From 90b6b517dac1148141307f5c4fb4ba1b827afc27 Mon Sep 17 00:00:00 2001
From: Damian Debkowski <damian.debkowski@hashicorp.com>
Date: Mon, 12 Feb 2024 16:42:02 +0000
Subject: [PATCH 1/2] backport of commit
 f067713cd022ec170029beb73b93e224e104db89

---
 internal/bsr/internal/sign/sign.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/internal/bsr/internal/sign/sign.go b/internal/bsr/internal/sign/sign.go
index 8adfec2770..b5e449138f 100644
--- a/internal/bsr/internal/sign/sign.go
+++ b/internal/bsr/internal/sign/sign.go
@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"io"
 	"io/fs"
+	"sync"
 
 	"github.com/hashicorp/boundary/internal/bsr/internal/is"
 	"github.com/hashicorp/boundary/internal/bsr/kms"
@@ -29,6 +30,8 @@ type Writer struct {
 	buf *bytes.Buffer
 	w   io.Writer
 	tee io.Writer
+
+	l sync.Mutex
 }
 
 // NewWriter returns a Writer that wraps an io.Writer.
@@ -52,6 +55,8 @@ func NewWriter(_ context.Context, w io.Writer, keys *kms.Keys) (*Writer, error)
 }
 
 func (w *Writer) Write(b []byte) (int, error) {
+	w.l.Lock()
+	defer w.l.Unlock()
 	return w.tee.Write(b)
 }
 
@@ -63,6 +68,8 @@ func (w *Writer) WriteString(s string) (int, error) {
 // Close implements the io.Closer method.
 func (w *Writer) Close() error {
 	const op = "sign.(Writer).Close"
+	w.l.Lock()
+	defer w.l.Unlock()
 	var i interface{} = w.w
 	v, ok := i.(io.WriteCloser)
 	if ok {
@@ -75,6 +82,8 @@ func (w *Writer) Close() error {
 
 // Sign returns the signature of the data written to the writer.
 func (w *Writer) Sign(ctx context.Context) (*wrapping.SigInfo, error) {
+	w.l.Lock()
+	defer w.l.Unlock()
 	sig, err := w.keys.SignWithPrivKey(ctx, w.buf.Bytes())
 	if err != nil {
 		return nil, err

From a1412f50672f6120251b28f631e5a6511f6c025e Mon Sep 17 00:00:00 2001
From: Damian Debkowski <damian.debkowski@hashicorp.com>
Date: Wed, 14 Feb 2024 16:46:12 +0000
Subject: [PATCH 2/2] backport of commit
 146b2b6e433a267068d58a20d3b3ff01900b6ae1

---
 internal/bsr/internal/sign/sign.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/internal/bsr/internal/sign/sign.go b/internal/bsr/internal/sign/sign.go
index b5e449138f..67ee800f64 100644
--- a/internal/bsr/internal/sign/sign.go
+++ b/internal/bsr/internal/sign/sign.go
@@ -31,6 +31,8 @@ type Writer struct {
 	w   io.Writer
 	tee io.Writer
 
+	// This lock protects the buf and w variables defined in this Writer struct as a
+	// consequence of these variables both being written to at the same time using tee
 	l sync.Mutex
 }