Improve reability and debugability of large if

Breaking into a series of statements makes things easier when stepping through
the code in a debugger.

Previous comments we stating the opposite or what the code tested for (what we
want vs what we're erroring out on) which was confusing.

Also expand a bit on the reasons for these restrictions.

library/ssl_tls.c

@@ -10837,28 +10837,40 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
     int ret = 0;
 
     /*
-     * Enforce current usage restrictions
+     * Enforce usage restrictions, see "return BAD_INPUT_DATA" in
+     * this function's documentation.
+     *
+     * These are due to assumptions/limitations in the implementation. Some of
+     * them are likely to stay (no handshake in progress) some might go away
+     * (only DTLS) but are currently used to simplify the implementation.
      */
-    if( /* The initial handshake is over ... */
+    /* The initial handshake must be over */
-        ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ||
+    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
-        ssl->handshake != NULL ||
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        /* ... and the various sub-structures are indeed ready. */
+    if( ssl->handshake != NULL )
-        ssl->transform == NULL ||
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        ssl->session == NULL ||
+    /* Double-check that sub-structures are indeed ready */
-        /* There is no pending incoming or outgoing data ... */
+    if( ssl->transform == NULL || ssl->session == NULL )
-        mbedtls_ssl_check_pending( ssl ) != 0 ||
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        ssl->out_left != 0 ||
+    /* There must be no pending incoming or outgoing data */
-        /* We're using DTLS 1.2 ... */
+    if( mbedtls_ssl_check_pending( ssl ) != 0 )
-        MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) ||
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        mbedtls_ssl_get_major_ver( ssl ) != MBEDTLS_SSL_MAJOR_VERSION_3 ||
+    if( ssl->out_left != 0 )
-        mbedtls_ssl_get_minor_ver( ssl ) != MBEDTLS_SSL_MINOR_VERSION_3 ||
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        /* ... with an AEAD ciphersuite. */
+    /* Protocol must be DLTS, not TLS */
-        mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 ||
+    if( MBEDTLS_SSL_TRANSPORT_IS_TLS( ssl->conf->transport ) )
-        /* Renegotation is disabled. */
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-        mbedtls_ssl_conf_is_renegotiation_enabled( ssl->conf ) )
+    /* Version must be 1.2 */
-    {
+    if( mbedtls_ssl_get_major_ver( ssl ) != MBEDTLS_SSL_MAJOR_VERSION_3 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    if( mbedtls_ssl_get_minor_ver( ssl ) != MBEDTLS_SSL_MINOR_VERSION_3 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    /* We must be using an AEAD ciphersuite */
+    if( mbedtls_ssl_transform_uses_aead( ssl->transform ) != 1 )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    /* Renegotiation must not be enabled */
+    if( mbedtls_ssl_conf_is_renegotiation_enabled( ssl->conf ) )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
 
     /*
      * Version and format identifier