internal /*virtual*/ BufferSegment DecodeAndVerify(byte type, Stream input, int len) { BufferSegment buf = TlsUtilities.ReadFullyOptimized(len, input); long seqNo = mReadSeqNo.NextValue(AlertDescription.unexpected_message); BufferSegment decoded = mReadCipher.DecodeCiphertext(seqNo, type, buf.Data, buf.Offset, buf.Count); if (buf.Data != decoded.Data) { BufferPool.Release(buf); } CheckLength(decoded.Count, mCompressedLimit, AlertDescription.record_overflow); /* * TODO 5246 6.2.2. Implementation note: Decompression functions are responsible for * ensuring that messages cannot cause internal buffer overflows. */ //Stream cOut = mReadCompression.Decompress(mBuffer); //if (cOut != mBuffer) //{ // cOut.Write(decoded, 0, decoded.Length); // cOut.Flush(); // decoded = GetBufferContents(); //} /* * RFC 5246 6.2.2. If the decompression function encounters a TLSCompressed.fragment that * would decompress to a length in excess of 2^14 bytes, it should report a fatal * decompression failure error. */ //CheckLength(decoded.Length, mPlaintextLimit, AlertDescription.decompression_failure); /* * RFC 5246 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert, * or ChangeCipherSpec content types. */ if (decoded.Count < 1 && type != ContentType.application_data) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } return(decoded); }