Add SSL_up_ref() and SSL_CTX_up_ref()

The SSL and SSL_CTX structures are reference counted. However since libssl
was made opaque there is no way for users of the library to manipulate the
reference counts. This adds functions to enable that.

Reviewed-by: Stephen Henson <steve@openssl.org>

3 files changed, 22 insertions, 6 deletions

diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
index 53f621685e..259098657f 100644
--- a/doc/ssl/SSL_CTX_new.pod
+++ b/doc/ssl/SSL_CTX_new.pod
@@ -2,9 +2,9 @@
 
 =head1 NAME
 
-SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method,
-TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method,
-TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
+SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method,
+SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method,
+TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method,
 TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method,
 SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method,
 DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method,
@@ -17,6 +17,7 @@ functions
  #include <openssl/ssl.h>
 
  SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
+ void SSL_CTX_up_ref(SSL_CTX *ctx);
 
  const SSL_METHOD *TLS_method(void);
  const SSL_METHOD *TLS_server_method(void);
@@ -59,7 +60,12 @@ functions
 =head1 DESCRIPTION
 
 SSL_CTX_new() creates a new B<SSL_CTX> object as framework to
-establish TLS/SSL or DTLS enabled connections.
+establish TLS/SSL or DTLS enabled connections. An B<SSL_CTX> object is
+reference counted. Creating an B<SSL_CTX> object for the first time increments
+the reference count. Freeing it (using SSL_CTX_free) decrements it. When the
+reference count drops to zero, any memory or resources allocated to the
+B<SSL_CTX> object are freed. SSL_CTX_up_ref() increments the reference count for
+an existing B<SSL_CTX> structure.
 
 =head1 NOTES
 
diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod
index 4c350c507f..f0e07951e3 100644
--- a/doc/ssl/SSL_new.pod
+++ b/doc/ssl/SSL_new.pod
@@ -2,20 +2,26 @@
 
 =head1 NAME
 
-SSL_new - create a new SSL structure for a connection
+SSL_new, SSL_up_ref - create a new SSL structure for a connection
 
 =head1 SYNOPSIS
 
  #include <openssl/ssl.h>
 
  SSL *SSL_new(SSL_CTX *ctx);
+ void SSL_up_ref(SSL *s);
 
 =head1 DESCRIPTION
 
 SSL_new() creates a new B<SSL> structure which is needed to hold the
 data for a TLS/SSL connection. The new structure inherits the settings
 of the underlying context B<ctx>: connection method,
-options, verification settings, timeout settings.
+options, verification settings, timeout settings. An B<SSL> structure is
+reference counted. Creating an B<SSL> structure for the first time increments
+the reference count. Freeing it (using SSL_free) decrements it. When the
+reference count drops to zero, any memory or resources allocated to the B<SSL>
+structure are freed. SSL_up_ref() increments the reference count for an
+existing B<SSL> structure.
 
 =head1 RETURN VALUES
 
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index 33133ff78f..597b88e5f7 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -234,6 +234,8 @@ protocol context defined in the B<SSL_CTX> structure.
 
 =item SSL_CTX *B<SSL_CTX_new>(const SSL_METHOD *meth);
 
+=item void SSL_CTX_up_ref(SSL_CTX *ctx);
+
 =item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
 
 =item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
@@ -562,6 +564,8 @@ fresh handle for each connection.
 
 =item SSL *B<SSL_new>(SSL_CTX *ctx);
 
+=item void SSL_up_ref(SSL *s);
+
 =item long B<SSL_num_renegotiations>(SSL *ssl);
 
 =item int B<SSL_peek>(SSL *ssl, void *buf, int num);