自学教程：C++ CRYPTO_THREAD_write_lock函数代码示例

static int rand_status(void){    CRYPTO_THREAD_ID cur;    int ret;    int do_not_lock;    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))        return 0;    cur = CRYPTO_THREAD_get_current_id();    /*     * check if we already have the lock (could happen if a RAND_poll()     * implementation calls RAND_status())     */    if (crypto_lock_rand) {        CRYPTO_THREAD_read_lock(rand_tmp_lock);        do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur);        CRYPTO_THREAD_unlock(rand_tmp_lock);    } else        do_not_lock = 0;    if (!do_not_lock) {        CRYPTO_THREAD_write_lock(rand_lock);        /*         * Prevent deadlocks in case we end up in an async engine         */        ASYNC_block_pause();        /*         * prevent rand_bytes() from trying to obtain the lock again         */        CRYPTO_THREAD_write_lock(rand_tmp_lock);        locking_threadid = cur;        CRYPTO_THREAD_unlock(rand_tmp_lock);        crypto_lock_rand = 1;    }    if (!initialized) {        RAND_poll();        initialized = 1;    }    ret = entropy >= ENTROPY_NEEDED;    if (!do_not_lock) {        /* before unlocking, we must clear 'crypto_lock_rand' */        crypto_lock_rand = 0;        ASYNC_unblock_pause();        CRYPTO_THREAD_unlock(rand_lock);    }    return ret;}

/* Implements the default OpenSSL RAND_add() method */static int drbg_add(const void *buf, int num, double randomness){    int ret = 0;    RAND_DRBG *drbg = RAND_DRBG_get0_master();    if (drbg == NULL)        return 0;    if (num < 0 || randomness < 0.0)        return 0;    if (randomness > (double)drbg->max_entropylen) {        /*         * The purpose of this check is to bound |randomness| by a         * relatively small value in order to prevent an integer         * overflow when multiplying by 8 in the rand_drbg_restart()         * call below.         */        return 0;    }    CRYPTO_THREAD_write_lock(drbg->lock);    ret = rand_drbg_restart(drbg, buf,                            (size_t)(unsigned int)num,                            (size_t)(8*randomness));    CRYPTO_THREAD_unlock(drbg->lock);    return ret;}

/* Implements the default OpenSSL RAND_bytes() method */static int drbg_bytes(unsigned char *out, int count){    int ret = 0;    size_t chunk;    RAND_DRBG *drbg = RAND_DRBG_get0_public();    if (drbg == NULL)        return 0;    CRYPTO_THREAD_write_lock(drbg->lock);    if (drbg->state == DRBG_UNINITIALISED)        goto err;    for ( ; count > 0; count -= chunk, out += chunk) {        chunk = count;        if (chunk > drbg->max_request)            chunk = drbg->max_request;        ret = RAND_DRBG_generate(drbg, out, chunk, 0, NULL, 0);        if (!ret)            goto err;    }    ret = 1;err:    CRYPTO_THREAD_unlock(drbg->lock);    return ret;}

int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x){    X509_OBJECT *obj;    int ret = 1;    if (x == NULL)        return 0;    obj = X509_OBJECT_new();    if (obj == NULL)        return 0;    obj->type = X509_LU_CRL;    obj->data.crl = x;    CRYPTO_THREAD_write_lock(ctx->lock);    X509_OBJECT_up_ref_count(obj);    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {        X509_OBJECT_free(obj);        X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);        ret = 0;    } else        sk_X509_OBJECT_push(ctx->objs, obj);    CRYPTO_THREAD_unlock(ctx->lock);    return ret;}

const RAND_METHOD *RAND_get_rand_method(void){    const RAND_METHOD *tmp_meth = NULL;    if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init))        return NULL;    CRYPTO_THREAD_write_lock(rand_meth_lock);    if (!default_RAND_meth) {#ifndef OPENSSL_NO_ENGINE        ENGINE *e = ENGINE_get_default_RAND();        if (e) {            default_RAND_meth = ENGINE_get_RAND(e);            if (default_RAND_meth == NULL) {                ENGINE_finish(e);                e = NULL;            }        }        if (e)            funct_ref = e;        else#endif            default_RAND_meth = RAND_OpenSSL();    }    tmp_meth = default_RAND_meth;    CRYPTO_THREAD_unlock(rand_meth_lock);    return tmp_meth;}

/* No padding or other stuff needed.  We can call PKCS11 from here */static int pkcs11_ecdsa_sign(const unsigned char *msg, unsigned int msg_len,		unsigned char *sigret, unsigned int *siglen, PKCS11_KEY *key){	int rv;	PKCS11_SLOT *slot = KEY2SLOT(key);	PKCS11_CTX *ctx = KEY2CTX(key);	PKCS11_KEY_private *kpriv = PRIVKEY(key);	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);	CK_MECHANISM mechanism;	CK_ULONG ck_sigsize;	ck_sigsize = *siglen;	memset(&mechanism, 0, sizeof(mechanism));	mechanism.mechanism = CKM_ECDSA;	CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock);	rv = CRYPTOKI_call(ctx,		C_SignInit(spriv->session, &mechanism, kpriv->object));	if (!rv)		rv = pkcs11_authenticate(key);	if (!rv)		rv = CRYPTOKI_call(ctx,			C_Sign(spriv->session, (CK_BYTE *)msg, msg_len, sigret, &ck_sigsize));	CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock);	if (rv) {		PKCS11err(PKCS11_F_PKCS11_EC_KEY_SIGN, pkcs11_map_err(rv));		return -1;	}	*siglen = ck_sigsize;	return ck_sigsize;}

static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck){    SSL_SESSION *r;    int ret = 0;    if ((c != NULL) && (c->session_id_length != 0)) {        if (lck)            CRYPTO_THREAD_write_lock(ctx->lock);        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {            ret = 1;            r = lh_SSL_SESSION_delete(ctx->sessions, c);            SSL_SESSION_list_remove(ctx, c);        }        c->not_resumable = 1;        if (lck)            CRYPTO_THREAD_unlock(ctx->lock);        if (ret)            SSL_SESSION_free(r);        if (ctx->remove_session_cb != NULL)            ctx->remove_session_cb(ctx, c);    } else        ret = 0;    return (ret);}

/* * Free a functional reference to a engine type. This version is only used * internally. */int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers){    int to_return = 1;    /*     * Reduce the functional reference count here so if it's the terminating     * case, we can release the lock safely and call the finish() handler     * without risk of a race. We get a race if we leave the count until     * after and something else is calling "finish" at the same time -     * there's a chance that both threads will together take the count from 2     * to 0 without either calling finish().     */    e->funct_ref--;    engine_ref_debug(e, 1, -1);    if ((e->funct_ref == 0) && e->finish) {        if (unlock_for_handlers)            CRYPTO_THREAD_unlock(global_engine_lock);        to_return = e->finish(e);        if (unlock_for_handlers)            CRYPTO_THREAD_write_lock(global_engine_lock);        if (!to_return)            return 0;    }    REF_ASSERT_ISNT(e->funct_ref < 0);    /* Release the structural reference too */    if (!engine_free_util(e, 0)) {        ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED);        return 0;    }    return to_return;}

/* * Return the EX_CALLBACKS from the |ex_data| array that corresponds to * a given class.  On success, *holds the lock.* */static EX_CALLBACKS *get_and_lock(OPENSSL_CTX *ctx, int class_index){    EX_CALLBACKS *ip;    OSSL_EX_DATA_GLOBAL *global = NULL;    if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) {        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_PASSED_INVALID_ARGUMENT);        return NULL;    }    global = openssl_ctx_get_ex_data_global(ctx);    if (global->ex_data_lock == NULL) {        /*         * This can happen in normal operation when using CRYPTO_mem_leaks().         * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans         * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets         * freed, which also attempts to free the ex_data. However         * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e.         * before OPENSSL_cleanup() is called), so if we get here we can safely         * ignore this operation. We just treat it as an error.         */         return NULL;    }    ip = &global->ex_data[class_index];    CRYPTO_THREAD_write_lock(global->ex_data_lock);    return ip;}

int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x){    X509_OBJECT *obj;    int ret = 1;    if (x == NULL)        return 0;    obj = OPENSSL_malloc(sizeof(*obj));    if (obj == NULL) {        X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);        return 0;    }    obj->type = X509_LU_CRL;    obj->data.crl = x;    CRYPTO_THREAD_write_lock(ctx->lock);    X509_OBJECT_up_ref_count(obj);    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {        X509_OBJECT_free_contents(obj);        OPENSSL_free(obj);        X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);        ret = 0;    } else        sk_X509_OBJECT_push(ctx->objs, obj);    CRYPTO_THREAD_unlock(ctx->lock);    return ret;}

/* * This function retrieves the context structure from an ENGINE's "ex_data", * or if it doesn't exist yet, sets it up. */static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e){    dynamic_data_ctx *ctx;    if (dynamic_ex_data_idx < 0) {        /*         * Create and register the ENGINE ex_data, and associate our "free"         * function with it to ensure any allocated contexts get freed when         * an ENGINE goes underground.         */        int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,                                              dynamic_data_ctx_free_func);        if (new_idx == -1) {            ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX);            return NULL;        }        CRYPTO_THREAD_write_lock(global_engine_lock);        /* Avoid a race by checking again inside this lock */        if (dynamic_ex_data_idx < 0) {            /* Good, someone didn't beat us to it */            dynamic_ex_data_idx = new_idx;            new_idx = -1;        }        CRYPTO_THREAD_unlock(global_engine_lock);        /*         * In theory we could "give back" the index here if (new_idx>-1), but         * it's not possible and wouldn't gain us much if it were.         */    }    ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);    /* Check if the context needs to be created */    if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))        /* "set_data" will set errors if necessary */        return NULL;    return ctx;}

const RAND_METHOD *RAND_get_rand_method(void){    const RAND_METHOD *tmp_meth = NULL;    if (!RUN_ONCE(&rand_init, do_rand_init))        return NULL;    CRYPTO_THREAD_write_lock(rand_meth_lock);    if (default_RAND_meth == NULL) {#ifndef OPENSSL_NO_ENGINE        ENGINE *e;        /* If we have an engine that can do RAND, use it. */        if ((e = ENGINE_get_default_RAND()) != NULL                && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {            funct_ref = e;            default_RAND_meth = tmp_meth;        } else {            ENGINE_finish(e);            default_RAND_meth = &rand_meth;        }#else        default_RAND_meth = &rand_meth;#endif    }    tmp_meth = default_RAND_meth;    CRYPTO_THREAD_unlock(rand_meth_lock);    return tmp_meth;}

void CRYPTO_secure_clear_free(void *ptr, size_t num,                              const char *file, int line){#ifdef IMPLEMENTED    size_t actual_size;    if (ptr == NULL)        return;    if (!CRYPTO_secure_allocated(ptr)) {        OPENSSL_cleanse(ptr, num);        CRYPTO_free(ptr, file, line);        return;    }    CRYPTO_THREAD_write_lock(sec_malloc_lock);    actual_size = sh_actual_size(ptr);    CLEAR(ptr, actual_size);    secure_mem_used -= actual_size;    sh_free(ptr);    CRYPTO_THREAD_unlock(sec_malloc_lock);#else    if (ptr == NULL)        return;    OPENSSL_cleanse(ptr, num);    CRYPTO_free(ptr, file, line);#endif /* IMPLEMENTED */}

static int def_crl_lookup(X509_CRL *crl,                          X509_REVOKED **ret, ASN1_INTEGER *serial,                          X509_NAME *issuer){    X509_REVOKED rtmp, *rev;    int idx;    rtmp.serialNumber = *serial;    /*     * Sort revoked into serial number order if not already sorted. Do this     * under a lock to avoid race condition.     */    if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) {        CRYPTO_THREAD_write_lock(crl->lock);        sk_X509_REVOKED_sort(crl->crl.revoked);        CRYPTO_THREAD_unlock(crl->lock);    }    idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);    if (idx < 0)        return 0;    /* Need to look for matching name */    for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) {        rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);        if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))            return 0;        if (crl_revoked_issuer_match(crl, issuer, rev)) {            if (ret)                *ret = rev;            if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)                return 2;            return 1;        }    }    return 0;}

void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e){    CRYPTO_THREAD_write_lock(global_engine_lock);    if (int_table_check(table, 0))        lh_ENGINE_PILE_doall_ENGINE(&(*table)->piles, int_unregister_cb, e);    CRYPTO_THREAD_unlock(global_engine_lock);}

/* * Locks the given drbg. Locking a drbg which does not have locking * enabled is considered a successful no-op. * * Returns 1 on success, 0 on failure. */int rand_drbg_lock(RAND_DRBG *drbg){    if (drbg->lock != NULL)        return CRYPTO_THREAD_write_lock(drbg->lock);    return 1;}

static void build_SYS_str_reasons(void){    /* OPENSSL_malloc cannot be used here, use static storage instead */    static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];    static int init = 1;    int i;    CRYPTO_THREAD_write_lock(err_string_lock);    if (!init) {        CRYPTO_THREAD_unlock(err_string_lock);        return;    }    for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {        ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];        str->error = (unsigned long)i;        if (str->string == NULL) {            char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);            if (openssl_strerror_r(i, *dest, sizeof(*dest)))                str->string = *dest;        }        if (str->string == NULL)            str->string = "unknown";    }    /*     * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as     * required by ERR_load_strings.     */    init = 0;    CRYPTO_THREAD_unlock(err_string_lock);}

/* RSA private key decryption */int pkcs11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,		PKCS11_KEY *key, int padding){	PKCS11_SLOT *slot = KEY2SLOT(key);	PKCS11_CTX *ctx = KEY2CTX(key);	PKCS11_KEY_private *kpriv = PRIVKEY(key);	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);	CK_MECHANISM mechanism;	CK_ULONG size = flen;	CK_RV rv;	if (pkcs11_mechanism(&mechanism, padding) < 0)		return -1;	CRYPTO_THREAD_write_lock(PRIVSLOT(slot)->rwlock);	rv = CRYPTOKI_call(ctx,		C_DecryptInit(spriv->session, &mechanism, kpriv->object));	if (rv == CKR_USER_NOT_LOGGED_IN)		rv = pkcs11_authenticate(key);	if (!rv)		rv = CRYPTOKI_call(ctx,			C_Decrypt(spriv->session, (CK_BYTE *)from, size,				(CK_BYTE_PTR)to, &size));	CRYPTO_THREAD_unlock(PRIVSLOT(slot)->rwlock);	if (rv) {		PKCS11err(PKCS11_F_PKCS11_RSA_DECRYPT, pkcs11_map_err(rv));		return -1;	}	return size;}

/* * Implements the get_entropy() callback (see RAND_DRBG_set_callbacks()) * * If the DRBG has a parent, then the required amount of entropy input * is fetched using the parent's RAND_DRBG_generate(). * * Otherwise, the entropy is polled from the system entropy sources * using RAND_POOL_acquire_entropy(). * * If a random pool has been added to the DRBG using RAND_add(), then * its entropy will be used up first. */size_t rand_drbg_get_entropy(RAND_DRBG *drbg,                        unsigned char **pout,                        int entropy, size_t min_len, size_t max_len){    size_t ret = 0;    size_t entropy_available = 0;    RAND_POOL *pool = RAND_POOL_new(entropy, min_len, max_len);    if (pool == NULL)        return 0;    if (drbg->pool) {        RAND_POOL_add(pool,                      RAND_POOL_buffer(drbg->pool),                      RAND_POOL_length(drbg->pool),                      RAND_POOL_entropy(drbg->pool));        RAND_POOL_free(drbg->pool);        drbg->pool = NULL;    }    if (drbg->parent) {        size_t bytes_needed = RAND_POOL_bytes_needed(pool, 8);        unsigned char *buffer = RAND_POOL_add_begin(pool, bytes_needed);        if (buffer != NULL) {            size_t bytes = 0;            /*             * Get random from parent, include our state as additional input.             * Our lock is already held, but we need to lock our parent before             * generating bits from it.             */            if (drbg->parent->lock)                CRYPTO_THREAD_write_lock(drbg->parent->lock);            if (RAND_DRBG_generate(drbg->parent,                                   buffer, bytes_needed,                                   0,                                   (unsigned char *)drbg, sizeof(*drbg)) != 0)                bytes = bytes_needed;            if (drbg->parent->lock)                CRYPTO_THREAD_unlock(drbg->parent->lock);            entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);        }    } else {        /* Get entropy by polling system entropy sources. */        entropy_available = RAND_POOL_acquire_entropy(pool);    }    if (entropy_available > 0) {        ret   = RAND_POOL_length(pool);        *pout = RAND_POOL_detach(pool);    }    RAND_POOL_free(pool);    return ret;}

static void build_SYS_str_reasons(void){    /* OPENSSL_malloc cannot be used here, use static storage instead */    static char strerror_pool[SPACE_SYS_STR_REASONS];    char *cur = strerror_pool;    size_t cnt = 0;    static int init = 1;    int i;    int saveerrno = get_last_sys_error();    CRYPTO_THREAD_write_lock(err_string_lock);    if (!init) {        CRYPTO_THREAD_unlock(err_string_lock);        return;    }    for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {        ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];        str->error = ERR_PACK(ERR_LIB_SYS, 0, i);        if (str->string == NULL) {            if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {                size_t l = strlen(cur);                str->string = cur;                cnt += l;                if (cnt > sizeof(strerror_pool))                    cnt = sizeof(strerror_pool);                cur += l;                /*                 * VMS has an unusual quirk of adding spaces at the end of                 * some (most? all?) messages.  Lets trim them off.                 */                while (ossl_isspace(cur[-1])) {                    cur--;                    cnt--;                }                *cur++ = '/0';                cnt++;            }        }        if (str->string == NULL)            str->string = "unknown";    }    /*     * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as     * required by ERR_load_strings.     */    init = 0;    CRYPTO_THREAD_unlock(err_string_lock);    /* openssl_strerror_r could change errno, but we want to preserve it */    set_sys_error(saveerrno);    err_load_strings(SYS_str_reasons);}

/* * Privately exposed (via eng_int.h) functions for adding and/or removing * ENGINEs from the implementation table */int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,                          ENGINE *e, const int *nids, int num_nids,                          int setdefault){    int ret = 0, added = 0;    ENGINE_PILE tmplate, *fnd;    CRYPTO_THREAD_write_lock(global_engine_lock);    if (!(*table))        added = 1;    if (!int_table_check(table, 1))        goto end;    if (added)        /* The cleanup callback needs to be added */        engine_cleanup_add_first(cleanup);    while (num_nids--) {        tmplate.nid = *nids;        fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);        if (!fnd) {            fnd = OPENSSL_malloc(sizeof(*fnd));            if (fnd == NULL)                goto end;            fnd->uptodate = 1;            fnd->nid = *nids;            fnd->sk = sk_ENGINE_new_null();            if (!fnd->sk) {                OPENSSL_free(fnd);                goto end;            }            fnd->funct = NULL;            (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);        }        /* A registration shouldn't add duplicate entries */        (void)sk_ENGINE_delete_ptr(fnd->sk, e);        /*         * if 'setdefault', this ENGINE goes to the head of the list         */        if (!sk_ENGINE_push(fnd->sk, e))            goto end;        /* "touch" this ENGINE_PILE */        fnd->uptodate = 0;        if (setdefault) {            if (!engine_unlocked_init(e)) {                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,                          ENGINE_R_INIT_FAILED);                goto end;            }            if (fnd->funct)                engine_unlocked_finish(fnd->funct, 0);            fnd->funct = e;            fnd->uptodate = 1;        }        nids++;    }    ret = 1; end:    CRYPTO_THREAD_unlock(global_engine_lock);    return ret;}

/* * Hash in |str| error strings. Assumes the URN_ONCE was done. */static int err_load_strings(const ERR_STRING_DATA *str){    CRYPTO_THREAD_write_lock(err_string_lock);    for (; str->error; str++)        (void)lh_ERR_STRING_DATA_insert(int_error_hash,                                       (ERR_STRING_DATA *)str);    CRYPTO_THREAD_unlock(err_string_lock);    return 1;}

void err_free_strings_int(void){    CRYPTO_THREAD_run_once(&err_string_init, do_err_strings_init);    CRYPTO_THREAD_write_lock(err_string_lock);    lh_ERR_STRING_DATA_free(int_error_hash);    int_error_hash = NULL;    CRYPTO_THREAD_unlock(err_string_lock);}

/* * DRBG has two sets of callbacks; we only discuss the "entropy" one * here.  When the DRBG needs additional randomness bits (called entropy * in the NIST document), it calls the get_entropy callback which fills in * a pointer and returns the number of bytes. When the DRBG is finished with * the buffer, it calls the cleanup_entropy callback, with the value of * the buffer that the get_entropy callback filled in. * * Get entropy from the system, via RAND_poll if needed.  The |entropy| * is the bits of randomness required, and is expected to fit into a buffer * of |min_len|..|max__len| size.  We assume we're getting high-quality * randomness from the system, and that |min_len| bytes will do. */size_t drbg_entropy_from_system(RAND_DRBG *drbg,                                unsigned char **pout,                                int entropy, size_t min_len, size_t max_len){    int i;    if (min_len > (size_t)drbg->size) {        /* Should not happen.  See comment near RANDOMNESS_NEEDED. */        min_len = drbg->size;    }    if (drbg->filled) {        /* Re-use what we have. */        *pout = drbg->randomness;        return drbg->size;    }    drbg->randomness = drbg->secure ? OPENSSL_secure_malloc(drbg->size)                                    : OPENSSL_malloc(drbg->size);    /* If we don't have enough, try to get more. */    CRYPTO_THREAD_write_lock(rand_bytes.lock);    for (i = RAND_POLL_RETRIES; rand_bytes.curr < min_len && --i >= 0; ) {        CRYPTO_THREAD_unlock(rand_bytes.lock);        RAND_poll();        CRYPTO_THREAD_write_lock(rand_bytes.lock);    }    /* Get desired amount, but no more than we have. */    if (min_len > rand_bytes.curr)        min_len = rand_bytes.curr;    if (min_len != 0) {        memcpy(drbg->randomness, rand_bytes.buff, min_len);        drbg->filled = 1;        /* Update amount left and shift it down. */        rand_bytes.curr -= min_len;        if (rand_bytes.curr != 0)            memmove(rand_bytes.buff, &rand_bytes.buff[min_len], rand_bytes.curr);    }    CRYPTO_THREAD_unlock(rand_bytes.lock);    *pout = drbg->randomness;    return min_len;}

void err_free_strings_int(void){    if (!RUN_ONCE(&err_string_init, do_err_strings_init))        return;    CRYPTO_THREAD_write_lock(err_string_lock);    lh_ERR_STRING_DATA_free(int_error_hash);    int_error_hash = NULL;    CRYPTO_THREAD_unlock(err_string_lock);}

void log_close(void) {    /* prevent changing the mode while logging */    CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_LOG_MODE]);    log_mode=LOG_MODE_BUFFER;    if(outfile) {        file_close(outfile);        outfile=NULL;    }    CRYPTO_THREAD_write_unlock(stunnel_locks[LOCK_LOG_MODE]);}

int X509_check_ca(X509 *x){    if (!(x->ex_flags & EXFLAG_SET)) {        CRYPTO_THREAD_write_lock(x->lock);        x509v3_cache_extensions(x);        CRYPTO_THREAD_unlock(x->lock);    }    return check_ca(x);}

void engine_table_cleanup(ENGINE_TABLE **table){    CRYPTO_THREAD_write_lock(global_engine_lock);    if (*table) {        lh_ENGINE_PILE_doall(&(*table)->piles, int_cleanup_cb_doall);        lh_ENGINE_PILE_free(&(*table)->piles);        *table = NULL;    }    CRYPTO_THREAD_unlock(global_engine_lock);}