diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 39daaf75d6..2e4eedcac0 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6515,14 +6515,17 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
     const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
          mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
 
-    #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
+    if( ciphersuite_info == NULL )
+        return( NULL );
+
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
     if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
         return( tls_prf_sha384 );
     else
 #endif
 #if defined(MBEDTLS_SHA256_C)
     {
-        if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
+        if( ciphersuite_info->mac == MBEDTLS_MD_SHA256 )
             return( tls_prf_sha256 );
     }
 #endif
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 90cc4ad0ce..2a7f598a62 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -133,7 +133,7 @@ void mbedtls_test_buffer_init( mbedtls_test_buffer *buf )
 int mbedtls_test_buffer_setup( mbedtls_test_buffer *buf, size_t capacity )
 {
     buf->buffer = (unsigned char*) mbedtls_calloc( capacity,
-                                                   sizeof(unsigned char) );
+                                                   sizeof( unsigned char ) );
     if( NULL == buf->buffer )
         return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     buf->capacity = capacity;
@@ -283,7 +283,7 @@ typedef struct mbedtls_test_message_queue
 int mbedtls_test_message_queue_setup( mbedtls_test_message_queue *queue,
                                       size_t capacity )
 {
-    queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof(size_t) );
+    queue->messages = (size_t*) mbedtls_calloc( capacity, sizeof( size_t ) );
     if( NULL == queue->messages )
         return MBEDTLS_ERR_SSL_ALLOC_FAILED;
 
@@ -457,7 +457,7 @@ int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
     int ret = -1;
 
     peer1->output =
-        (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
+        (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof( mbedtls_test_buffer ) );
     if( peer1->output == NULL )
     {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
@@ -470,7 +470,7 @@ int mbedtls_mock_socket_connect( mbedtls_mock_socket* peer1,
     }
 
     peer2->output =
-        (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof(mbedtls_test_buffer) );
+        (mbedtls_test_buffer*) mbedtls_calloc( 1, sizeof( mbedtls_test_buffer) );
     if( peer2->output == NULL )
     {
         ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
@@ -1737,8 +1737,8 @@ void perform_handshake( handshake_test_options* options )
     int expected_handshake_result = 0;
 
     USE_PSA_INIT( );
-    mbedtls_platform_zeroize( &client, sizeof(client) );
-    mbedtls_platform_zeroize( &server, sizeof(server) );
+    mbedtls_platform_zeroize( &client, sizeof( client ) );
+    mbedtls_platform_zeroize( &server, sizeof( server ) );
 
     mbedtls_test_message_queue server_queue, client_queue;
     mbedtls_test_message_socket_context server_context, client_context;
@@ -2109,7 +2109,7 @@ void test_callback_buffer_sanity()
     unsigned char input[MSGLEN];
     unsigned char output[MSGLEN];
 
-    memset( input, 0, sizeof(input) );
+    memset( input, 0, sizeof( input ) );
 
     /* Make sure calling put and get on NULL buffer results in error. */
     TEST_ASSERT( mbedtls_test_buffer_put( NULL, input, sizeof( input ) )
@@ -3745,7 +3745,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
     TEST_ASSERT( lbl != NULL );
 
     /* Check sanity of test parameters. */
-    TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
+    TEST_ASSERT( (size_t) desired_length <= sizeof( dst ) );
     TEST_ASSERT( (size_t) desired_length == expected->len );
 
     TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
@@ -3831,7 +3831,7 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
     TEST_ASSERT( lbl != NULL );
 
     /* Check sanity of test parameters. */
-    TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
+    TEST_ASSERT( (size_t) desired_length <= sizeof( dst ) );
     TEST_ASSERT( (size_t) desired_length == expected->len );
 
     TEST_ASSERT( mbedtls_ssl_tls1_3_derive_secret(
@@ -4216,8 +4216,8 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass)
     mbedtls_endpoint base_ep, second_ep;
     int ret = -1;
 
-    mbedtls_platform_zeroize( &base_ep, sizeof(base_ep) );
-    mbedtls_platform_zeroize( &second_ep, sizeof(second_ep) );
+    mbedtls_platform_zeroize( &base_ep, sizeof( base_ep ) );
+    mbedtls_platform_zeroize( &second_ep, sizeof( second_ep ) );
 
     ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
                                  NULL, NULL, NULL, NULL );
@@ -4605,8 +4605,8 @@ void raw_key_agreement_fail( int bad_server_ecdhe_key )
     mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
                                           MBEDTLS_ECP_DP_NONE };
     USE_PSA_INIT( );
-    mbedtls_platform_zeroize( &client, sizeof(client) );
-    mbedtls_platform_zeroize( &server, sizeof(server) );
+    mbedtls_platform_zeroize( &client, sizeof( client ) );
+    mbedtls_platform_zeroize( &server, sizeof( server ) );
 
     /* Client side, force SECP256R1 to make one key bitflip fail
      * the raw key agreement. Flipping the first byte makes the