fix(ssl_client,WiFiClientSecure): write full TLS buffer and avoid zero-length writes

Loop in send_ssl_data() until the entire buffer is written;
handle MBEDTLS_ERR_SSL_WANT_{READ,WRITE} and respect socket timeouts.
Return 0 for len==0 to prevent zero-length TLS writes.
Add a size==0 guard in WiFiClientSecure::write() for symmetry.

No API changes.

Author: prooma

libraries/NetworkClientSecure/src/NetworkClientSecure.cpp

@@ -227,6 +227,10 @@ size_t NetworkClientSecure::write(const uint8_t *buf, size_t size) {
     return 0;
   }
 
+  if (size == 0) {
+    return 0;
+  }
+
   if (_stillinPlainStart) {
     return send_net_data(sslclient.get(), buf, size);
   }

libraries/NetworkClientSecure/src/ssl_client.cpp

@@ -409,25 +409,31 @@ int data_to_read(sslclient_context *ssl_client) {
 }
 
 int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, size_t len) {
-  unsigned long write_start_time = millis();
-  int ret = -1;
+  if (len == 0) {
+    return 0;  // Skipping zero-length write
+  }
+
+  const unsigned long write_start_time = millis();
 
-  while ((ret = mbedtls_ssl_write(&ssl_client->ssl_ctx, data, len)) <= 0) {
+  size_t sent = 0;
+  while (sent < len) {
+    const size_t to_send = len - sent;
+    const int ret = mbedtls_ssl_write(&ssl_client->ssl_ctx, data + sent, to_send);
+    if (ret > 0) {
+      sent += ret;
+      continue;
+    }
     if ((millis() - write_start_time) > ssl_client->socket_timeout) {
-      log_v("SSL write timed out.");
-      return -1;
+        log_v("SSL write timed out.");
+        return -1;
     }
-
     if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret < 0) {
-      log_v("Handling error %d", ret);  //for low level debug
-      return handle_error(ret);
+        log_v("Handling error %d", ret);
+        return handle_error(ret);
     }
-
-    //wait for space to become available
     vTaskDelay(2);
   }
-
-  return ret;
+  return (int)sent;
 }
 
 // Some protocols, such as SMTP, XMPP, MySQL/Posgress and various others