Introduce helper function to send pending fatal alerts

include/mbedtls/ssl_internal.h

@@ -1733,11 +1733,12 @@ static inline unsigned int mbedtls_ssl_conf_get_ems_enforced(
 /* This internal function can be used to pend a fatal alert for
  * later delivery.
  *
- * The check for pending alerts must be done manually. Currently,
+ * The check for pending alerts must be done by calling
- * it happens only during the handshake loop.
+ * the (static internal) function ssl_send_pending_fatal_alert().
+ * Currently, it happens only during the handshake loop.
  *
  * This function must not be called multiple times without
- * manually inspecting and clearing ssl->pending_fatal_alert_msg in between.
+ * sending the pending fatal alerts in between.
  */
 MBEDTLS_ALWAYS_INLINE static inline void mbedtls_ssl_pend_fatal_alert(
     mbedtls_ssl_context *ssl,

library/ssl_tls.c

@@ -75,6 +75,17 @@ static inline size_t ssl_ep_len( const mbedtls_ssl_context *ssl )
 #endif
 }
 
+static void ssl_send_pending_fatal_alert( mbedtls_ssl_context *ssl )
+{
+    if( ssl->pending_fatal_alert_msg == MBEDTLS_SSL_ALERT_MSG_NONE )
+        return;
+
+    mbedtls_ssl_send_alert_message( ssl,
+                                    MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                    ssl->pending_fatal_alert_msg );
+    ssl->pending_fatal_alert_msg = MBEDTLS_SSL_ALERT_MSG_NONE;
+}
+
 /*
  * Start a timer.
  * Passing millisecs = 0 cancels a running timer.
@@ -9828,13 +9839,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
         ret = mbedtls_ssl_handshake_server_step( ssl );
 #endif
 
-    if( ssl->pending_fatal_alert_msg != MBEDTLS_SSL_ALERT_MSG_NONE )
+    ssl_send_pending_fatal_alert( ssl );
-    {
-        mbedtls_ssl_send_alert_message( ssl,
-                                        MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        ssl->pending_fatal_alert_msg );
-        ssl->pending_fatal_alert_msg   = MBEDTLS_SSL_ALERT_MSG_NONE;
-    }
     return( ret );
 }