[ruby/openssl] Remove OSSL_DEBUG compile-time option

Remove the OSSL_DEBUG flag and OpenSSL.mem_check_start which is only
compiled when the flag is given. They are meant purely for development
of Ruby/OpenSSL.

OpenSSL.mem_check_start helped us find memory leak bugs in past, but
it is no longer working with the recent OpenSSL versions. Let's just
remove it now.

https://github.com/ruby/openssl/commit/8c7a6a17e2
This commit is contained in:
Kazuki Yamaguchi 2023-08-31 21:34:50 +09:00 committed by Hiroshi SHIBATA
parent 779cab6655
commit 912f1cda0d
6 changed files with 5 additions and 137 deletions

View File

@ -45,13 +45,6 @@ dir_config("kerberos")
Logging::message "=== OpenSSL for Ruby configurator ===\n"
##
# Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
# To turn it on, use: --with-debug or --enable-debug
#
if with_config("debug") or enable_config("debug")
$defs.push("-DOSSL_DEBUG")
end
$defs.push("-D""OPENSSL_SUPPRESS_DEPRECATED")
have_func("rb_io_descriptor")

View File

@ -463,75 +463,6 @@ ossl_fips_mode_set(VALUE self, VALUE enabled)
#endif
}
#if defined(OSSL_DEBUG)
#if !defined(LIBRESSL_VERSION_NUMBER) && \
(OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(OPENSSL_NO_CRYPTO_MDEBUG) || \
defined(CRYPTO_malloc_debug_init))
/*
* call-seq:
* OpenSSL.mem_check_start -> nil
*
* Calls CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON). Starts tracking memory
* allocations. See also OpenSSL.print_mem_leaks.
*
* This is available only when built with a capable OpenSSL and --enable-debug
* configure option.
*/
static VALUE
mem_check_start(VALUE self)
{
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
return Qnil;
}
/*
* call-seq:
* OpenSSL.print_mem_leaks -> true | false
*
* For debugging the Ruby/OpenSSL library. Calls CRYPTO_mem_leaks_fp(stderr).
* Prints detected memory leaks to standard error. This cleans the global state
* up thus you cannot use any methods of the library after calling this.
*
* Returns +true+ if leaks detected, +false+ otherwise.
*
* This is available only when built with a capable OpenSSL and --enable-debug
* configure option.
*
* === Example
* OpenSSL.mem_check_start
* NOT_GCED = OpenSSL::PKey::RSA.new(256)
*
* END {
* GC.start
* OpenSSL.print_mem_leaks # will print the leakage
* }
*/
static VALUE
print_mem_leaks(VALUE self)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000
int ret;
#endif
#ifndef HAVE_RB_EXT_RACTOR_SAFE
// for Ruby 2.x
void ossl_bn_ctx_free(void); // ossl_bn.c
ossl_bn_ctx_free();
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000
ret = CRYPTO_mem_leaks_fp(stderr);
if (ret < 0)
ossl_raise(eOSSLError, "CRYPTO_mem_leaks_fp");
return ret ? Qfalse : Qtrue;
#else
CRYPTO_mem_leaks_fp(stderr);
return Qnil;
#endif
}
#endif
#endif
#if !defined(HAVE_OPENSSL_110_THREADING_API)
/**
* Stores locks needed for OpenSSL thread safety
@ -1239,40 +1170,4 @@ Init_openssl(void)
Init_ossl_provider();
Init_ossl_asn1();
Init_ossl_kdf();
#if defined(OSSL_DEBUG)
/*
* For debugging Ruby/OpenSSL. Enable only when built with --enable-debug
*/
#if !defined(LIBRESSL_VERSION_NUMBER) && \
(OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(OPENSSL_NO_CRYPTO_MDEBUG) || \
defined(CRYPTO_malloc_debug_init))
rb_define_module_function(mOSSL, "mem_check_start", mem_check_start, 0);
rb_define_module_function(mOSSL, "print_mem_leaks", print_mem_leaks, 0);
#if defined(CRYPTO_malloc_debug_init) /* <= 1.0.2 */
CRYPTO_malloc_debug_init();
#endif
#if defined(V_CRYPTO_MDEBUG_ALL) /* <= 1.0.2 */
CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000 /* <= 1.0.2 */
{
int i;
/*
* See crypto/ex_data.c; call def_get_class() immediately to avoid
* allocations. 15 is the maximum number that is used as the class index
* in OpenSSL 1.0.2.
*/
for (i = 0; i <= 15; i++) {
if (CRYPTO_get_ex_new_index(i, 0, (void *)"ossl-mdebug-dummy", 0, 0, 0) < 0)
rb_raise(rb_eRuntimeError, "CRYPTO_get_ex_new_index for "
"class index %d failed", i);
}
}
#endif
#endif
#endif
}

View File

@ -82,7 +82,7 @@ class OpenSSL::TestEngine < OpenSSL::TestCase
# this is required because OpenSSL::Engine methods change global state
def with_openssl(code, **opts)
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;", **opts)
assert_separately(["-ropenssl"], <<~"end;", **opts)
#{code}
end;
end

View File

@ -9,7 +9,7 @@ class OpenSSL::TestFIPS < OpenSSL::TestCase
omit "Only for FIPS mode environment"
end
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
assert_separately(["-ropenssl"], <<~"end;")
assert OpenSSL.fips_mode == true, ".fips_mode should return true on FIPS mode enabled"
end;
end
@ -19,7 +19,7 @@ class OpenSSL::TestFIPS < OpenSSL::TestCase
omit "Only for non-FIPS mode environment"
end
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
assert_separately(["-ropenssl"], <<~"end;")
message = ".fips_mode should return false on FIPS mode disabled. " \
"If you run the test on FIPS mode, please set " \
"TEST_RUBY_OPENSSL_FIPS_ENABLED=true"
@ -35,7 +35,7 @@ class OpenSSL::TestFIPS < OpenSSL::TestCase
def test_fips_mode_get_with_fips_mode_set
omit('OpenSSL is not FIPS-capable') unless OpenSSL::OPENSSL_FIPS
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
assert_separately(["-ropenssl"], <<~"end;")
begin
OpenSSL.fips_mode = true
assert OpenSSL.fips_mode == true, ".fips_mode should return true when .fips_mode=true"

View File

@ -58,7 +58,7 @@ class OpenSSL::TestProvider < OpenSSL::TestCase
# this is required because OpenSSL::Provider methods change global state
def with_openssl(code, **opts)
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;", **opts)
assert_separately(["-ropenssl"], <<~"end;", **opts)
#{code}
end;
end

View File

@ -4,26 +4,6 @@ begin
rescue LoadError
end
# Compile OpenSSL with crypto-mdebug and run this test suite with OSSL_MDEBUG=1
# environment variable to enable memory leak check.
if ENV["OSSL_MDEBUG"] == "1"
if OpenSSL.respond_to?(:print_mem_leaks)
OpenSSL.mem_check_start
END {
GC.start
case OpenSSL.print_mem_leaks
when nil
warn "mdebug: check what is printed"
when true
raise "mdebug: memory leaks detected"
end
}
else
warn "OSSL_MDEBUG=1 is specified but OpenSSL is not built with crypto-mdebug"
end
end
require "test/unit"
require "tempfile"
require "socket"