Merge pull request #150 from cquintana92/feature/lock-global-pgp-fields
Use a lock to protect global pgp fields from concurrent read/write operations
This commit is contained in:
wussler
GitHub
commit
ff2d068b47
4 changed files with 26 additions and 3 deletions
4
.github/workflows/ios.yml
vendored
4
.github/workflows/ios.yml
vendored
|
|
@ -12,10 +12,10 @@ jobs:
|
|||
runs-on: macos-latest
|
||||
|
||||
steps:
|
||||
- name: Set up xcode 12.2
|
||||
- name: Set up xcode 13.0
|
||||
uses: maxim-lobanov/setup-xcode@v1
|
||||
with:
|
||||
xcode-version: 12.2
|
||||
xcode-version: 13.0
|
||||
id: xcode
|
||||
|
||||
- name: Set up Go 1.x
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [Unreleased]
|
||||
### Fixed
|
||||
- Protect the global `pgp` variable fields with a lock.
|
||||
|
||||
## [2.2.4] 2021-09-29
|
||||
### Fixed
|
||||
- Use the provided `verifyTime` instead of the current time when verifying embedded signatures.
|
||||
|
|
|
|||
|
|
@ -1,14 +1,21 @@
|
|||
// Package crypto provides a high-level API for common OpenPGP functionality.
|
||||
package crypto
|
||||
|
||||
import "sync"
|
||||
|
||||
// GopenPGP is used as a "namespace" for many of the functions in this package.
|
||||
// It is a struct that keeps track of time skew between server and client.
|
||||
type GopenPGP struct {
|
||||
latestServerTime int64
|
||||
generationOffset int64
|
||||
lock *sync.RWMutex
|
||||
}
|
||||
|
||||
var pgp = GopenPGP{}
|
||||
var pgp = GopenPGP{
|
||||
latestServerTime: 0,
|
||||
generationOffset: 0,
|
||||
lock: &sync.RWMutex{},
|
||||
}
|
||||
|
||||
// clone returns a clone of the byte slice. Internal function used to make sure
|
||||
// we don't retain a reference to external data.
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ import (
|
|||
|
||||
// UpdateTime updates cached time.
|
||||
func UpdateTime(newTime int64) {
|
||||
pgp.lock.Lock()
|
||||
defer pgp.lock.Unlock()
|
||||
|
||||
if newTime > pgp.latestServerTime {
|
||||
pgp.latestServerTime = newTime
|
||||
}
|
||||
|
|
@ -13,6 +16,9 @@ func UpdateTime(newTime int64) {
|
|||
|
||||
// SetKeyGenerationOffset updates the offset when generating keys.
|
||||
func SetKeyGenerationOffset(offset int64) {
|
||||
pgp.lock.Lock()
|
||||
defer pgp.lock.Unlock()
|
||||
|
||||
pgp.generationOffset = offset
|
||||
}
|
||||
|
||||
|
|
@ -30,6 +36,9 @@ func GetTime() time.Time {
|
|||
|
||||
// getNow returns the latest server time.
|
||||
func getNow() time.Time {
|
||||
pgp.lock.RLock()
|
||||
defer pgp.lock.RUnlock()
|
||||
|
||||
if pgp.latestServerTime == 0 {
|
||||
return time.Now()
|
||||
}
|
||||
|
|
@ -44,6 +53,9 @@ func getTimeGenerator() func() time.Time {
|
|||
|
||||
// getNowKeyGenerationOffset returns the current time with the key generation offset.
|
||||
func getNowKeyGenerationOffset() time.Time {
|
||||
pgp.lock.RLock()
|
||||
defer pgp.lock.RUnlock()
|
||||
|
||||
if pgp.latestServerTime == 0 {
|
||||
return time.Unix(time.Now().Unix()+pgp.generationOffset, 0)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue