[openssl] master update

Richard Levitte levitte at openssl.org
Sat Dec 14 19:57:41 UTC 2019


The branch master has been updated
       via  146113827135b4c646531a48f388e43add6ff871 (commit)
       via  742ccab318b13a8779d9f9164d479b4a428a6da8 (commit)
      from  4e3ee452d091615e52a43e6e7c6db7d09e260353 (commit)


- Log -----------------------------------------------------------------
commit 146113827135b4c646531a48f388e43add6ff871
Author: Rich Salz <rsalz at akamai.com>
Date:   Wed Dec 11 10:56:12 2019 -0500

    Deprecated crypto-mdebug-backtrace
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10572)

commit 742ccab318b13a8779d9f9164d479b4a428a6da8
Author: Rich Salz <rsalz at akamai.com>
Date:   Wed Dec 4 13:15:08 2019 -0500

    Deprecate most of debug-memory
    
    Fixes #8322
    
    The leak-checking (and backtrace option, on some platforms) provided
    by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered;
    only the "make malloc fail" capability remains.  OpenSSL recommends using
    the compiler's leak-detection instead.
    
    The OPENSSL_DEBUG_MEMORY environment variable is no longer used.
    CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(),
    CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code.
    CRYPTO_mem_debug_{malloc,realloc,free}() have been removed.  All of the
    above are now deprecated.
    
    Merge (now really small) mem_dbg.c into mem.c
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10572)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                              |   4 +
 Configurations/descrip.mms.tmpl      |   2 -
 Configurations/unix-Makefile.tmpl    |   3 +-
 Configurations/windows-makefile.tmpl |   1 -
 Configure                            |  21 +-
 INSTALL                              |  14 +-
 NEWS                                 |   2 +
 apps/openssl.c                       |   9 -
 crypto/build.info                    |   2 +-
 crypto/ex_data.c                     |   9 +-
 crypto/mem.c                         |  94 ++++---
 crypto/mem_dbg.c                     | 503 -----------------------------------
 crypto/objects/o_names.c             |  12 +-
 crypto/provider_core.c               |   1 -
 doc/man3/OPENSSL_malloc.pod          |  70 ++---
 doc/man7/provider-base.pod           |   3 +-
 include/openssl/core_numbers.h       |   2 -
 include/openssl/crypto.h             |  38 ++-
 providers/fips/fipsprov.c            |   9 -
 providers/fips/selftest.c            |   3 -
 ssl/ssl_ciph.c                       |   7 -
 test/asynctest.c                     |   5 +-
 test/bio_memleak_test.c              |   7 -
 test/sslapitest.c                    |   8 +-
 test/sslbuffertest.c                 |   7 -
 test/ssltest_old.c                   |  11 -
 test/testutil/driver.c               |  28 --
 util/libcrypto.num                   |  16 +-
 28 files changed, 115 insertions(+), 776 deletions(-)
 delete mode 100644 crypto/mem_dbg.c

diff --git a/CHANGES b/CHANGES
index 45f97e6740..954c0ab028 100644
--- a/CHANGES
+++ b/CHANGES
@@ -41,6 +41,10 @@
      (CVE-2019-1551)
      [Andy Polyakov]
 
+  *) Most memory-debug features have been deprecated, and the functionality
+     replaced with no-ops.
+     [Rich Salz]
+
   *) Introduced a new method type and API, OSSL_SERIALIZER, to
      represent generic serializers.  An implementation is expected to
      be able to serialize an object associated with a given name (such
diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl
index cb1fd9c5b5..f9f3aea4f4 100644
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@@ -446,10 +446,8 @@ test : tests
         DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
         DEFINE OPENSSL_ENGINES {- builddir("engines") -}
         DEFINE OPENSSL_MODULES {- builddir("providers") -}
-        DEFINE OPENSSL_DEBUG_MEMORY "on"
         IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
         $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
-        DEASSIGN OPENSSL_DEBUG_MEMORY
         DEASSIGN OPENSSL_MODULES
         DEASSIGN OPENSSL_ENGINES
         DEASSIGN BLDTOP
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index c3c83f95cd..b1c087272d 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -459,8 +459,7 @@ test: tests
 	  EXE_EXT={- platform->binext() -} \
 	  OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines 2>/dev/null && pwd` \
 	  OPENSSL_MODULES=`cd ../$(BLDDIR)/providers 2>/dev/null && pwd` \
-	  OPENSSL_DEBUG_MEMORY=on \
-	    $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
+	  $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) )
 	@ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
 	@echo "Tests are not supported with your chosen Configure options"
 	@ : {- output_on() if !$disabled{tests}; "" -}
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 7bc09df78d..e25ccd0d5d 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -379,7 +379,6 @@ test: tests
 	set PERL=$(PERL)
 	set OPENSSL_ENGINES=$(MAKEDIR)\engines
 	set OPENSSL_MODULES=$(MAKEDIR)\providers
-	set OPENSSL_DEBUG_MEMORY=on
 	"$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)
 	@{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -}
 	@$(ECHO) "Tests are not supported with your chosen Configure options"
diff --git a/Configure b/Configure
index e303d98deb..7ebde1314a 100755
--- a/Configure
+++ b/Configure
@@ -170,10 +170,6 @@ my @cl_devteam_warn = qw(
     /WX
 );
 
-# This adds backtrace information to the memory leak info.  Is only used
-# when crypto-mdebug-backtrace is enabled.
-my $memleak_devteam_backtrace = "-rdynamic";
-
 my $strict_warnings = 0;
 
 # As for $BSDthreads. Idea is to maintain "collective" set of flags,
@@ -345,7 +341,6 @@ my @dtls = qw(dtls1 dtls1_2);
 # For developers: keep it sorted alphabetically
 
 my @disablables = (
-    "ktls",
     "afalgeng",
     "aria",
     "asan",
@@ -366,7 +361,6 @@ my @disablables = (
     "cms",
     "comp",
     "crypto-mdebug",
-    "crypto-mdebug-backtrace",
     "ct",
     "deprecated",
     "des",
@@ -392,6 +386,7 @@ my @disablables = (
     "fuzz-afl",
     "gost",
     "idea",
+    "ktls",
     "legacy",
     "makedepend",
     "md2",
@@ -463,6 +458,7 @@ my @disablables_int = qw(
 my %deprecated_disablables = (
     "ssl2" => undef,
     "buf-freelists" => undef,
+    "crypto-mdebug-backtrace" => undef,
     "hw" => "hw",               # causes cascade, but no macro
     "hw-padlock" => "padlockeng",
     "ripemd" => "rmd160",
@@ -1517,19 +1513,6 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
                               : ( $_ ) }
                     @{$config{CFLAGS}} ];
 
-unless ($disabled{"crypto-mdebug-backtrace"})
-        {
-        foreach my $wopt (split /\s+/, $memleak_devteam_backtrace)
-                {
-                push @{$config{cflags}}, $wopt
-                        unless grep { $_ eq $wopt } @{$config{cflags}};
-                }
-        if ($target =~ /^BSD-/)
-                {
-                push @{$config{ex_libs}}, "-lexecinfo";
-                }
-        }
-
 unless ($disabled{afalgeng}) {
     $config{afalgeng}="";
     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
diff --git a/INSTALL b/INSTALL
index 4dcc452562..36f271787d 100644
--- a/INSTALL
+++ b/INSTALL
@@ -344,19 +344,11 @@
                    work if the zlib or zlib-dynamic options are also chosen.
 
   enable-crypto-mdebug
-                   Build support for debugging memory allocated via
-                   OPENSSL_malloc() or OPENSSL_zalloc().
+                   This now only enables the failed-malloc feature.
 
   enable-crypto-mdebug-backtrace
-                   As for crypto-mdebug, but additionally provide backtrace
-                   information for allocated memory.
-                   TO BE USED WITH CARE: this uses GNU C functionality, and
-                   is therefore not usable for non-GNU config targets.  If
-                   your build complains about the use of '-rdynamic' or the
-                   lack of header file execinfo.h, this option is not for you.
-                   ALSO NOTE that even though execinfo.h is available on your
-                   system (through Gnulib), the functions might just be stubs
-                   that do nothing.
+                   This is a no-op; the project uses the compiler's
+                   address/leak sanitizer instead.
 
   no-ct
                    Don't build support for Certificate Transparency.
diff --git a/NEWS b/NEWS
index 7c11f61db7..3929894f58 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@
 
   Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
 
+      o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
+        disabled; the project uses address sanitize/leak-detect instead.
       o Added OSSL_SERIALIZER, a generic serializer API.
       o Added error raising macros, ERR_raise() and ERR_raise_data().
       o Deprecated ERR_put_error().
diff --git a/apps/openssl.c b/apps/openssl.c
index 769555e5e1..d60267d742 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -258,11 +258,6 @@ int main(int argc, char *argv[])
     setup_trace(getenv("OPENSSL_TRACE"));
 #endif
 
-    p = getenv("OPENSSL_DEBUG_MEMORY");
-    if (p != NULL && strcmp(p, "on") == 0)
-        CRYPTO_set_mem_debug(1);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
     if (getenv("OPENSSL_FIPS")) {
         BIO_printf(bio_err, "FIPS mode not supported.\n");
         return 1;
@@ -379,10 +374,6 @@ int main(int argc, char *argv[])
     BIO_free(bio_in);
     BIO_free_all(bio_out);
     apps_shutdown();
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-    if (CRYPTO_mem_leaks(bio_err) <= 0)
-        ret = 1;
-#endif
     BIO_free(bio_err);
     EXIT(ret);
 }
diff --git a/crypto/build.info b/crypto/build.info
index 5beaf528be..758a75ec6b 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -73,7 +73,7 @@ $UTIL_COMMON=\
 $UTIL_DEFINE=$CPUIDDEF
 
 SOURCE[../libcrypto]=$UTIL_COMMON \
-        mem.c mem_sec.c mem_dbg.c \
+        mem.c mem_sec.c \
         cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
         o_fopen.c getenv.c o_init.c o_fips.c init.c trace.c provider.c \
         $UPLINKSRC
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 58614b68a3..3cffef897b 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -38,13 +38,8 @@ static EX_CALLBACKS *get_and_lock(OPENSSL_CTX *ctx, int class_index)
     global = openssl_ctx_get_ex_data_global(ctx);
     if (global == NULL || global->ex_data_lock == NULL) {
         /*
-         * This can happen in normal operation when using CRYPTO_mem_leaks().
-         * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans
-         * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets
-         * freed, which also attempts to free the ex_data. However
-         * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e.
-         * before OPENSSL_cleanup() is called), so if we get here we can safely
-         * ignore this operation. We just treat it as an error.
+         * If we get here, someone (who?) cleaned up the lock, so just
+         * treat it as an error.
          */
          return NULL;
     }
diff --git a/crypto/mem.c b/crypto/mem.c
index d3cac29b21..f5e8f2445a 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -14,9 +14,6 @@
 #include <stdlib.h>
 #include <limits.h>
 #include <openssl/crypto.h>
-#if !defined(OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE) && !defined(FIPS_MODE)
-# include <execinfo.h>
-#endif
 
 /*
  * the following pointers may be changed as long as 'allow_customize' is set
@@ -43,7 +40,6 @@ static char *md_failstring;
 static long md_count;
 static int md_fail_percent = 0;
 static int md_tracefd = -1;
-static int call_malloc_debug = 1;
 
 static void parseit(void);
 static int shouldfail(void);
@@ -51,7 +47,6 @@ static int shouldfail(void);
 # define FAILTEST() if (shouldfail()) return NULL
 
 #else
-static int call_malloc_debug = 0;
 
 # define INCREMENT(x) /* empty */
 # define FAILTEST() /* empty */
@@ -73,14 +68,6 @@ int CRYPTO_set_mem_functions(
     return 1;
 }
 
-int CRYPTO_set_mem_debug(int flag)
-{
-    if (!allow_customize)
-        return 0;
-    call_malloc_debug = flag;
-    return 1;
-}
-
 void CRYPTO_get_mem_functions(
         void *(**m)(size_t, const char *, int),
         void *(**r)(void *, size_t, const char *, int),
@@ -209,18 +196,8 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
          */
         allow_customize = 0;
     }
-#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
-    if (call_malloc_debug) {
-        CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
-        ret = malloc(num);
-        CRYPTO_mem_debug_malloc(ret, num, 1, file, line);
-    } else {
-        ret = malloc(num);
-    }
-#else
     (void)(file); (void)(line);
     ret = malloc(num);
-#endif
 
     return ret;
 }
@@ -250,17 +227,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
         return NULL;
     }
 
-#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
-    if (call_malloc_debug) {
-        void *ret;
-        CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
-        ret = realloc(str, num);
-        CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line);
-        return ret;
-    }
-#else
     (void)(file); (void)(line);
-#endif
     return realloc(str, num);
 
 }
@@ -300,17 +267,7 @@ void CRYPTO_free(void *str, const char *file, int line)
         return;
     }
 
-#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
-    if (call_malloc_debug) {
-        CRYPTO_mem_debug_free(str, 0, file, line);
-        free(str);
-        CRYPTO_mem_debug_free(str, 1, file, line);
-    } else {
-        free(str);
-    }
-#else
     free(str);
-#endif
 }
 
 void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
@@ -321,3 +278,54 @@ void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
         OPENSSL_cleanse(str, num);
     CRYPTO_free(str, file, line);
 }
+
+#if !defined(OPENSSL_NO_CRYPTO_MDEBUG)
+
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+int CRYPTO_mem_ctrl(int mode)
+{
+    (void)mode;
+    return -1;
+}
+
+int CRYPTO_set_mem_debug(int flag)
+{
+    (void)flag;
+    return -1;
+}
+
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
+{
+    (void)info; (void)file; (void)line;
+    return -1;
+}
+
+int CRYPTO_mem_debug_pop(void)
+{
+    return -1;
+}
+
+int CRYPTO_mem_leaks(BIO *b)
+{
+    (void)b;
+    return -1;
+}
+
+#  ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *fp)
+{
+    (void)fp;
+    return -1;
+}
+#  endif
+
+int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
+                        void *u)
+{
+    (void)cb; (void)u;
+    return -1;
+}
+
+# endif
+
+#endif
diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
deleted file mode 100644
index 561dd80437..0000000000
--- a/crypto/mem_dbg.c
+++ /dev/null
@@ -1,503 +0,0 @@
-/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include "internal/cryptlib.h"
-#include "internal/thread_once.h"
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include "internal/bio.h"
-#include <openssl/lhash.h>
-
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-# include <execinfo.h>
-#endif
-
-/*
- * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when
- * the application asks for it (usually after library initialisation for
- * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only
- * temporarily when the library thinks that certain allocations should not be
- * checked (e.g. the data structures used for memory checking).  It is not
- * suitable as an initial state: the library will unexpectedly enable memory
- * checking when it executes one of those sections that want to disable
- * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes
- * no sense whatsoever.
- */
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-static int mh_mode = CRYPTO_MEM_CHECK_OFF;
-#endif
-
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-static unsigned long order = 0; /* number of memory requests */
-
-static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT;
-CRYPTO_RWLOCK *memdbg_lock;
-static CRYPTO_RWLOCK *long_memdbg_lock;
-
-/* memory-block description */
-struct mem_st {
-    void *addr;
-    int num;
-    const char *file;
-    int line;
-    CRYPTO_THREAD_ID threadid;
-    unsigned long order;
-    time_t time;
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-    void *array[30];
-    size_t array_siz;
-#endif
-};
-
-/*
- * hash-table of memory requests (address as * key); access requires
- * long_memdbg_lock lock
- */
-static LHASH_OF(MEM) *mh = NULL;
-
-/* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
-static unsigned int num_disable = 0;
-
-/*
- * Valid iff num_disable > 0.  long_memdbg_lock is locked exactly in this
- * case (by the thread named in disabling_thread).
- */
-static CRYPTO_THREAD_ID disabling_threadid;
-
-DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
-{
-    memdbg_lock = CRYPTO_THREAD_lock_new();
-    long_memdbg_lock = CRYPTO_THREAD_lock_new();
-    if (memdbg_lock == NULL || long_memdbg_lock == NULL) {
-        CRYPTO_THREAD_lock_free(memdbg_lock);
-        memdbg_lock = NULL;
-        CRYPTO_THREAD_lock_free(long_memdbg_lock);
-        long_memdbg_lock = NULL;
-        return 0;
-    }
-    return 1;
-}
-
-#endif
-
-int CRYPTO_mem_ctrl(int mode)
-{
-#ifdef OPENSSL_NO_CRYPTO_MDEBUG
-    return mode - mode;
-#else
-    int ret = mh_mode;
-
-    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
-        return -1;
-
-    CRYPTO_THREAD_write_lock(memdbg_lock);
-    switch (mode) {
-    default:
-        break;
-
-    case CRYPTO_MEM_CHECK_ON:
-        mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE;
-        num_disable = 0;
-        break;
-
-    case CRYPTO_MEM_CHECK_OFF:
-        mh_mode = 0;
-        num_disable = 0;
-        break;
-
-    /* switch off temporarily (for library-internal use): */
-    case CRYPTO_MEM_CHECK_DISABLE:
-        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
-            CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
-            /* see if we don't have long_memdbg_lock already */
-            if (!num_disable
-                || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) {
-                /*
-                 * Long-time lock long_memdbg_lock must not be claimed
-                 * while we're holding memdbg_lock, or we'll deadlock
-                 * if somebody else holds long_memdbg_lock (and cannot
-                 * release it because we block entry to this function). Give
-                 * them a chance, first, and then claim the locks in
-                 * appropriate order (long-time lock first).
-                 */
-                CRYPTO_THREAD_unlock(memdbg_lock);
-                /*
-                 * Note that after we have waited for long_memdbg_lock and
-                 * memdbg_lock, we'll still be in the right "case" and
-                 * "if" branch because MemCheck_start and MemCheck_stop may
-                 * never be used while there are multiple OpenSSL threads.
-                 */
-                CRYPTO_THREAD_write_lock(long_memdbg_lock);
-                CRYPTO_THREAD_write_lock(memdbg_lock);
-                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
-                disabling_threadid = cur;
-            }
-            num_disable++;
-        }
-        break;
-
-    case CRYPTO_MEM_CHECK_ENABLE:
-        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
-            if (num_disable) {  /* always true, or something is going wrong */
-                num_disable--;
-                if (num_disable == 0) {
-                    mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
-                    CRYPTO_THREAD_unlock(long_memdbg_lock);
-                }
-            }
-        }
-        break;
-    }
-    CRYPTO_THREAD_unlock(memdbg_lock);
-    return ret;
-#endif
-}
-
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-
-static int mem_check_on(void)
-{
-    int ret = 0;
-    CRYPTO_THREAD_ID cur;
-
-    if (mh_mode & CRYPTO_MEM_CHECK_ON) {
-        if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
-            return 0;
-
-        cur = CRYPTO_THREAD_get_current_id();
-        CRYPTO_THREAD_read_lock(memdbg_lock);
-
-        ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
-            || !CRYPTO_THREAD_compare_id(disabling_threadid, cur);
-
-        CRYPTO_THREAD_unlock(memdbg_lock);
-    }
-    return ret;
-}
-
-static int mem_cmp(const MEM *a, const MEM *b)
-{
-#ifdef _WIN64
-    const char *ap = (const char *)a->addr, *bp = (const char *)b->addr;
-    if (ap == bp)
-        return 0;
-    else if (ap > bp)
-        return 1;
-    else
-        return -1;
-#else
-    return (const char *)a->addr - (const char *)b->addr;
-#endif
-}
-
-static unsigned long mem_hash(const MEM *a)
-{
-    size_t ret;
-
-    ret = (size_t)a->addr;
-
-    ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
-    return ret;
-}
-
-#ifndef OPENSSL_NO_DEPRECATED_3_0
-int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
-{
-    return 0;
-}
-
-int CRYPTO_mem_debug_pop(void)
-{
-    return 0;
-}
-#endif
-
-static unsigned long break_order_num = 0;
-
-void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p,
-                             const char *file, int line)
-{
-    MEM *m, *mm;
-
-    switch (before_p & 127) {
-    case 0:
-        break;
-    case 1:
-        if (addr == NULL)
-            break;
-
-        if (mem_check_on()) {
-            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-
-            if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
-                || (m = OPENSSL_malloc(sizeof(*m))) == NULL) {
-                OPENSSL_free(addr);
-                CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-                return;
-            }
-            if (mh == NULL) {
-                if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) {
-                    OPENSSL_free(addr);
-                    OPENSSL_free(m);
-                    addr = NULL;
-                    goto err;
-                }
-            }
-
-            m->addr = addr;
-            m->file = file;
-            m->line = line;
-            m->num = num;
-            m->threadid = CRYPTO_THREAD_get_current_id();
-
-            if (order == break_order_num) {
-                /* BREAK HERE */
-                m->order = order;
-            }
-            m->order = order++;
-# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-            m->array_siz = backtrace(m->array, OSSL_NELEM(m->array));
-# endif
-            m->time = time(NULL);
-
-            if ((mm = lh_MEM_insert(mh, m)) != NULL)
-                OPENSSL_free(mm);
- err:
-            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-        }
-        break;
-    }
-    return;
-}
-
-void CRYPTO_mem_debug_free(void *addr, int before_p,
-        const char *file, int line)
-{
-    MEM m, *mp;
-
-    switch (before_p) {
-    case 0:
-        if (addr == NULL)
-            break;
-
-        if (mem_check_on() && (mh != NULL)) {
-            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-            m.addr = addr;
-            mp = lh_MEM_delete(mh, &m);
-            OPENSSL_free(mp);
-            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-        }
-        break;
-    case 1:
-        break;
-    }
-}
-
-void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num,
-                              int before_p, const char *file, int line)
-{
-    MEM m, *mp;
-
-    switch (before_p) {
-    case 0:
-        break;
-    case 1:
-        if (addr2 == NULL)
-            break;
-
-        if (addr1 == NULL) {
-            CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line);
-            break;
-        }
-
-        if (mem_check_on()) {
-            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-
-            m.addr = addr1;
-            mp = lh_MEM_delete(mh, &m);
-            if (mp != NULL) {
-                mp->addr = addr2;
-                mp->num = num;
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-                mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array));
-#endif
-                (void)lh_MEM_insert(mh, mp);
-            }
-
-            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-        }
-        break;
-    }
-    return;
-}
-
-typedef struct mem_leak_st {
-    int (*print_cb) (const char *str, size_t len, void *u);
-    void *print_cb_arg;
-    int chunks;
-    long bytes;
-} MEM_LEAK;
-
-static void print_leak(const MEM *m, MEM_LEAK *l)
-{
-    char buf[1024];
-    char *bufp = buf, *hex;
-    size_t len = sizeof(buf);
-    int n;
-    struct tm *lcl = NULL;
-
-    lcl = localtime(&m->time);
-    n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ",
-                     lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
-    if (n <= 0) {
-        bufp[0] = '\0';
-        return;
-    }
-    bufp += n;
-    len -= n;
-
-    n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ",
-                     m->order, m->file, m->line);
-    if (n <= 0)
-        return;
-    bufp += n;
-    len -= n;
-
-    hex = OPENSSL_buf2hexstr((const unsigned char *)&m->threadid,
-                             sizeof(m->threadid));
-    n = BIO_snprintf(bufp, len, "thread=%s, number=%d, address=%p\n",
-                     hex == NULL ? "<null>" : hex, m->num, m->addr);
-    OPENSSL_free(hex);
-    if (n <= 0)
-        return;
-    bufp += n;
-    len -= n;
-
-    l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg);
-    l->chunks++;
-    l->bytes += m->num;
-
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
-    {
-        size_t i;
-        char **strings = backtrace_symbols(m->array, m->array_siz);
-
-        for (i = 0; i < m->array_siz; i++)
-            fprintf(stderr, "##> %s\n", strings[i]);
-        free(strings);
-    }
-#endif
-}
-
-IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK);
-
-int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
-                        void *u)
-{
-    MEM_LEAK ml;
-
-    /* Ensure all resources are released */
-    OPENSSL_cleanup();
-
-    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
-        return -1;
-
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-
-    ml.print_cb = cb;
-    ml.print_cb_arg = u;
-    ml.bytes = 0;
-    ml.chunks = 0;
-    if (mh != NULL)
-        lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml);
-
-    if (ml.chunks != 0) {
-        char buf[256];
-
-        BIO_snprintf(buf, sizeof(buf), "%ld bytes leaked in %d chunks\n",
-                     ml.bytes, ml.chunks);
-        cb(buf, strlen(buf), u);
-    } else {
-        /*
-         * Make sure that, if we found no leaks, memory-leak debugging itself
-         * does not introduce memory leaks (which might irritate external
-         * debugging tools). (When someone enables leak checking, but does not
-         * call this function, we declare it to be their fault.)
-         */
-        int old_mh_mode;
-
-        CRYPTO_THREAD_write_lock(memdbg_lock);
-
-        /*
-         * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses
-         * mem_check_on
-         */
-        old_mh_mode = mh_mode;
-        mh_mode = CRYPTO_MEM_CHECK_OFF;
-
-        lh_MEM_free(mh);
-        mh = NULL;
-
-        mh_mode = old_mh_mode;
-        CRYPTO_THREAD_unlock(memdbg_lock);
-    }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
-
-    /* Clean up locks etc */
-    CRYPTO_THREAD_lock_free(memdbg_lock);
-    CRYPTO_THREAD_lock_free(long_memdbg_lock);
-    memdbg_lock = NULL;
-    long_memdbg_lock = NULL;
-
-    return ml.chunks == 0 ? 1 : 0;
-}
-
-static int print_bio(const char *str, size_t len, void *b)
-{
-    return BIO_write((BIO *)b, str, len);
-}
-
-int CRYPTO_mem_leaks(BIO *b)
-{
-    /*
-     * OPENSSL_cleanup() will free the ex_data locks so we can't have any
-     * ex_data hanging around
-     */
-    bio_free_ex_data(b);
-
-    return CRYPTO_mem_leaks_cb(print_bio, b);
-}
-
-# ifndef OPENSSL_NO_STDIO
-int CRYPTO_mem_leaks_fp(FILE *fp)
-{
-    BIO *b;
-    int ret;
-
-    /*
-     * Need to turn off memory checking when allocated BIOs ... especially as
-     * we're creating them at a time when we're trying to check we've not
-     * left anything un-free()'d!!
-     */
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-    b = BIO_new(BIO_s_file());
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-    if (b == NULL)
-        return -1;
-    BIO_set_fp(b, fp, BIO_NOCLOSE);
-    ret = CRYPTO_mem_leaks_cb(print_bio, b);
-    BIO_free(b);
-    return ret;
-}
-# endif
-
-#endif
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 52956ebcd5..5835ab6f50 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -66,10 +66,8 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b);
 static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(o_names_init)
 {
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
     names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
     obj_lock = CRYPTO_THREAD_lock_new();
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     return names_lh != NULL && obj_lock != NULL;
 }
 
@@ -90,11 +88,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
 
     CRYPTO_THREAD_write_lock(obj_lock);
 
-    if (name_funcs_stack == NULL) {
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    if (name_funcs_stack == NULL)
         name_funcs_stack = sk_NAME_FUNCS_new_null();
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-    }
     if (name_funcs_stack == NULL) {
         /* ERROR */
         goto out;
@@ -102,9 +97,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
     ret = names_type_num;
     names_type_num++;
     for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
         name_funcs = OPENSSL_zalloc(sizeof(*name_funcs));
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         if (name_funcs == NULL) {
             OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
             ret = 0;
@@ -112,10 +105,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
         }
         name_funcs->hash_func = openssl_lh_strcasehash;
         name_funcs->cmp_func = obj_strcasecmp;
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
-
         push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
 
         if (!push) {
             OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index c7c579a1c8..c95615f882 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -890,7 +890,6 @@ static const OSSL_DISPATCH core_dispatch_[] = {
     { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED,
         (void (*)(void))CRYPTO_secure_allocated },
     { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse },
-    { OSSL_FUNC_CRYPTO_MEM_CTRL, (void (*)(void))CRYPTO_mem_ctrl },
 
     { 0, NULL }
 };
diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod
index 198251fcd7..8286b4aba8 100644
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@@ -60,20 +60,18 @@ OPENSSL_MALLOC_FD
 
  void CRYPTO_get_alloc_counts(int *m, int *r, int *f)
 
- int CRYPTO_set_mem_debug(int onoff)
-
  env OPENSSL_MALLOC_FAILURES=... <application>
  env OPENSSL_MALLOC_FD=... <application>
 
- int CRYPTO_mem_ctrl(int mode);
+Deprecated:
 
  int CRYPTO_mem_leaks(BIO *b);
  int CRYPTO_mem_leaks_fp(FILE *fp);
  int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
                          void *u);
 
-Deprecated:
-
+ int CRYPTO_set_mem_debug(int onoff)
+ int CRYPTO_mem_ctrl(int mode);
  int OPENSSL_mem_debug_push(const char *info)
  int OPENSSL_mem_debug_pop(void);
  int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
@@ -115,37 +113,15 @@ OPENSSL_strlcat() and OPENSSL_strnlen() are equivalents of the common C
 library functions and are provided for portability.
 
 If no allocations have been done, it is possible to "swap out" the default
-implementations for OPENSSL_malloc(), OPENSSL_realloc and OPENSSL_free()
-and replace them with alternate versions (hooks).
+implementations for OPENSSL_malloc(), OPENSSL_realloc() and OPENSSL_free()
+and replace them with alternate versions.
 CRYPTO_get_mem_functions() function fills in the given arguments with the
 function pointers for the current implementations.
 With CRYPTO_set_mem_functions(), you can specify a different set of functions.
 If any of B<m>, B<r>, or B<f> are NULL, then the function is not changed.
-
-The default implementation can include some debugging capability (if enabled
-at build-time).
-This adds some overhead by keeping a list of all memory allocations, and
-removes items from the list when they are free'd.
-This is most useful for identifying memory leaks.
-CRYPTO_set_mem_debug() turns this tracking on and off.  In order to have
-any effect, is must be called before any of the allocation functions
-(e.g., CRYPTO_malloc()) are called, and is therefore normally one of the
-first lines of main() in an application.
-CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking.
-To enable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of
-the B<CRYPTO_MEM_CHECK_ON>.
-To disable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of
-the B<CRYPTO_MEM_CHECK_OFF>.
-
-At the end of the program, calling CRYPTO_mem_leaks() or
-CRYPTO_mem_leaks_fp() will report all "leaked" memory, writing it
-to the specified BIO B<b> or FILE B<fp>. These functions return 1 if
-there are no leaks, 0 if there are leaks and -1 if an error occurred.
-
-CRYPTO_mem_leaks_cb() does the same as CRYPTO_mem_leaks(), but instead
-of writing to a given BIO, the callback function is called for each
-output string with the string, length, and userdata B<u> as the callback
-parameters.
+While it's permitted to swap out only a few and not all the functions
+with CRYPTO_set_mem_functions(), it's recommended to swap them all out
+at once.
 
 If the library is built with the C<crypto-mdebug> option, then one
 function, CRYPTO_get_alloc_counts(), and two additional environment
@@ -180,19 +156,12 @@ to use this (will not work on all platforms):
   export OPENSSL_MALLOC_FD
   ...app invocation... 3>/tmp/log$$
 
-OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(),
-CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop()
-have been deprecated and replaced with functions that only return zero.
-
 =head1 RETURN VALUES
 
 OPENSSL_malloc_init(), OPENSSL_free(), OPENSSL_clear_free()
 CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_get_mem_functions()
 return no value.
 
-CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return 1 if
-there are no leaks, 0 if there are leaks and -1 if an error occurred.
-
 OPENSSL_malloc(), OPENSSL_zalloc(), OPENSSL_realloc(),
 OPENSSL_clear_realloc(),
 CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_realloc(),
@@ -200,25 +169,24 @@ CRYPTO_clear_realloc(),
 OPENSSL_strdup(), and OPENSSL_strndup()
 return a pointer to allocated memory or NULL on error.
 
-CRYPTO_set_mem_functions() and CRYPTO_set_mem_debug()
-return 1 on success or 0 on failure (almost
+CRYPTO_set_mem_functions() returns 1 on success or 0 on failure (almost
 always because allocations have already happened).
 
-CRYPTO_mem_ctrl() returns -1 if an error occurred, otherwise the
-previous value of the mode.
-
-=head1 NOTES
-
-While it's permitted to swap out only a few and not all the functions
-with CRYPTO_set_mem_functions(), it's recommended to swap them all out
-at once, especially if OpenSSL was built with the
-configuration option> C<crypto-mdebug>.
+CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(), CRYPTO_mem_leaks_cb(),
+CRYPTO_set_mem_debug(), and CRYPTO_mem_ctrl() are deprecated and return -1.
+OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(),
+CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop()
+are deprecated and return 0.
 
 =head1 HISTORY
 
 OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(),
-CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop()
+CRYPTO_mem_debug_push(), CRYPTO_mem_debug_pop(),
+CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(),
+CRYPTO_mem_leaks_cb(), CRYPTO_set_mem_debug(), CRYPTO_mem_ctrl()
 were deprecated in OpenSSL 3.0.
+The memory-leak checking has been deprecated in OpenSSL 3.0 in favor of
+clang's memory and leak sanitizer.
 
 
 =head1 COPYRIGHT
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 2dc29b37bc..ccc5bf309a 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -108,7 +108,6 @@ provider):
  CRYPTO_secure_free             OSSL_FUNC_CRYPTO_SECURE_FREE
  CRYPTO_secure_clear_free       OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE
  CRYPTO_secure_allocated        OSSL_FUNC_CRYPTO_SECURE_ALLOCATED
- CRYPTO_mem_ctrl                OSSL_FUNC_CRYPTO_MEM_CTRL
  BIO_new_file                   OSSL_FUNC_BIO_NEW_FILE
  BIO_new_mem_buf                OSSL_FUNC_BIO_NEW_MEMBUF
  BIO_read_ex                    OSSL_FUNC_BIO_READ_EX
@@ -183,7 +182,7 @@ CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(),
 CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(),
 CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(),
 CRYPTO_secure_zalloc(), CRYPTO_secure_free(),
-CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(), CRYPTO_mem_ctrl(),
+CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(),
 BIO_new_file(), BIO_new_mem_buf(), BIO_read_ex(), BIO_free(),
 BIO_vprintf(), OPENSSL_cleanse(), and OPENSSL_hexstr2buf()
 correspond exactly to the public functions with the same name.
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index cd4b6a687d..6b4a205f1d 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -119,8 +119,6 @@ OSSL_CORE_MAKE_FUNC(int,
 #define OSSL_FUNC_OPENSSL_CLEANSE             21
 OSSL_CORE_MAKE_FUNC(void,
         OPENSSL_cleanse, (void *ptr, size_t len))
-#define OSSL_FUNC_CRYPTO_MEM_CTRL             22
-OSSL_CORE_MAKE_FUNC(int, CRYPTO_mem_ctrl, (int mode))
 
 /* Bio functions provided by the core */
 #define OSSL_FUNC_BIO_NEW_FILE                23
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index a6020fdd4c..f2f66a3f0e 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -121,8 +121,6 @@ DEFINE_STACK_OF(void)
 /* No longer needed, so this is a no-op */
 #define OPENSSL_malloc_init() while(0) continue
 
-int CRYPTO_mem_ctrl(int mode);
-
 # define OPENSSL_malloc(num) \
         CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
 # define OPENSSL_zalloc(num) \
@@ -303,7 +301,6 @@ int CRYPTO_set_mem_functions(
         void *(*m) (size_t, const char *, int),
         void *(*r) (void *, size_t, const char *, int),
         void (*f) (void *, const char *, int));
-int CRYPTO_set_mem_debug(int flag);
 void CRYPTO_get_mem_functions(
         void *(**m) (size_t, const char *, int),
         void *(**r) (void *, size_t, const char *, int),
@@ -335,37 +332,34 @@ size_t CRYPTO_secure_used(void);
 void OPENSSL_cleanse(void *ptr, size_t len);
 
 # ifndef OPENSSL_NO_CRYPTO_MDEBUG
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
 #  ifndef OPENSSL_NO_DEPRECATED_3_0
 #    define OPENSSL_mem_debug_push(info) \
          CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE)
 #    define OPENSSL_mem_debug_pop() \
          CRYPTO_mem_debug_pop()
 #  endif
+DEPRECATEDIN_3_0(int CRYPTO_set_mem_debug(int flag))
+DEPRECATEDIN_3_0(int CRYPTO_mem_ctrl(int mode))
 DEPRECATEDIN_3_0(int CRYPTO_mem_debug_push(const char *info,
                                            const char *file, int line))
 DEPRECATEDIN_3_0(int CRYPTO_mem_debug_pop(void))
 
-void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
-
-/*-
- * Debugging functions (enabled by CRYPTO_set_mem_debug(1))
- * The flag argument has the following significance:
- *   0:   called before the actual memory allocation has taken place
- *   1:   called after the actual memory allocation has taken place
- */
-void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
-        const char *file, int line);
-void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
-        const char *file, int line);
-void CRYPTO_mem_debug_free(void *addr, int flag,
-        const char *file, int line);
-
-int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
-                        void *u);
+DEPRECATEDIN_3_0(void CRYPTO_mem_debug_malloc(void *addr, size_t num,
+                                              int flag,
+                                              const char *file, int line))
+DEPRECATEDIN_3_0(void CRYPTO_mem_debug_realloc(void *addr1, void *addr2,
+                                               size_t num, int flag,
+                                               const char *file, int line))
+DEPRECATEDIN_3_0(void CRYPTO_mem_debug_free(void *addr, int flag,
+                                            const char *file, int line))
+
+DEPRECATEDIN_3_0(int CRYPTO_mem_leaks_cb(
+                      int (*cb)(const char *str, size_t len, void *u), void *u))
 #  ifndef OPENSSL_NO_STDIO
-int CRYPTO_mem_leaks_fp(FILE *);
+DEPRECATEDIN_3_0(int CRYPTO_mem_leaks_fp(FILE *))
 #  endif
-int CRYPTO_mem_leaks(BIO *bio);
+DEPRECATEDIN_3_0(int CRYPTO_mem_leaks(BIO *bio))
 # endif
 
 /* die if we have to */
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 6a5ae3a3f1..12c471f325 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -60,7 +60,6 @@ static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
-static OSSL_CRYPTO_mem_ctrl_fn *c_CRYPTO_mem_ctrl;
 
 typedef struct fips_global_st {
     const OSSL_PROVIDER *prov;
@@ -516,9 +515,6 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
         case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
             c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
             break;
-        case OSSL_FUNC_CRYPTO_MEM_CTRL:
-            c_CRYPTO_mem_ctrl = OSSL_get_CRYPTO_mem_ctrl(in);
-            break;
         case OSSL_FUNC_BIO_NEW_FILE:
             selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
             break;
@@ -704,8 +700,3 @@ int CRYPTO_secure_allocated(const void *ptr)
 {
     return c_CRYPTO_secure_allocated(ptr);
 }
-
-int CRYPTO_mem_ctrl(int mode)
-{
-    return c_CRYPTO_mem_ctrl(mode);
-}
diff --git a/providers/fips/selftest.c b/providers/fips/selftest.c
index 369a6bab3b..5dcc0adf43 100644
--- a/providers/fips/selftest.c
+++ b/providers/fips/selftest.c
@@ -46,10 +46,7 @@ DEFINE_RUN_ONCE_STATIC(do_fips_self_test_init)
      * platform then we just leak it deliberately. So we temporarily disable the
      * mem leak checking while we allocate this.
      */
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
     self_test_lock = CRYPTO_THREAD_lock_new();
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
-
     return self_test_lock != NULL;
 }
 
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index ffdc4eab5b..f9fbc5954f 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -461,7 +461,6 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
     SSL_COMP *comp = NULL;
     COMP_METHOD *method = COMP_zlib();
 
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
     ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
 
     if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
@@ -474,7 +473,6 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
             sk_SSL_COMP_sort(ssl_comp_methods);
         }
     }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     return 1;
 }
 
@@ -1986,10 +1984,8 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
         return 1;
     }
 
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
     comp = OPENSSL_malloc(sizeof(*comp));
     if (comp == NULL) {
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
         return 1;
     }
@@ -1999,18 +1995,15 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
     load_builtin_compressions();
     if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
         OPENSSL_free(comp);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
                SSL_R_DUPLICATE_COMPRESSION_ID);
         return 1;
     }
     if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
         OPENSSL_free(comp);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
         return 1;
     }
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
     return 0;
 }
 #endif
diff --git a/test/asynctest.c b/test/asynctest.c
index 3ce190fb1b..dc357da8b7 100644
--- a/test/asynctest.c
+++ b/test/asynctest.c
@@ -312,10 +312,7 @@ int main(int argc, char **argv)
         fprintf(stderr,
                 "OpenSSL build is not ASYNC capable - skipping async tests\n");
     } else {
-        CRYPTO_set_mem_debug(1);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-        if (       !test_ASYNC_init_thread()
+        if (!test_ASYNC_init_thread()
                 || !test_ASYNC_callback_status()
                 || !test_ASYNC_start_job()
                 || !test_ASYNC_get_current_job()
diff --git a/test/bio_memleak_test.c b/test/bio_memleak_test.c
index dab61f6f9a..49ee712a49 100644
--- a/test/bio_memleak_test.c
+++ b/test/bio_memleak_test.c
@@ -221,13 +221,6 @@ finish:
     return ok;
 }
 
-int global_init(void)
-{
-    CRYPTO_set_mem_debug(1);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-    return 1;
-}
-
 int setup_tests(void)
 {
     ADD_TEST(test_bio_memleak);
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 2442b6967d..46e490a417 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -691,7 +691,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
 
     /*
      * Calling SSL_clear() first is not required but this tests that SSL_clear()
-     * doesn't leak (when using enable-crypto-mdebug).
+     * doesn't leak.
      */
     if (!TEST_true(SSL_clear(serverssl)))
         goto end;
@@ -2116,8 +2116,7 @@ static int test_ssl_set_bio(int idx)
     /*
      * This test is checking that the ref counting for SSL_set_bio is correct.
      * If we get here and we did too many frees then we will fail in the above
-     * functions. If we haven't done enough then this will only be detected in
-     * a crypto-mdebug build
+     * functions.
      */
     SSL_free(serverssl);
     SSL_free(clientssl);
@@ -2144,8 +2143,7 @@ static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
     BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
 
     /*
-     * If anything goes wrong here then we could leak memory, so this will
-     * be caught in a crypto-mdebug build
+     * If anything goes wrong here then we could leak memory.
      */
     BIO_push(sslbio, membio1);
 
diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c
index e8293f7def..163beafb2f 100644
--- a/test/sslbuffertest.c
+++ b/test/sslbuffertest.c
@@ -150,13 +150,6 @@ static int test_func(int test)
     return result;
 }
 
-int global_init(void)
-{
-    CRYPTO_set_mem_debug(1);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-    return 1;
-}
-
 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
 
 int setup_tests(void)
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 050470d33e..0c0aa6046a 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -884,7 +884,6 @@ int main(int argc, char *argv[])
     int server_auth = 0, i;
     struct app_verify_arg app_verify_arg =
         { APP_CALLBACK_STRING, 0 };
-    char *p;
     SSL_CTX *c_ctx = NULL;
     const SSL_METHOD *meth = NULL;
     SSL *c_ssl, *s_ssl;
@@ -922,12 +921,6 @@ int main(int argc, char *argv[])
     debug = 0;
 
     bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    p = getenv("OPENSSL_DEBUG_MEMORY");
-    if (p != NULL && strcmp(p, "on") == 0)
-        CRYPTO_set_mem_debug(1);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
     bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
 
     s_cctx = SSL_CONF_CTX_new();
@@ -1860,10 +1853,6 @@ int main(int argc, char *argv[])
     SSL_SESSION_free(server_sess);
     SSL_SESSION_free(client_sess);
 
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-    if (CRYPTO_mem_leaks(bio_err) <= 0)
-        ret = EXIT_FAILURE;
-#endif
     BIO_free(bio_err);
     EXIT(ret);
 }
diff --git a/test/testutil/driver.c b/test/testutil/driver.c
index 2ced5634bc..030fb1544c 100644
--- a/test/testutil/driver.c
+++ b/test/testutil/driver.c
@@ -81,22 +81,6 @@ int subtest_level(void)
     return level;
 }
 
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-static int should_report_leaks(void)
-{
-    /*
-     * When compiled with enable-crypto-mdebug, OPENSSL_DEBUG_MEMORY=0
-     * can be used to disable leak checking at runtime.
-     * Note this only works when running the test binary manually;
-     * the test harness always enables OPENSSL_DEBUG_MEMORY.
-     */
-    char *mem_debug_env = getenv("OPENSSL_DEBUG_MEMORY");
-
-    return mem_debug_env == NULL
-        || (strcmp(mem_debug_env, "0") && strcmp(mem_debug_env, ""));
-}
-#endif
-
 static int gcd(int a, int b)
 {
     while (b != 0) {
@@ -128,13 +112,6 @@ int setup_test_framework(int argc, char *argv[])
     if (test_seed != NULL)
         set_seed(atoi(test_seed));
 
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-    if (should_report_leaks()) {
-        CRYPTO_set_mem_debug(1);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-    }
-#endif
-
 #if defined(OPENSSL_SYS_VMS) && defined(__DECC)
     argv = copy_argv(&argc, argv);
 #elif defined(_WIN32)
@@ -256,11 +233,6 @@ end:
 int pulldown_test_framework(int ret)
 {
     set_test_title(NULL);
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-    if (should_report_leaks()
-        && CRYPTO_mem_leaks_cb(openssl_error_cb, NULL) <= 0)
-        return EXIT_FAILURE;
-#endif
     return ret;
 }
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c4f1b94cb8..9c17fc5e25 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -1036,7 +1036,7 @@ X509_VERIFY_PARAM_get0                  1062	3_0_0	EXIST::FUNCTION:
 EVP_MD_meth_get_input_blocksize         1063	3_0_0	EXIST::FUNCTION:
 TS_ACCURACY_get_micros                  1064	3_0_0	EXIST::FUNCTION:TS
 PKCS12_SAFEBAG_create_cert              1065	3_0_0	EXIST::FUNCTION:
-CRYPTO_mem_debug_malloc                 1066	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+CRYPTO_mem_debug_malloc                 1066	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 RAND_seed                               1067	3_0_0	EXIST::FUNCTION:
 NETSCAPE_SPKAC_free                     1068	3_0_0	EXIST::FUNCTION:
 X509_CRL_diff                           1069	3_0_0	EXIST::FUNCTION:
@@ -1308,7 +1308,7 @@ TS_REQ_set_nonce                        1336	3_0_0	EXIST::FUNCTION:TS
 Camellia_ctr128_encrypt                 1337	3_0_0	EXIST::FUNCTION:CAMELLIA
 X509_LOOKUP_new                         1338	3_0_0	EXIST::FUNCTION:
 AUTHORITY_INFO_ACCESS_new               1339	3_0_0	EXIST::FUNCTION:
-CRYPTO_mem_leaks_fp                     1340	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,STDIO
+CRYPTO_mem_leaks_fp                     1340	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0,STDIO
 DES_set_key_unchecked                   1341	3_0_0	EXIST::FUNCTION:DES
 BN_free                                 1342	3_0_0	EXIST::FUNCTION:
 EVP_aes_128_cfb1                        1343	3_0_0	EXIST::FUNCTION:
@@ -1438,7 +1438,7 @@ d2i_ASN1_BIT_STRING                     1471	3_0_0	EXIST::FUNCTION:
 OCSP_CERTSTATUS_new                     1472	3_0_0	EXIST::FUNCTION:OCSP
 ENGINE_register_RAND                    1473	3_0_0	EXIST::FUNCTION:ENGINE
 X509V3_section_free                     1474	3_0_0	EXIST::FUNCTION:
-CRYPTO_mem_debug_free                   1475	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+CRYPTO_mem_debug_free                   1475	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 d2i_OCSP_REQUEST                        1476	3_0_0	EXIST::FUNCTION:OCSP
 ENGINE_get_cipher_engine                1477	3_0_0	EXIST::FUNCTION:ENGINE
 SHA384_Final                            1478	3_0_0	EXIST::FUNCTION:
@@ -2470,7 +2470,7 @@ PKCS12_parse                            2521	3_0_0	EXIST::FUNCTION:
 BN_GF2m_mod_div                         2522	3_0_0	EXIST::FUNCTION:EC2M
 i2d_USERNOTICE                          2523	3_0_0	EXIST::FUNCTION:
 d2i_NETSCAPE_SPKI                       2524	3_0_0	EXIST::FUNCTION:
-CRYPTO_mem_leaks                        2525	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+CRYPTO_mem_leaks                        2525	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 BN_get_rfc3526_prime_1536               2526	3_0_0	EXIST::FUNCTION:
 DSA_sign                                2527	3_0_0	EXIST::FUNCTION:DSA
 RAND_egd                                2528	3_0_0	EXIST::FUNCTION:EGD
@@ -2787,7 +2787,7 @@ d2i_X509_CRL_bio                        2847	3_0_0	EXIST::FUNCTION:
 PKCS12_SAFEBAG_get1_cert                2848	3_0_0	EXIST::FUNCTION:
 ASN1_UNIVERSALSTRING_free               2849	3_0_0	EXIST::FUNCTION:
 EC_KEY_precompute_mult                  2850	3_0_0	EXIST::FUNCTION:EC
-CRYPTO_mem_debug_realloc                2851	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+CRYPTO_mem_debug_realloc                2851	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 PKCS7_new                               2852	3_0_0	EXIST::FUNCTION:
 BASIC_CONSTRAINTS_it                    2853	3_0_0	EXIST::FUNCTION:
 ASN1_generate_v3                        2854	3_0_0	EXIST::FUNCTION:
@@ -3212,7 +3212,7 @@ EVP_aes_256_cfb8                        3278	3_0_0	EXIST::FUNCTION:
 d2i_DSA_PUBKEY_bio                      3279	3_0_0	EXIST::FUNCTION:DSA
 X509_NAME_get_text_by_OBJ               3280	3_0_0	EXIST::FUNCTION:
 RSA_padding_check_none                  3281	3_0_0	EXIST::FUNCTION:RSA
-CRYPTO_set_mem_debug                    3282	3_0_0	EXIST::FUNCTION:
+CRYPTO_set_mem_debug                    3282	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 TS_VERIFY_CTX_init                      3283	3_0_0	EXIST::FUNCTION:TS
 OCSP_cert_id_new                        3284	3_0_0	EXIST::FUNCTION:OCSP
 GENERAL_SUBTREE_new                     3285	3_0_0	EXIST::FUNCTION:
@@ -3595,7 +3595,7 @@ DES_ede3_cbc_encrypt                    3674	3_0_0	EXIST::FUNCTION:DES
 X509v3_asid_canonize                    3675	3_0_0	EXIST::FUNCTION:RFC3779
 i2d_ASIdOrRange                         3676	3_0_0	EXIST::FUNCTION:RFC3779
 OCSP_url_svcloc_new                     3677	3_0_0	EXIST::FUNCTION:OCSP
-CRYPTO_mem_ctrl                         3678	3_0_0	EXIST::FUNCTION:
+CRYPTO_mem_ctrl                         3678	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 ASN1_verify                             3679	3_0_0	EXIST::FUNCTION:
 DSA_generate_parameters_ex              3680	3_0_0	EXIST::FUNCTION:DSA
 X509_sign                               3681	3_0_0	EXIST::FUNCTION:
@@ -4124,7 +4124,7 @@ INT64_it                                4212	3_0_0	EXIST::FUNCTION:
 ZUINT32_it                              4213	3_0_0	EXIST::FUNCTION:
 UINT32_it                               4214	3_0_0	EXIST::FUNCTION:
 ZINT64_it                               4215	3_0_0	EXIST::FUNCTION:
-CRYPTO_mem_leaks_cb                     4216	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG
+CRYPTO_mem_leaks_cb                     4216	3_0_0	EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
 BIO_lookup_ex                           4217	3_0_0	EXIST::FUNCTION:SOCK
 X509_CRL_print_ex                       4218	3_0_0	EXIST::FUNCTION:
 X509_SIG_INFO_get                       4219	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list