On 05/01/2017 11:53, Matt Caswell wrote:
On 04/01/17 23:11, Dan Heinz wrote:
Using openssl 1.1.0c.
I have a test application that is a win32 console app that calls a win32
DLL which has the openssl libraries linked in statically.
The test applications uses late-binding to the DLL and calls LoadLibrary
for the DLL, one test function in the DLL, and then FreeLibrary on the DLL.
The test function in the DLL does the following:
RSA*rsa = NULL;
rsa = RSA_new();
RSA_free(rsa);
OPENSSL_thread_stop();
OPENSSL_cleanup();
return0;
When FreeLibrary is called on the DLL, dllmain in never called with any
messages. A subsequent call to LoadLibrary also fails to call dllmain
and when the test function is called RSA_new() fails. This leads me to
believe the DLL is never freed.
I have tried building openssl with and without no-threads with the same
results. My build parameters are:
perl Configure *%TEMP_ARCHITECTURE%*
--prefix=*%RootPath_ThirdParty%*\*%OPENSSL_VERSION%* -DPURIFY
-DOPENSSL_NO_COMP -D_USING_V110_SDK71_ no-shared no-threads no-asm
no-idea no-mdc2 no-rc5 no-ssl3 no-zlib no-comp
What am I missing?
OpenSSL does its cleanup at *process* exit. Don't call OPENSSL_cleanup()
explicitly - this is discouraged.
From this manpage:
https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html
"Typically there should be no need to call this function directly as it
is initiated automatically on application exit...<snip>...
Once OPENSSL_cleanup() has been called the library cannot be reinitialised."
This last sentence is the reason why RSA_new() will fail after you have
previously called OPENSSL_cleanup().
Because cleanup happens on process exit, OpenSSL will keep itself in
memory until that time (otherwise crashes will occur because the cleanup
routines have been unloaded).
If you want to dynamically load and unload your DLL then don't
statically link it to OpenSSL - otherwise OpenSSL will keep your DLL
around until process exit too.
Matt
Which is a horribly broken design by the OpenSSL team, especially if
the surrounding process is extremely long-running. Otherwise, security
updates to OpenSSL will end up requiring system reboots to ensure that
all OpenSSL-using code actually runs the updated OpenSSL libraries.
Someone needs to go back to the drawing board and make OpenSSL
unloadable again.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
