rpc: harden client lifecycle and cache synchronization

crypto/crypto.go

@@ -138,6 +138,7 @@ func toECDSA(d []byte, strict bool) (*ecdsa.PrivateKey, error) {
 		return nil, fmt.Errorf("invalid private key, zero or negative")
 	}
 
+	//lint:ignore SA1019 secp256k1 uses custom curve ops; crypto/ecdh does not support this curve
 	priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
 	if priv.PublicKey.X == nil {
 		return nil, errors.New("invalid private key")

crypto/ecies/ecies.go

@@ -127,6 +127,7 @@ func (prv *PrivateKey) GenerateShared(pub *PublicKey, skLen, macLen int) (sk []b
 		return nil, ErrSharedKeyTooBig
 	}
 
+	//lint:ignore SA1019 secp256k1 ECDH still relies on curve ScalarMult in this implementation
 	x, _ := pub.Curve.ScalarMult(pub.X, pub.Y, prv.D.Bytes())
 	if x == nil {
 		return nil, ErrSharedKeyIsPointAtInfinity
@@ -337,6 +338,7 @@ func (prv *PrivateKey) Decrypt(c, s1, s2 []byte) (m []byte, err error) {
 		err = ErrInvalidPublicKey
 		return
 	}
+	//lint:ignore SA1019 secp256k1 curve validation uses IsOnCurve and cannot use crypto/ecdh directly
 	if !R.Curve.IsOnCurve(R.X, R.Y) {
 		err = ErrInvalidCurve
 		return

go.mod

@@ -58,7 +58,7 @@ require (
 	github.com/mholt/acmez v1.2.0 // indirect
 	github.com/miekg/dns v1.1.57 // indirect
 	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
-	github.com/petermattis/goid v0.0.0-20231126143041-f558c26febf5 // indirect
+	github.com/petermattis/goid v0.0.0-20260113132338-7c7de50cc741 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect

go.sum

@@ -138,8 +138,8 @@ github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
 github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
 github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o=
-github.com/petermattis/goid v0.0.0-20231126143041-f558c26febf5 h1:+qIP3OMrT7SN5kLnTcVEISPOMB/97RyAKTg1UWA738E=
-github.com/petermattis/goid v0.0.0-20231126143041-f558c26febf5/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4=
+github.com/petermattis/goid v0.0.0-20260113132338-7c7de50cc741 h1:KPpdlQLZcHfTMQRi6bFQ7ogNO0ltFT4PmtwTLW4W+14=
+github.com/petermattis/goid v0.0.0-20260113132338-7c7de50cc741/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

rpc/bridge.go

@@ -390,8 +390,10 @@ func validateRLPValue(k rlp.Kind, content []byte) error {
 	return nil
 }
 
-// recvMessageLoop infinite loop to read message from server
-func (client *Client) recvMessageLoop() {
+// recvMessageLoop infinite loop to read message from server.
+// It uses the connection captured at start so Close() can safely
+// close the connection without racing on client.s pointer updates.
+func (client *Client) recvMessageLoop(ssl *SSL) {
 	msgBuffer := make(chan edge.Message, 20)
 	defer close(msgBuffer)
 
@@ -402,16 +404,16 @@ func (client *Client) recvMessageLoop() {
 	}()
 
 	for {
-		if client.s == nil {
-			if !client.isClosed {
+		if ssl == nil {
+			if !client.isClientClosed() {
 				client.Log().Info("Client connection closed prematurely.")
 				client.Close()
 			}
 			return
 		}
-		msg, err := client.s.readMessage()
+		msg, err := ssl.readMessage()
 		if err != nil {
-			if !client.isClosed {
+			if !client.isClientClosed() {
 				client.Log().Info("Client connection closed unexpectedly: %v", err)
 				client.Close()
 			}