[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Larry Bisel (lbisel) lbisel at cisco.com
Fri Feb 28 23:07:20 EST 2014

[All previous rantings deleted]

Please forgive me, but I have to respond about what I see as the most obvious "elephant(s) in the room" about the original refactoring.

1)  The original poster took code that compiled, and replaced it with code that (as far as I can tell) would not even compile.  In C, "||" is a logical operation, and "|" is a bit-wise operation.  From my 25+ years of writing C code, I have never encountered an "||=" operator, and none of my references mention such an operator.  So, that leads me to my favorite rant about refactoring:  DON'T REFACTOR CODE JUST TO REPLACE ONE SET OF PROBLEMS WITH ANOTHER SET OF PROBLEMS!

2) Furthermore, (as others have pointed out) the refactoring would change the timing of the run-time execution of the code.  However, the refactored code would arguably be better (if it would compile) in that it might reduce timing attacks on the code in question.

3) Also, refactoring relatively large blocks of code is problematic in that it causes problems for reviewers further down the line.  An added or removed "goto" is obvious in any code diff.  But, it is much more difficult to detect a significant change in a large block of code when the significant change is obscured by large amounts of unrelated "cruft."

To summarize, refactoring code is a very complex issue, and it should not be taken lightly!



More information about the cryptography mailing list