Reduce the scope of some variables in tls_process_client_key_exchange()

{

    int al;

    unsigned long alg_k;

#ifndef OPENSSL_NO_RSA

    RSA *rsa = NULL;

#endif

#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)

    EVP_PKEY *ckey = NULL;

#endif

    PACKET enc_premaster;

    unsigned char *rsa_decrypt = NULL;

    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

        int decrypt_len;

        unsigned char decrypt_good, version_good;

        size_t j, padding_len;

        PACKET enc_premaster;

        RSA *rsa = NULL;

        unsigned char *rsa_decrypt = NULL;

        /* FIX THIS UP EAY EAY EAY EAY */

        rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey);

        if (rsa == NULL) {

            al = SSL_AD_HANDSHAKE_FAILURE;

        if (rsa_decrypt == NULL) {

            al = SSL_AD_INTERNAL_ERROR;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);

            OPENSSL_free(rsa_decrypt);

            goto f_err;

        }

        if (RAND_bytes(rand_premaster_secret,

                       sizeof(rand_premaster_secret)) <= 0) {

            OPENSSL_free(rsa_decrypt);

            goto err;

        }

                                          PACKET_data(&enc_premaster),

                                          rsa_decrypt, rsa, RSA_NO_PADDING);

        if (decrypt_len < 0) {

            OPENSSL_free(rsa_decrypt);

            goto err;

        }

        if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {

            al = SSL_AD_DECRYPT_ERROR;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED);

            OPENSSL_free(rsa_decrypt);

            goto f_err;

        }

                                        sizeof(rand_premaster_secret), 0)) {

            al = SSL_AD_INTERNAL_ERROR;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

            OPENSSL_free(rsa_decrypt);

            goto f_err;

        }

        OPENSSL_free(rsa_decrypt);

        rsa_decrypt = NULL;

    } else

#endif

#ifndef OPENSSL_NO_DH

        unsigned int i;

        BIGNUM *pub_key;

        const unsigned char *data;

        EVP_PKEY *ckey = NULL;

        if (!PACKET_get_net_2(pkt, &i)) {

            if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {

        ckey = EVP_PKEY_new();

        if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);

            EVP_PKEY_free(ckey);

            goto err;

        }

        cdh = EVP_PKEY_get0_DH(ckey);

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

            if (pub_key != NULL)

                BN_free(pub_key);

            EVP_PKEY_free(ckey);

            goto err;

        }

        if (ssl_derive(s, skey, ckey) == 0) {

            al = SSL_AD_INTERNAL_ERROR;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

            EVP_PKEY_free(ckey);

            goto f_err;

        }

        EVP_PKEY_free(ckey);

        ckey = NULL;

        EVP_PKEY_free(s->s3->tmp.pkey);

        s->s3->tmp.pkey = NULL;

#ifndef OPENSSL_NO_EC

    if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {

        EVP_PKEY *skey = s->s3->tmp.pkey;

        EVP_PKEY *ckey = NULL;

        if (PACKET_remaining(pkt) == 0L) {

            /* We don't support ECDH client auth */

            ckey = EVP_PKEY_new();

            if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {

                SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EVP_LIB);

                EVP_PKEY_free(ckey);

                goto err;

            }

            if (EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(ckey), data, i,

                               NULL) == 0) {

                SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);

                EVP_PKEY_free(ckey);

                goto err;

            }

        }

        if (ssl_derive(s, skey, ckey) == 0) {

            al = SSL_AD_INTERNAL_ERROR;

            SSLerr(SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

            EVP_PKEY_free(ckey);

            goto f_err;

        }

        EVP_PKEY_free(ckey);

        ckey = NULL;

        EVP_PKEY_free(s->s3->tmp.pkey);

        s->s3->tmp.pkey = NULL;

#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SRP)

 err:

#endif

#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)

    EVP_PKEY_free(ckey);

#endif

    OPENSSL_free(rsa_decrypt);

#ifndef OPENSSL_NO_PSK

    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);

    s->s3->tmp.psk = NULL;