QUIC RXDP: Reuse allocations between ACK frame processing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)

3 files changed, 18 insertions, 7 deletions

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index efbe1c1660..78aaabef52 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -524,6 +524,7 @@ static void ch_cleanup(QUIC_CHANNEL *ch)
     OPENSSL_free(ch->local_transport_params);
     OPENSSL_free((char *)ch->terminate_cause.reason);
     OSSL_ERR_STATE_free(ch->err_state);
+    OPENSSL_free(ch->ack_range_scratch);
 
     /* Free the stateless reset tokens */
     for (srte = ossl_list_stateless_reset_tokens_head(&ch->srt_list_seq);
diff --git a/ssl/quic/quic_channel_local.h b/ssl/quic/quic_channel_local.h
index 8b2edc647a..77dc5dd7bc 100644
--- a/ssl/quic/quic_channel_local.h
+++ b/ssl/quic/quic_channel_local.h
@@ -461,6 +461,10 @@ struct quic_channel_st {
 
     /* Saved error stack in case permanent error was encountered */
     ERR_STATE                       *err_state;
+
+    /* Scratch area for use by RXDP to store decoded ACK ranges. */
+    OSSL_QUIC_ACK_RANGE             *ack_range_scratch;
+    size_t                          num_ack_range_scratch;
 };
 
 # endif
diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c
index 55712edabe..f7f8bf6ea3 100644
--- a/ssl/quic/quic_rx_depack.c
+++ b/ssl/quic/quic_rx_depack.c
@@ -64,18 +64,26 @@ static int depack_do_frame_ack(PACKET *pkt, QUIC_CHANNEL *ch,
                                OSSL_QRX_PKT *qpacket)
 {
     OSSL_QUIC_FRAME_ACK ack;
-    OSSL_QUIC_ACK_RANGE *ack_ranges = NULL;
+    OSSL_QUIC_ACK_RANGE *p;
     uint64_t total_ranges = 0;
     uint32_t ack_delay_exp = ch->rx_ack_delay_exp;
 
     if (!ossl_quic_wire_peek_frame_ack_num_ranges(pkt, &total_ranges)
         /* In case sizeof(uint64_t) > sizeof(size_t) */
-        || total_ranges > SIZE_MAX / sizeof(ack_ranges[0])
-        || (ack_ranges = OPENSSL_zalloc(sizeof(ack_ranges[0])
-                                        * (size_t)total_ranges)) == NULL)
+        || total_ranges > SIZE_MAX / sizeof(OSSL_QUIC_ACK_RANGE))
         goto malformed;
 
-    ack.ack_ranges = ack_ranges;
+    if (ch->num_ack_range_scratch < (size_t)total_ranges) {
+        if ((p = OPENSSL_realloc(ch->ack_range_scratch,
+                                 sizeof(OSSL_QUIC_ACK_RANGE)
+                                 * (size_t)total_ranges)) == NULL)
+            goto malformed;
+
+        ch->ack_range_scratch       = p;
+        ch->num_ack_range_scratch   = (size_t)total_ranges;
+    }
+
+    ack.ack_ranges = ch->ack_range_scratch;
     ack.num_ack_ranges = (size_t)total_ranges;
 
     if (!ossl_quic_wire_decode_frame_ack(pkt, ack_delay_exp, &ack, NULL))
@@ -120,7 +128,6 @@ static int depack_do_frame_ack(PACKET *pkt, QUIC_CHANNEL *ch,
         goto malformed;
 
     ++ch->diag_num_rx_ack;
-    OPENSSL_free(ack_ranges);
     return 1;
 
 malformed:
@@ -128,7 +135,6 @@ malformed:
                                            QUIC_ERR_FRAME_ENCODING_ERROR,
                                            frame_type,
                                            "decode error");
-    OPENSSL_free(ack_ranges);
     return 0;
 }