From d1550c5c1f1643d9d9225c8ee47a1770655ddf5f Mon Sep 17 00:00:00 2001
From: larabr <larabr+github@protonmail.com>
Date: Thu, 3 Aug 2023 16:16:58 +0200
Subject: [PATCH] Argon2: avoid loading multiple wasm modules on first
 initialisation (#7)

---
 package-lock.json      | 14 +++++++-------
 package.json           |  2 +-
 src/type/s2k/argon2.js | 11 +++++++----
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2a9aa2e10..dd20207fb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24,7 +24,7 @@
         "@rollup/plugin-replace": "^2.3.2",
         "@rollup/plugin-wasm": "^6.1.2",
         "@types/chai": "^4.2.14",
-        "argon2id": "^1.0.0",
+        "argon2id": "^1.0.1",
         "benchmark": "^2.1.4",
         "bn.js": "^4.11.8",
         "chai": "^4.3.6",
@@ -986,9 +986,9 @@
       "dev": true
     },
     "node_modules/argon2id": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/argon2id/-/argon2id-1.0.0.tgz",
-      "integrity": "sha512-Z4TqH1xUnm2bq8b3WR5eQ37VPzpuJxezhlsMDXFJtEVmhJW5KWkEGzqILibsm9Nii6OGKsrLWVUczZePz3ZgzA==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/argon2id/-/argon2id-1.0.1.tgz",
+      "integrity": "sha512-rsiD3lX+0L0CsiZARp3bf9EGxprtuWAT7PpiJd+Fk53URV0/USOQkBIP1dLTV8t6aui0ECbymQ9W9YCcTd6XgA==",
       "dev": true
     },
     "node_modules/argparse": {
@@ -8278,9 +8278,9 @@
       "dev": true
     },
     "argon2id": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/argon2id/-/argon2id-1.0.0.tgz",
-      "integrity": "sha512-Z4TqH1xUnm2bq8b3WR5eQ37VPzpuJxezhlsMDXFJtEVmhJW5KWkEGzqILibsm9Nii6OGKsrLWVUczZePz3ZgzA==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/argon2id/-/argon2id-1.0.1.tgz",
+      "integrity": "sha512-rsiD3lX+0L0CsiZARp3bf9EGxprtuWAT7PpiJd+Fk53URV0/USOQkBIP1dLTV8t6aui0ECbymQ9W9YCcTd6XgA==",
       "dev": true
     },
     "argparse": {
diff --git a/package.json b/package.json
index 5463fa17c..980c801a7 100644
--- a/package.json
+++ b/package.json
@@ -66,7 +66,7 @@
     "@rollup/plugin-replace": "^2.3.2",
     "@rollup/plugin-wasm": "^6.1.2",
     "@types/chai": "^4.2.14",
-    "argon2id": "^1.0.0",
+    "argon2id": "^1.0.1",
     "benchmark": "^2.1.4",
     "bn.js": "^4.11.8",
     "chai": "^4.3.6",
diff --git a/src/type/s2k/argon2.js b/src/type/s2k/argon2.js
index 598c4388c..f79e3ef6f 100644
--- a/src/type/s2k/argon2.js
+++ b/src/type/s2k/argon2.js
@@ -91,10 +91,12 @@ class Argon2S2K {
     const decodedM = 2 << (this.encodedM - 1);
 
     try {
-      if (!argon2Promise) { // first load
-        loadArgonWasmModule = loadArgonWasmModule || (await import('argon2id')).default;
-        argon2Promise = loadArgonWasmModule();
-      }
+      // on first load, the argon2 lib is imported and the WASM module is initialized.
+      // the two steps need to be atomic to avoid race conditions causing multiple wasm modules
+      // being loaded when `argon2Promise` is not initialized.
+      loadArgonWasmModule = loadArgonWasmModule || (await import('argon2id')).default;
+      argon2Promise = argon2Promise || loadArgonWasmModule();
+
       // important to keep local ref to argon2 in case the module is reloaded by another instance
       const argon2 = await argon2Promise;
 
@@ -114,6 +116,7 @@ class Argon2S2K {
       if (decodedM > ARGON2_WASM_MEMORY_THRESHOLD_RELOAD) {
         // it will be awaited if needed at the next `produceKey` invocation
         argon2Promise = loadArgonWasmModule();
+        argon2Promise.catch(() => {});
       }
       return hash;
     } catch (e) {