3.1.5.5 Receiving Data in the Authenticated State

When data arrives on the Underlying TCP Connection, the following actions MUST be taken:

• If the Negotiated Protection Level is None, any bytes received MUST be delivered unmodified to the application.

• Otherwise, the first four bytes received MUST be interpreted as the PayloadSize field of a Data message (as specified in section 2.2). The implementation MUST then continue to receive data from the Underlying TCP Connection (storing it in the Framing Buffer) until PayloadSize bytes have been received. When a full frame has been received, it MUST be passed to the GSS_Unwrap function ([RFC2743] section 2.3.4) along with the Security Provider Context. If the function returns a major_status of GSS_S_COMPLETE, the output_message MUST be delivered to the application. If the function returns any other major_status, the application MUST be notified of the failure and the buffered message MUST be discarded.