From a7505d18eb296e76c3b303cf75ac23c13f328530 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 7 May 2019 10:17:56 +0200
Subject: [PATCH] Enforce promise to not use whole ssl context

Configs with no DEBUG_C are used for example in test-ref-configs.pl, which also
runs parts of compat.sh or ssl-opt.sh on them, so the added 'ssl = NULL'
statements will be exercised in those tests at least.
---
 library/ssl_tls.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 822d972f6..74cb756e7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1027,6 +1027,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
 #if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \
     !defined(MBEDTLS_SSL_EXPORT_KEYS) && \
     !defined(MBEDTLS_DEBUG_C)
+    ssl = NULL; /* make sure we don't use it except for those cases */
     (void) ssl;
 #endif
 
@@ -1625,6 +1626,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
     !defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
     !(defined(MBEDTLS_USE_PSA_CRYPTO) &&            \
       defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED))
+    ssl = NULL; /* make sure we don't use it except for those cases */
     (void) ssl;
 #endif
 
@@ -2312,6 +2314,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
 
     /* The SSL context is only used for debugging purposes! */
 #if !defined(MBEDTLS_DEBUG_C)
+    ssl = NULL; /* make sure we don't use it except for debug */
     ((void) ssl);
 #endif
 
@@ -2741,6 +2744,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
     size_t add_data_len;
 
 #if !defined(MBEDTLS_DEBUG_C)
+    ssl = NULL; /* make sure we don't use it except for debug */
     ((void) ssl);
 #endif