[core] refactor rdp encryption lock

libfreerdp/core/security.c

@@ -409,7 +409,6 @@ BOOL security_salted_mac_signature(rdpRdp* rdp, const BYTE* data, UINT32 length,
 	WINPR_ASSERT(data || (length == 0));
 	WINPR_ASSERT(output);
 
-	EnterCriticalSection(&rdp->critical);
 	security_UINT32_le(length_le, length); /* length must be little-endian */
 
 	if (encryption)
@@ -474,7 +473,7 @@ BOOL security_salted_mac_signature(rdpRdp* rdp, const BYTE* data, UINT32 length,
 out:
 	if (!result)
 		WLog_WARN(TAG, "security mac signature generation failed");
-	LeaveCriticalSection(&rdp->critical);
+
 	winpr_Digest_Free(sha1);
 	winpr_Digest_Free(md5);
 	return result;
@@ -661,15 +660,16 @@ BOOL security_establish_keys(rdpRdp* rdp)
 		rdp->rc4_key_len = 16;
 	}
 
-	EnterCriticalSection(&rdp->critical);
+	if (!security_lock(rdp))
+		return FALSE;
 	memcpy(rdp->decrypt_update_key, rdp->decrypt_key, 16);
 	memcpy(rdp->encrypt_update_key, rdp->encrypt_key, 16);
 	rdp->decrypt_use_count = 0;
 	rdp->decrypt_checksum_use_count = 0;
 	rdp->encrypt_use_count = 0;
 	rdp->encrypt_checksum_use_count = 0;
-	LeaveCriticalSection(&rdp->critical);
-	return TRUE;
+
+	return security_unlock(rdp);
 }
 
 static BOOL security_key_update(BYTE* key, BYTE* update_key, size_t key_len, rdpRdp* rdp)
@@ -740,7 +740,8 @@ out:
 BOOL security_encrypt(BYTE* data, size_t length, rdpRdp* rdp)
 {
 	BOOL rc = FALSE;
-	EnterCriticalSection(&rdp->critical);
+
+	WINPR_ASSERT(rdp);
 	if (!rdp->rc4_encrypt_key)
 	{
 		WLog_ERR(TAG, "rdp->rc4_encrypt_key=%p", rdp->rc4_encrypt_key);
@@ -763,7 +764,6 @@ BOOL security_encrypt(BYTE* data, size_t length, rdpRdp* rdp)
 	rdp->encrypt_checksum_use_count++;
 	rc = TRUE;
 fail:
-	LeaveCriticalSection(&rdp->critical);
 	return rc;
 }
 
@@ -774,7 +774,6 @@ BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
 	WINPR_ASSERT(data || (length == 0));
 	WINPR_ASSERT(rdp);
 
-	EnterCriticalSection(&rdp->critical);
 	if (!rdp->rc4_decrypt_key)
 	{
 		WLog_ERR(TAG, "rdp->rc4_decrypt_key=%p", rdp->rc4_decrypt_key);
@@ -799,7 +798,6 @@ BOOL security_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
 fail:
 	if (!rc)
 		WLog_WARN(TAG, "Failed to decrypt security");
-	LeaveCriticalSection(&rdp->critical);
 	return rc;
 }
 
@@ -809,9 +807,10 @@ BOOL security_hmac_signature(const BYTE* data, size_t length, BYTE* output, rdpR
 	BYTE use_count_le[4];
 	WINPR_HMAC_CTX* hmac;
 	BOOL result = FALSE;
-	EnterCriticalSection(&rdp->critical);
+
+	WINPR_ASSERT(rdp);
+
 	security_UINT32_le(use_count_le, rdp->encrypt_use_count);
-	LeaveCriticalSection(&rdp->critical);
 
 	if (!(hmac = winpr_HMAC_New()))
 		return FALSE;
@@ -840,14 +839,12 @@ BOOL security_fips_encrypt(BYTE* data, size_t length, rdpRdp* rdp)
 	BOOL rc = FALSE;
 	size_t olen;
 
-	EnterCriticalSection(&rdp->critical);
 	if (!winpr_Cipher_Update(rdp->fips_encrypt, data, length, data, &olen))
 		goto fail;
 
 	rdp->encrypt_use_count++;
 	rc = TRUE;
 fail:
-	LeaveCriticalSection(&rdp->critical);
 	return rc;
 }
 
@@ -856,7 +853,10 @@ BOOL security_fips_decrypt(BYTE* data, size_t length, rdpRdp* rdp)
 	size_t olen;
 
 	if (!rdp || !rdp->fips_decrypt)
+	{
+		WLog_ERR(TAG, "rdp=%p, rdp->fips_decrypt=%p", rdp, rdp->fips_decrypt);
 		return FALSE;
+	}
 
 	if (!winpr_Cipher_Update(rdp->fips_decrypt, data, length, data, &olen))
 		return FALSE;
@@ -870,9 +870,8 @@ BOOL security_fips_check_signature(const BYTE* data, size_t length, const BYTE*
 	BYTE use_count_le[4] = { 0 };
 	WINPR_HMAC_CTX* hmac = NULL;
 	BOOL result = FALSE;
-	EnterCriticalSection(&rdp->critical);
+
 	security_UINT32_le(use_count_le, rdp->decrypt_use_count++);
-	LeaveCriticalSection(&rdp->critical);
 
 	if (!(hmac = winpr_HMAC_New()))
 		return FALSE;
@@ -898,3 +897,17 @@ out:
 	winpr_HMAC_Free(hmac);
 	return result;
 }
+
+BOOL security_lock(rdpRdp* rdp)
+{
+	WINPR_ASSERT(rdp);
+	EnterCriticalSection(&rdp->critical);
+	return TRUE;
+}
+
+BOOL security_unlock(rdpRdp* rdp)
+{
+	WINPR_ASSERT(rdp);
+	LeaveCriticalSection(&rdp->critical);
+	return TRUE;
+}