From 53fdfb5458d9937f85fadb5ec141ba902ffc25b7 Mon Sep 17 00:00:00 2001
From: "Earle F. Philhower, III" <earlephilhower@yahoo.com>
Date: Fri, 8 Jun 2018 13:05:09 -0700
Subject: [PATCH] Make BearSSL::write() blocking, match axTLS

When a message is sent by the app that is larger than the SSL buffer,
it will take multiple TLS fragments to transfer.  Writes will loop
through and not return until either all data is transferred or there
is an error.
---
 .../src/WiFiClientSecureBearSSL.cpp           | 46 ++++++++++++-------
 1 file changed, 30 insertions(+), 16 deletions(-)

diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
index 6aebf1f6cb..89fbffd3ed 100644
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
@@ -235,30 +235,44 @@ uint8_t WiFiClientSecure::connected() {
 }
 
 size_t WiFiClientSecure::_write(const uint8_t *buf, size_t size, bool pmem) {
+  size_t sent_bytes = 0;
+
   if (!connected() || !size || !_handshake_done) {
     return 0;
   }
 
-  if (_run_until(BR_SSL_SENDAPP) < 0) {
-    return 0;
-  }
+  do {
+    // Ensure we yield if we need multiple fragments to avoid WDT
+    if (sent_bytes) {
+      optimistic_yield(1000);
+    }
+
+    // Get BearSSL to a state where we can send
+    if (_run_until(BR_SSL_SENDAPP) < 0) {
+      break;
+    }
 
-  if (br_ssl_engine_current_state(_eng) & BR_SSL_SENDAPP) {
-    size_t sendapp_len;
-    unsigned char *sendapp_buf = br_ssl_engine_sendapp_buf(_eng, &sendapp_len);
-    int to_send = size > sendapp_len ? sendapp_len : size;
-    if (pmem) {
-      memcpy_P(sendapp_buf, buf, to_send);
+    if (br_ssl_engine_current_state(_eng) & BR_SSL_SENDAPP) {
+      size_t sendapp_len;
+      unsigned char *sendapp_buf = br_ssl_engine_sendapp_buf(_eng, &sendapp_len);
+      int to_send = size > sendapp_len ? sendapp_len : size;
+      if (pmem) {
+        memcpy_P(sendapp_buf, buf, to_send);
+      } else {
+        memcpy(sendapp_buf, buf, to_send);
+      }
+      br_ssl_engine_sendapp_ack(_eng, to_send);
+      br_ssl_engine_flush(_eng, 0);
+      flush();
+      buf += to_send;
+      sent_bytes += to_send;
+      size -= to_send;
     } else {
-      memcpy(sendapp_buf, buf, to_send);
+      break;
     }
-    br_ssl_engine_sendapp_ack(_eng, to_send);
-    br_ssl_engine_flush(_eng, 0);
-    flush();
-    return to_send;
-  }
+  } while (size);
 
-  return 0;
+  return sent_bytes;
 }
 
 size_t WiFiClientSecure::write(const uint8_t *buf, size_t size) {