Use TryComputeHash to reduce allocations.

Author: bgrainger

src/MySqlConnector/Core/ServerSession.cs

@@ -520,7 +520,7 @@ public async Task<bool> TryResetConnectionAsync(ConnectionSettings cs, IOBehavio
 						Log.Debug("Session{0} sending change user request due to changed Database={1}", m_logArguments);
 						DatabaseOverride = null;
 					}
-					var hashedPassword = AuthenticationUtility.CreateAuthenticationResponse(AuthPluginData!, 0, cs.Password);
+					var hashedPassword = AuthenticationUtility.CreateAuthenticationResponse(AuthPluginData!, cs.Password);
 					using (var changeUserPayload = ChangeUserPayload.Create(cs.UserID, hashedPassword, cs.Database, m_characterSet, m_supportsConnectionAttributes ? cs.ConnectionAttributes : null))
 						await SendAsync(changeUserPayload, ioBehavior, cancellationToken).ConfigureAwait(false);
 					payload = await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
@@ -561,7 +561,7 @@ private async Task<PayloadData> SwitchAuthenticationAsync(ConnectionSettings cs,
 			{
 			case "mysql_native_password":
 				AuthPluginData = switchRequest.Data;
-				var hashedPassword = AuthenticationUtility.CreateAuthenticationResponse(AuthPluginData, 0, cs.Password);
+				var hashedPassword = AuthenticationUtility.CreateAuthenticationResponse(AuthPluginData, cs.Password);
 				payload = new PayloadData(hashedPassword);
 				await SendReplyAsync(payload, ioBehavior, cancellationToken).ConfigureAwait(false);
 				return await ReceiveReplyAsync(ioBehavior, cancellationToken).ConfigureAwait(false);

src/MySqlConnector/Protocol/Payloads/ChangeUserPayload.cs

@@ -1,10 +1,11 @@
+using System;
 using MySqlConnector.Protocol.Serialization;
 
 namespace MySqlConnector.Protocol.Payloads
 {
 	internal static class ChangeUserPayload
 	{
-		public static PayloadData Create(string user, byte[] authResponse, string? schemaName, CharacterSet characterSet, byte[]? connectionAttributes)
+		public static PayloadData Create(string user, ReadOnlySpan<byte> authResponse, string? schemaName, CharacterSet characterSet, byte[]? connectionAttributes)
 		{
 			var writer = new ByteBufferWriter();
 

src/MySqlConnector/Protocol/Payloads/HandshakeResponse41Payload.cs

@@ -52,7 +52,7 @@ public static PayloadData Create(InitialHandshakePayload handshake, ConnectionSe
 			// TODO: verify server capabilities
 			var writer = CreateCapabilitiesPayload(handshake.ProtocolCapabilities, cs, useCompression, characterSet);
 			writer.WriteNullTerminatedString(cs.UserID);
-			var authenticationResponse = AuthenticationUtility.CreateAuthenticationResponse(handshake.AuthPluginData, 0, cs.Password);
+			var authenticationResponse = AuthenticationUtility.CreateAuthenticationResponse(handshake.AuthPluginData, cs.Password);
 			writer.Write((byte) authenticationResponse.Length);
 			writer.Write(authenticationResponse);
 

src/MySqlConnector/Protocol/Serialization/AuthenticationUtility.cs

@@ -7,34 +7,33 @@ namespace MySqlConnector.Protocol.Serialization
 {
 	internal static class AuthenticationUtility
 	{
-		public static byte[] CreateAuthenticationResponse(byte[] challenge, int offset, string password) =>
-			string.IsNullOrEmpty(password) ? Utility.EmptyByteArray : HashPassword(challenge, offset, password);
+		public static byte[] CreateAuthenticationResponse(ReadOnlySpan<byte> challenge, string password) =>
+			string.IsNullOrEmpty(password) ? Utility.EmptyByteArray : HashPassword(challenge, password);
 
 		/// <summary>
 		/// Hashes a password with the "Secure Password Authentication" method.
 		/// </summary>
 		/// <param name="challenge">The 20-byte random challenge (from the "auth-plugin-data" in the initial handshake).</param>
-		/// <param name="offset">The offset of the start of the challenge within <paramref name="challenge"/>.</param>
 		/// <param name="password">The password to hash.</param>
 		/// <returns>A 20-byte password hash.</returns>
 		/// <remarks>See <a href="https://dev.mysql.com/doc/internals/en/secure-password-authentication.html">Secure Password Authentication</a>.</remarks>
-		public static byte[] HashPassword(byte[] challenge, int offset, string password)
+		public static byte[] HashPassword(ReadOnlySpan<byte> challenge, string password)
 		{
 			using var sha1 = SHA1.Create();
-			var combined = new byte[40];
-			Buffer.BlockCopy(challenge, offset, combined, 0, 20);
+			Span<byte> combined = stackalloc byte[40];
+			challenge.CopyTo(combined);
 
 			var passwordBytes = Encoding.UTF8.GetBytes(password);
-			var hashedPassword = sha1.ComputeHash(passwordBytes);
+			Span<byte> hashedPassword = stackalloc byte[20];
+			sha1.TryComputeHash(passwordBytes, hashedPassword, out _);
+			sha1.TryComputeHash(hashedPassword, combined.Slice(20), out _);
 
-			var doubleHashedPassword = sha1.ComputeHash(hashedPassword);
-			Buffer.BlockCopy(doubleHashedPassword, 0, combined, 20, 20);
-
-			var xorBytes = sha1.ComputeHash(combined);
+			Span<byte> xorBytes = stackalloc byte[20];
+			sha1.TryComputeHash(combined, xorBytes, out _);
 			for (int i = 0; i < hashedPassword.Length; i++)
 				hashedPassword[i] ^= xorBytes[i];
 
-			return hashedPassword;
+			return hashedPassword.ToArray();
 		}
 
 		public static byte[] CreateScrambleResponse(byte[] nonce, string password)

src/MySqlConnector/Utilities/Utility.cs

@@ -367,6 +367,17 @@ public static Task<T> TaskFromException<T>(Exception exception)
 		public static byte[] EmptyByteArray { get; } = Array.Empty<byte>();
 #endif
 
+#if NET45 || NET461 || NET471 || NETSTANDARD1_3 || NETSTANDARD2_0
+		public static bool TryComputeHash(this HashAlgorithm hashAlgorithm, ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten)
+		{
+			// assume caller supplies a large-enough buffer so we don't have to bounds-check it
+			var output = hashAlgorithm.ComputeHash(source.ToArray());
+			output.AsSpan().CopyTo(destination);
+			bytesWritten = output.Length;
+			return true;
+		}
+#endif
+
 #if !NETSTANDARD2_1 && !NETCOREAPP3_0
 		public static Task CompletedValueTask => CompletedTask;
 #else