From 4bf0f025dd94a8117997028d35c8b4497de497b4 Mon Sep 17 00:00:00 2001
From: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Date: Tue, 23 Jul 2024 14:06:47 +0300
Subject: [PATCH] fix: get rid of data race in the key sign interceptor

The code underneath is not thread safe and it looks like we need a
mutex.

Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
---
 pkg/pgp/key.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/pgp/key.go b/pkg/pgp/key.go
index 82f47b5..d55fc54 100644
--- a/pkg/pgp/key.go
+++ b/pkg/pgp/key.go
@@ -8,6 +8,7 @@ package pgp
 import (
 	"crypto"
 	"math"
+	"sync"
 	"time"
 
 	"github.com/ProtonMail/go-crypto/openpgp"
@@ -19,6 +20,7 @@ import (
 type Key struct {
 	key     *pgpcrypto.Key
 	keyring *pgpcrypto.KeyRing
+	mu      sync.Mutex
 }
 
 // GenerateKey generates a new PGP key pair.
@@ -77,6 +79,9 @@ func (p *Key) Verify(data, signature []byte) error {
 
 // Sign signs the given data using the private key.
 func (p *Key) Sign(data []byte) ([]byte, error) {
+	p.mu.Lock()
+	defer p.mu.Unlock()
+
 	message := pgpcrypto.NewPlainMessage(data)
 
 	signature, err := p.keyring.SignDetached(message)