[openssl-users] Openssl static build linked in DLL does not unload on win32

Dan Heinz dheinz at softwarekey.com
Fri Jan 6 14:36:49 UTC 2017


>>On 04/01/17 23:11, Dan Heinz wrote:
>> Using openssl 1.1.0c. 
>> 
>> I have a test application that is a win32 console app that calls a 
>> win32 DLL which has the openssl libraries linked in statically.
>> 
>> The test applications uses late-binding to the DLL and calls 
>> LoadLibrary for the DLL, one test function in the DLL, and then FreeLibrary on the DLL.
>> 
>>  
>> 
>> The test function in the DLL does the following:
>> 
>> RSA*rsa = NULL;
>> 
>> rsa = RSA_new();
>> 
>> RSA_free(rsa);
>> 
>> OPENSSL_thread_stop();
>> 
>> OPENSSL_cleanup();
>> 
>> return0;
>> 
>> When FreeLibrary is called on the DLL, dllmain in never called with 
>> any messages.  A subsequent call to LoadLibrary also fails to call 
>> dllmain and when the test function is called RSA_new() fails.  This 
>> leads me to believe the DLL is never freed.
>> 
>> I have tried building openssl with and without no-threads with the 
>> same results.  My build parameters are:
>> perl Configure *%TEMP_ARCHITECTURE%*
>> --prefix=*%RootPath_ThirdParty%*\*%OPENSSL_VERSION%* -DPURIFY 
>> -DOPENSSL_NO_COMP -D_USING_V110_SDK71_ no-shared no-threads no-asm 
>> no-idea no-mdc2 no-rc5  no-ssl3 no-zlib no-comp
>> 
>> What am I missing?
>
>
>OpenSSL does its cleanup at *process* exit. Don't call OPENSSL_cleanup() explicitly - this is >discouraged.
>
>From this manpage:
>
>https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html
>
>"Typically there should be no need to call this function directly as it is initiated >automatically on application exit...<snip>...
>
>Once OPENSSL_cleanup() has been called the library cannot be reinitialised."
>
>This last sentence is the reason why RSA_new() will fail after you have previously called >OPENSSL_cleanup().
>
>Because cleanup happens on process exit, OpenSSL will keep itself in memory until that time >(otherwise crashes will occur because the cleanup routines have been unloaded).
>
>If you want to dynamically load and unload your DLL then don't statically link it to OpenSSL - >otherwise OpenSSL will keep your DLL around until process exit too.
>
>Matt

That is very disappointing.  As a library vendor we have no control over how our users load and unload our libraries.  We will just have to roll back to 1.0.x and wait to see if this will be addressed.  
Also, as Jakob stated in another post, it really seems like this design will be problematic.  

Thanks,
Dan


More information about the openssl-users mailing list