Skip to content

Commit

Permalink
fix: get rid of data race in the key sign interceptor
Browse files Browse the repository at this point in the history
The code underneath is not thread safe and it looks like we need a
mutex.

Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
  • Loading branch information
Unix4ever committed Jul 23, 2024
1 parent 782aac0 commit 4bf0f02
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions pkg/pgp/key.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ package pgp
import (
"crypto"
"math"
"sync"
"time"

"github.com/ProtonMail/go-crypto/openpgp"
Expand All @@ -19,6 +20,7 @@ import (
type Key struct {
key *pgpcrypto.Key
keyring *pgpcrypto.KeyRing
mu sync.Mutex
}

// GenerateKey generates a new PGP key pair.
Expand Down Expand Up @@ -77,6 +79,9 @@ func (p *Key) Verify(data, signature []byte) error {

// Sign signs the given data using the private key.
func (p *Key) Sign(data []byte) ([]byte, error) {
p.mu.Lock()
defer p.mu.Unlock()

message := pgpcrypto.NewPlainMessage(data)

signature, err := p.keyring.SignDetached(message)
Expand Down

0 comments on commit 4bf0f02

Please sign in to comment.