Calling OpenSSL_thread_stop() multiple times

Martin Bonner Martin.Bonner at
Thu Aug 24 07:38:47 UTC 2023

> I have fixed the leak by moving Openssl_thread_stop() to dll_thread_detach.

Beware!  Here be dragons!

dll_thread_detach is called from DllMain when that is called with

The significance of this is that there are quite severe limitations on what you
can do inside DllMain.  See: and

I have two particular concerns:
* Openssl_thread_stop is not documented as being safe to call from DllMain
  (it would be awesome if it was) - and although it way work today, somebody may
  make a change which means it stops working tomorrow.
* I rather expect Openssl_thread_stop calls into all loaded providers - and if
  your customer has a third-party provider loaded which you haven't tested with,
  things could go wrong.

The only suggestion I have as to how to fix this is "submit a PR to document
that Openssl_thread_stop/Openssl_thread_stop_ex are safe to call from DllMain"
- preferably with the additions of loads of comments to the relevant code.

Apart from that, do lots of testing, and be prepared for issues.

Martin Bonner

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

More information about the openssl-users mailing list