From 742518c8e5226cd2456e8a7735fb9791c34d4ca7 Mon Sep 17 00:00:00 2001
From: Andrew Gouin <andrew@gouin.io>
Date: Tue, 20 Jun 2023 17:17:16 -0600
Subject: [PATCH] fix concurrent map write

---
 signer/cosigner_security_ecies.go |  6 ++++++
 signer/cosigner_security_rsa.go   |  6 ++++++
 signer/local_cosigner.go          | 14 ++------------
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/signer/cosigner_security_ecies.go b/signer/cosigner_security_ecies.go
index 1ea90174..0df3b5fb 100644
--- a/signer/cosigner_security_ecies.go
+++ b/signer/cosigner_security_ecies.go
@@ -20,6 +20,12 @@ type CosignerSecurityECIES struct {
 	eciesPubKeys map[int]CosignerECIESPubKey
 }
 
+// CosignerECIESKey is a cosigner's ECIES public key.
+type CosignerECIESPubKey struct {
+	ID        int
+	PublicKey *ecies.PublicKey
+}
+
 // NewCosignerSecurityECIES creates a new CosignerSecurityECIES.
 func NewCosignerSecurityECIES(key CosignerECIESKey, eciesPubKeys []CosignerECIESPubKey) *CosignerSecurityECIES {
 	c := &CosignerSecurityECIES{
diff --git a/signer/cosigner_security_rsa.go b/signer/cosigner_security_rsa.go
index 64d44f90..6171d743 100644
--- a/signer/cosigner_security_rsa.go
+++ b/signer/cosigner_security_rsa.go
@@ -19,6 +19,12 @@ type CosignerSecurityRSA struct {
 	rsaPubKeys map[int]CosignerRSAPubKey
 }
 
+// CosignerRSAKey is a cosigner's RSA public key.
+type CosignerRSAPubKey struct {
+	ID        int
+	PublicKey rsa.PublicKey
+}
+
 // NewCosignerSecurityRSA creates a new CosignerSecurityRSA.
 func NewCosignerSecurityRSA(key CosignerRSAKey, rsaPubKeys []CosignerRSAPubKey) *CosignerSecurityRSA {
 	c := &CosignerSecurityRSA{
diff --git a/signer/local_cosigner.go b/signer/local_cosigner.go
index 643c3558..d76ab0fc 100644
--- a/signer/local_cosigner.go
+++ b/signer/local_cosigner.go
@@ -1,7 +1,6 @@
 package signer
 
 import (
-	"crypto/rsa"
 	"errors"
 	"fmt"
 	"sync"
@@ -9,7 +8,6 @@ import (
 
 	cometcrypto "github.com/cometbft/cometbft/crypto"
 	cometcryptoed25519 "github.com/cometbft/cometbft/crypto/ed25519"
-	ecies "github.com/ecies/go/v2"
 	"golang.org/x/sync/errgroup"
 )
 
@@ -104,16 +102,6 @@ func (hrst *HRSTKey) Less(other HRSTKey) bool {
 	return false
 }
 
-type CosignerRSAPubKey struct {
-	ID        int
-	PublicKey rsa.PublicKey
-}
-
-type CosignerECIESPubKey struct {
-	ID        int
-	PublicKey *ecies.PublicKey
-}
-
 type CosignerGetNonceRequest struct {
 	ChainID   string
 	ID        int
@@ -278,6 +266,7 @@ func (cosigner *LocalCosigner) sign(req CosignerSignRequest) (CosignerSignRespon
 		}
 	}
 
+	ccs.mu.Lock()
 	for existingKey := range ccs.nonces {
 		// delete any HRS lower than our signed level
 		// we will not be providing parts for any lower HRS
@@ -285,6 +274,7 @@ func (cosigner *LocalCosigner) sign(req CosignerSignRequest) (CosignerSignRespon
 			delete(ccs.nonces, existingKey)
 		}
 	}
+	ccs.mu.Unlock()
 
 	res.Signature = sig