Fixed incorrect usage of key derivation procedures

Signed-off-by: Anton Matkin <anton.matkin@arm.com>

library/ssl_tls.c

@@ -6390,7 +6390,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
             psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT;
             psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE);
             psa_set_key_algorithm(&shared_key_attributes, alg);
-            psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_PASSWORD);
+            psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE);
 
             status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id);
 
@@ -6401,13 +6401,13 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
 
             status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id);
 
+            psa_destroy_key(shared_key_id);
+
             if (status != PSA_SUCCESS) {
                 psa_key_derivation_abort(&derivation);
                 return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
 
-            psa_destroy_key(shared_key_id);
-
             status = psa_key_derivation_output_bytes(&derivation,
                                                      handshake->premaster,
                                                      handshake->pmslen);