From 65a6fa3e2669cb02af5399d0f60b5bed3e62a9be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Thu, 9 Jul 2020 09:52:17 +0200
Subject: [PATCH] Make cf_hmac() STATIC_TESTABLE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The test function now depends on MBEDTLS_TEST_HOOKS, which is enabled by
config.py full, and since there are already components in all.sh exercising
the full config, this test function is sill exercised even with this new
dependency.

Since this is the first time a test function depends on MBEDTLS_TEST_HOOKS,
fix a bug in check-names.sh that wasn't apparent so far: headers from
library/*.h were not considered when looking for macro definitions. This
became apparent because MBEDTLS_STATIC_TESTABLE is defined in library/common.h
and started being used in library/ssl_msg.c, so was flagged as a likely typo.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/ssl_invasive.h               | 5 +++--
 library/ssl_msg.c                    | 2 +-
 tests/scripts/check-names.sh         | 1 +
 tests/scripts/list-macros.sh         | 1 +
 tests/suites/test_suite_ssl.function | 2 +-
 5 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/library/ssl_invasive.h b/library/ssl_invasive.h
index 9697a91b24..f40f0d4f5e 100644
--- a/library/ssl_invasive.h
+++ b/library/ssl_invasive.h
@@ -31,7 +31,8 @@
 #include "common.h"
 #include "mbedtls/md.h"
 
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
+#if defined(MBEDTLS_TEST_HOOKS) &&              \
+    defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
     ( defined(MBEDTLS_SSL_PROTO_TLS1) ||        \
       defined(MBEDTLS_SSL_PROTO_TLS1_1) |       \
       defined(MBEDTLS_SSL_PROTO_TLS1_2) )
@@ -73,6 +74,6 @@ int mbedtls_ssl_cf_hmac(
         const unsigned char *data, size_t data_len_secret,
         size_t min_data_len, size_t max_data_len,
         unsigned char *output );
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC && TLS 1.0-1.2 */
+#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_SSL_SOME_SUITES_USE_CBC && TLS 1.0-1.2 */
 
 #endif /* MBEDTLS_SSL_INVASIVE_H */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 3c1a01e42b..d77b65843b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1073,7 +1073,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
 /*
  * Compute HMAC of variable-length data with constant flow.
  */
-int mbedtls_ssl_cf_hmac(
+MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
         mbedtls_md_context_t *ctx,
         const unsigned char *add_data, size_t add_data_len,
         const unsigned char *data, size_t data_len_secret,
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index e2019ccadb..1a8253c80d 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -98,6 +98,7 @@ done
 printf "Likely typos: "
 sort -u actual-macros enum-consts > _caps
 HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' )
+HEADERS="$HEADERS library/*.h"
 HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
 LIBRARY="$( ls library/*.c )"
 LIBRARY="$LIBRARY 3rdparty/everest/library/everest.c 3rdparty/everest/library/x25519.c"
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index 786aef925b..cf6afc5a06 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -25,6 +25,7 @@ if [ -d include/mbedtls ]; then :; else
 fi
 
 HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' )
+HEADERS="$HEADERS library/*.h"
 HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
 
 sed -n -e 's/.*#define \([a-zA-Z0-9_]*\).*/\1/p' $HEADERS \
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 711d2d1f0e..a0e72dd387 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -4053,7 +4053,7 @@ void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_TEST_HOOKS */
 void ssl_cf_hmac( int hash )
 {
     /*