diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8c0ac8f8cc..4d5fcefc71 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7693,8 +7693,8 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
     {
         if( sig_alg == MBEDTLS_SSL_TLS12_SIG_ALG_FROM_SIG_AND_HASH_ALG(
                             received_sig_algs[i] ) )
-            return MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(
-                        received_sig_algs[i] );
+            return( MBEDTLS_SSL_TLS12_HASH_ALG_FROM_SIG_AND_HASH_ALG(
+                        received_sig_algs[i] ) );
     }
 
     return( MBEDTLS_SSL_HASH_NONE );
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 93854df2dc..593acc5762 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3186,8 +3186,7 @@ curve_matching_done:
 
         /*    For TLS 1.2, obey signature-hash-algorithm extension
          *    (RFC 5246, Sec. 7.4.1.4.1). */
-        if( sig_alg == MBEDTLS_PK_NONE ||
-            md_alg == MBEDTLS_MD_NONE )
+        if( sig_alg == MBEDTLS_PK_NONE || md_alg == MBEDTLS_MD_NONE )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
             /* (... because we choose a cipher suite
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 69934bd306..305ac0050b 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1613,7 +1613,7 @@ static int ssl_tls13_parse_certificate_request( mbedtls_ssl_context *ssl,
                 MBEDTLS_SSL_DEBUG_MSG( 3,
                         ( "found signature algorithms extension" ) );
                 ret = mbedtls_ssl_parse_sig_alg_ext( ssl, p,
-                              p + extension_data_len );
+                                                     p + extension_data_len );
                 if( ret != 0 )
                     return( ret );
                 if( ! sig_alg_ext_found )