+ mbedtls_main_t *mm = &mbedtls_main;
+ u8 thread_index = ctx->c_thread_index;
+ u32 deq_max, enq_max, enq_now;
+ stream_session_t *app_session;
+ int read, enq;
+
+ if (PREDICT_FALSE (mc->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER))
+ {
+ mbedtls_ctx_handshake_rx (ctx);
+ return 0;
+ }
+
+ deq_max = svm_fifo_max_dequeue (tls_session->server_rx_fifo);
+ if (!deq_max)
+ return 0;
+
+ app_session = session_get_from_handle (ctx->app_session_handle);
+ enq_max = svm_fifo_max_enqueue (app_session->server_rx_fifo);
+ enq_now = clib_min (enq_max, TLS_CHUNK_SIZE);
+
+ if (PREDICT_FALSE (enq_now == 0))
+ {
+ tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX);
+ return 0;
+ }
+
+ vec_validate (mm->rx_bufs[thread_index], enq_now);
+ read = mbedtls_ssl_read (&mc->ssl, mm->rx_bufs[thread_index], enq_now);
+ if (read <= 0)
+ {
+ tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX);
+ return 0;
+ }
+
+ enq = svm_fifo_enqueue_nowait (app_session->server_rx_fifo, read,
+ mm->rx_bufs[thread_index]);
+ ASSERT (enq == read);
+ vec_reset_length (mm->rx_bufs[thread_index]);
+
+ if (svm_fifo_max_dequeue (tls_session->server_rx_fifo))
+ tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX);
+
+ if (enq > 0)
+ tls_notify_app_enqueue (ctx, app_session);
+
+ return enq;