Reduce some allocations in SslStream handshake. (#103814)

rzikm · web-flow · commit 03f58cb2790e · 2024-06-24T17:36:03.000+02:00
* Reduce some allocations in SslStream handshake.

* Remove now unnecessary change
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslAuthenticationOptions.cs
@@ -149,7 +149,7 @@ internal void UpdateOptions(SslServerAuthenticationOptions sslServerAuthenticati
 
         private static SslProtocols FilterOutIncompatibleSslProtocols(SslProtocols protocols)
         {
-            if (protocols.HasFlag(SslProtocols.Tls12) || protocols.HasFlag(SslProtocols.Tls13))
+            if ((protocols & (SslProtocols.Tls12 | SslProtocols.Tls13)) != SslProtocols.None)
             {
 #pragma warning disable 0618
                 // SSL2 is mutually exclusive with >= TLS1.2
diff --git a/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamCertificateContext.Linux.cs b/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamCertificateContext.Linux.cs
@@ -11,6 +11,7 @@
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Net;
+using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Win32.SafeHandles;
 
@@ -23,7 +24,22 @@ public partial class SslStreamCertificateContext
         internal static TimeSpan RefreshAfterFailureBackOffInterval => TimeSpan.FromSeconds(5);
 
         private const bool TrimRootCertificate = true;
-        internal readonly ConcurrentDictionary<SslProtocols, SafeSslContextHandle> SslContexts;
+        internal ConcurrentDictionary<SslProtocols, SafeSslContextHandle> SslContexts
+        {
+            get
+            {
+                ConcurrentDictionary<SslProtocols, SafeSslContextHandle>? sslContexts = _sslContexts;
+                if (sslContexts is null)
+                {
+                    Interlocked.CompareExchange(ref _sslContexts, new(), null);
+                    sslContexts = _sslContexts;
+                }
+
+                return sslContexts;
+            }
+        }
+
+        private ConcurrentDictionary<SslProtocols, SafeSslContextHandle>? _sslContexts;
         internal readonly SafeX509Handle CertificateHandle;
         internal readonly SafeEvpPKeyHandle KeyHandle;
 
@@ -57,7 +73,6 @@ private SslStreamCertificateContext(X509Certificate2 target, ReadOnlyCollection<
 
             TargetCertificate = target;
             Trust = trust;
-            SslContexts = new ConcurrentDictionary<SslProtocols, SafeSslContextHandle>();
 
             using (RSAOpenSsl? rsa = (RSAOpenSsl?)target.GetRSAPrivateKey())
             {

Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ internal void UpdateOptions(SslServerAuthenticationOptions sslServerAuthenticati`
`149`	`149`
`150`	`150`	`private static SslProtocols FilterOutIncompatibleSslProtocols(SslProtocols protocols)`
`151`	`151`	`{`
`152`		`- if (protocols.HasFlag(SslProtocols.Tls12) \|\| protocols.HasFlag(SslProtocols.Tls13))`
	`152`	`+ if ((protocols & (SslProtocols.Tls12 \| SslProtocols.Tls13)) != SslProtocols.None)`
`153`	`153`	`{`
`154`	`154`	`#pragma warning disable 0618`
`155`	`155`	`// SSL2 is mutually exclusive with >= TLS1.2`