Adapt code to be consistent with the existing code

- init status to error
- use simple assignment to status
- fix code style (spaces)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

library/ssl_tls13_keys.c

@@ -146,7 +146,8 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
 {
     unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ];
     size_t hkdf_label_len;
-    psa_status_t status = PSA_SUCCESS;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_derivation_operation_t operation =
         PSA_KEY_DERIVATION_OPERATION_INIT;
 
@@ -180,23 +181,36 @@ int mbedtls_ssl_tls13_hkdf_expand_label(
                                  &hkdf_label_len );
 
     status = psa_key_derivation_setup( &operation, PSA_ALG_HKDF_EXPAND( hash_alg ) );
-    if (status == PSA_SUCCESS)
-        status |= psa_key_derivation_input_bytes( &operation,
-                                                  PSA_KEY_DERIVATION_INPUT_SECRET,
-                                                  secret,
-                                                  secret_len );
-    if (status == PSA_SUCCESS)
-        status |= psa_key_derivation_input_bytes( &operation,
-                                                  PSA_KEY_DERIVATION_INPUT_INFO,
-                                                  hkdf_label,
-                                                  hkdf_label_len );
-    if (status == PSA_SUCCESS)
-        status |= psa_key_derivation_output_bytes( &operation,
-                                                   buf,
-                                                   buf_len );
-    if (status == PSA_SUCCESS)
-        status |= psa_key_derivation_abort( &operation );
 
+    if( status != PSA_SUCCESS )
+         goto cleanup;
+
+    status = psa_key_derivation_input_bytes( &operation,
+                                             PSA_KEY_DERIVATION_INPUT_SECRET,
+                                             secret,
+                                             secret_len );
+
+    if( status != PSA_SUCCESS )
+         goto cleanup;
+
+    status = psa_key_derivation_input_bytes( &operation,
+                                             PSA_KEY_DERIVATION_INPUT_INFO,
+                                             hkdf_label,
+                                             hkdf_label_len );
+
+    if( status != PSA_SUCCESS )
+         goto cleanup;
+
+    status = psa_key_derivation_output_bytes( &operation,
+                                              buf,
+                                              buf_len );
+
+    if( status != PSA_SUCCESS )
+         goto cleanup;
+
+cleanup:
+    abort_status = psa_key_derivation_abort( &operation );
+    status = ( status == PSA_SUCCESS ? abort_status : status );
     return( psa_ssl_status_to_mbedtls ( status ) );
 }
 
@@ -314,7 +328,8 @@ int mbedtls_ssl_tls13_evolve_secret(
                    unsigned char *secret_new )
 {
     int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-    psa_status_t status = PSA_SUCCESS;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
     size_t hlen, ilen;
     unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 };
     unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 };
@@ -341,6 +356,8 @@ int mbedtls_ssl_tls13_evolve_secret(
             goto cleanup;
     }
 
+    ret = 0;
+
     if( input != NULL )
     {
         memcpy( tmp_input, input, input_len );
@@ -353,26 +370,37 @@ int mbedtls_ssl_tls13_evolve_secret(
 
     status = psa_key_derivation_setup( &operation,
                                        PSA_ALG_HKDF_EXTRACT( hash_alg ) );
-    if (status == PSA_SUCCESS)
-        status |= psa_key_derivation_input_bytes( &operation,
-                                                  PSA_KEY_DERIVATION_INPUT_SALT,
-                                                  tmp_secret,
-                                                  hlen );
-    if (status == PSA_SUCCESS)
-        status |= psa_key_derivation_input_bytes( &operation,
-                                                  PSA_KEY_DERIVATION_INPUT_SECRET,
-                                                  tmp_input,
-                                                  ilen );
-    if (status == PSA_SUCCESS)
-        status |= psa_key_derivation_output_bytes( &operation,
-                                                   secret_new,
-                                                   PSA_HASH_LENGTH( hash_alg ) );
-    if (status == PSA_SUCCESS)
-        status |= psa_key_derivation_abort( &operation );
 
-    ret = psa_ssl_status_to_mbedtls ( status );
+    if( status != PSA_SUCCESS )
+         goto cleanup;
+
+    status = psa_key_derivation_input_bytes( &operation,
+                                             PSA_KEY_DERIVATION_INPUT_SALT,
+                                             tmp_secret,
+                                             hlen );
+
+    if( status != PSA_SUCCESS )
+         goto cleanup;
+
+    status = psa_key_derivation_input_bytes( &operation,
+                                             PSA_KEY_DERIVATION_INPUT_SECRET,
+                                             tmp_input,
+                                             ilen );
+
+    if( status != PSA_SUCCESS )
+         goto cleanup;
+
+    status = psa_key_derivation_output_bytes( &operation,
+                                              secret_new,
+                                              PSA_HASH_LENGTH( hash_alg ) );
+
+    if( status != PSA_SUCCESS )
+         goto cleanup;
+
  cleanup:
-
+    abort_status = psa_key_derivation_abort( &operation );
+    status = ( status == PSA_SUCCESS ? abort_status : status );
+    ret = ( ret == 0 ? psa_ssl_status_to_mbedtls ( status ) : ret );
     mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) );
     mbedtls_platform_zeroize( tmp_input,  sizeof(tmp_input)  );
     return( ret );