back to article Amazon just wrote a TLS crypto library in only 6,000 lines of C code

Amazon Web Services has released a new, open source library that implements TLS encryption – the standard behind the secure HTTPS web protocol – using far less code than the prevailing OpenSSL library. Dubbed s2n for "signal to noise," the new library comprises just over 6,000 lines of C code. By comparison, OpenSSL consists …

  1. elDog

    I applaud this and hope it is clean. However we could have written this in Perl in 1 line.

    Goes without saying it's a fairly long line with some mind-numbing escape sequences.

    But that should set the CIA/NSA back by a couple of years since all they hire are gaming wizards.

    1. elDog

      Re: I applaud this and hope it is clean. However we could have written this in Perl in 1 line.

      Damn - they're giving me 10 minutes to improve this comment. Sweaty palms and quick swigs of beer. I can't imagine anything worse than what I wrote - and that was the purpose...

      1. Nick Ryan Silver badge

        Re: I applaud this and hope it is clean. However we could have written this in Perl in 1 line.

        Maybe you need more imagination? :) The lunatics at The International Obfuscated C Code Contest make this an artform. And a competion.

        1. Hi Wreck

          Re: I applaud this and hope it is clean. However we could have written this in Perl in 1 line.

          You beat me to it. However, you failed to mention that those brainiacs submitting to the OOC could write this all in one statement of C code.

          1. Andy 73 Silver badge

            Re: I applaud this and hope it is clean. However we could have written this in Perl in 1 line.

            One line of C code. That's formatted to look like a dog p***ing on a Christmas Tree and with every other word rhyming.

          2. Michael Wojcik Silver badge

            Re: I applaud this and hope it is clean. However we could have written this in Perl in 1 line.

            write this all in one statement of C code

            One line, yes; you'd just have to eschew the preprocessor, and be aware that implementations may reject lines longer than 4095 characters (or any implementation-specified limit larger than 4095).

            One statement? Certainly not. Look at the definition of a statement in whatever version of ISO 9899 you prefer. In particular, it would be impossible to construct the necessary mix of declaration, assignment, and iteration required to implement TLS in a single statement. In order to declare any variables, the statement in question would have to be a (single) declaration, which would make it impossible to both define and invoke a function.

            C isn't Turing-complete without at least one block of multiple statements.

    2. Anonymous Coward
      Anonymous Coward

      Re: I applaud this and hope it is clean. However we could have written this in Perl in 1 line.

      Rainbow magazine's 'One Liner' contest. Circa early to mid 1980s.

      An adventure game engine, one line of BASIC. Lots of DATA statements, one per 'dark room'.

      A video game, one line of BASIC. Not a very good game.

  2. Christian Berger

    I hope this sets a trend

    We sure could use a lot of simpler alternatives to many far to complex pieces of software.

  3. Antonymous Coward
    Thumb Up

    How it should be done

    Of course, if the protocol itself wasn't a congenitally dysfunctional clusterfuck by design it could have been implemented in more like 600 lines of C... which could have stood a sporting chance of actually being secure... but it's still nice to see a decent stab being made at moving in the right direction... for once. --->

    1. Tomato42
      Boffin

      Re: How it should be done

      you think TLS is bad?

      take a look at X.509

      you'll need a tanker's worth of mind bleach for that

      1. Michael Wojcik Silver badge

        Re: How it should be done

        you think TLS is bad?

        take a look at X.509

        Indeed, X.509 is a special horror (starting with the crapgasm that is ASN.1 and the DER). But since TLS is nearly always used with X.509, in effect it inherits X.509's insanity to complement its own.

  4. foxyshadis

    It helps when you don't have to interoperate with broken versions

    A huge chunk of OpenSSL is just workarounds for others' buggy implementations, plus a lot of backward compatibility and ciphers & hashes that aren't used in TLS but people like to use anyway.

    A dedicated TLS library is probably a better idea than the OpenSSL monstrosity for most uses.

    1. Michael Wojcik Silver badge

      Re: It helps when you don't have to interoperate with broken versions

      A huge chunk of OpenSSL is just workarounds for others' buggy implementations

      A much huger chunk is the crypto lib (libcrypto or libeay, depending on platform), which this Amazon project doesn't include, according to the article. On the order of a couple hundred thousand SLOC.

      Hey, Amazon's apples are much smaller than OpenSSL's oranges. Woo fucking hoo.

  5. This post has been deleted by its author

  6. asdf

    OpenSSL shouldn't be this deep in our infrastructure

    Yeah as the OpenBSD/LibreSSL guys said about OpenSSL "The code is seriously too horrible, it is your parents talking about where you got made kind of horrible," Lots of legacy C codebases have some legendary ugly macro magic but I guess OpenSSL may be the king. It's also not just the code bloat itself but how they serious fucked up the API exposing all kinds of window licking kind of stupid things. OpenSSL should serve as a warning as what not to do going forward with TLS.

    1. Preston Munchensonton
      Pint

      Re: OpenSSL shouldn't be this deep in our infrastructure

      it is your parents talking about where you got made kind of horrible

      Talking about where is one level of horrible. Providing the director's commentary to their homemade tape of it is entirely something different. And with that thought, I hope to kill those brain cells shortly with copious amounts of bitter.

  7. Tomato42
    Facepalm

    OpenSSL

    oh, right 6k LOC of code

    hardly an achievement given that it implements just the absolute bare minimum (client certificates? ha!)

    also guess what is used for actual cryptography (hint: it starts with O and ends with SSL)

    1. Anonymous Coward
      Mushroom

      Re: OpenSSL

      There should have been a division between crypto and protocols from the beginning. Separation of concerns is just one example of Unix small is beautiful. Hell, just having crypto separate makes it far easier to not only test and audit, it's far easier to address side channel attacks. [As well as intelligent deprecation of crypto algorithms. Which could really help lately] Instead we have a fused mass of spaghetti-code in C. Arghhh!

      1. asdf

        Re: OpenSSL

        >There should have been a division between crypto and protocols from the beginning.

        Its far worse than that. OpenSSL reimplemented all kinds of calls that are normally handled by the OS and did so very poorly and insecure. I know when I am doing high level design that I am always thinking of ugly VMS workarounds deciding my basic design. Oh wait not so much.

        1. This post has been deleted by its author

      2. This post has been deleted by its author

        1. Joe Bryant

          Re: OpenSSL

          These days, compilers can write assembler better than humans can.

          1. Tomato42
            Boffin

            Re: OpenSSL

            "These days, compilers can write assembler better than humans can."

            Not if said assembler is supposed to be:

            * fast

            * portable

            * strict constant time

            * resistant to radio emissions and power use analysis

      3. Eugene Crosser

        Re: OpenSSL

        > There should have been a division between crypto and protocols from the beginning.

        And there was, in case anyone did not notice. SSLeay/OpenSSL came as two libraries, libcrypto and libssl from the very start. And in case anyone did not notice, s2n replaces the latter, but uses the former.

        OpenSSL code is not as bad as it is often presented nowadays. Although it does suffer from the luggage of old coding practices, and lack of attention from infosec experts (for a long time, the latter problem is rectified now). Lack of strong leadership contributed to the problems, too, I think, since the original authors where kidnapped[*] by the NSA.

        [*] Figuratively speaking. Don't go looking in the Snowden files. It happened in 1998 when Eric Young and Tim Hudson where hired by RSA and where not allowed to touch SSLeay code since then. That's the official story, anyway. There was only one post signed by Eric Young since then, and nothing from Tim Hudson.

        1. regadpellagru
          Joke

          Re: OpenSSL

          "OpenSSL code is not as bad as it is often presented nowadays."

          If you really think this, chances are your C code is ready for IOCC.

      4. Michael Wojcik Silver badge

        Re: OpenSSL

        There should have been a division between crypto and protocols from the beginning

        And in OpenSSL there is, as anyone with even the vaguest knowledge of the project would know.

  8. Anonymous Coward
    Childcatcher

    s2n != OpenSSL

    s2n is a library that implements <stuff>. OpenSSL is an entire suite of apps and libraries that implements <lots of stuff>. They are not directly comparable.

    For example I doubt that you will find a binary in s2n for generating an entire PKI thingie. How do you use it to create a CA, inter-CA and then various certs? No, it doesn't.

    OpenSSL is not perfect but it has the benefit of having gone and is going through the mill and like all other systems, sub systems and apps has been found wanting and has patched flaws when found.

    Apples != Physalis - shock.

    (Sorry, forgot to include a suitable icon)

    1. asdf

      Re: s2n != OpenSSL

      >OpenSSL is not perfect

      http://www.openbsd.org/papers/bsdcan14-libressl/mgp00001.html

      Go through those slides and you will realize just what a massive understatement that is. For even more laughs check out http://opensslrampage.org/page/49

      Seriously its worth moving to BSD just for getting rid of OpenSSL (and systemd but I digress). LibreSSL is already only having a fraction of the number of serious CVEs that OpenSSL does.

      1. regadpellagru

        Re: s2n != OpenSSL

        "http://www.openbsd.org/papers/bsdcan14-libressl/mgp00001.html

        ...

        http://opensslrampage.org/page/49"

        Ah ah good laugh, indeed. Have an upvote. Everyone should read the links.

      2. Dazed and Confused
        Joke

        Re: s2n != OpenSSL

        > Seriously its worth moving to BSD just for getting rid of OpenSSL (and systemd but I digress).

        Just you wait, all the SSL functionality will soon be subsumed into systemd. Remember all of Unix's small is beautiful has be replaced only systemd will be allowed.

      3. foxyshadis

        Re: s2n != OpenSSL

        Dude, the LibreSSL presentation was a little over a year ago. OpenSSL has actually been pretty deeply plumbed since; what was true then isn't all true now. It was a goddam joke at the time, but lots of people who actually know what they're doing have contributed since then.

        1. asdf

          Re: s2n != OpenSSL

          A hairball that big doesn't get fixed in a year (even with LibreSSL). It probably is getting better as it couldn't get much worse but a lot of the proof is in the pudding with the CVEs. Lets see how those compare between the two the next few years.

    2. Bronek Kozicki

      Re: s2n != OpenSSL

      ... is not perfect but it has the benefit of having gone and is going through the mill ...

      How I hate excuses like this. The fact that something has been used a lot should not be confused with quality. If anything, repeated findings of really embarrassing bugs should set all the red flags - as something that habitually has been and still is kept to a very low standard.

  9. Destroy All Monsters Silver badge
    Big Brother

    Soon forbidden in the UK

    Mr. Nincompoop reappears: David Cameron is going to try and ban encryption in Britain

    1. This post has been deleted by its author

      1. MrXavia

        @1980s_coder

        I agree 100%, I often feel terrorized by Theresa May and Dave.

        They constantly try to undermine human rights, freedom and all the good things my grandfather fought for in the 2nd World War...

        I'm with you on moving, I love my country, I love living in Britain, I don't want to move, but I will if they pass these idiotic laws.. (well I guess it depends on the laws they pass)

        I hope the British public is sensible enough to stay in the EU when we're given a referendum.

        I bet many UKIP voters actually want to stay in the EU,

  10. Fred Flintstone Gold badge

    I love it.

    How to genuinely apply transparency and the "many eyeballs" Open Source idea as well as Kerckhoff's principle to critical code.

    Applaus.

    1. Angry clown

      @Fred Flintstone - Re: I love it.

      The two principles you mentioned mean that anyone can inspect and apply corrections any time he pleases not that he is ever being forced into doing it.

  11. Wolfclaw

    Not Very Efficient

    I just did this an ZX-80 on a single screen in BASIC and it looks pretty.

    1. This post has been deleted by its author

  12. Anonymous Coward
    Happy

    At 1/10 the size of OpenSSL, it should be easier to spot bugs

    Equally importantly there should be far fewer bugs in the first place. Industry average is about 15-50 errors per 1000 lines of delivered code.

    1. Christian Berger

      Re: At 1/10 the size of OpenSSL, it should be easier to spot bugs

      Yes, though in my experience, people who can write small and readable code are usually experienced and therefore tend to write code with fewer errors.

  13. MissingSecurity
    Meh

    Meh...

    I think is good, but ....

    I'm not really impressed when you say, look at how many lines of code we didn't write, and add the caveat, but we didn't added all the requirements.

    It's a slimmed down version of libssl, so not really a true full featured TLS library, but a "good enough for most cases" TLS library.

    It will probably be good enough for the work I do though.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like