The Apple SSL fail - goto not recommended ⇒

Back in the dark ages of the 1970s when I was a freshman learning Fortran on computers that used punch cards, the professors were telling us how toxic the simple ‘goto’ instruction was to good programming hygiene. The Apple SSL fail may be exhibit Number One…

A stuttered cut and paste keyboard miss, or nefarious NSA tampering? You decide:

Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cat’s out of the bag already and we’re into the misinformation-quashing stage now.

So here’s the Apple bug:

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, 
bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
    OSStatus        err;

    if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
        goto fail;
    if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
        goto fail;
        goto fail;
    if ((err =, &hashOut)) != 0)
        goto fail;

    return err;