1 files changed, 12 insertions, 0 deletions

diff --git a/src/or/onion_tap.c b/src/or/onion_tap.c
index bfd472351f..abe779351f 100644
--- a/src/or/onion_tap.c
+++ b/src/or/onion_tap.c
@@ -74,9 +74,13 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
 
   return 0;
  err:
+  /* LCOV_EXCL_START
+   * We only get here if RSA encryption fails or DH keygen fails. Those
+   * shouldn't be possible. */
   memwipe(challenge, 0, sizeof(challenge));
   if (dh) crypto_dh_free(dh);
   return -1;
+  /* LCOV_EXCL_STOP */
 }
 
 /** Given an encrypted DH public key as generated by onion_skin_create,
@@ -130,12 +134,20 @@ onion_skin_TAP_server_handshake(
 
   dh = crypto_dh_new(DH_TYPE_CIRCUIT);
   if (!dh) {
+    /* LCOV_EXCL_START
+     * Failure to allocate a DH key should be impossible.
+     */
     log_warn(LD_BUG, "Couldn't allocate DH key");
     goto err;
+    /* LCOV_EXCL_STOP */
   }
   if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
+    /* LCOV_EXCL_START
+     * This can only fail if the length of the key we just allocated is too
+     * big. That should be impossible. */
     log_info(LD_GENERAL, "crypto_dh_get_public failed.");
     goto err;
+    /* LCOV_EXCP_STOP */
   }
 
   key_material_len = DIGEST_LEN+key_out_len;