Improve allocations in NegotiateStreamPal #71280
Conversation
ghost
added
area-System.Net.Security
community-contribution
|
Tagging subscribers to this area: @dotnet/ncl, @vcsjones Issue DetailsThis reduces allocations during NTLM/Negotiate authentication by reusing an existing buffer. It saves about 3Kb of allocated memory for a typical NTLM authentication exchange. It also converts a couple of the internals to use Span/Memory. This would be a prerequisite for offering public API for encryption/decryption on
|
|
While refactoring the code I found a couple of bugs that I plan to fix in subsequent PRs:
|
filipnavara
force-pushed
the
memorify-security-buffer
branch
from
52b3db7 to
1a2892e
Compare
src/libraries/System.Net.Security/src/System/Net/Security/ReadWriteAdapter.cs
Outdated
Show resolved
Hide resolved
…ead of explicit offset/count
Remove indirect Encrypt/Decrypt layer from SSPIWrapper, it is unnecessarily cumbersome to use and SslStreamPal already migrated away from it.
filipnavara
force-pushed
the
memorify-security-buffer
branch
from
1a2892e to
3b4aff6
Compare
| out Status minorStatus, | ||
| SafeGssContextHandle? contextHandle, | ||
| byte[] inputBytes, | ||
| byte* inputBytes, |
There was a problem hiding this comment.
Do we need offset any more? It feels like if we pass pointer we can just do count.
There was a problem hiding this comment.
We don't. Unfortunately, dotnet/sqlclient uses the native APIs, so I didn't feel confident in changing it. I am quite sure they don't use this particular API though.
There was a problem hiding this comment.
Wouldn't the pointer change by itself be breaking for them?
There was a problem hiding this comment.
It doesn't change the native code side, the prototype remains unchanged there. They basically copied the managed side of the interop. (We cannot change the signature, add parameters, remove parameters, or change their types. We can change how they are marshalled on the C# side though.)
There was a problem hiding this comment.
I cross-checked with the SqlClient source and this particular native method is not referenced so we can remove the offset parameter. I will do that in a follow-up PR (#71373) since I need to update the native interop there anyway.
Co-authored-by: Stephen Toub <[email protected]>
5 participants
This reduces allocations during NTLM/Negotiate authentication by reusing an existing buffer. It saves about 3Kb of allocated memory for a typical NTLM authentication exchange on Windows.
It also converts a couple of the internals to use Span/Memory. This would be a prerequisite for offering public API for encryption/decryption on
NegotiateAuthenticationclass. As a side effect, it removes a big chunk of cumbersome interop marshaling on Windows.