From a18a31e49d266b687f425c3c434a5aef1f719e38 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 26 Jan 2016 11:31:41 +0000 Subject: [PATCH] Add SSL_up_ref() and SSL_CTX_up_ref() The SSL and SSL_CTX structures are reference counted. However since libssl was made opaque there is no way for users of the library to manipulate the reference counts. This adds functions to enable that. Reviewed-by: Stephen Henson --- doc/ssl/SSL_CTX_new.pod | 14 ++++++++++---- doc/ssl/SSL_new.pod | 10 ++++++++-- doc/ssl/ssl.pod | 4 ++++ include/openssl/ssl.h | 2 ++ ssl/ssl_lib.c | 10 ++++++++++ util/ssleay.num | 2 ++ 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 53f621685e..259098657f 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -2,9 +2,9 @@ =head1 NAME -SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, -TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, -TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, +SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, +SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, +TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, @@ -17,6 +17,7 @@ functions #include SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); + void SSL_CTX_up_ref(SSL_CTX *ctx); const SSL_METHOD *TLS_method(void); const SSL_METHOD *TLS_server_method(void); @@ -59,7 +60,12 @@ functions =head1 DESCRIPTION SSL_CTX_new() creates a new B object as framework to -establish TLS/SSL or DTLS enabled connections. +establish TLS/SSL or DTLS enabled connections. An B object is +reference counted. Creating an B object for the first time increments +the reference count. Freeing it (using SSL_CTX_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the +B object are freed. SSL_CTX_up_ref() increments the reference count for +an existing B structure. =head1 NOTES diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod index 4c350c507f..f0e07951e3 100644 --- a/doc/ssl/SSL_new.pod +++ b/doc/ssl/SSL_new.pod @@ -2,20 +2,26 @@ =head1 NAME -SSL_new - create a new SSL structure for a connection +SSL_new, SSL_up_ref - create a new SSL structure for a connection =head1 SYNOPSIS #include SSL *SSL_new(SSL_CTX *ctx); + void SSL_up_ref(SSL *s); =head1 DESCRIPTION SSL_new() creates a new B structure which is needed to hold the data for a TLS/SSL connection. The new structure inherits the settings of the underlying context B: connection method, -options, verification settings, timeout settings. +options, verification settings, timeout settings. An B structure is +reference counted. Creating an B structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the B +structure are freed. SSL_up_ref() increments the reference count for an +existing B structure. =head1 RETURN VALUES diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 33133ff78f..597b88e5f7 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -234,6 +234,8 @@ protocol context defined in the B structure. =item SSL_CTX *B(const SSL_METHOD *meth); +=item void SSL_CTX_up_ref(SSL_CTX *ctx); + =item int B(SSL_CTX *ctx, SSL_SESSION *c); =item int B(SSL_CTX *ctx); @@ -562,6 +564,8 @@ fresh handle for each connection. =item SSL *B(SSL_CTX *ctx); +=item void SSL_up_ref(SSL *s); + =item long B(SSL *ssl); =item int B(SSL *ssl, void *buf, int num); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d26b4af1a7..0d36e17a6c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1371,6 +1371,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio); __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +void SSL_CTX_up_ref(SSL_CTX *ctx); void SSL_CTX_free(SSL_CTX *); __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); __owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); @@ -1530,6 +1531,7 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid unsigned int sid_ctx_len); SSL *SSL_new(SSL_CTX *ctx); +void SSL_up_ref(SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 7c99e8d7d4..d29da6dfbf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -745,6 +745,11 @@ SSL *SSL_new(SSL_CTX *ctx) return (NULL); } +void SSL_up_ref(SSL *s) +{ + CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL); +} + int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { @@ -2348,6 +2353,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return (NULL); } +void SSL_CTX_up_ref(SSL_CTX *ctx) +{ + CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); +} + void SSL_CTX_free(SSL_CTX *a) { int i; diff --git a/util/ssleay.num b/util/ssleay.num index 103d95f537..89797c5a3d 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -433,3 +433,5 @@ SSL_CTX_get_options 467 1_1_0 EXIST::FUNCTION: SSL_clear_options 468 1_1_0 EXIST::FUNCTION: SSL_set_options 469 1_1_0 EXIST::FUNCTION: SSL_get_options 470 1_1_0 EXIST::FUNCTION: +SSL_up_ref 471 1_1_0 EXIST::FUNCTION: +SSL_CTX_up_ref 472 1_1_0 EXIST::FUNCTION: -- 2.34.1