/* * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use * this file except in compliance with the License. A copy of the License is * located at * * http://aws.amazon.com/apache2.0/ * * or in the "license" file accompanying this file. This file is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or * implied. See the License for the specific language governing permissions and * limitations under the License. */ #include <aws/common/byte_buf.h> #include <aws/common/common.h> #include <aws/common/hash_table.h> #include <aws/common/math.h> #include <aws/cryptosdk/error.h> #include <aws/cryptosdk/private/enc_ctx.h> #include <aws/cryptosdk/private/utils.h> #include <proof_helpers/proof_allocators.h> #include <proof_helpers/utils.h> /* If the consumer of the list doesn't use the elements in the list, we can just leave it undef * This is sound, as it gives you a totally nondet value every time you use a list element, and is the default behaviour * of CBMC. But if it is used, we need a way for the harness to specify valid values for the element, for example if * they are copying values out of the table. They can do this by defining * -DAWS_CRYPTOSDK_HASH_ELEMS_ARRAY_INIT_GENERATOR=the_generator_fn, wher the_generator_fn has signature * the_generator_fn(struct aws_array_list *elems). * [elems] is a pointer to the array_list whose values need to be set */ #ifdef AWS_CRYPTOSDK_HASH_ELEMS_ARRAY_INIT_GENERATOR void AWS_CRYPTOSDK_HASH_ELEMS_ARRAY_INIT_GENERATOR(struct aws_array_list *elems); #endif int aws_cryptosdk_hash_elems_array_init( struct aws_allocator *alloc, struct aws_array_list *elems, const struct aws_hash_table *map) { AWS_PRECONDITION(AWS_OBJECT_PTR_IS_READABLE(alloc)); AWS_PRECONDITION(AWS_OBJECT_PTR_IS_WRITABLE(elems)); AWS_PRECONDITION(aws_hash_table_is_valid(map)); size_t entry_count = aws_hash_table_get_entry_count(map); elems->alloc = alloc; elems->item_size = sizeof(struct aws_hash_element); elems->length = entry_count; __CPROVER_assume(elems->current_size >= elems->length * elems->item_size); elems->data = bounded_malloc(elems->current_size); /* Malloc can return NULL, assume that elems->data (which would come from map) isn't NULL */ __CPROVER_assume(elems->data != NULL); #ifdef AWS_CRYPTOSDK_HASH_ELEMS_ARRAY_INIT_GENERATOR AWS_CRYPTOSDK_HASH_ELEMS_ARRAY_INIT_GENERATOR(elems); #endif AWS_POSTCONDITION(aws_array_list_length(elems) == entry_count); AWS_POSTCONDITION(aws_array_list_is_valid(elems)); return nondet_int(); }