Restrict the scope of a few variables
In particular, make sure pointer variables are initialized right after
being declared.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4795e67..ebd19c3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7949,13 +7949,12 @@
ssl->handshake->ciphersuite_info;
int have_ca_chain = 0;
- int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
- void *p_vrfy;
-
if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
return 0;
}
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *p_vrfy;
if (ssl->f_vrfy != NULL) {
MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback"));
f_vrfy = ssl->f_vrfy;
@@ -7988,7 +7987,6 @@
{
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl;
-
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if (ssl->handshake->sni_ca_chain != NULL) {
ca_chain = ssl->handshake->sni_ca_chain;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index c130de0..f883a22 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -630,8 +630,6 @@
{
int ret = 0;
int have_ca_chain = 0;
- mbedtls_x509_crt *ca_chain;
- mbedtls_x509_crl *ca_crl;
uint32_t verify_result = 0;
/* Authmode: precedence order is SNI if used else configuration */
@@ -716,6 +714,8 @@
} else
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
{
+ mbedtls_x509_crt *ca_chain;
+ mbedtls_x509_crl *ca_crl;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
if (ssl->handshake->sni_ca_chain != NULL) {
ca_chain = ssl->handshake->sni_ca_chain;