From fb865c9a5cbceff00212fe6f3d8b2aca8673e918 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Fri, 25 Mar 2016 15:36:45 +0100
Subject: [PATCH] More tests / lcov exclusions

---
 .../crypto_pwhash/argon2/argon2-core.c        | 28 ++++++++++++-------
 .../crypto_pwhash/argon2/blake2b-long.c       |  2 +-
 .../crypto_pwhash/argon2/pwhash_argon2i.c     |  6 ++--
 test/default/pwhash.c                         | 23 +++++++++++++++
 4 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/src/libsodium/crypto_pwhash/argon2/argon2-core.c b/src/libsodium/crypto_pwhash/argon2/argon2-core.c
index c9d369f7..11112f69 100644
--- a/src/libsodium/crypto_pwhash/argon2/argon2-core.c
+++ b/src/libsodium/crypto_pwhash/argon2/argon2-core.c
@@ -79,16 +79,16 @@ static int allocate_memory(block_region **region, uint32_t m_cost) {
     size_t memory_size;
 
     if (region == NULL) {
-        return ARGON2_MEMORY_ALLOCATION_ERROR;
+        return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
     }
     memory_size = sizeof(block) * m_cost;
     if (m_cost == 0 ||
         memory_size / m_cost != sizeof(block)) { /*1. Check for multiplication overflow*/
-        return ARGON2_MEMORY_ALLOCATION_ERROR;
+        return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
     }
     *region = (block_region *)malloc(sizeof(block_region));  /*2. Try to allocate region*/
     if (!*region) {
-        return ARGON2_MEMORY_ALLOCATION_ERROR;
+        return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
     }
 
 #if defined(MAP_ANON) && defined(HAVE_MMAP)
@@ -100,7 +100,7 @@ static int allocate_memory(block_region **region, uint32_t m_cost) {
 # endif
                      -1, 0)) == MAP_FAILED) {
         base = NULL; /* LCOV_EXCL_LINE */
-    }
+    } /* LCOV_EXCL_LINE */
     memcpy(&memory, &base, sizeof memory);
 #elif defined(HAVE_POSIX_MEMALIGN)
     if ((errno = posix_memalign((void **) &base, 64, memory_size)) != 0) {
@@ -119,7 +119,7 @@ static int allocate_memory(block_region **region, uint32_t m_cost) {
     }
 #endif
     if (base == NULL) {
-        return ARGON2_MEMORY_ALLOCATION_ERROR;
+        return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
     }
     (*region)->base = base;
     (*region)->memory = memory;
@@ -138,8 +138,10 @@ static void clear_memory(argon2_instance_t *instance, int clear);
 
 static void clear_memory(argon2_instance_t *instance, int clear) {
     if (instance->region != NULL && clear) {
+        /* LCOV_EXCL_START */
         sodium_memzero(instance->region->memory,
                        sizeof(block) * instance->memory_blocks);
+        /* LCOV_EXCL_STOP */
     }
 }
 
@@ -270,7 +272,7 @@ int fill_memory_blocks(argon2_instance_t *instance) {
     uint32_t r, s;
 
     if (instance == NULL || instance->lanes == 0) {
-        return ARGON2_OK;
+        return ARGON2_OK; /* LCOV_EXCL_LINE */
     }
 
     for (r = 0; r < instance->passes; ++r) {
@@ -286,7 +288,7 @@ int fill_memory_blocks(argon2_instance_t *instance) {
                 position.index = 0;
                 result = fill_segment(instance, position);
                 if (ARGON2_OK != result) {
-                    return result;
+                    return result; /* LCOV_EXCL_LINE */
                 }
             }
         }
@@ -295,6 +297,7 @@ int fill_memory_blocks(argon2_instance_t *instance) {
 }
 
 int validate_inputs(const argon2_context *context) {
+ /* LCOV_EXCL_START */
     if (NULL == context) {
         return ARGON2_INCORRECT_PARAMETER;
     }
@@ -411,6 +414,7 @@ int validate_inputs(const argon2_context *context) {
     if (ARGON2_MAX_THREADS < context->threads) {
         return ARGON2_THREADS_TOO_MANY;
     }
+    /* LCOV_EXCL_STOP */
 
     return ARGON2_OK;
 }
@@ -444,7 +448,7 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
     uint8_t value[4U /* sizeof(uint32_t) */];
 
     if (NULL == context || NULL == blockhash) {
-        return;
+        return; /* LCOV_EXCL_LINE */
     }
 
     crypto_generichash_blake2b_init(&BlakeHash, NULL, 0U,
@@ -476,8 +480,8 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
                                           context->pwdlen);
 
         if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) {
-            sodium_memzero(context->pwd, context->pwdlen);
-            context->pwdlen = 0;
+            sodium_memzero(context->pwd, context->pwdlen); /* LCOV_EXCL_LINE */
+            context->pwdlen = 0; /* LCOV_EXCL_LINE */
         }
     }
 
@@ -493,6 +497,7 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
     crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
 
     if (context->secret != NULL) {
+/* LCOV_EXCL_START */
         crypto_generichash_blake2b_update(&BlakeHash, (const uint8_t *)context->secret,
                        context->secretlen);
 
@@ -500,14 +505,17 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
             sodium_memzero(context->secret, context->secretlen);
             context->secretlen = 0;
         }
+/* LCOV_EXCL_STOP */
     }
 
     STORE32_LE(value, context->adlen);
     crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
 
     if (context->ad != NULL) {
+/* LCOV_EXCL_START */
         crypto_generichash_blake2b_update(&BlakeHash, (const uint8_t *)context->ad,
                                           context->adlen);
+/* LCOV_EXCL_STOP */
     }
 
     crypto_generichash_blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH);
diff --git a/src/libsodium/crypto_pwhash/argon2/blake2b-long.c b/src/libsodium/crypto_pwhash/argon2/blake2b-long.c
index b7d5dbed..77f3b2c1 100644
--- a/src/libsodium/crypto_pwhash/argon2/blake2b-long.c
+++ b/src/libsodium/crypto_pwhash/argon2/blake2b-long.c
@@ -16,7 +16,7 @@ int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) {
     int ret = -1;
 
     if (outlen > UINT32_MAX) {
-        goto fail;
+        goto fail; /* LCOV_EXCL_LINE */
     }
 
     /* Ensure little-endian byte order! */
diff --git a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c
index 73bf71d7..b4d21770 100644
--- a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c
+++ b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c
@@ -91,7 +91,7 @@ crypto_pwhash_argon2i(unsigned char * const out,
                          (uint32_t) 1U, passwd, (size_t) passwdlen,
                          salt, (size_t) crypto_pwhash_argon2i_SALTBYTES,
                          out, (size_t) outlen) != ARGON2_OK) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     return 0;
 }
@@ -122,7 +122,7 @@ crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
                              (uint32_t) 1U, passwd, (size_t) passwdlen,
                              salt, sizeof salt, STR_HASHBYTES,
                              out, crypto_pwhash_argon2i_STRBYTES) != ARGON2_OK) {
-        return -1;
+        return -1; /* LCOV_EXCL_LINE */
     }
     return 0;
 }
@@ -136,10 +136,12 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
         errno = EFBIG;
         return -1;
     }
+/* LCOV_EXCL_START */
     if (passwdlen < ARGON2_MIN_PWD_LENGTH) {
         errno = EINVAL;
         return -1;
     }
+/* LCOV_EXCL_STOP */
     if (argon2i_verify(str, passwd, (size_t) passwdlen) != ARGON2_OK) {
         return -1;
     }
diff --git a/test/default/pwhash.c b/test/default/pwhash.c
index 55698858..e244bb72 100644
--- a/test/default/pwhash.c
+++ b/test/default/pwhash.c
@@ -162,6 +162,14 @@ static void tv2(void)
                       salt, 2, 1ULL << 12, NULL) != -1) {
         printf("[tv2] pwhash should have failed (3)\n");
     }
+    if (crypto_pwhash(out, 0x100000000ULL, "password", strlen("password"),
+                      salt, 3, 1ULL << 12, NULL) != -1) {
+        printf("[tv2] pwhash with a long output length should have failed\n");
+    }
+    if (crypto_pwhash(out, sizeof out, "password", 0x100000000ULL,
+                      salt, 3, 1ULL << 12, NULL) != -1) {
+        printf("[tv2] pwhash with a long password length should have failed\n");
+    }
 }
 
 static void tv3(void)
@@ -243,6 +251,21 @@ int main(void)
     str_out[14]--;
     assert(str_out[crypto_pwhash_STRBYTES - 1U] == 0);
 
+    if (crypto_pwhash_str(str_out2, passwd, 0x100000000ULL,
+                          OPSLIMIT, MEMLIMIT) != -1) {
+        printf("pwhash_str() with a large password should have failed\n");
+        return 1;
+    }
+    if (crypto_pwhash_str(str_out2, passwd, strlen(passwd),
+                          1, MEMLIMIT) != -1) {
+        printf("pwhash_str() with a small opslimit should have failed\n");
+        return 1;
+    }
+    if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
+                                 "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
+                                 "password", 0x100000000ULL) != -1) {
+        printf("pwhash_str_verify(invalid(0)) failure\n");
+    }
     if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
                                  "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
                                  "password", strlen("password")) != -1) {