[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Patrick Chkoreff patrick at rayservers.net
Sat Mar 1 08:29:04 EST 2014

Christian Huitema wrote, On 03/01/2014 01:13 AM:

> Of course, not using goto does not guarantee no bug. In fact, the second
> iteration of Patrick Chkoreff's "no goto" refactoring still has a bug -- it
> will only output an error message if all tests except the last one succeed,
> instead of "if any test fails." 

I must reiterate:  All I did was refactor Apple's code into a
*functionally equivalent* form.  Any behavior in the original code,
either good or bad, should be faithfully produced in my version.  I was
not trying to fix or change anything in their code, only to make the
worst bug more apparent.

Assuming I did the refactoring correctly, anything you say about my code
is also true of the original code.

When I look at the original code, and mentally delete that egregious
second "goto file", it seems clear to me that it only calls sslErrorLog
if sslRawVerify fails, and that was the intention.  It doesn't look like
they intended to output an error message "if any test fails."  So I
don't see that as a bug in their code.

-- Patrick

More information about the cryptography mailing list