The option parser wrapper allocated memory in an incorrect way, which
could lead to problems especially with --xml-output, since it would
access the memory at a later point in the execution. This could then
propagate to GUI problems, since the GUI uses the --xml-output switch.
Rewrote the code to be more readable and less incorrect.
This patch addresses two 64-bit platform compilation issues:
- Force 32-bit mode for gcc using '-m32'
- Recent library modifications broke the 32-bit compilation on 64-bit machines: updated
'compile.txt' to include the need for the 'gcc-multilib' package.
The previous way of selecting fonts was an obsolete hack. Some recent versions of wxPython
ran into problems. Now updated to reflect the correct wxPython font selection conventions.
Bug report and fix suggestion by S. Dismore.
After the new function implementation, the 'Function' type is no longer one-way by default.
However, many protocol description files relied on this implicit assumption.
The solution is to use 'hashfunction' declarations instead to model one-wayness.
Original bug report by Binh Thanh Nguyen.
Recent versions of Graphviz no longer set the PATH variable on Windows.
Hence Scyther can fail to find dot.exe even though Graphviz was appropriately
installed.
This patch is a hack to try and locate dot.exe in the more common locations.
We currently have a hardcoded search through:
C:\Program Files\Graphviz*
C:\Program Files (x86)\Graphviz*
This is clearly fragile. Obviously, nobody should be solving Graphviz' problem
in such an ugly way. Change drives or languages and it stops working.
Until Graphviz provides at least an alternative environment variable (GVPATH?)
this hack will help the bulk of our users to get things up and running smoothly.
Shlex is only intended to work for Unix-like shells, and using it on
Windows causes problems. We now resort to simply always using the shell
on Unix-like platforms (as our command input is always a string, and not
an array). On Windows, the string input is always okay, even when not
using the shell.
This is a follow-up to a bug report by M. Kammerer on failing Windows
installs.
Previously, pressing 'cancel' in the verification window would leave a dangling scyther backend process.
Now the process gets correctly killed.
The following changes enable this:
- External processes are no longer invoked through the shell (otherwise they are subprocesses of the shell and cannot be reliably killed cross-platform).
- The 'safeCommand' procedure now has a hook for passing opened Popen objects.
- The GUI stores and kills the Popen objects on cancel or window close.
To do: an alternative interface for this in 'safeCommand' could expose a 'killMe' method through a callback; this might be cleaner in the long term.
For now, some parameters are hardcoded.
In the long term this functionality should be incorporated into the Scyther library directly, as
a method of Claim objects.
Changes:
1. Reverted restricted use of 'hashfunction': 'function' can now be used as an alternative (but they are identical).
2. Functions can be specified to be secret, as we had before.
Together with the newer 'inversekeyfunctions' declaration, this allows for the clean definition of alternative key infrastructures.
Example usage:
secret function sk2;
function pk2;
inversekeyfunctions (sk2,pk2);
Conflicts:
src/compiler.c
Previously, weak agreement and aliveness claims would enforce a requirement for all agents in the range
of the rho of the claim run.
For some three-party protocols this was stronger than needed. We now allow an
optional role name parameter for these claims; if such a parameter is used, the claim
is only evaluated for the agents performing that role.
En passant fixed a potential bug: aliveness and weak agreement require a run for each
agent, but previously we didn't check if these were helper protocols. Clearly they
should not be.
Before, we were using both __file__ as well as sys.argv[0] to determine the base directory
for Scyther, and we were not taking symlinks into account.
By using the inspect module, we can consistently pick the current frame and derive
the file from that, then use realpath to strip symlinks.
The fix requires a significant reworking of the function handling. This
is a first attempt.
Conflicts:
src/knowledge.c
src/knowledge.h
Regression test suggests that the Hashfunction fix works.
There is now a script
src/regression-tests/regression-test.py
that should in the future be the default for running regression tests
instead of the ad-hoc approach we are currently using. The goal is to
ultimately have more reliable and consistent regression testing.
The script takes as input "tests.txt" and tries to perform tests from
that. This is effectively a collection of inputs to the scyther-linux
binary. The results are writting to the 'results' directory, as
test-X.out and test-X.err, where those correspond to stdout and stderr,
respectively. Additionally, a measurement of wall-clock time in seconds
is written to test-X.time.
For now, we are using the timer to ensure all tests terminate. It would
be nicer to use a less environment-dependent way of enforcing
termination.
The use of 'strndup' in scanner.l caused problems for non-gnu modes of gcc, which
was being invoked for the mingw32 compilation. Replaced now by the more portable
strncpy + malloc version.
