From 394ece6cdd71d06e2186024769170588bb342ac8 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 14 Sep 2021 22:17:21 +0800
Subject: [PATCH] Add function for set pending alert flag

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 include/mbedtls/ssl.h | 13 +------------
 library/ssl_misc.h    | 14 +++++++++++++-
 library/ssl_msg.c     | 18 +++++++++++++++---
 3 files changed, 29 insertions(+), 16 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 18142a8617..822205ee48 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1527,10 +1527,7 @@ struct mbedtls_ssl_context
                                      on next call to record layer? */
 
     /* The following three variables indicate if and, if yes,
-     * what kind of alert or warning is pending to be sent.
-     * They should not be set manually but through the macro
-     * MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )
-     * defined below.
+     * what kind of alert is pending to be sent.
      */
     unsigned char MBEDTLS_PRIVATE(send_alert);   /*!< Determines if a fatal alert
                                                 should be sent. Values:
@@ -1640,14 +1637,6 @@ struct mbedtls_ssl_context
 #endif
 };
 
-#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )         \
-    do                                                                  \
-    {                                                                   \
-        ssl->send_alert = 1;                                            \
-        ssl->alert_reason = (user_return_value);                        \
-        ssl->alert_type = (type);                                       \
-    } while( 0 )
-
 /**
  * \brief               Return the name of the ciphersuite associated with the
  *                      given ID
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 8b26983556..5be5b03ac2 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1343,10 +1343,22 @@ void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
 
 /*
- * Send pending fatal alerts or warnings.
+ * Send pending alert
  */
 int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl );
 
+/*
+ * Set pending fatal alert flag.
+ */
+void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
+                                   unsigned char alert_type,
+                                   int alert_reason );
+
+/* Alias of mbedtls_ssl_pend_fatal_alert */
+#define MBEDTLS_SSL_PEND_FATAL_ALERT( type, user_return_value )         \
+            mbedtls_ssl_pend_fatal_alert( ssl, type, user_return_value )
+
+
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
 void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
 #endif
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 3144d9818c..9230bcd82a 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5649,16 +5649,28 @@ int mbedtls_ssl_handle_pending_alert( mbedtls_ssl_context *ssl )
     /* Send alert if requested */
     if( ssl->send_alert != 0 )
     {
+        /* Clear send_alert to avoid infinite loop */
+        ssl->send_alert = 0;
+
         ret = mbedtls_ssl_send_alert_message( ssl,
                                  MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                  ssl->alert_type );
         if( ret != 0 )
             return( ret );
     }
-
-    ssl->send_alert = 0;
-    ssl->alert_type = 0;
     return( 0 );
 }
 
+/*
+ * Set pending fatal alert flag.
+ */
+void mbedtls_ssl_pend_fatal_alert( mbedtls_ssl_context *ssl,
+                                   unsigned char alert_type,
+                                   int alert_reason )
+{
+    ssl->send_alert = 1;
+    ssl->alert_type = alert_type;
+    ssl->alert_reason = alert_reason;
+}
+
 #endif /* MBEDTLS_SSL_TLS_C */