From 1e5369c7fa75528e3f2bcd5ff734ee025f7871be Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 19 Dec 2013 16:40:57 +0100
Subject: [PATCH] Variables in proper block or within proper defines in
 ssl_decrypt_buf()

---
 library/ssl_tls.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9abc9befa..75ba9075a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1314,8 +1314,12 @@ static int ssl_encrypt_buf( ssl_context *ssl )
 
 static int ssl_decrypt_buf( ssl_context *ssl )
 {
-    size_t i, padlen = 0, correct = 1;
-    unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
+    size_t i;
+#if defined(POLARSSL_ARC4_C) || defined(POLARSSL_CIPHER_NULL_CIPHER) ||     \
+    ( defined(POLARSSL_CIPHER_MODE_CBC) &&                                  \
+      ( defined(POLARSSL_AES_C) || defined(POLARSSL_CAMELLIA_C) ) )
+    size_t padlen = 0, correct = 1;
+#endif
 
     SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
 
@@ -1388,8 +1392,6 @@ static int ssl_decrypt_buf( ssl_context *ssl )
         unsigned char add_data[13];
         int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
 
-        padlen = 0;
-
         dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
                                         ssl->transform_in->fixed_ivlen );
         dec_msglen -= 16;
@@ -1651,6 +1653,8 @@ static int ssl_decrypt_buf( ssl_context *ssl )
     if( ssl->transform_in->cipher_ctx_dec.cipher_info->mode !=
                                                         POLARSSL_MODE_GCM )
     {
+        unsigned char tmp[POLARSSL_SSL_MAX_MAC_SIZE];
+
         ssl->in_msglen -= ( ssl->transform_in->maclen + padlen );
 
         ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );