Restrict the scope of a few variables

In particular, make sure pointer variables are initialized right after
being declared.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

library/ssl_tls.c

@@ -7949,13 +7949,12 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
         ssl->handshake->ciphersuite_info;
     int have_ca_chain = 0;
 
-    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
-    void *p_vrfy;
-
     if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
         return 0;
     }
 
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+    void *p_vrfy;
     if (ssl->f_vrfy != NULL) {
         MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback"));
         f_vrfy = ssl->f_vrfy;
@@ -7988,7 +7987,6 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
     {
         mbedtls_x509_crt *ca_chain;
         mbedtls_x509_crl *ca_crl;
-
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
         if (ssl->handshake->sni_ca_chain != NULL) {
             ca_chain = ssl->handshake->sni_ca_chain;

library/ssl_tls13_generic.c

@@ -630,8 +630,6 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
 {
     int ret = 0;
     int have_ca_chain = 0;
-    mbedtls_x509_crt *ca_chain;
-    mbedtls_x509_crl *ca_crl;
     uint32_t verify_result = 0;
 
     /* Authmode: precedence order is SNI if used else configuration */
@@ -716,6 +714,8 @@ static int ssl_tls13_validate_certificate(mbedtls_ssl_context *ssl)
     } else
 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
     {
+        mbedtls_x509_crt *ca_chain;
+        mbedtls_x509_crl *ca_crl;
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
         if (ssl->handshake->sni_ca_chain != NULL) {
             ca_chain = ssl->handshake->sni_ca_chain;