Compute AES cypher tables at compile time instead of run time.

The aes implementation needs some tables of data to perform its
calculations. In a thread-safety review, Henry spotted that the
tables were global variables with no mutex isolation.

I believe this is actually ok. There is a static flag marking whether
the tables are initialized. If they are not, a call to aes_setkey_*
will invoke aes_gen_tables to initialize them, then set the flag.
However, aes_gen_tables operates deterministically, always writing
the same data sequence to the globals. So while there is a race
where two threads could be executing aes_gen_tables at the same time,
or while another thread is accessing the same tables, there is no
read-modify-write step which could create inconsistent data.

Nevertheless, the tables are small relative to our application, and
there is a compile time option XYSSL_AES_ROM_TABLES which generates
the data at compile time and stores it static const. This commit
turns on that option, allowing the compiler to put the data in a
non-writable segment and making the careful thread safety analysis
above unnecessary.

There should be no difference in behaviour, and Henry has verified
that the two code paths result in identical table data.

git-svn-id: http://svn.ghostscript.com/ghostscript/trunk@10946 a1074d23-0009-0410-80fe-cf8c14f379e6

1 files changed, 2 insertions, 0 deletions

diff --git a/gs/base/aes.c b/gs/base/aes.c
index e2a7c23ad..05b8d6a22 100644
--- a/gs/base/aes.c
+++ b/gs/base/aes.c
@@ -42,6 +42,8 @@
 #include "string_.h"	/* memcmp() */
 #include "aes.h"
 
+#define XYSSL_AES_ROM_TABLES 1 /* avoid regenerating tables each time */
+
 /*
  * 32-bit integer manipulation macros (little endian)
  */