Add SSL_up_ref() and SSL_CTX_up_ref()

The SSL and SSL_CTX structures are reference counted. However since libssl
was made opaque there is no way for users of the library to manipulate the
reference counts. This adds functions to enable that.
Reviewed-by: NStephen Henson <steve@openssl.org>

doc/ssl/SSL_CTX_new.pod

@@ -2,9 +2,9 @@
 
 =head1 NAME
 
-SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method,
-TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method,
-TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
+SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method,
+SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method,
+TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
 TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method,
 SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method,
 DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method,
@@ -17,6 +17,7 @@ functions
  #include <openssl/ssl.h>
 
  SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+ void SSL_CTX_up_ref(SSL_CTX *ctx);
 
  const SSL_METHOD *TLS_method(void);
  const SSL_METHOD *TLS_server_method(void);
@@ -59,7 +60,12 @@ functions
 =head1 DESCRIPTION
 
 SSL_CTX_new() creates a new B<SSL_CTX> object as framework to
-establish TLS/SSL or DTLS enabled connections.
+establish TLS/SSL or DTLS enabled connections. An B<SSL_CTX> object is
+reference counted. Creating an B<SSL_CTX> object for the first time increments
+the reference count. Freeing it (using SSL_CTX_free) decrements it. When the
+reference count drops to zero, any memory or resources allocated to the
+B<SSL_CTX> object are freed. SSL_CTX_up_ref() increments the reference count for
+an existing B<SSL_CTX> structure.
 
 =head1 NOTES
 

doc/ssl/SSL_new.pod

@@ -2,20 +2,26 @@
 
 =head1 NAME
 
-SSL_new - create a new SSL structure for a connection
+SSL_new, SSL_up_ref - create a new SSL structure for a connection
 
 =head1 SYNOPSIS
 
  #include <openssl/ssl.h>
 
  SSL *SSL_new(SSL_CTX *ctx);
+ void SSL_up_ref(SSL *s);
 
 =head1 DESCRIPTION
 
 SSL_new() creates a new B<SSL> structure which is needed to hold the
 data for a TLS/SSL connection. The new structure inherits the settings
 of the underlying context B<ctx>: connection method,
-options, verification settings, timeout settings.
+options, verification settings, timeout settings. An B<SSL> structure is
+reference counted. Creating an B<SSL> structure for the first time increments
+the reference count. Freeing it (using SSL_free) decrements it. When the
+reference count drops to zero, any memory or resources allocated to the B<SSL>
+structure are freed. SSL_up_ref() increments the reference count for an
+existing B<SSL> structure.
 
 =head1 RETURN VALUES
 

doc/ssl/ssl.pod

@@ -234,6 +234,8 @@ protocol context defined in the B<SSL_CTX> structure.
 
 =item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
 
+=item void SSL_CTX_up_ref(SSL_CTX *ctx);
+
 =item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
 
 =item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
@@ -562,6 +564,8 @@ fresh handle for each connection.
 
 =item SSL *B<SSL_new>(SSL_CTX *ctx);
 
+=item void SSL_up_ref(SSL *s);
+
 =item long B<SSL_num_renegotiations>(SSL *ssl);
 
 =item int B<SSL_peek>(SSL *ssl, void *buf, int num);

include/openssl/ssl.h

@@ -1371,6 +1371,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
 
 __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
 __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+void SSL_CTX_up_ref(SSL_CTX *ctx);
 void SSL_CTX_free(SSL_CTX *);
 __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
 __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
@@ -1530,6 +1531,7 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid
                                    unsigned int sid_ctx_len);
 
 SSL *SSL_new(SSL_CTX *ctx);
+void SSL_up_ref(SSL *s);
 __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
                                unsigned int sid_ctx_len);
 

ssl/ssl_lib.c

@@ -745,6 +745,11 @@ SSL *SSL_new(SSL_CTX *ctx)
     return (NULL);
 }
 
+void SSL_up_ref(SSL *s)
+{
+    CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL);
+}
+
 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
                                    unsigned int sid_ctx_len)
 {
@@ -2348,6 +2353,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
     return (NULL);
 }
 
+void SSL_CTX_up_ref(SSL_CTX *ctx)
+{
+    CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+}
+
 void SSL_CTX_free(SSL_CTX *a)
 {
     int i;

util/ssleay.num

@@ -433,3 +433,5 @@ SSL_CTX_get_options                     467	1_1_0	EXIST::FUNCTION:
 SSL_clear_options                       468	1_1_0	EXIST::FUNCTION:
 SSL_set_options                         469	1_1_0	EXIST::FUNCTION:
 SSL_get_options                         470	1_1_0	EXIST::FUNCTION:
+SSL_up_ref                              471	1_1_0	EXIST::FUNCTION:
+SSL_CTX_up_ref                          472	1_1_0	EXIST::FUNCTION: