summaryrefslogtreecommitdiff
path: root/src/or
diff options
context:
space:
mode:
Diffstat (limited to 'src/or')
-rw-r--r--src/or/onion.c15
-rw-r--r--src/or/onion_ntor.c5
-rw-r--r--src/or/onion_tap.c12
3 files changed, 32 insertions, 0 deletions
diff --git a/src/or/onion.c b/src/or/onion.c
index 7c7f97fc42..5495074a83 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -130,9 +130,12 @@ onion_pending_add(or_circuit_t *circ, create_cell_t *onionskin)
time_t now = time(NULL);
if (onionskin->handshake_type > MAX_ONION_HANDSHAKE_TYPE) {
+ /* LCOV_EXCL_START
+ * We should have rejected this far before this point */
log_warn(LD_BUG, "Handshake %d out of range! Dropping.",
onionskin->handshake_type);
return -1;
+ /* LCOV_EXCL_STOP */
}
tmp = tor_malloc_zero(sizeof(onion_queue_t));
@@ -305,10 +308,13 @@ static void
onion_queue_entry_remove(onion_queue_t *victim)
{
if (victim->handshake_type > MAX_ONION_HANDSHAKE_TYPE) {
+ /* LCOV_EXCL_START
+ * We should have rejected this far before this point */
log_warn(LD_BUG, "Handshake %d out of range! Dropping.",
victim->handshake_type);
/* XXX leaks */
return;
+ /* LCOV_EXCL_STOP */
}
TOR_TAILQ_REMOVE(&ol_list[victim->handshake_type], victim, next);
@@ -391,9 +397,12 @@ onion_handshake_state_release(onion_handshake_state_t *state)
state->u.ntor = NULL;
break;
default:
+ /* LCOV_EXCL_START
+ * This state should not even exist. */
log_warn(LD_BUG, "called with unknown handshake state type %d",
(int)state->tag);
tor_fragile_assert();
+ /* LCOV_EXCL_STOP */
}
}
@@ -441,9 +450,12 @@ onion_skin_create(int type,
r = NTOR_ONIONSKIN_LEN;
break;
default:
+ /* LCOV_EXCL_START
+ * We should never try to create an impossible handshake type. */
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
tor_fragile_assert();
r = -1;
+ /* LCOV_EXCL_STOP */
}
if (r > 0)
@@ -512,9 +524,12 @@ onion_skin_server_handshake(int type,
}
break;
default:
+ /* LCOV_EXCL_START
+ * We should have rejected this far before this point */
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
tor_fragile_assert();
return -1;
+ /* LCOV_EXCL_STOP */
}
return r;
diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c
index 33afc27895..d1a268f4cd 100644
--- a/src/or/onion_ntor.c
+++ b/src/or/onion_ntor.c
@@ -85,8 +85,13 @@ onion_skin_ntor_create(const uint8_t *router_id,
memcpy(state->router_id, router_id, DIGEST_LEN);
memcpy(&state->pubkey_B, router_key, sizeof(curve25519_public_key_t));
if (curve25519_secret_key_generate(&state->seckey_x, 0) < 0) {
+ /* LCOV_EXCL_START
+ * Secret key generation should be unable to fail when the key isn't
+ * marked as "extra-strong" */
+ tor_assert_nonfatal_unreached();
tor_free(state);
return -1;
+ /* LCOV_EXCL_STOP */
}
curve25519_public_key_generate(&state->pubkey_X, &state->seckey_x);
diff --git a/src/or/onion_tap.c b/src/or/onion_tap.c
index bfd472351f..abe779351f 100644
--- a/src/or/onion_tap.c
+++ b/src/or/onion_tap.c
@@ -74,9 +74,13 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
return 0;
err:
+ /* LCOV_EXCL_START
+ * We only get here if RSA encryption fails or DH keygen fails. Those
+ * shouldn't be possible. */
memwipe(challenge, 0, sizeof(challenge));
if (dh) crypto_dh_free(dh);
return -1;
+ /* LCOV_EXCL_STOP */
}
/** Given an encrypted DH public key as generated by onion_skin_create,
@@ -130,12 +134,20 @@ onion_skin_TAP_server_handshake(
dh = crypto_dh_new(DH_TYPE_CIRCUIT);
if (!dh) {
+ /* LCOV_EXCL_START
+ * Failure to allocate a DH key should be impossible.
+ */
log_warn(LD_BUG, "Couldn't allocate DH key");
goto err;
+ /* LCOV_EXCL_STOP */
}
if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) {
+ /* LCOV_EXCL_START
+ * This can only fail if the length of the key we just allocated is too
+ * big. That should be impossible. */
log_info(LD_GENERAL, "crypto_dh_get_public failed.");
goto err;
+ /* LCOV_EXCP_STOP */
}
key_material_len = DIGEST_LEN+key_out_len;