Move test scripts to tests/scripts
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 17535b0..b29e07a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -71,11 +71,14 @@
# Indicative running times are given for reference.
msg "test: recursion.pl" # < 1s
-scripts/recursion.pl library/*.c
+tests/scripts/recursion.pl library/*.c
msg "test: freshness of generated source files" # < 1s
tests/scripts/check-generated-files.sh
+msg "test: doxygen markup outside doxygen blocks" # < 1s
+tests/scripts/check-doxy-blocks.pl
+
msg "test/build: declared and exported names" # < 3s
cleanup
tests/scripts/check-names.sh
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
new file mode 100755
index 0000000..abd27a8
--- /dev/null
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -0,0 +1,57 @@
+#!/usr/bin/perl
+
+# Detect comment blocks that are likely meant to be doxygen blocks but aren't.
+#
+# More precisely, look for normal comment block containing '\'.
+# Of course one could use doxygen warnings, eg with:
+# sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen -
+# but that would warn about any undocumented item, while our goal is to find
+# items that are documented, but not marked as such by mistake.
+
+use warnings;
+use strict;
+use File::Basename;
+
+# C/header files in the following directories will be checked
+my @directories = qw(include/mbedtls library doxygen/input);
+
+# very naive pattern to find directives:
+# everything with a backslach except '\0' and backslash at EOL
+my $doxy_re = qr/\\(?!0|\n)/;
+
+sub check_file {
+ my ($fname) = @_;
+ open my $fh, '<', $fname or die "Failed to open '$fname': $!\n";
+
+ # first line of the last normal comment block,
+ # or 0 if not in a normal comment block
+ my $block_start = 0;
+ while (my $line = <$fh>) {
+ $block_start = $. if $line =~ m/\/\*(?![*!])/;
+ $block_start = 0 if $line =~ m/\*\//;
+ if ($block_start and $line =~ m/$doxy_re/) {
+ print "$fname:$block_start: directive on line $.\n";
+ $block_start = 0; # report only one directive per block
+ }
+ }
+
+ close $fh;
+}
+
+sub check_dir {
+ my ($dirname) = @_;
+ for my $file (<$dirname/*.[ch]>) {
+ check_file($file);
+ }
+}
+
+# locate root directory based on invocation name
+my $root = dirname($0) . '/..';
+chdir $root or die "Can't chdir to '$root': $!\n";
+
+# just do it
+for my $dir (@directories) {
+ check_dir($dir)
+}
+
+__END__
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
new file mode 100755
index 0000000..3ad42b1
--- /dev/null
+++ b/tests/scripts/recursion.pl
@@ -0,0 +1,44 @@
+#!/usr/bin/perl
+
+# Find functions making recursive calls to themselves.
+# (Multiple recursion where a() calls b() which calls a() not covered.)
+#
+# When the recursion depth might depend on data controlled by the attacker in
+# an unbounded way, those functions should use interation instead.
+#
+# Typical usage: scripts/recursion.pl library/*.c
+
+use warnings;
+use strict;
+
+use utf8;
+use open qw(:std utf8);
+
+# exclude functions that are ok:
+# - mpi_write_hlp: bounded by size of mbedtls_mpi, a compile-time constant
+# - x509_crt_verify_child: bounded by MBEDTLS_X509_MAX_INTERMEDIATE_CA
+my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
+
+my $cur_name;
+my $inside;
+my @funcs;
+
+die "Usage: $0 file.c [...]\n" unless @ARGV;
+
+while (<>)
+{
+ if( /^[^\/#{}\s]/ && ! /\[.*]/ ) {
+ chomp( $cur_name = $_ ) unless $inside;
+ } elsif( /^{/ && $cur_name ) {
+ $inside = 1;
+ $cur_name =~ s/.* ([^ ]*)\(.*/$1/;
+ } elsif( /^}/ && $inside ) {
+ undef $inside;
+ undef $cur_name;
+ } elsif( $inside && /\b\Q$cur_name\E\([^)]/ ) {
+ push @funcs, $cur_name unless /$known_ok/;
+ }
+}
+
+print "$_\n" for @funcs;
+exit @funcs;