From b82350b25f124baef80a28804d8c72fbab438386 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 26 Jul 2019 07:24:05 +0100
Subject: [PATCH] Introduce helper function to send pending fatal alerts

---
 include/mbedtls/ssl_internal.h |  7 ++++---
 library/ssl_tls.c              | 19 ++++++++++++-------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index a86ec120b..c8d6d10e5 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1733,11 +1733,12 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
 /* This internal function can be used to pend a fatal alert for
  * later delivery.
  *
- * The check for pending alerts must be done manually. Currently,
- * it happens only during the handshake loop.
+ * The check for pending alerts must be done by calling
+ * the (static internal) function ssl_send_pending_fatal_alert().
+ * Currently, it happens only during the handshake loop.
  *
  * This function must not be called multiple times without
- * manually inspecting and clearing ssl->pending_fatal_alert_msg in between.
+ * sending the pending fatal alerts in between.
  */
 MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_pend_fatal_alert(
     mbedtls_ssl_context *ssl,
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 292797483..601f81f68 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -75,6 +75,17 @@ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
 #endif
 }
 
+static void ssl_send_pending_fatal_alert( mbedtls_ssl_context *ssl )
+{
+    if( ssl->pending_fatal_alert_msg == MBEDTLS_SSL_ALERT_MSG_NONE )
+        return;
+
+    mbedtls_ssl_send_alert_message( ssl,
+                                    MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                    ssl->pending_fatal_alert_msg );
+    ssl->pending_fatal_alert_msg = MBEDTLS_SSL_ALERT_MSG_NONE;
+}
+
 /*
  * Start a timer.
  * Passing millisecs = 0 cancels a running timer.
@@ -9828,13 +9839,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
         ret = mbedtls_ssl_handshake_server_step( ssl );
 #endif
 
-    if( ssl->pending_fatal_alert_msg != MBEDTLS_SSL_ALERT_MSG_NONE )
-    {
-        mbedtls_ssl_send_alert_message( ssl,
-                                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        ssl->pending_fatal_alert_msg );
-        ssl->pending_fatal_alert_msg   = MBEDTLS_SSL_ALERT_MSG_NONE;
-    }
+    ssl_send_pending_fatal_alert( ssl );
     return( ret );
 }