Throw if JDK-8292158 may cause AES-CTR encryption corruption

Determine if JVM is impacted by JDK-8292158 which can corrupt AES-CTR encryption streams. This bug impacts JDKs up to 11.0.18, 15.0.10, 17.0.6, 19.0.2 and when running on CPUs with AVX-512 vectorized AES support. See https://bugs.openjdk.org/browse/JDK-8292158
palantir · Dec 2, 2022 · c45fb91 · c45fb91
1 parent 851a3e0
commit c45fb91
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/crypto-core/src/main/java/com/palantir/crypto2/cipher/Jdk8292158.java b/crypto-core/src/main/java/com/palantir/crypto2/cipher/Jdk8292158.java
@@ -18,6 +18,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Splitter;
+import com.google.common.base.Suppliers;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSortedSet;
 import com.palantir.logsafe.SafeArg;
@@ -35,6 +36,7 @@
 import java.util.Objects;
 import java.util.Set;
 import java.util.function.BooleanSupplier;
+import java.util.function.Supplier;
 import java.util.stream.Stream;
 import javax.annotation.Nullable;
 
@@ -54,8 +56,9 @@ public final class Jdk8292158 {
     static final ImmutableSet<String> jdk8292158ImpactedCpuFlags =
             ImmutableSet.of("vaes", "avx512bw", "avx512vl", "vpclmulqdq");
 
-    private static final BooleanSupplier isAffectedByJdkAesCtrCorruption = () -> isAffectedByJdkAesCtrCorruption(
-            Runtime.version(), architecture(), ProcessHandle.current().info());
+    private static final Supplier<Boolean> isAffectedByJdkAesCtrCorruption =
+            Suppliers.memoize(() -> isAffectedByJdkAesCtrCorruption(
+                    Runtime.version(), architecture(), ProcessHandle.current().info()));
 
     private Jdk8292158() {}
 
@@ -84,7 +87,7 @@ private static SafeIllegalStateException cannotEncryptAesCtrSafely(
      * @throws SafeIllegalStateException is this JVM and CPU is affected by JDK-8292158 AES-CTR corruption
      */
     public static boolean isAffectedByJdkAesCtrCorruption(@Nullable String algorithm) {
-        return algorithm != null && algorithm.contains("AES/CTR") && isAffectedByJdkAesCtrCorruption.getAsBoolean();
+        return algorithm != null && algorithm.contains("AES/CTR") && isAffectedByJdkAesCtrCorruption.get();
     }
 
     @VisibleForTesting