PostgreSQL SCRAM-SHA-256 auth causes event loop blocking

[ThomWright]

I have found these related issues/pull requests

None

Description

The SCRAM-SHA-256 implementation in sqlx-postgres/src/connection/sasl.rs seems to do some high-latency synchronous work in the main event loop.

Specifically, by using cargo flamegraph, I see a lot of time spent in sha2::sha256::compress256, in the context of a core::future::future::Future::poll. I'm sharing a snippet of the flamegraph below.

If I run the non-async SASL code in a unit test – just the bit that generates the final message – it can take ~50ms on my machine (MacBook Pro M1).

Reproduction steps

High level

Set up a PostgreSQL instance with SSL enabled and SCRAM-SHA-256 authentication.

Create a binary which creates new connections in a loop.

Run cargo flamegraph on the binary in release mode to see where time is being spent.

Low level

Extract out the code to create the final message and run it like so. As seen in #4006.

#[cfg(test)]
mod tests {

    use super::*;

    use crate::io::ProtocolDecode;

    #[test]
    fn mac() {
        let start = std::time::Instant::now();
        let (_mac, _client_final_message) = final_message(
            "first_message_bare".to_string(),
            "channel_binding".to_string(),
            AuthenticationSaslContinue::decode_with("r=/z+giZiTxAH7r8sNAeHr7cvpqV3uo7G/bJBIJO3pjVM7t3ng,s=4UV68bIkC8f9/X8xH7aPhg==,i=4096".as_bytes().into(), ()).unwrap(),
            "some-password".to_string(),
        )
        .unwrap();
        let duration = start.elapsed();
        dbg!(duration);
    }
}

This takes ~50ms on my machine (MacBook Pro M1). Admittedly not release mode, but still very slow.

SQLx version

0.8

Enabled SQLx features

runtime-tokio-native-tls, postgres, derive

Database server and version

PostgreSQL 16

Operating system

MacOS

Rust version

1.87