From 3010d55a3b7f656dcbbc6f55178a75a92cfedab0 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 11 Jun 2019 14:46:16 +0100
Subject: [PATCH] Introduce helper macro indicating if use of ExtendedMS is
 enforced

---
 include/mbedtls/ssl_internal.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 3eb37b8c3..e188c9706 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -321,6 +321,18 @@
 #define MBEDTLS_SSL_TRANSPORT_ELSE                  /* empty: no other branch */
 #endif /* TLS and/or DTLS */
 
+/* Check if the use of the ExtendedMasterSecret extension
+ * is enforced at compile-time. If so, we don't need to
+ * track its status in the handshake parameters. */
+#if defined(MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET)         && \
+    defined(MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET) && \
+    MBEDTLS_SSL_CONF_EXTENDED_MASTER_SECRET ==                  \
+      MBEDTLS_SSL_EXTENDED_MS_ENABLED                        && \
+    MBEDTLS_SSL_CONF_ENFORCE_EXTENDED_MASTER_SECRET ==          \
+      MBEDTLS_SSL_EXTENDED_MS_ENFORCE_ENABLED
+#define MBEDTLS_SSL_EXTENDED_MS_ENFORCED
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif