New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
avoid allocations for TLS handshake #87874
Conversation
Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones Issue DetailsThere are several places where we use Span.ToArray() to get data returned by native layer to something we can write to underlying stream. One day, we may write Since the PAL already deals with renting, I also updated Encrypt method to simplify it. It is already renting buffer but it will guess upfront and than we would pass it in via We already return contributes to #68951
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks promising so far, I am looking forward for measurements.
src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs
Outdated
Show resolved
Hide resolved
src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Security/src/System/Net/Security/SslStream.IO.cs
Outdated
Show resolved
Hide resolved
This change makes me so happy? This will nuke the remaining byte[] allocations yes? |
Please take a look @stephentoub if you have chance. Not critical for 8.0 IMHO. I wish we have some longevity tests or way to verify that we do not leak the rented buffers. From top, this is only called in to places (Renegotiate & ForceHandshake) and fallback should be covered by the |
@stephentoub will you get a chance to take look? (not 8.0 critical) |
src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs
Outdated
Show resolved
Hide resolved
this is ready for another round @rzikm @stephentoub. The change got bigger but hopefully easier to maintain and understand. Most of the operations are now part of the ProtocolToken. It is now passed as |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should ensure we've got good stress test coverage of this. Thanks!
There are several places where we use Span.ToArray() to get data returned by native layer to something we can write to underlying stream. One day, we may write
Memory<byte>
wrapper but for now I replaced them with renting buffer from buffer pool andSpan.CopyTo
.Since the PAL already deals with renting, I also updated Encrypt method to simplify it. It is already renting buffer but it will guess upfront and than we would pass it in via
ref
and then get actually length via extra variable. I changed that to simpleout
where all PAL flavors would rent just what is needed and and we would always return it up in genericSslStream
code.We already return
SecurityStatusPal
in most cases so we would now returnProtoclToken
(that also includes SecurityStatusPal). The is needed as we cannot longer depend on size of the array as renting may give us more than asked for.The structure is little bit bigger but I don't think it would would be significant. We could pass is via
out
/ref
parameter if this is concern.contributes to #68951