diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 01ddb524d..293f40e65 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2267,18 +2267,22 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_key_slot_t *slot;
-    psa_key_usage_t usage =
-        is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH;
-    size_t mac_size = 0;
+    size_t mac_size;
 
     /* A context must be freshly initialized before it can be set up. */
     if( operation->id != 0 )
         return( PSA_ERROR_BAD_STATE );
 
+    if( ! PSA_ALG_IS_MAC( alg ) )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
     status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, usage, alg );
+                 key,
+                 &slot,
+                 is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
+                 alg );
     if( status != PSA_SUCCESS )
-        goto exit;
+        return( status );
 
     psa_key_attributes_t attributes = {
         .core = slot->attr
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 0189cded8..d8e229325 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -243,7 +243,7 @@ static psa_status_t mac_init(
     mbedtls_psa_mac_operation_t *operation,
     psa_algorithm_t alg )
 {
-    psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
     operation->key_set = 0;
@@ -268,8 +268,7 @@ static psa_status_t mac_init(
     else
 #endif /* BUILTIN_ALG_HMAC */
     {
-        if( ! PSA_ALG_IS_MAC( alg ) )
-            status = PSA_ERROR_INVALID_ARGUMENT;
+        status = PSA_ERROR_NOT_SUPPORTED;
     }
 
     if( status != PSA_SUCCESS )