-block description */ -struct mem_st { - void *addr; - int num; - const char *file; - int line; - CRYPTO_THREAD_ID threadid; - unsigned long order; - time_t time; -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE - void *array[30]; - size_t array_siz; -#endif -}; - -/* - * hash-table of memory requests (address as * key); access requires - * long_memdbg_lock lock - */ -static LHASH_OF(MEM) *mh = NULL; - -/* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ -static unsigned int num_disable = 0; - -/* - * Valid iff num_disable > 0. long_memdbg_lock is locked exactly in this - * case (by the thread named in disabling_thread). - */ -static CRYPTO_THREAD_ID disabling_threadid; - -DEFINE_RUN_ONCE_STATIC(do_memdbg_init) -{ - memdbg_lock = CRYPTO_THREAD_lock_new(); - long_memdbg_lock = CRYPTO_THREAD_lock_new(); - if (memdbg_lock == NULL || long_memdbg_lock == NULL) { - CRYPTO_THREAD_lock_free(memdbg_lock); - memdbg_lock = NULL; - CRYPTO_THREAD_lock_free(long_memdbg_lock); - long_memdbg_lock = NULL; - return 0; - } - return 1; -} - -#endif - -int CRYPTO_mem_ctrl(int mode) -{ -#ifdef OPENSSL_NO_CRYPTO_MDEBUG - return mode - mode; -#else - int ret = mh_mode; - - if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) - return -1; - - CRYPTO_THREAD_write_lock(memdbg_lock); - switch (mode) { - default: - break; - - case CRYPTO_MEM_CHECK_ON: - mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE; - num_disable = 0; - break; - - case CRYPTO_MEM_CHECK_OFF: - mh_mode = 0; - num_disable = 0; - break; - - /* switch off temporarily (for library-internal use): */ - case CRYPTO_MEM_CHECK_DISABLE: - if (mh_mode & CRYPTO_MEM_CHECK_ON) { - CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); - /* see if we don't have long_memdbg_lock already */ - if (!num_disable - || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) { - /* - * Long-time lock long_memdbg_lock must not be claimed - * while we're holding memdbg_lock, or we'll deadlock - * if somebody else holds long_memdbg_lock (and cannot - * release it because we block entry to this function). Give - * them a chance, first, and then claim the locks in - * appropriate order (long-time lock first). - */ - CRYPTO_THREAD_unlock(memdbg_lock); - /* - * Note that after we have waited for long_memdbg_lock and - * memdbg_lock, we'll still be in the right "case" and - * "if" branch because MemCheck_start and MemCheck_stop may - * never be used while there are multiple OpenSSL threads. - */ - CRYPTO_THREAD_write_lock(long_memdbg_lock); - CRYPTO_THREAD_write_lock(memdbg_lock); - mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; - disabling_threadid = cur; - } - num_disable++; - } - break; - - case CRYPTO_MEM_CHECK_ENABLE: - if (mh_mode & CRYPTO_MEM_CHECK_ON) { - if (num_disable) { /* always true, or something is going wrong */ - num_disable--; - if (num_disable == 0) { - mh_mode |= CRYPTO_MEM_CHECK_ENABLE; - CRYPTO_THREAD_unlock(long_memdbg_lock); - } - } - } - break; - } - CRYPTO_THREAD_unlock(memdbg_lock); - return ret; -#endif -} - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - -static int mem_check_on(void) -{ - int ret = 0; - CRYPTO_THREAD_ID cur; - - if (mh_mode & CRYPTO_MEM_CHECK_ON) { - if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) - return 0; - - cur = CRYPTO_THREAD_get_current_id(); - CRYPTO_THREAD_read_lock(memdbg_lock); - - ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) - || !CRYPTO_THREAD_compare_id(disabling_threadid, cur); - - CRYPTO_THREAD_unlock(memdbg_lock); - } - return ret; -} - -static int mem_cmp(const MEM *a, const MEM *b) -{ -#ifdef _WIN64 - const char *ap = (const char *)a->addr, *bp = (const char *)b->addr; - if (ap == bp) - return 0; - else if (ap > bp) - return 1; - else - return -1; -#else - return (const char *)a->addr - (const char *)b->addr; -#endif -} - -static unsigned long mem_hash(const MEM *a) -{ - size_t ret; - - ret = (size_t)a->addr; - - ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; - return ret; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int CRYPTO_mem_debug_push(const char *info, const char *file, int line) -{ - return 0; -} - -int CRYPTO_mem_debug_pop(void) -{ - return 0; -} -#endif - -static unsigned long break_order_num = 0; - -void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, - const char *file, int line) -{ - MEM *m, *mm; - - switch (before_p & 127) { - case 0: - break; - case 1: - if (addr == NULL) - break; - - if (mem_check_on()) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - - if (!RUN_ONCE(&memdbg_init, do_memdbg_init) - || (m = OPENSSL_malloc(sizeof(*m))) == NULL) { - OPENSSL_free(addr); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - return; - } - if (mh == NULL) { - if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) { - OPENSSL_free(addr); - OPENSSL_free(m); - addr = NULL; - goto err; - } - } - - m->addr = addr; - m->file = file; - m->line = line; - m->num = num; - m->threadid = CRYPTO_THREAD_get_current_id(); - - if (order == break_order_num) { - /* BREAK HERE */ - m->order = order; - } - m->order = order++; -# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE - m->array_siz = backtrace(m->array, OSSL_NELEM(m->array)); -# endif - m->time = time(NULL); - - if ((mm = lh_MEM_insert(mh, m)) != NULL) - OPENSSL_free(mm); - err: - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - } - break; - } - return; -} - -void CRYPTO_mem_debug_free(void *addr, int before_p, - const char *file, int line) -{ - MEM m, *mp; - - switch (before_p) { - case 0: - if (addr == NULL) - break; - - if (mem_check_on() && (mh != NULL)) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - m.addr = addr; - mp = lh_MEM_delete(mh, &m); - OPENSSL_free(mp); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - } - break; - case 1: - break; - } -} - -void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, - int before_p, const char *file, int line) -{ - MEM m, *mp; - - switch (before_p) { - case 0: - break; - case 1: - if (addr2 == NULL) - break; - - if (addr1 == NULL) { - CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line); - break; - } - - if (mem_check_on()) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - - m.addr = addr1; - mp = lh_MEM_delete(mh, &m); - if (mp != NULL) { - mp->addr = addr2; - mp->num = num; -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE - mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array)); -#endif - (void)lh_MEM_insert(mh, mp); - } - - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - } - break; - } - return; -} - -typedef struct mem_leak_st { - int (*print_cb) (const char *str, size_t len, void *u); - void *print_cb_arg; - int chunks; - long bytes; -} MEM_LEAK; - -static void print_leak(const MEM *m, MEM_LEAK *l) -{ - char buf[1024]; - char *bufp = buf, *hex; - size_t len = sizeof(buf); - int n; - struct tm *lcl = NULL; - - lcl = localtime(&m->time); - n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ", - lcl->tm_hour, lcl->tm_min, lcl->tm_sec); - if (n <= 0) { - bufp[0] = '\0'; - return; - } - bufp += n; - len -= n; - - n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ", - m->order, m->file, m->line); - if (n <= 0) - return; - bufp += n; - len -= n; - - hex = OPENSSL_buf2hexstr((const unsigned char *)&m->threadid, - sizeof(m->threadid)); - n = BIO_snprintf(bufp, len, "thread=%s, number=%d, address=%p\n", - hex == NULL ? "<null>" : hex, m->num, m->addr); - OPENSSL_free(hex); - if (n <= 0) - return; - bufp += n; - len -= n; - - l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg); - l->chunks++; - l->bytes += m->num; - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE - { - size_t i; - char **strings = backtrace_symbols(m->array, m->array_siz); - - for (i = 0; i < m->array_siz; i++) - fprintf(stderr, "##> %s\n", strings[i]); - free(strings); - } -#endif -} - -IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK); - -int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), - void *u) -{ - MEM_LEAK ml; - - /* Ensure all resources are released */ - OPENSSL_cleanup(); - - if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) - return -1; - - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - - ml.print_cb = cb; - ml.print_cb_arg = u; - ml.bytes = 0; - ml.chunks = 0; - if (mh != NULL) - lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml); - - if (ml.chunks != 0) { - char buf[256]; - - BIO_snprintf(buf, sizeof(buf), "%ld bytes leaked in %d chunks\n", - ml.bytes, ml.chunks); - cb(buf, strlen(buf), u); - } else { - /* - * Make sure that, if we found no leaks, memory-leak debugging itself - * does not introduce memory leaks (which might irritate external - * debugging tools). (When someone enables leak checking, but does not - * call this function, we declare it to be their fault.) - */ - int old_mh_mode; - - CRYPTO_THREAD_write_lock(memdbg_lock); - - /* - * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses - * mem_check_on - */ - old_mh_mode = mh_mode; - mh_mode = CRYPTO_MEM_CHECK_OFF; - - lh_MEM_free(mh); - mh = NULL; - - mh_mode = old_mh_mode; - CRYPTO_THREAD_unlock(memdbg_lock); - } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); - - /* Clean up locks etc */ - CRYPTO_THREAD_lock_free(memdbg_lock); - CRYPTO_THREAD_lock_free(long_memdbg_lock); - memdbg_lock = NULL; - long_memdbg_lock = NULL; - - return ml.chunks == 0 ? 1 : 0; -} - -static int print_bio(const char *str, size_t len, void *b) -{ - return BIO_write((BIO *)b, str, len); -} - -int CRYPTO_mem_leaks(BIO *b) -{ - /* - * OPENSSL_cleanup() will free the ex_data locks so we can't have any - * ex_data hanging around - */ - bio_free_ex_data(b); - - return CRYPTO_mem_leaks_cb(print_bio, b); -} - -# ifndef OPENSSL_NO_STDIO -int CRYPTO_mem_leaks_fp(FILE *fp) -{ - BIO *b; - int ret; - - /* - * Need to turn off memory checking when allocated BIOs ... especially as - * we're creating them at a time when we're trying to check we've not - * left anything un-free()'d!! - */ - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - b = BIO_new(BIO_s_file()); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - if (b == NULL) - return -1; - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = CRYPTO_mem_leaks_cb(print_bio, b); - BIO_free(b); - return ret; -} -# endif - -#endif diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 52956ebcd5..5835ab6f50 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -66,10 +66,8 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b); static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(o_names_init) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); obj_lock = CRYPTO_THREAD_lock_new(); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); return names_lh != NULL && obj_lock != NULL; } @@ -90,11 +88,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), CRYPTO_THREAD_write_lock(obj_lock); - if (name_funcs_stack == NULL) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); + if (name_funcs_stack == NULL) name_funcs_stack = sk_NAME_FUNCS_new_null(); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - } if (name_funcs_stack == NULL) { /* ERROR */ goto out; @@ -102,9 +97,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), ret = names_type_num; names_type_num++; for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); name_funcs = OPENSSL_zalloc(sizeof(*name_funcs)); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); if (name_funcs == NULL) { OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); ret = 0; @@ -112,10 +105,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), } name_funcs->hash_func = openssl_lh_strcasehash; name_funcs->cmp_func = obj_strcasecmp; - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); - push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); if (!push) { OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); diff --git a/crypto/provider_core.c b/crypto/provider_core.c index c7c579a1c8..c95615f882 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -890,7 +890,6 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED, (void (*)(void))CRYPTO_secure_allocated }, { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse }, - { OSSL_FUNC_CRYPTO_MEM_CTRL, (void (*)(void))CRYPTO_mem_ctrl }, { 0, NULL } }; diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod index 198251fcd7..8286b4aba8 100644 --- a/doc/man3/OPENSSL_malloc.pod +++ b/doc/man3/OPENSSL_malloc.pod @@ -60,20 +60,18 @@ OPENSSL_MALLOC_FD void CRYPTO_get_alloc_counts(int *m, int *r, int *f) - int CRYPTO_set_mem_debug(int onoff) - env OPENSSL_MALLOC_FAILURES=... <application> env OPENSSL_MALLOC_FD=... <application> - int CRYPTO_mem_ctrl(int mode); +Deprecated: int CRYPTO_mem_leaks(BIO *b); int CRYPTO_mem_leaks_fp(FILE *fp); int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), void *u); -Deprecated: - + int CRYPTO_set_mem_debug(int onoff) + int CRYPTO_mem_ctrl(int mode); int OPENSSL_mem_debug_push(const char *info) int OPENSSL_mem_debug_pop(void); int CRYPTO_mem_debug_push(const char *info, const char *file, int line); @@ -115,37 +113,15 @@ OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C library functions and are provided for portability. If no allocations have been done, it is possible to "swap out" the default -implementations for OPENSSL_malloc(), OPENSSL_realloc and OPENSSL_free() -and replace them with alternate versions (hooks). +implementations for OPENSSL_malloc(), OPENSSL_realloc() and OPENSSL_free() +and replace them with alternate versions. CRYPTO_get_mem_functions() function fills in the given arguments with the function pointers for the current implementations. With CRYPTO_set_mem_functions(), you can specify a different set of functions. If any of B<m>, B<r>, or B<f> are NULL, then the function is not changed. - -The default implementation can include some debugging capability (if enabled -at build-time). -This adds some overhead by keeping a list of all memory allocations, and -removes items from the list when they are free'd. -This is most useful for identifying memory leaks. -CRYPTO_set_mem_debug() turns this tracking on and off. In order to have -any effect, is must be called before any of the allocation functions -(e.g., CRYPTO_malloc()) are called, and is therefore normally one of the -first lines of main() in an application. -CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking. -To enable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of -the B<CRYPTO_MEM_CHECK_ON>. -To disable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of -the B<CRYPTO_MEM_CHECK_OFF>. - -At the end of the program, calling CRYPTO_mem_leaks() or -CRYPTO_mem_leaks_fp() will report all "leaked" memory, writing it -to the specified BIO B<b> or FILE B<fp>. These functions return 1 if -there are no leaks, 0 if there are leaks and -1 if an error occurred. - -CRYPTO_mem_leaks_cb() does the same as CRYPTO_mem_leaks(), but instead -of writing to a given BIO, the callback function is called for each -output string with the string, length, and userdata B<u> as the callback -parameters. +While it's permitted to swap out only a few and not all the functions +with CRYPTO_set_mem_functions(), it's recommended to swap them all out +at once. If the library is built with the C<crypto-mdebug> option, then one function, CRYPTO_get_alloc_counts(), and two additional environment @@ -180,19 +156,12 @@ to use this (will not work on all platforms): export OPENSSL_MALLOC_FD ...app invocation... 3>/tmp/log$$ -OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), -CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop() -have been deprecated and replaced with functions that only return zero. - =head1 RETURN VALUES OPENSSL_malloc_init(), OPENSSL_free(), OPENSSL_clear_free() CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions() return no value. -CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return 1 if -there are no leaks, 0 if there are leaks and -1 if an error occurred. - OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(), OPENSSL_clear_realloc(), CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_realloc(), @@ -200,25 +169,24 @@ CRYPTO_clear_realloc(), OPENSSL_strdup(), and OPENSSL_strndup() return a pointer to allocated memory or NULL on error. -CRYPTO_set_mem_functions() and CRYPTO_set_mem_debug() -return 1 on success or 0 on failure (almost +CRYPTO_set_mem_functions() returns 1 on success or 0 on failure (almost always because allocations have already happened). -CRYPTO_mem_ctrl() returns -1 if an error occurred, otherwise the -previous value of the mode. - -=head1 NOTES - -While it's permitted to swap out only a few and not all the functions -with CRYPTO_set_mem_functions(), it's recommended to swap them all out -at once, especially if OpenSSL was built with the -configuration option> C<crypto-mdebug>. +CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(), CRYPTO_mem_leaks_cb(), +CRYPTO_set_mem_debug(), and CRYPTO_mem_ctrl() are deprecated and return -1. +OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), +CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop() +are deprecated and return 0. =head1 HISTORY OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), -CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop() +CRYPTO_mem_debug_push(), CRYPTO_mem_debug_pop(), +CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(), +CRYPTO_mem_leaks_cb(), CRYPTO_set_mem_debug(), CRYPTO_mem_ctrl() were deprecated in OpenSSL 3.0. +The memory-leak checking has been deprecated in OpenSSL 3.0 in favor of +clang's memory and leak sanitizer. =head1 COPYRIGHT diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 2dc29b37bc..ccc5bf309a 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -108,7 +108,6 @@ provider): CRYPTO_secure_free OSSL_FUNC_CRYPTO_SECURE_FREE CRYPTO_secure_clear_free OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE CRYPTO_secure_allocated OSSL_FUNC_CRYPTO_SECURE_ALLOCATED - CRYPTO_mem_ctrl OSSL_FUNC_CRYPTO_MEM_CTRL BIO_new_file OSSL_FUNC_BIO_NEW_FILE BIO_new_mem_buf OSSL_FUNC_BIO_NEW_MEMBUF BIO_read_ex OSSL_FUNC_BIO_READ_EX @@ -183,7 +182,7 @@ CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(), CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(), CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(), CRYPTO_secure_zalloc(), CRYPTO_secure_free(), -CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(), CRYPTO_mem_ctrl(), +CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(), BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_free(), BIO_vprintf(), OPENSSL_cleanse(), and OPENSSL_hexstr2buf() correspond exactly to the public functions with the same name. diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index cd4b6a687d..6b4a205f1d 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -119,8 +119,6 @@ OSSL_CORE_MAKE_FUNC(int, #define OSSL_FUNC_OPENSSL_CLEANSE 21 OSSL_CORE_MAKE_FUNC(void, OPENSSL_cleanse, (void *ptr, size_t len)) -#define OSSL_FUNC_CRYPTO_MEM_CTRL 22 -OSSL_CORE_MAKE_FUNC(int, CRYPTO_mem_ctrl, (int mode)) /* Bio functions provided by the core */ #define OSSL_FUNC_BIO_NEW_FILE 23 diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index a6020fdd4c..f2f66a3f0e 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -121,8 +121,6 @@ DEFINE_STACK_OF(void) /* No longer needed, so this is a no-op */ #define OPENSSL_malloc_init() while(0) continue -int CRYPTO_mem_ctrl(int mode); - # define OPENSSL_malloc(num) \ CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_zalloc(num) \ @@ -303,7 +301,6 @@ int CRYPTO_set_mem_functions( void *(*m) (size_t, const char *, int), void *(*r) (void *, size_t, const char *, int), void (*f) (void *, const char *, int)); -int CRYPTO_set_mem_debug(int flag); void CRYPTO_get_mem_functions( void *(**m) (size_t, const char *, int), void *(**r) (void *, size_t, const char *, int), @@ -335,37 +332,34 @@ size_t CRYPTO_secure_used(void); void OPENSSL_cleanse(void *ptr, size_t len); # ifndef OPENSSL_NO_CRYPTO_MDEBUG +void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); # ifndef OPENSSL_NO_DEPRECATED_3_0 # define OPENSSL_mem_debug_push(info) \ CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) # define OPENSSL_mem_debug_pop() \ CRYPTO_mem_debug_pop() # endif +DEPRECATEDIN_3_0(int CRYPTO_set_mem_debug(int flag)) +DEPRECATEDIN_3_0(int CRYPTO_mem_ctrl(int mode)) DEPRECATEDIN_3_0(int CRYPTO_mem_debug_push(const char *info, const char *file, int line)) DEPRECATEDIN_3_0(int CRYPTO_mem_debug_pop(void)) -void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount); - -/*- - * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) - * The flag argument has the following significance: - * 0: called before the actual memory allocation has taken place - * 1: called after the actual memory allocation has taken place - */ -void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, - const char *file, int line); -void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, - const char *file, int line); -void CRYPTO_mem_debug_free(void *addr, int flag, - const char *file, int line); - -int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u), - void *u); +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_malloc(void *addr, size_t num, + int flag, + const char *file, int line)) +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, + size_t num, int flag, + const char *file, int line)) +DEPRECATEDIN_3_0(void CRYPTO_mem_debug_free(void *addr, int flag, + const char *file, int line)) + +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks_cb( + int (*cb)(const char *str, size_t len, void *u), void *u)) # ifndef OPENSSL_NO_STDIO -int CRYPTO_mem_leaks_fp(FILE *); +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks_fp(FILE *)) # endif -int CRYPTO_mem_leaks(BIO *bio); +DEPRECATEDIN_3_0(int CRYPTO_mem_leaks(BIO *bio)) # endif /* die if we have to */ diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 6a5ae3a3f1..12c471f325 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -60,7 +60,6 @@ static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; -static OSSL_CRYPTO_mem_ctrl_fn *c_CRYPTO_mem_ctrl; typedef struct fips_global_st { const OSSL_PROVIDER *prov; @@ -516,9 +515,6 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in); break; - case OSSL_FUNC_CRYPTO_MEM_CTRL: - c_CRYPTO_mem_ctrl = OSSL_get_CRYPTO_mem_ctrl(in); - break; case OSSL_FUNC_BIO_NEW_FILE: selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in); break; @@ -704,8 +700,3 @@ int CRYPTO_secure_allocated(const void *ptr) { return c_CRYPTO_secure_allocated(ptr); } - -int CRYPTO_mem_ctrl(int mode) -{ - return c_CRYPTO_mem_ctrl(mode); -} diff --git a/providers/fips/selftest.c b/providers/fips/selftest.c index 369a6bab3b..5dcc0adf43 100644 --- a/providers/fips/selftest.c +++ b/providers/fips/selftest.c @@ -46,10 +46,7 @@ DEFINE_RUN_ONCE_STATIC(do_fips_self_test_init) * platform then we just leak it deliberately. So we temporarily disable the * mem leak checking while we allocate this. */ - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); self_test_lock = CRYPTO_THREAD_lock_new(); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - return self_test_lock != NULL; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ffdc4eab5b..f9fbc5954f 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -461,7 +461,6 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions) SSL_COMP *comp = NULL; COMP_METHOD *method = COMP_zlib(); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) { @@ -474,7 +473,6 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions) sk_SSL_COMP_sort(ssl_comp_methods); } } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); return 1; } @@ -1986,10 +1984,8 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return 1; } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); comp = OPENSSL_malloc(sizeof(*comp)); if (comp == NULL) { - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); return 1; } @@ -1999,18 +1995,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) load_builtin_compressions(); if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { OPENSSL_free(comp); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_DUPLICATE_COMPRESSION_ID); return 1; } if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { OPENSSL_free(comp); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); return 1; } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); return 0; } #endif diff --git a/test/asynctest.c b/test/asynctest.c index 3ce190fb1b..dc357da8b7 100644 --- a/test/asynctest.c +++ b/test/asynctest.c @@ -312,10 +312,7 @@ int main(int argc, char **argv) fprintf(stderr, "OpenSSL build is not ASYNC capable - skipping async tests\n"); } else { - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - if ( !test_ASYNC_init_thread() + if (!test_ASYNC_init_thread() || !test_ASYNC_callback_status() || !test_ASYNC_start_job() || !test_ASYNC_get_current_job() diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c index dab61f6f9a..49ee712a49 100644 --- a/test/bio_memleak_test.c +++ b/test/bio_memleak_test.c @@ -221,13 +221,6 @@ finish: return ok; } -int global_init(void) -{ - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - return 1; -} - int setup_tests(void) { ADD_TEST(test_bio_memleak); diff --git a/test/sslapitest.c b/test/sslapitest.c index 2442b6967d..46e490a417 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -691,7 +691,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth, /* * Calling SSL_clear() first is not required but this tests that SSL_clear() - * doesn't leak (when using enable-crypto-mdebug). + * doesn't leak. */ if (!TEST_true(SSL_clear(serverssl))) goto end; @@ -2116,8 +2116,7 @@ static int test_ssl_set_bio(int idx) /* * This test is checking that the ref counting for SSL_set_bio is correct. * If we get here and we did too many frees then we will fail in the above - * functions. If we haven't done enough then this will only be detected in - * a crypto-mdebug build + * functions. */ SSL_free(serverssl); SSL_free(clientssl); @@ -2144,8 +2143,7 @@ static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio) BIO_set_ssl(sslbio, ssl, BIO_CLOSE); /* - * If anything goes wrong here then we could leak memory, so this will - * be caught in a crypto-mdebug build + * If anything goes wrong here then we could leak memory. */ BIO_push(sslbio, membio1); diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c index e8293f7def..163beafb2f 100644 --- a/test/sslbuffertest.c +++ b/test/sslbuffertest.c @@ -150,13 +150,6 @@ static int test_func(int test) return result; } -int global_init(void) -{ - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - return 1; -} - OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") int setup_tests(void) diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 050470d33e..0c0aa6046a 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -884,7 +884,6 @@ int main(int argc, char *argv[]) int server_auth = 0, i; struct app_verify_arg app_verify_arg = { APP_CALLBACK_STRING, 0 }; - char *p; SSL_CTX *c_ctx = NULL; const SSL_METHOD *meth = NULL; SSL *c_ssl, *s_ssl; @@ -922,12 +921,6 @@ int main(int argc, char *argv[]) debug = 0; bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); s_cctx = SSL_CONF_CTX_new(); @@ -1860,10 +1853,6 @@ int main(int argc, char *argv[]) SSL_SESSION_free(server_sess); SSL_SESSION_free(client_sess); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = EXIT_FAILURE; -#endif BIO_free(bio_err); EXIT(ret); } diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 2ced5634bc..030fb1544c 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -81,22 +81,6 @@ int subtest_level(void) return level; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG -static int should_report_leaks(void) -{ - /* - * When compiled with enable-crypto-mdebug, OPENSSL_DEBUG_MEMORY=0 - * can be used to disable leak checking at runtime. - * Note this only works when running the test binary manually; - * the test harness always enables OPENSSL_DEBUG_MEMORY. - */ - char *mem_debug_env = getenv("OPENSSL_DEBUG_MEMORY"); - - return mem_debug_env == NULL - || (strcmp(mem_debug_env, "0") && strcmp(mem_debug_env, "")); -} -#endif - static int gcd(int a, int b) { while (b != 0) { @@ -128,13 +112,6 @@ int setup_test_framework(int argc, char *argv[]) if (test_seed != NULL) set_seed(atoi(test_seed)); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (should_report_leaks()) { - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - } -#endif - #if defined(OPENSSL_SYS_VMS) && defined(__DECC) argv = copy_argv(&argc, argv); #elif defined(_WIN32) @@ -256,11 +233,6 @@ end: int pulldown_test_framework(int ret) { set_test_title(NULL); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (should_report_leaks() - && CRYPTO_mem_leaks_cb(openssl_error_cb, NULL) <= 0) - return EXIT_FAILURE; -#endif return ret; } diff --git a/util/libcrypto.num b/util/libcrypto.num index c4f1b94cb8..9c17fc5e25 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -1036,7 +1036,7 @@ X509_VERIFY_PARAM_get0 1062 3_0_0 EXIST::FUNCTION: EVP_MD_meth_get_input_blocksize 1063 3_0_0 EXIST::FUNCTION: TS_ACCURACY_get_micros 1064 3_0_0 EXIST::FUNCTION:TS PKCS12_SAFEBAG_create_cert 1065 3_0_0 EXIST::FUNCTION: -CRYPTO_mem_debug_malloc 1066 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG +CRYPTO_mem_debug_malloc 1066 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 RAND_seed 1067 3_0_0 EXIST::FUNCTION: NETSCAPE_SPKAC_free 1068 3_0_0 EXIST::FUNCTION: X509_CRL_diff 1069 3_0_0 EXIST::FUNCTION: @@ -1308,7 +1308,7 @@ TS_REQ_set_nonce 1336 3_0_0 EXIST::FUNCTION:TS Camellia_ctr128_encrypt 1337 3_0_0 EXIST::FUNCTION:CAMELLIA X509_LOOKUP_new 1338 3_0_0 EXIST::FUNCTION: AUTHORITY_INFO_ACCESS_new 1339 3_0_0 EXIST::FUNCTION: -CRYPTO_mem_leaks_fp 1340 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,STDIO +CRYPTO_mem_leaks_fp 1340 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0,STDIO DES_set_key_unchecked 1341 3_0_0 EXIST::FUNCTION:DES BN_free 1342 3_0_0 EXIST::FUNCTION: EVP_aes_128_cfb1 1343 3_0_0 EXIST::FUNCTION: @@ -1438,7 +1438,7 @@ d2i_ASN1_BIT_STRING 1471 3_0_0 EXIST::FUNCTION: OCSP_CERTSTATUS_new 1472 3_0_0 EXIST::FUNCTION:OCSP ENGINE_register_RAND 1473 3_0_0 EXIST::FUNCTION:ENGINE X509V3_section_free 1474 3_0_0 EXIST::FUNCTION: -CRYPTO_mem_debug_free 1475 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG +CRYPTO_mem_debug_free 1475 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 d2i_OCSP_REQUEST 1476 3_0_0 EXIST::FUNCTION:OCSP ENGINE_get_cipher_engine 1477 3_0_0 EXIST::FUNCTION:ENGINE SHA384_Final 1478 3_0_0 EXIST::FUNCTION: @@ -2470,7 +2470,7 @@ PKCS12_parse 2521 3_0_0 EXIST::FUNCTION: BN_GF2m_mod_div 2522 3_0_0 EXIST::FUNCTION:EC2M i2d_USERNOTICE 2523 3_0_0 EXIST::FUNCTION: d2i_NETSCAPE_SPKI 2524 3_0_0 EXIST::FUNCTION: -CRYPTO_mem_leaks 2525 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG +CRYPTO_mem_leaks 2525 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 BN_get_rfc3526_prime_1536 2526 3_0_0 EXIST::FUNCTION: DSA_sign 2527 3_0_0 EXIST::FUNCTION:DSA RAND_egd 2528 3_0_0 EXIST::FUNCTION:EGD @@ -2787,7 +2787,7 @@ d2i_X509_CRL_bio 2847 3_0_0 EXIST::FUNCTION: PKCS12_SAFEBAG_get1_cert 2848 3_0_0 EXIST::FUNCTION: ASN1_UNIVERSALSTRING_free 2849 3_0_0 EXIST::FUNCTION: EC_KEY_precompute_mult 2850 3_0_0 EXIST::FUNCTION:EC -CRYPTO_mem_debug_realloc 2851 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG +CRYPTO_mem_debug_realloc 2851 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 PKCS7_new 2852 3_0_0 EXIST::FUNCTION: BASIC_CONSTRAINTS_it 2853 3_0_0 EXIST::FUNCTION: ASN1_generate_v3 2854 3_0_0 EXIST::FUNCTION: @@ -3212,7 +3212,7 @@ EVP_aes_256_cfb8 3278 3_0_0 EXIST::FUNCTION: d2i_DSA_PUBKEY_bio 3279 3_0_0 EXIST::FUNCTION:DSA X509_NAME_get_text_by_OBJ 3280 3_0_0 EXIST::FUNCTION: RSA_padding_check_none 3281 3_0_0 EXIST::FUNCTION:RSA -CRYPTO_set_mem_debug 3282 3_0_0 EXIST::FUNCTION: +CRYPTO_set_mem_debug 3282 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 TS_VERIFY_CTX_init 3283 3_0_0 EXIST::FUNCTION:TS OCSP_cert_id_new 3284 3_0_0 EXIST::FUNCTION:OCSP GENERAL_SUBTREE_new 3285 3_0_0 EXIST::FUNCTION: @@ -3595,7 +3595,7 @@ DES_ede3_cbc_encrypt 3674 3_0_0 EXIST::FUNCTION:DES X509v3_asid_canonize 3675 3_0_0 EXIST::FUNCTION:RFC3779 i2d_ASIdOrRange 3676 3_0_0 EXIST::FUNCTION:RFC3779 OCSP_url_svcloc_new 3677 3_0_0 EXIST::FUNCTION:OCSP -CRYPTO_mem_ctrl 3678 3_0_0 EXIST::FUNCTION: +CRYPTO_mem_ctrl 3678 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 ASN1_verify 3679 3_0_0 EXIST::FUNCTION: DSA_generate_parameters_ex 3680 3_0_0 EXIST::FUNCTION:DSA X509_sign 3681 3_0_0 EXIST::FUNCTION: @@ -4124,7 +4124,7 @@ INT64_it 4212 3_0_0 EXIST::FUNCTION: ZUINT32_it 4213 3_0_0 EXIST::FUNCTION: UINT32_it 4214 3_0_0 EXIST::FUNCTION: ZINT64_it 4215 3_0_0 EXIST::FUNCTION: -CRYPTO_mem_leaks_cb 4216 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG +CRYPTO_mem_leaks_cb 4216 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0 BIO_lookup_ex 4217 3_0_0 EXIST::FUNCTION:SOCK X509_CRL_print_ex 4218 3_0_0 EXIST::FUNCTION: X509_SIG_INFO_get 4219 3_0_0 EXIST::FUNCTION: |