Updates following review of SSL_export_key_material() changes

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3782)
diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod
index f2fba47..532b144 100644
--- a/doc/man3/SSL_export_keying_material.pod
+++ b/doc/man3/SSL_export_keying_material.pod
@@ -33,7 +33,7 @@
 a context is optional. If the context should be omitted entirely then
 B<use_context> should be set to 0. Otherwise it should be any other value. If
 B<use_context> is 0 then the values of B<context> and B<contextlen> are ignored.
-Note that in TLSv1.2 and below a zero length context is treated differently to
+Note that in TLSv1.2 and below a zero length context is treated differently from
 no context at all, and will result in different keying material being returned.
 In TLSv1.3 a zero length context is that same as no context at all and will
 result in the same keying material being returned.
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 67ae0a3..55e68c6 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -611,10 +611,7 @@
     unsigned int hashsize;
     int ret = 0;
 
-    if (ctx == NULL)
-        goto err;
-
-    if (!SSL_is_init_finished(s))
+    if (ctx == NULL || !SSL_is_init_finished(s))
         goto err;
 
     if (!use_context)
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 8006d7e..ae5c4c0 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -2493,7 +2493,7 @@
  */
 static int test_export_key_mat(int tst)
 {
-    int testresult = 0, proto;
+    int testresult = 0;
     SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
     SSL *clientssl = NULL, *serverssl = NULL;
     const char label[] = "test label";
@@ -2501,6 +2501,12 @@
     const unsigned char *emptycontext = NULL;
     unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
     unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
+    const int protocols[] = {
+        TLS1_VERSION,
+        TLS1_1_VERSION,
+        TLS1_2_VERSION,
+        TLS1_3_VERSION
+    };
 
 #ifdef OPENSSL_NO_TLS1
     if (tst == 0)
@@ -2523,28 +2529,9 @@
                                        &cctx, cert, privkey)))
         goto end;
 
-    switch (tst) {
-    case 0:
-        proto = TLS1_VERSION;
-        break;
-
-    case 1:
-        proto = TLS1_1_VERSION;
-        break;
-
-    case 2:
-        proto = TLS1_2_VERSION;
-        break;
-
-    case 3:
-        proto = TLS1_3_VERSION;
-        break;
-
-    default:
-        goto end;
-    }
-    SSL_CTX_set_max_proto_version(cctx, proto);
-    SSL_CTX_set_min_proto_version(cctx, proto);
+    OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
+    SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
+    SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
 
     if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
                                       NULL))