fix #309. Receive large messages over WSS

Read the full incoming TLS/SSL record at once in libwebsocket_service_fd().

SSL_read() is called until no more pending data for the current record is buffered in SSL.
SSL_read() is never requested more than the pending data size for the current record
to ensure that the fd is not read again for new data, which would be copied in the SSL buffer otherwise.

lib/output.c

@@ -605,3 +605,9 @@ lws_ssl_capable_write_no_ssl(struct libwebsocket *wsi, unsigned char *buf, int l
 	lwsl_debug("ERROR writing len %d to skt %d\n", len, n);
 	return LWS_SSL_CAPABLE_ERROR;
 }
+
+LWS_VISIBLE int
+lws_ssl_pending_no_ssl(struct libwebsocket *wsi)
+{
+	return 0;
+}

lib/private-libwebsockets.h

@@ -1111,6 +1111,7 @@ enum lws_ssl_capable_status {
 #define lws_context_init_http2_ssl(_a)
 #define lws_ssl_capable_read lws_ssl_capable_read_no_ssl
 #define lws_ssl_capable_write lws_ssl_capable_write_no_ssl
+#define lws_ssl_pending lws_ssl_pending_no_ssl
 #define lws_server_socket_service_ssl(_a, _b, _c, _d, _e) (0)
 #define lws_ssl_close(_a) (0)
 #define lws_ssl_context_destroy(_a)
@@ -1121,10 +1122,11 @@ LWS_EXTERN int openssl_websocket_private_data_index;
 LWS_EXTERN int
 lws_ssl_capable_read(struct libwebsocket_context *context,
 		     struct libwebsocket *wsi, unsigned char *buf, int len);
-
 LWS_EXTERN int
 lws_ssl_capable_write(struct libwebsocket *wsi, unsigned char *buf, int len);
 LWS_EXTERN int
+lws_ssl_pending(struct libwebsocket *wsi);
+LWS_EXTERN int
 lws_server_socket_service_ssl(struct libwebsocket_context *context,
 		struct libwebsocket **wsi, struct libwebsocket *new_wsi,
 		int accept_fd, struct libwebsocket_pollfd *pollfd);
@@ -1162,6 +1164,9 @@ lws_ssl_capable_read_no_ssl(struct libwebsocket_context *context,
 LWS_EXTERN int
 lws_ssl_capable_write_no_ssl(struct libwebsocket *wsi, unsigned char *buf, int len);
 
+LWS_EXTERN int
+lws_ssl_pending_no_ssl(struct libwebsocket *wsi);
+
 #ifndef LWS_NO_CLIENT
 	LWS_EXTERN int lws_client_socket_service(
 		struct libwebsocket_context *context,

lib/service.c

@@ -365,6 +365,7 @@ libwebsocket_service_fd(struct libwebsocket_context *context,
 	char draining_flow = 0;
 	int more;
 	struct lws_tokens eff_buf;
+	int pending = 0;
 
 	if (context->listen_service_fd)
 		listen_socket_fds_index = wsi_from_fd(context,context->listen_service_fd)->position_in_fds_table;
@@ -521,10 +522,11 @@ libwebsocket_service_fd(struct libwebsocket_context *context,
 
 		if (!(pollfd->revents & LWS_POLLIN))
 			break;
+read:
 
 		eff_buf.token_len = lws_ssl_capable_read(context, wsi,
 				context->service_buffer,
-					       sizeof(context->service_buffer));
+					       pending?pending:sizeof(context->service_buffer));
 		switch (eff_buf.token_len) {
 		case 0:
 			lwsl_info("service_fd: closing due to 0 length read\n");
@@ -581,6 +583,13 @@ drain:
 			eff_buf.token_len = 0;
 		} while (more);
 
+		pending = lws_ssl_pending(wsi);
+		if (pending) {
+			pending = pending > sizeof(context->service_buffer)?
+				sizeof(context->service_buffer):pending;
+			goto read;
+		}
+
 		if (draining_flow && wsi->rxflow_buffer &&
 				 wsi->rxflow_pos == wsi->rxflow_len) {
 			lwsl_info("flow buffer: drained\n");

lib/ssl.c

@@ -457,6 +457,15 @@ lws_ssl_capable_read(struct libwebsocket_context *context,
 	return LWS_SSL_CAPABLE_ERROR; 
 }
 
+LWS_VISIBLE int
+lws_ssl_pending(struct libwebsocket *wsi)
+{
+	if (!wsi->ssl)
+		return 0;
+
+	return SSL_pending(wsi->ssl);
+}
+
 LWS_VISIBLE int
 lws_ssl_capable_write(struct libwebsocket *wsi, unsigned char *buf, int len)
 {