[Cryptography] GnuTLS -- time to look at the diff.
pgut001 at cs.auckland.ac.nz
Thu Mar 6 05:30:41 EST 2014
=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?= <l at odewijk.nl> writes:
>What's up with using GOTO in very secure applications? [...] I'd just like
>some thoughts from people who worked with this sort of software. An answer to
>the question "Isn't there some big way to do things such that it will be
>easier to know if it's fully correct now". (this is not about functional vs
>imperative programming, just about validatable style)
The fact that both of the publicised problems that have just been noticed is
because of a 'goto fail' doesn't necessarily point to a goto crisis, since
it's an arbitrary coding choice I doubt there's any more, or less, goto-ing in
secure apps than in anything else (see the example Viktor Dukhovni's post from
a few days ago showing the range, from thousands of gotos used in OpenSSL to
zero in Postfix). I've just grepped my cert-checking code, all 1.5MB of it
, and there's a single location that uses gotos, to break out of the middle
of a really complex state machine that handles the parsing of
nested/overridden ASN.1 tags .
OTOH the goto mess in the Apple/GnuTLS code is really a sign of a much larger
problem in the way that the coding is being done. If you look through the
posted GnuTLS code for example it seems pretty undisciplined, hardcoded
explicit values, confusion over return values, and all sorts of other things.
Using an example I'm pretty familiar with, in my code for reporting status
values I have a global set of fixed, well-defined status values, a universal
macro cryptStatusError() that checks whether a function failed, and I use
compiler-enforced checking (and three different static analyzers) to make sure
that a function status check isn't skipped.
So it's not a simple "goto = bad", it's excessive use of gotos being one (of
many) signs of what appear to be bad/unsafe coding practices.
 That's more than the code needed to implement SSL/TLS, SSH, PGP, and PKCS
 If anyone thinks they can refactor this in a cleaner way with no gotos,
I'll send them the code. I'm sceptical...
More information about the cryptography