Merge pull request #150 from cquintana92/feature/lock-global-pgp-fields

Use a lock to protect global pgp fields from concurrent read/write operations

.github/workflows/ios.yml

@@ -12,10 +12,10 @@ jobs:
     runs-on: macos-latest
 
     steps:
-      - name: Set up xcode 12.2
+      - name: Set up xcode 13.0
         uses: maxim-lobanov/setup-xcode@v1
         with:
-          xcode-version: 12.2
+          xcode-version: 13.0
         id: xcode
 
       - name: Set up Go 1.x

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+### Fixed
+- Protect the global `pgp` variable fields with a lock.
+
 ## [2.2.4] 2021-09-29
 ### Fixed
 - Use the provided `verifyTime` instead of the current time when verifying embedded signatures.

crypto/gopenpgp.go

@@ -1,14 +1,21 @@
 // Package crypto provides a high-level API for common OpenPGP functionality.
 package crypto
 
+import "sync"
+
 // GopenPGP is used as a "namespace" for many of the functions in this package.
 // It is a struct that keeps track of time skew between server and client.
 type GopenPGP struct {
 	latestServerTime int64
 	generationOffset int64
+	lock             *sync.RWMutex
 }
 
-var pgp = GopenPGP{}
+var pgp = GopenPGP{
+	latestServerTime: 0,
+	generationOffset: 0,
+	lock:             &sync.RWMutex{},
+}
 
 // clone returns a clone of the byte slice. Internal function used to make sure
 // we don't retain a reference to external data.

crypto/time.go

@@ -6,6 +6,9 @@ import (
 
 // UpdateTime updates cached time.
 func UpdateTime(newTime int64) {
+	pgp.lock.Lock()
+	defer pgp.lock.Unlock()
+
 	if newTime > pgp.latestServerTime {
 		pgp.latestServerTime = newTime
 	}
@@ -13,6 +16,9 @@ func UpdateTime(newTime int64) {
 
 // SetKeyGenerationOffset updates the offset when generating keys.
 func SetKeyGenerationOffset(offset int64) {
+	pgp.lock.Lock()
+	defer pgp.lock.Unlock()
+
 	pgp.generationOffset = offset
 }
 
@@ -30,6 +36,9 @@ func GetTime() time.Time {
 
 // getNow returns the latest server time.
 func getNow() time.Time {
+	pgp.lock.RLock()
+	defer pgp.lock.RUnlock()
+
 	if pgp.latestServerTime == 0 {
 		return time.Now()
 	}
@@ -44,6 +53,9 @@ func getTimeGenerator() func() time.Time {
 
 // getNowKeyGenerationOffset returns the current time with the key generation offset.
 func getNowKeyGenerationOffset() time.Time {
+	pgp.lock.RLock()
+	defer pgp.lock.RUnlock()
+
 	if pgp.latestServerTime == 0 {
 		return time.Unix(time.Now().Unix()+pgp.generationOffset, 0)
 	}