upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-06-14 11:21:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
haproxy/include
History
Frederic Lecaille 4e0af590e8 MEDIUM: quic: optimize HKDF operations by reusing per-thread contexts 
Allocating and freeing an OpenSSL EVP_PKEY_CTX context via
EVP_PKEY_CTX_new_id() and EVP_PKEY_CTX_free() on every HKDF cryptographic
operation (such as during stateless reset token generation) induces
unnecessary memory allocation overhead.

Optimize this by introducing a global per-thread context array
'quic_tls_hkdf_ctxs'. These contexts are allocated and initialized once
at startup via a POST_CHECK hook (quic_tls_alloc_hkdf_ctxs) and are
properly freed at exit via a POST_DEINIT hook (quic_tls_dealloc_hkdf_ctxs).

The functions quic_hkdf_extract(), quic_hkdf_expand(), and
quic_hkdf_extract_and_expand() now reuse the pre-allocated context
corresponding to the current thread ID ('tid'), removing dynamic
allocations from these frequent execution paths.

As a cleanup, quic_hkdf_expand() is now static and unexported from the
header file.

Should be easily backported to all versions for optimization purposes.
2026-05-28 17:47:31 +02:00
..
haproxy MEDIUM: quic: optimize HKDF operations by reusing per-thread contexts 2026-05-28 17:47:31 +02:00
import MINOR: mjson: reintroduce mjson_next() 2026-04-14 10:57:21 +02:00
make BUILD: makefile: add a qinfo macro to pass info in quiet mode 2025-01-08 11:26:05 +01:00