[openssl-users] Openssl static build linked in DLL does not unload on win32

Matt Caswell matt at openssl.org
Fri Jan 6 14:54:59 UTC 2017



On 06/01/17 14:36, Dan Heinz wrote:
>>> On 04/01/17 23:11, Dan Heinz wrote: Using openssl 1.1.0c.
>>> 
>>> I have a test application that is a win32 console app that calls
>>> a win32 DLL which has the openssl libraries linked in
>>> statically.
>>> 
>>> The test applications uses late-binding to the DLL and calls 
>>> LoadLibrary for the DLL, one test function in the DLL, and then
>>> FreeLibrary on the DLL.
>>> 
>>> 
>>> 
>>> The test function in the DLL does the following:
>>> 
>>> RSA*rsa = NULL;
>>> 
>>> rsa = RSA_new();
>>> 
>>> RSA_free(rsa);
>>> 
>>> OPENSSL_thread_stop();
>>> 
>>> OPENSSL_cleanup();
>>> 
>>> return0;
>>> 
>>> When FreeLibrary is called on the DLL, dllmain in never called
>>> with any messages.  A subsequent call to LoadLibrary also fails
>>> to call dllmain and when the test function is called RSA_new()
>>> fails.  This leads me to believe the DLL is never freed.
>>> 
>>> I have tried building openssl with and without no-threads with
>>> the same results.  My build parameters are: perl Configure
>>> *%TEMP_ARCHITECTURE%* 
>>> --prefix=*%RootPath_ThirdParty%*\*%OPENSSL_VERSION%* -DPURIFY 
>>> -DOPENSSL_NO_COMP -D_USING_V110_SDK71_ no-shared no-threads
>>> no-asm no-idea no-mdc2 no-rc5  no-ssl3 no-zlib no-comp
>>> 
>>> What am I missing?
>> 
>> 
>> OpenSSL does its cleanup at *process* exit. Don't call
>> OPENSSL_cleanup() explicitly - this is >discouraged.
>> 
>> From this manpage:
>> 
>> https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html
>>
>>
>> 
"Typically there should be no need to call this function directly as it
is initiated >automatically on application exit...<snip>...
>> 
>> Once OPENSSL_cleanup() has been called the library cannot be
>> reinitialised."
>> 
>> This last sentence is the reason why RSA_new() will fail after you
>> have previously called >OPENSSL_cleanup().
>> 
>> Because cleanup happens on process exit, OpenSSL will keep itself
>> in memory until that time >(otherwise crashes will occur because
>> the cleanup routines have been unloaded).
>> 
>> If you want to dynamically load and unload your DLL then don't
>> statically link it to OpenSSL - >otherwise OpenSSL will keep your
>> DLL around until process exit too.
>> 
>> Matt
> 
> That is very disappointing.  As a library vendor we have no control
> over how our users load and unload our libraries.  We will just have
> to roll back to 1.0.x and wait to see if this will be addressed. 
> Also, as Jakob stated in another post, it really seems like this
> design will be problematic.

Can you not link against the OpenSSL DLLs rather than statically link?
That would avoid the problem.

Matt




More information about the openssl-users mailing list