Reduce TLS memory usage

4 files changed, 26 insertions, 4 deletions

diff --git a/crypto/src/crypto/tls/ByteQueue.cs b/crypto/src/crypto/tls/ByteQueue.cs

index c23ec2fbf..f9d4ee606 100644
--- a/crypto/src/crypto/tls/ByteQueue.cs
+++ b/crypto/src/crypto/tls/ByteQueue.cs
@@ -174,5 +174,25 @@ namespace Org.BouncyCastle.Crypto.Tls
             RemoveData(buf, 0, len, skip);
             return buf;
         }
+
+        public void Shrink()
+        {
+            if (available == 0)
+            {
+                databuf = TlsUtilities.EmptyBytes;
+                skipped = 0;
+            }
+            else
+            {
+                int desiredSize = ByteQueue.NextTwoPow(available);
+                if (desiredSize < databuf.Length)
+                {
+                    byte[] tmp = new byte[desiredSize];
+                    Array.Copy(databuf, skipped, tmp, 0, available);
+                    databuf = tmp;
+                    skipped = 0;
+                }
+            }
+        }
     }
 }
diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs

index d24d13bb5..24fb3f63d 100644
--- a/crypto/src/crypto/tls/TlsClientProtocol.cs
+++ b/crypto/src/crypto/tls/TlsClientProtocol.cs
@@ -147,7 +147,6 @@ namespace Org.BouncyCastle.Crypto.Tls
 
                 SendFinishedMessage();
                 this.mConnectionState = CS_CLIENT_FINISHED;
-                this.mConnectionState = CS_END;
 
                 CompleteHandshake();
                 return;
@@ -241,7 +240,6 @@ namespace Org.BouncyCastle.Crypto.Tls
 
                     ProcessFinishedMessage(buf);
                     this.mConnectionState = CS_SERVER_FINISHED;
-                    this.mConnectionState = CS_END;
 
                     CompleteHandshake();
                     break;
diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs

index 667b3eb33..69361bf6f 100644
--- a/crypto/src/crypto/tls/TlsProtocol.cs
+++ b/crypto/src/crypto/tls/TlsProtocol.cs
@@ -43,7 +43,7 @@ namespace Org.BouncyCastle.Crypto.Tls
         /*
          * Queues for data from some protocols.
          */
-        private ByteQueue mApplicationDataQueue = new ByteQueue();
+        private ByteQueue mApplicationDataQueue = new ByteQueue(0);
         private ByteQueue mAlertQueue = new ByteQueue(2);
         private ByteQueue mHandshakeQueue = new ByteQueue();
     //    private ByteQueue mHeartbeatQueue = new ByteQueue();
@@ -182,6 +182,11 @@ namespace Org.BouncyCastle.Crypto.Tls
         {
             try
             {
+                this.mConnectionState = CS_END;
+
+                this.mAlertQueue.Shrink();
+                this.mHandshakeQueue.Shrink();
+
                 this.mRecordStream.FinaliseHandshake();
 
                 this.mAppDataSplitEnabled = !TlsUtilities.IsTlsV11(Context);
diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs

index 6642f43f4..db823539a 100644
--- a/crypto/src/crypto/tls/TlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/TlsServerProtocol.cs
@@ -365,7 +365,6 @@ namespace Org.BouncyCastle.Crypto.Tls
 
                     SendFinishedMessage();
                     this.mConnectionState = CS_SERVER_FINISHED;
-                    this.mConnectionState = CS_END;
 
                     CompleteHandshake();
                     break;