diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 1af75e6648..5117672a6a 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1889,7 +1889,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
         tor_cert_t *ed_cert = tor_cert_parse(cert_body, cert_len);
         if (!ed_cert) {
           log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-                 "Received undecodable Ed certificate in CERTS cell from %s:%d",
+                 "Received undecodable Ed certificate "
+                 "in CERTS cell from %s:%d",
                  safe_str(chan->conn->base_.address),
                chan->conn->base_.port);
         } else {
@@ -2310,10 +2311,9 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
   chan->conn->handshake_state->authenticated_rsa = 1;
   chan->conn->handshake_state->digest_received_data = 0;
   {
-    crypto_pk_t *identity_rcvd =
-      tor_tls_cert_get_key(chan->conn->handshake_state->certs->id_cert);
-    const common_digests_t *id_digests =
-      tor_x509_cert_get_id_digests(chan->conn->handshake_state->certs->id_cert);
+    tor_x509_cert_t *id_cert = chan->conn->handshake_state->certs->id_cert;
+    crypto_pk_t *identity_rcvd = tor_tls_cert_get_key(id_cert);
+    const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
     const ed25519_public_key_t *ed_identity_received = NULL;
 
     if (! sig_is_rsa) {
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index b2fbd273a8..0881f231aa 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -84,7 +84,6 @@ channel_connect_for_circuit(const tor_addr_t *addr, uint16_t port,
 {
   channel_t *chan;
 
-
   chan = channel_connect(addr, port, id_digest,
                          NULL // XXXX Ed25519 id.
                          );
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index c6d5bb5250..eb67f0653f 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2544,8 +2544,8 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
     ssize_t len2 = auth1_parse(&tmp, out, len, ctx);
     if (!tmp) {
       /* LCOV_EXCL_START */
-      log_warn(LD_BUG, "Unable to parse signed part of AUTH1 data that we just "
-               "encoded");
+      log_warn(LD_BUG, "Unable to parse signed part of AUTH1 data that "
+               "we just encoded");
       goto err;
       /* LCOV_EXCL_STOP */
     }
diff --git a/src/or/or.h b/src/or/or.h
index 1fc4b16e63..d305eac543 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1373,10 +1373,6 @@ typedef struct listener_connection_t {
  * authchallenge_type_is_better().
  */
 
-
-
-
-
 /** The length of the part of the AUTHENTICATE cell body that the client and
  * server can generate independently (when using RSA_SHA256_TLSSECRET). It
  * contains everything except the client's timestamp, the client's randomly
diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index b6f20e6642..8d9a1328b8 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -1029,7 +1029,8 @@ should_make_new_ed_keys(const or_options_t *options, const time_t now)
 #undef EXPIRES_SOON
 
 #ifdef TOR_UNIT_TESTS
-/* Helper for unit tests: populate the ed25519 keys without saving or loading */
+/* Helper for unit tests: populate the ed25519 keys without saving or
+ * loading */
 void
 init_mock_ed_keys(const crypto_pk_t *rsa_identity_key)
 {
diff --git a/src/or/torcert.c b/src/or/torcert.c
index 4259363f35..852def9ef6 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -603,7 +603,6 @@ or_handshake_certs_ed25519_ok(int severity,
   return 1;
 }
 
-
 /**
  * Check the Ed certificates and/or the RSA certificates, as appropriate.  If
  * we obtained an Ed25519 identity, set *ed_id_out. If we obtained an RSA
@@ -646,5 +645,5 @@ or_handshake_certs_check_both(int severity,
       *rsa_id_out = tor_x509_cert_get_id_digests(certs->id_cert);
     }
   }
-
 }
+
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
index bf5ff677c1..5273f3373f 100644
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@@ -872,7 +872,6 @@ CERTS_FAIL(server_wrong_labels_1,
              REENCODE();
            })
 
-
 static void
 test_link_handshake_send_authchallenge(void *arg)
 {
@@ -1087,7 +1086,6 @@ AUTHCHALLENGE_FAIL(nonzero_circid,
                    require_failure_message = "It had a nonzero circuit ID";
                    d->cell->circ_id = 1337)
 
-
 static int
 mock_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
 {
@@ -1284,7 +1282,8 @@ test_link_handshake_auth_cell(void *arg)
     uint8_t sig[128];
     uint8_t digest[32];
     tt_int_op(auth1_getlen_sig(auth1), >, 120);
-    auth_pubkey = tor_tls_cert_get_key(d->c2->handshake_state->certs->auth_cert);
+    auth_pubkey = tor_tls_cert_get_key(
+                                d->c2->handshake_state->certs->auth_cert);
     int n = crypto_pk_public_checksig(
               auth_pubkey,
               (char*)sig, sizeof(sig), (char*)auth1_getarray_sig(auth1),
diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c
index 56055a3b02..64692d28a0 100644
--- a/src/test/test_routerkeys.c
+++ b/src/test/test_routerkeys.c
@@ -614,7 +614,6 @@ test_routerkeys_cross_certify_tap(void *args)
   crypto_pk_free(onion_key);
 }
 
-
 static void
 test_routerkeys_rsa_ed_crosscert(void *arg)
 {
diff --git a/src/test/testing_rsakeys.c b/src/test/testing_rsakeys.c
index 66684fc279..134770bb0d 100644
--- a/src/test/testing_rsakeys.c
+++ b/src/test/testing_rsakeys.c
@@ -543,3 +543,4 @@ init_pregenerated_keys(void)
        crypto_pk_generate_key_with_bits__get_cached);
 #endif
 }
+