Update based on comments

Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
diff --git a/library/ecdh.c b/library/ecdh.c
index 18474a3..3f39926 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -731,8 +731,8 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
 static int ecdh_tls13_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
-                                            size_t *olen, int point_format,
-                                        unsigned char *buf, size_t buf_len,
+                                            size_t *out_len, int point_format,
+                                            unsigned char *buf, size_t buf_len,
                 int ( *f_rng )( void *, unsigned char *, size_t), void *p_rng )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -745,20 +745,20 @@
         return( ret );
 
     ret = mbedtls_ecp_point_write_binary( &ctx->grp, &ctx->Q, point_format,
-                                          olen, buf, buf_len );
+                                          out_len, buf, buf_len );
     if( ret != 0 )
         return( ret );
 
     return( 0 );
 }
 
-int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
+int mbedtls_ecdh_tls13_make_params( mbedtls_ecdh_context *ctx, size_t *out_len,
                             unsigned char *buf, size_t buf_len,
                             int ( *f_rng )( void *, unsigned char *, size_t ),
                             void *p_rng )
 {
     ECDH_VALIDATE_RET( ctx != NULL );
-    ECDH_VALIDATE_RET( olen != NULL );
+    ECDH_VALIDATE_RET( out_len != NULL );
     ECDH_VALIDATE_RET( buf != NULL );
     ECDH_VALIDATE_RET( f_rng != NULL );
 
@@ -769,7 +769,7 @@
 #endif
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_tls13_make_params_internal( ctx, olen, ctx->point_format,
+    return( ecdh_tls13_make_params_internal( ctx, out_len, ctx->point_format,
                                              buf, buf_len, f_rng, p_rng ) );
 #else
     switch( ctx->var )
@@ -779,9 +779,9 @@
             return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
-                                               ctx->point_format, buf, buf_len,
-                                               f_rng, p_rng ) );
+            return( ecdh_tls13_make_params_internal( &ctx->ctx.mbed_ecdh,
+                                               out_len, ctx->point_format,
+                                               buf, buf_len, f_rng, p_rng ) );
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index e1c69a8..a94c79f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -529,7 +529,7 @@
      * Handshake specific crypto variables
      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    int tls1_3_kex_modes; /*!< key exchange modes for TLS 1.3 */
+    int tls13_kex_modes; /*!< key exchange modes for TLS 1.3 */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -765,7 +765,7 @@
         unsigned char early    [MBEDTLS_TLS1_3_MD_MAX_SIZE];
         unsigned char handshake[MBEDTLS_TLS1_3_MD_MAX_SIZE];
         unsigned char app      [MBEDTLS_TLS1_3_MD_MAX_SIZE];
-    } tls1_3_master_secrets;
+    } tls13_master_secrets;
 
     mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@@ -1568,7 +1568,7 @@
 static inline unsigned mbedtls_ssl_tls13_check_kex_modes( mbedtls_ssl_context *ssl,
                                                           int kex_modes_mask )
 {
-    return( ( ssl->handshake->tls1_3_kex_modes & kex_modes_mask ) == 0 );
+    return( ( ssl->handshake->tls13_kex_modes & kex_modes_mask ) == 0 );
 }
 
 static inline int mbedtls_ssl_tls13_psk_enabled( mbedtls_ssl_context *ssl )
@@ -1678,7 +1678,7 @@
 int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
                                          unsigned char *buf,
                                          unsigned char *end,
-                                         size_t *olen);
+                                         size_t *out_len);
 
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index ca633ff..1874d4f 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -47,11 +47,11 @@
 static int ssl_tls13_write_supported_versions_ext( mbedtls_ssl_context *ssl,
                                                    unsigned char *buf,
                                                    unsigned char *end,
-                                                   size_t *olen )
+                                                   size_t *out_len )
 {
     unsigned char *p = buf;
 
-    *olen = 0;
+    *out_len = 0;
 
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported versions extension" ) );
 
@@ -87,7 +87,7 @@
                                 ssl->conf->max_major_ver,
                                 ssl->conf->max_minor_ver ) );
 
-    *olen = 7;
+    *out_len = 7;
 
     return( 0 );
 }
@@ -139,11 +139,11 @@
 static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
                                                    unsigned char *buf,
                                                    unsigned char *end,
-                                                   size_t *olen )
+                                                   size_t *out_len )
 {
     unsigned char *p = buf;
 
-    *olen = 0;
+    *out_len = 0;
 
     const uint16_t *group_list = mbedtls_ssl_get_groups( ssl );
 
@@ -168,7 +168,7 @@
                                     curve_info->name, *group_list ) );
     }
 
-    *olen = p - buf;
+    *out_len = p - buf;
 
     return( 0 );
 }
@@ -176,12 +176,12 @@
 static int ssl_tls13_write_named_group_list_ecdhe( mbedtls_ssl_context *ssl,
                                             unsigned char *buf,
                                             unsigned char *end,
-                                            size_t *olen )
+                                            size_t *out_len )
 {
     ((void) ssl);
     ((void) buf);
     ((void) end);
-    *olen = 0;
+    *out_len = 0;
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
 #endif /* MBEDTLS_ECDH_C */
@@ -189,12 +189,12 @@
 static int ssl_tls13_write_named_group_list_dhe( mbedtls_ssl_context *ssl,
                                         unsigned char *buf,
                                         unsigned char *end,
-                                        size_t *olen )
+                                        size_t *out_len )
 {
     ((void) ssl);
     ((void) buf);
     ((void) end);
-    *olen = 0;
+    *out_len = 0;
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "write_named_group_dhe is not implemented" ) );
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
@@ -202,7 +202,7 @@
 static int ssl_tls13_write_supported_groups_ext( mbedtls_ssl_context *ssl,
                                                  unsigned char *buf,
                                                  unsigned char *end,
-                                                 size_t *olen )
+                                                 size_t *out_len )
 {
     unsigned char *p = buf ;
     unsigned char *named_group_list; /* Start of named_group_list */
@@ -210,7 +210,7 @@
     size_t output_len = 0;
     int ret_ecdhe, ret_dhe;
 
-    *olen = 0;
+    *out_len = 0;
 
     if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
         return( 0 );
@@ -264,7 +264,7 @@
 
     MBEDTLS_SSL_DEBUG_BUF( 3, "Supported groups extension", buf + 4, named_group_list_len + 2 );
 
-    *olen = p - buf;
+    *out_len = p - buf;
 
     ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_GROUPS;
 
@@ -280,7 +280,7 @@
                 uint16_t named_group,
                 unsigned char *buf,
                 unsigned char *end,
-                size_t *olen )
+                size_t *out_len )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_ecp_curve_info *curve_info =
@@ -298,9 +298,9 @@
         return( ret );
     }
 
-    ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, olen,
-                                           buf, end - buf,
-                                           ssl->conf->f_rng, ssl->conf->p_rng );
+    ret = mbedtls_ecdh_tls13_make_params( &ssl->handshake->ecdh_ctx, out_len,
+                                          buf, end - buf,
+                                          ssl->conf->f_rng, ssl->conf->p_rng );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_tls13_make_params", ret );
@@ -365,7 +365,7 @@
 static int ssl_tls13_write_key_share_ext( mbedtls_ssl_context *ssl,
                                           unsigned char *buf,
                                           unsigned char *end,
-                                          size_t *olen )
+                                          size_t *out_len )
 {
     unsigned char *p = buf;
     unsigned char *client_shares; /* Start of client_shares */
@@ -373,7 +373,7 @@
     uint16_t group_id;
     int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
 
-    *olen = 0;
+    *out_len = 0;
 
     if( !mbedtls_ssl_conf_tls13_some_ephemeral_enabled( ssl ) )
         return( 0 );
@@ -459,9 +459,9 @@
     ssl->handshake->offered_group_id = group_id;
 
     /* Output the total length of key_share extension. */
-    *olen = p - buf;
+    *out_len = p - buf;
 
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *olen );
+    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, key_share extension", buf, *out_len );
 
     ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_KEY_SHARE;
 
@@ -600,14 +600,14 @@
             mbedtls_ssl_context *ssl,
             unsigned char *buf,
             unsigned char *end,
-            size_t *olen )
+            size_t *out_len )
 {
     unsigned char *p = buf;
     const int *ciphersuite_list;
     unsigned char *cipher_suites; /* Start of the cipher_suites list */
     size_t cipher_suites_len;
 
-    *olen = 0 ;
+    *out_len = 0 ;
 
     /*
      * Ciphersuite list
@@ -655,7 +655,7 @@
                              cipher_suites_len/2 ) );
 
     /* Output the total length of cipher_suites field. */
-    *olen = p - buf;
+    *out_len = p - buf;
 
     return( 0 );
 }
@@ -675,7 +675,7 @@
 static int ssl_tls13_write_client_hello_body( mbedtls_ssl_context *ssl,
                                               unsigned char *buf,
                                               unsigned char *end,
-                                              size_t *olen )
+                                              size_t *out_len )
 {
 
     int ret;
@@ -686,7 +686,7 @@
     /* Buffer management */
     unsigned char *p = buf;
 
-    *olen = 0;
+    *out_len = 0;
 
     /* No validation needed here. It has been done by ssl_conf_check() */
     ssl->major_ver = ssl->conf->min_major_ver;
@@ -815,7 +815,7 @@
                                 extensions_len ) );
     MBEDTLS_SSL_DEBUG_BUF( 3, "client hello extensions", p_extensions_len, extensions_len );
 
-    *olen = p - buf;
+    *out_len = p - buf;
     return( 0 );
 }
 
@@ -1257,17 +1257,17 @@
     {
         /* Only the pre_shared_key extension was received */
         case MBEDTLS_SSL_EXT_PRE_SHARED_KEY:
-            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+            handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
             break;
 
         /* Only the key_share extension was received */
         case MBEDTLS_SSL_EXT_KEY_SHARE:
-            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+            handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
             break;
 
         /* Both the pre_shared_key and key_share extensions were received */
         case ( MBEDTLS_SSL_EXT_PRE_SHARED_KEY | MBEDTLS_SSL_EXT_KEY_SHARE ):
-            handshake->tls1_3_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+            handshake->tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
             break;
 
         /* Neither pre_shared_key nor key_share extension was received */
@@ -1662,7 +1662,7 @@
 {
     int ret = 0;
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 client state: %d", ssl->state ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 client state: %d", ssl->state ) );
 
     switch( ssl->state )
     {
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 86d984f..066147a 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -157,13 +157,13 @@
 int mbedtls_ssl_tls13_write_sig_alg_ext( mbedtls_ssl_context *ssl,
                                          unsigned char *buf,
                                          unsigned char *end,
-                                         size_t *olen )
+                                         size_t *out_len )
 {
     unsigned char *p = buf;
     unsigned char *supported_sig_alg; /* Start of supported_signature_algorithms */
     size_t supported_sig_alg_len = 0; /* Length of supported_signature_algorithms */
 
-    *olen = 0;
+    *out_len = 0;
 
     /* Skip the extension on the client if all allowed key exchanges
      * are PSK-based. */
@@ -214,7 +214,7 @@
     MBEDTLS_PUT_UINT16_BE( supported_sig_alg_len, buf, 4 );
 
     /* Output the total length of signature algorithms extension. */
-    *olen = p - buf;
+    *out_len = p - buf;
 
     ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SIG_ALG;
     return( 0 );
@@ -321,9 +321,9 @@
     unsigned char verify_hash[MBEDTLS_MD_MAX_SIZE];
     size_t verify_hash_len;
 
-    void const *opts_ptr = NULL;
+    void const *options = NULL;
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    mbedtls_pk_rsassa_pss_options opts;
+    mbedtls_pk_rsassa_pss_options rsassa_pss_options;
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 
     /*
@@ -443,17 +443,17 @@
     if( sig_alg == MBEDTLS_PK_RSASSA_PSS )
     {
         const mbedtls_md_info_t* md_info;
-        opts.mgf1_hash_id = md_alg;
+        rsassa_pss_options.mgf1_hash_id = md_alg;
         if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
         {
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
         }
-        opts.expected_salt_len = mbedtls_md_get_size( md_info );
-        opts_ptr = (const void*) &opts;
+        rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info );
+        options = (const void*) &rsassa_pss_options;
     }
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 
-    if( ( ret = mbedtls_pk_verify_ext( sig_alg, opts_ptr,
+    if( ( ret = mbedtls_pk_verify_ext( sig_alg, options,
                                        &ssl->session_negotiate->peer_cert->pk,
                                        md_alg, verify_hash, verify_hash_len,
                                        p, signature_len ) ) == 0 )
@@ -1081,7 +1081,7 @@
 static int ssl_tls13_write_finished_message_body( mbedtls_ssl_context *ssl,
                                                   unsigned char *buf,
                                                   unsigned char *end,
-                                                  size_t *olen )
+                                                  size_t *out_len )
 {
     size_t verify_data_len = ssl->handshake->state_local.finished_out.digest_len;
     /*
@@ -1094,7 +1094,7 @@
     memcpy( buf, ssl->handshake->state_local.finished_out.digest,
             verify_data_len );
 
-    *olen = verify_data_len;
+    *out_len = verify_data_len;
     return( 0 );
 }
 
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 109c375..b77fc7b 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -78,7 +78,7 @@
  *            the HkdfLabel structure on success.
  */
 
-static const char tls1_3_label_prefix[6] = "tls13 ";
+static const char tls13_label_prefix[6] = "tls13 ";
 
 #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \
     (   2                  /* expansion length           */ \
@@ -89,7 +89,7 @@
 
 #define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN                      \
     SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(                             \
-                     sizeof(tls1_3_label_prefix) +                      \
+                     sizeof(tls13_label_prefix) +                       \
                      MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN,     \
                      MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
 
@@ -100,7 +100,7 @@
                             unsigned char *dst, size_t *dst_len )
 {
     size_t total_label_len =
-        sizeof(tls1_3_label_prefix) + label_len;
+        sizeof(tls13_label_prefix) + label_len;
     size_t total_hkdf_lbl_len =
         SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, ctx_len );
 
@@ -119,8 +119,8 @@
 
     /* Add label incl. prefix */
     *p++ = MBEDTLS_BYTE_0( total_label_len );
-    memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
-    p += sizeof(tls1_3_label_prefix);
+    memcpy( p, tls13_label_prefix, sizeof(tls13_label_prefix) );
+    p += sizeof(tls13_label_prefix);
     memcpy( p, label, label_len );
     p += label_len;
 
@@ -578,9 +578,9 @@
      * Compute MasterSecret
      */
     ret = mbedtls_ssl_tls13_evolve_secret( md_type,
-                    handshake->tls1_3_master_secrets.handshake,
+                    handshake->tls13_master_secrets.handshake,
                     NULL, 0,
-                    handshake->tls1_3_master_secrets.app );
+                    handshake->tls13_master_secrets.app );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
@@ -588,7 +588,7 @@
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "Master secret",
-             handshake->tls1_3_master_secrets.app, md_size );
+             handshake->tls13_master_secrets.app, md_size );
 
     return( 0 );
 }
@@ -918,7 +918,7 @@
     md_type = handshake->ciphersuite_info->mac;
 
     ret = mbedtls_ssl_tls13_evolve_secret( md_type, NULL, NULL, 0,
-                                           handshake->tls1_3_master_secrets.early );
+                                           handshake->tls13_master_secrets.early );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
@@ -972,7 +972,7 @@
     }
 
     ret = mbedtls_ssl_tls13_derive_handshake_secrets( md_type,
-                                    handshake->tls1_3_master_secrets.handshake,
+                                    handshake->tls13_master_secrets.handshake,
                                     transcript, transcript_len, tls13_hs_secrets );
     if( ret != 0 )
     {
@@ -1091,9 +1091,9 @@
      * Compute the Handshake Secret
      */
     ret = mbedtls_ssl_tls13_evolve_secret( md_type,
-                                           handshake->tls1_3_master_secrets.early,
+                                           handshake->tls13_master_secrets.early,
                                            ecdhe, ephemeral_len,
-                                           handshake->tls1_3_master_secrets.handshake );
+                                           handshake->tls13_master_secrets.handshake );
     if( ret != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls13_evolve_secret", ret );
@@ -1101,7 +1101,7 @@
     }
 
     MBEDTLS_SSL_DEBUG_BUF( 4, "Handshake secret",
-                           handshake->tls1_3_master_secrets.handshake, md_size );
+                           handshake->tls13_master_secrets.handshake, md_size );
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
     mbedtls_platform_zeroize( ecdhe, sizeof( ecdhe ) );
@@ -1161,7 +1161,7 @@
     /* Compute application secrets from master secret and transcript hash. */
 
     ret = mbedtls_ssl_tls13_derive_application_secrets( md_type,
-                                   handshake->tls1_3_master_secrets.app,
+                                   handshake->tls13_master_secrets.app,
                                    transcript, transcript_len,
                                    app_secrets );
     if( ret != 0 )
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 0a68956..da967c3 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -95,16 +95,18 @@
  *
  * \param hash_alg   The identifier for the hash algorithm to use.
  * \param secret     The \c Secret argument to \c HKDF-Expand-Label.
- *                   This must be a readable buffer of length \p slen Bytes.
+ *                   This must be a readable buffer of length
+ *                   \p secret_len Bytes.
  * \param secret_len The length of \p secret in Bytes.
  * \param label      The \c Label argument to \c HKDF-Expand-Label.
- *                   This must be a readable buffer of length \p llen Bytes.
+ *                   This must be a readable buffer of length
+ *                   \p label_len Bytes.
  * \param label_len  The length of \p label in Bytes.
  * \param ctx        The \c Context argument to \c HKDF-Expand-Label.
- *                   This must be a readable buffer of length \p clen Bytes.
+ *                   This must be a readable buffer of length \p ctx_len Bytes.
  * \param ctx_len    The length of \p context in Bytes.
  * \param buf        The destination buffer to hold the expanded secret.
- *                   This must be a writable buffer of length \p blen Bytes.
+ *                   This must be a writable buffer of length \p buf_len Bytes.
  * \param buf_len    The desired size of the expanded secret in Bytes.
  *
  * \returns          \c 0 on success.
@@ -133,9 +135,11 @@
  * \param hash_alg      The identifier for the hash algorithm to be used
  *                      for the HKDF-based expansion of the secret.
  * \param client_secret The client traffic secret.
- *                      This must be a readable buffer of size \p slen Bytes
+ *                      This must be a readable buffer of size
+ *                      \p secret_len Bytes
  * \param server_secret The server traffic secret.
- *                      This must be a readable buffer of size \p slen Bytes
+ *                      This must be a readable buffer of size
+ *                      \p secret_len Bytes
  * \param secret_len    Length of the secrets \p client_secret and
  *                      \p server_secret in Bytes.
  * \param key_len       The desired length of the key to be extracted in Bytes.
@@ -171,15 +175,17 @@
  * \param hash_alg   The identifier for the hash function used for the
  *                   applications of HKDF.
  * \param secret     The \c Secret argument to the \c Derive-Secret function.
- *                   This must be a readable buffer of length \p slen Bytes.
+ *                   This must be a readable buffer of length
+ *                   \p secret_len Bytes.
  * \param secret_len The length of \p secret in Bytes.
  * \param label      The \c Label argument to the \c Derive-Secret function.
- *                   This must be a readable buffer of length \p llen Bytes.
+ *                   This must be a readable buffer of length
+ *                   \p label_len Bytes.
  * \param label_len  The length of \p label in Bytes.
  * \param ctx        The hash of the \c Messages argument to the
  *                   \c Derive-Secret function, or the \c Messages argument
- *                   itself, depending on \p context_already_hashed.
- * \param ctx_len    The length of \p hash.
+ *                   itself, depending on \p ctx_hashed.
+ * \param ctx_len    The length of \p ctx in Bytes.
  * \param ctx_hashed This indicates whether the \p ctx contains the hash of
  *                   the \c Messages argument in the application of the
  *                   \c Derive-Secret function
@@ -189,7 +195,7 @@
  *                   (value MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED).
  * \param dstbuf     The target buffer to write the output of
  *                   \c Derive-Secret to. This must be a writable buffer of
- *                   size \p buflen Bytes.
+ *                   size \p dtsbuf_len Bytes.
  * \param dstbuf_len The length of \p dstbuf in Bytes.
  *
  * \returns        \c 0 on success.
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 86f44cb..3018ecb 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -30,7 +30,7 @@
 int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl )
 {
     ((void) ssl);
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls1_3 server state: %d", ssl->state ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "tls13 server state: %d", ssl->state ) );
 
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 4b9b90c..776d77d 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -409,25 +409,25 @@
     USAGE_ETM                                               \
     USAGE_REPRODUCIBLE                                      \
     USAGE_CURVES                                            \
-    USAGE_SIG_ALGS                                         \
+    USAGE_SIG_ALGS                                          \
     USAGE_DHMLEN                                            \
     "\n"
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-#define TLS1_3_VERSION_OPTIONS  ", tls1_3"
+#define TLS1_3_VERSION_OPTIONS  ", tls13"
 #else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #define TLS1_3_VERSION_OPTIONS  ""
 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #define USAGE4 \
     "    allow_sha1=%%d       default: 0\n"                                   \
-    "    min_version=%%s      default: (library default: tls1_2)\n"           \
-    "    max_version=%%s      default: (library default: tls1_2)\n"           \
+    "    min_version=%%s      default: (library default: tls12)\n"            \
+    "    max_version=%%s      default: (library default: tls12)\n"            \
     "    force_version=%%s    default: \"\" (none)\n"                         \
-    "                        options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
+    "                         options: tls12, dtls12" TLS1_3_VERSION_OPTIONS  \
     "\n\n"                                                                    \
     "    force_ciphersuite=<name>    default: all enabled\n"                  \
-    USAGE_TLS1_3_KEY_EXCHANGE_MODES                                            \
+    USAGE_TLS1_3_KEY_EXCHANGE_MODES                                           \
     "    query_config=<name>         return 0 if the specified\n"             \
     "                                configuration macro is defined and 1\n"  \
     "                                otherwise. The expansion of the macro\n" \
@@ -1128,11 +1128,11 @@
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
         else if( strcmp( p, "min_version" ) == 0 )
         {
-            if( strcmp( q, "tls1_2" ) == 0 ||
-                     strcmp( q, "dtls1_2" ) == 0 )
+            if( strcmp( q, "tls12" ) == 0 ||
+                     strcmp( q, "dtls12" ) == 0 )
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-            else if( strcmp( q, "tls1_3" ) == 0 )
+            else if( strcmp( q, "tls13" ) == 0 )
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
             else
@@ -1140,11 +1140,11 @@
         }
         else if( strcmp( p, "max_version" ) == 0 )
         {
-            if( strcmp( q, "tls1_2" ) == 0 ||
-                     strcmp( q, "dtls1_2" ) == 0 )
+            if( strcmp( q, "tls12" ) == 0 ||
+                     strcmp( q, "dtls12" ) == 0 )
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-            else if( strcmp( q, "tls1_3" ) == 0 )
+            else if( strcmp( q, "tls13" ) == 0 )
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
             else
@@ -1161,19 +1161,19 @@
         }
         else if( strcmp( p, "force_version" ) == 0 )
         {
-            if( strcmp( q, "tls1_2" ) == 0 )
+            if( strcmp( q, "tls12" ) == 0 )
             {
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
             }
-            else if( strcmp( q, "dtls1_2" ) == 0 )
+            else if( strcmp( q, "dtls12" ) == 0 )
             {
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
                 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
             }
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-            else if( strcmp( q, "tls1_3" ) == 0 )
+            else if( strcmp( q, "tls13" ) == 0 )
             {
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index cff042b..5bad4a6 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -514,7 +514,7 @@
     "\n"
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-#define TLS1_3_VERSION_OPTIONS  ", tls1_3"
+#define TLS1_3_VERSION_OPTIONS  ", tls13"
 #else /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 #define TLS1_3_VERSION_OPTIONS  ""
 #endif /* !MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
@@ -523,13 +523,13 @@
     USAGE_SSL_ASYNC                                         \
     USAGE_SNI                                               \
     "    allow_sha1=%%d       default: 0\n"                                   \
-    "    min_version=%%s      default: (library default: tls1_2)\n"           \
-    "    max_version=%%s      default: (library default: tls1_2)\n"           \
+    "    min_version=%%s      default: (library default: tls12)\n"            \
+    "    max_version=%%s      default: (library default: tls12)\n"            \
     "    force_version=%%s    default: \"\" (none)\n"                         \
-    "                        options: tls1_2, dtls1_2" TLS1_3_VERSION_OPTIONS \
+    "                         options: tls12, dtls12" TLS1_3_VERSION_OPTIONS  \
     "\n\n"                                                                    \
     "    force_ciphersuite=<name>    default: all enabled\n"                  \
-    USAGE_TLS1_3_KEY_EXCHANGE_MODES                                            \
+    USAGE_TLS1_3_KEY_EXCHANGE_MODES                                           \
     "    query_config=<name>         return 0 if the specified\n"             \
     "                                configuration macro is defined and 1\n"  \
     "                                otherwise. The expansion of the macro\n" \
@@ -1792,11 +1792,11 @@
 
         else if( strcmp( p, "min_version" ) == 0 )
         {
-            if( strcmp( q, "tls1_2" ) == 0 ||
-                     strcmp( q, "dtls1_2" ) == 0 )
+            if( strcmp( q, "tls12" ) == 0 ||
+                     strcmp( q, "dtls12" ) == 0 )
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-            else if( strcmp( q, "tls1_3" ) == 0 )
+            else if( strcmp( q, "tls13" ) == 0 )
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
             else
@@ -1804,11 +1804,11 @@
         }
         else if( strcmp( p, "max_version" ) == 0 )
         {
-            if( strcmp( q, "tls1_2" ) == 0 ||
-                     strcmp( q, "dtls1_2" ) == 0 )
+            if( strcmp( q, "tls12" ) == 0 ||
+                     strcmp( q, "dtls12" ) == 0 )
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-            else if( strcmp( q, "tls1_3" ) == 0 )
+            else if( strcmp( q, "tls13" ) == 0 )
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
             else
@@ -1825,19 +1825,19 @@
         }
         else if( strcmp( p, "force_version" ) == 0 )
         {
-            if( strcmp( q, "tls1_2" ) == 0 )
+            if( strcmp( q, "tls12" ) == 0 )
             {
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
             }
-            else if( strcmp( q, "dtls1_2" ) == 0 )
+            else if( strcmp( q, "dtls12" ) == 0 )
             {
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
                 opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
             }
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-            else if( strcmp( q, "tls1_3" ) == 0 )
+            else if( strcmp( q, "tls13" ) == 0 )
             {
                 opt.min_version = MBEDTLS_SSL_MINOR_VERSION_4;
                 opt.max_version = MBEDTLS_SSL_MINOR_VERSION_4;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 3d65338..50b1969 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -8794,9 +8794,9 @@
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 skip_handshake_stage_check
-run_test    "TLS1.3: Not supported version check: tls1_2 and tls1_3" \
-            "$P_SRV debug_level=1 min_version=tls1_2 max_version=tls1_3" \
-            "$P_CLI debug_level=1 min_version=tls1_2 max_version=tls1_3" \
+run_test    "TLS1.3: Not supported version check: tls12 and tls13" \
+            "$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \
+            "$P_CLI debug_level=1 min_version=tls12 max_version=tls13" \
             1 \
             -s "SSL - The requested feature is not available" \
             -c "SSL - The requested feature is not available" \
@@ -8805,30 +8805,30 @@
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
-run_test    "TLS1.3: handshake dispatch test: tls1_3 only" \
-            "$P_SRV debug_level=2 min_version=tls1_3 max_version=tls1_3" \
-            "$P_CLI debug_level=2 min_version=tls1_3 max_version=tls1_3" \
+run_test    "TLS1.3: handshake dispatch test: tls13 only" \
+            "$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \
+            "$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \
             1 \
-            -s "tls1_3 server state: 0"     \
-            -c "tls1_3 client state: 0"
+            -s "tls13 server state: 0"     \
+            -c "tls13 client state: 0"
 
 requires_openssl_tls1_3
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: minimal feature sets - openssl" \
             "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
-            "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
             0 \
-            -c "tls1_3 client state: 0"     \
-            -c "tls1_3 client state: 2"     \
-            -c "tls1_3 client state: 19"    \
-            -c "tls1_3 client state: 5"     \
-            -c "tls1_3 client state: 3"     \
-            -c "tls1_3 client state: 9"     \
-            -c "tls1_3 client state: 13"    \
-            -c "tls1_3 client state: 11"    \
-            -c "tls1_3 client state: 14"    \
-            -c "tls1_3 client state: 15"    \
+            -c "tls13 client state: 0"     \
+            -c "tls13 client state: 2"     \
+            -c "tls13 client state: 19"    \
+            -c "tls13 client state: 5"     \
+            -c "tls13 client state: 3"     \
+            -c "tls13 client state: 9"     \
+            -c "tls13 client state: 13"    \
+            -c "tls13 client state: 11"    \
+            -c "tls13 client state: 14"    \
+            -c "tls13 client state: 15"    \
             -c "<= ssl_tls13_process_server_hello" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "ECDH curve: x25519"         \
@@ -8849,7 +8849,7 @@
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS 1.3 m->O AES_128_GCM_SHA256      , RSA_PSS_RSAE_SHA256" \
             "$O_NEXT_SRV_RSA -ciphersuites TLS_AES_128_GCM_SHA256 -tls1_3 -msg -no_middlebox -num_tickets 0" \
-            "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
+            "$P_CLI debug_level=4 force_version=tls13 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
             0 \
             -c "ECDH curve: x25519" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
@@ -8864,19 +8864,19 @@
 requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
 run_test    "TLS1.3: minimal feature sets - gnutls" \
             "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
-            "$P_CLI debug_level=3 min_version=tls1_3 max_version=tls1_3" \
+            "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \
             0 \
-            -s "SERVER HELLO was queued"    \
-            -c "tls1_3 client state: 0"     \
-            -c "tls1_3 client state: 2"     \
-            -c "tls1_3 client state: 19"    \
-            -c "tls1_3 client state: 5"     \
-            -c "tls1_3 client state: 3"     \
-            -c "tls1_3 client state: 9"     \
-            -c "tls1_3 client state: 13"    \
-            -c "tls1_3 client state: 11"    \
-            -c "tls1_3 client state: 14"    \
-            -c "tls1_3 client state: 15"    \
+            -s "SERVER HELLO was queued"   \
+            -c "tls13 client state: 0"     \
+            -c "tls13 client state: 2"     \
+            -c "tls13 client state: 19"    \
+            -c "tls13 client state: 5"     \
+            -c "tls13 client state: 3"     \
+            -c "tls13 client state: 9"     \
+            -c "tls13 client state: 13"    \
+            -c "tls13 client state: 11"    \
+            -c "tls13 client state: 14"    \
+            -c "tls13 client state: 15"    \
             -c "<= ssl_tls13_process_server_hello" \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
             -c "ECDH curve: x25519"         \
@@ -8899,7 +8899,7 @@
 requires_gnutls_next
 run_test    "TLS 1.3 m->G AES_128_GCM_SHA256      , RSA_PSS_RSAE_SHA256" \
             "$G_NEXT_SRV_RSA --disable-client-cert --priority=NORMAL:+CIPHER-ALL:+SHA256:+GROUP-SECP256R1:+ECDHE-ECDSA:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
-            "$P_CLI debug_level=4 force_version=tls1_3 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
+            "$P_CLI debug_level=4 force_version=tls13 server_name=localhost force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 allow_sha1=0" \
             0 \
             -c "ECDH curve: x25519"         \
             -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index d57c871..4ef54f5 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -5906,57 +5906,57 @@
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Server handshake traffic secret -> Server traffic key
 # HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_key:"":16:"844780a7acad9f980fa25c114e43402a"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #2
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Server handshake traffic secret -> Server traffic IV
 # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls1_3_label_iv:"":12:"4c042ddc120a38d1417fc815"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":tls13_label_iv:"":12:"4c042ddc120a38d1417fc815"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #3
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Client handshake traffic secret -> Client traffic key
 # HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_key:"":16:"7154f314e6be7dc008df2c832baa1d39"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #4
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Client handshake traffic secret -> Client traffic IV
 # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls1_3_label_iv:"":12:"71abc2cae4c699d47c600268"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":tls13_label_iv:"":12:"71abc2cae4c699d47c600268"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448)
 # Vector from RFC 8448
 # Server handshake traffic secret -> Server traffic IV
 # HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_iv:"":12:"5d313eb2671276ee13000b30"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_iv:"":12:"5d313eb2671276ee13000b30"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448)
 # Vector from RFC 8448
 # Server handshake traffic secret -> Server traffic Key
 # HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls1_3_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":tls13_label_key:"":16:"3fce516009c21727d0f2e4e86ee403bc"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448)
 # Vector from RFC 8448
 # Client handshake traffic secret -> Client traffic IV
 # HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_iv:"":12:"5bd3c71b836e0b76bb73265f"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
 # Vector from RFC 8448
 # Client handshake traffic secret -> Client traffic Key
 # HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls1_3_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":tls13_label_key:"":16:"dbfaa693d1762c5b666af5d950258d01"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #9 (RFC 8448)
 # Calculation of finished_key
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls1_3_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":tls13_label_finished:"":32:"5ace394c26980d581243f627d1150ae27e37fa52364e0a7f20ac686d09cd0e8e"
 
 SSL TLS 1.3 Key schedule: HKDF Expand Label #10 (RFC 8448)
 # Calculation of resumption key
-ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls1_3_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
+ssl_tls13_hkdf_expand_label:MBEDTLS_MD_SHA256:"7df235f2031d2a051287d02b0241b0bfdaf86cc856231f2d5aba46c434ec196c":tls13_label_resumption:"0000":32:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3"
 
 SSL TLS 1.3 Key schedule: Traffic key generation #1
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
@@ -5973,45 +5973,45 @@
 # Derive-Secret( Early-Secret, "derived", "")
 # Tests the case where context isn't yet hashed (empty string here,
 # but still needs to be hashed)
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls1_3_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"33ad0a1c607ec03b09e6cd9893680ce210adf300aa1f2660e1b22e10f170f92a":tls13_label_derived:"":32:MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED:"6f2615a108c702c5678f54fc9dbab69716c076189c48250cebeac3576c3611ba"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #1
 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
 # Derive-Secret( MasterSecret, "s ap traffic", hash)
 # Tests the case where context is already hashed
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls1_3_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d":tls13_label_s_ap_traffic:"22844b930e5e0a59a09d5ac35fc032fc91163b193874a265236e568077378d8b":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fc35ea70693069a277956afa23b8f4543ce68ac595f2aace05cd7a1c92023d5"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "c e traffic", hash)
 # Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_c_e_traffic:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "e exp master", hash)
 # Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls1_3_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":tls13_label_e_exp_master:"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash)
 # Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash)
 # Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls13_label_s_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "c ap traffic", hash)
 # Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_c_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "s ap traffic", hash) #2
 # Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_s_ap_traffic:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "exp master", hash)
 # Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_exp_master:"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
 
 SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash)
 # Vector from RFC 8448
-ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
+ssl_tls13_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls13_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
 
 SSL TLS 1.3 Key schedule: Early secrets derivation helper
 # Vector from RFC 8448
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 9e93b38..c1bc17c 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -17,7 +17,7 @@
 enum
 {
 #define MBEDTLS_SSL_TLS1_3_LABEL( name, string )   \
-     tls1_3_label_ ## name,
+     tls13_label_ ## name,
 MBEDTLS_SSL_TLS1_3_LABEL_LIST
 #undef MBEDTLS_SSL_TLS1_3_LABEL
 };
@@ -3681,9 +3681,9 @@
 
     unsigned char const *lbl = NULL;
     size_t lbl_len;
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string )                        \
-    if( label_idx == (int) tls1_3_label_ ## name )                      \
-    {                                                                   \
+#define MBEDTLS_SSL_TLS1_3_LABEL( name, string )                       \
+    if( label_idx == (int) tls13_label_ ## name )                      \
+    {                                                                  \
         lbl = mbedtls_ssl_tls13_labels.name;                           \
         lbl_len = sizeof( mbedtls_ssl_tls13_labels.name );             \
     }
@@ -3767,9 +3767,9 @@
 
     unsigned char const *lbl = NULL;
     size_t lbl_len;
-#define MBEDTLS_SSL_TLS1_3_LABEL( name, string )                        \
-    if( label_idx == (int) tls1_3_label_ ## name )                      \
-    {                                                                   \
+#define MBEDTLS_SSL_TLS1_3_LABEL( name, string )                       \
+    if( label_idx == (int) tls13_label_ ## name )                      \
+    {                                                                  \
         lbl = mbedtls_ssl_tls13_labels.name;                           \
         lbl_len = sizeof( mbedtls_ssl_tls13_labels.name );             \
     }