diff --git a/src/dtls13.c b/src/dtls13.c
index 0d27b1a40..526026f83 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -259,7 +259,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
 #ifdef HAVE_CHACHA
     if (ssl->specs.bulk_cipher_algorithm == wolfssl_chacha) {
         word32 counter;
-		int ret;
+        int ret;
 
         if (c->chacha == NULL)
             return BAD_STATE_E;
diff --git a/src/tls13.c b/src/tls13.c
index 271cdccd4..1f2625776 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -518,7 +518,7 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key)
     if (ssl == NULL || ssl->arrays == NULL) {
         return BAD_FUNC_ARG;
     }
-    
+
     ret = Tls13DeriveKey(ssl, key, -1, ssl->arrays->preMasterSecret,
                     clientHandshakeLabel, CLIENT_HANDSHAKE_LABEL_SZ,
                     ssl->specs.mac_algorithm, 1);
@@ -6169,9 +6169,10 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
     {
 #ifdef WOLFSSL_DTLS13
         if (ssl->options.dtls) {
-            ret = Dtls13HashHandshake(ssl,
-									output + Dtls13GetRlHeaderLength(ssl, 0) ,
-                            (word16)sendSz - Dtls13GetRlHeaderLength(ssl, 0));
+            ret = Dtls13HashHandshake(
+                ssl,
+                output + Dtls13GetRlHeaderLength(ssl, 0) ,
+                (word16)sendSz - Dtls13GetRlHeaderLength(ssl, 0));
         }
         else
 #endif /* WOLFSSL_DTLS13 */
@@ -6452,7 +6453,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx,
         ssl->options.buildingMsg = 0;
         ret =
             Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i,
-								certificate_request, 1);
+                                certificate_request, 1);
 
         WOLFSSL_LEAVE("SendTls13CertificateRequest", ret);
         WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND);
@@ -7263,7 +7264,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
             ssl->options.buildingMsg = 0;
             ssl->fragOffset = 0;
             ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i,
-									  certificate, 1);
+                                      certificate, 1);
         }
         else
 #endif /* WOLFSSL_DTLS13 */
diff --git a/wolfcrypt/src/ext_kyber.c b/wolfcrypt/src/ext_kyber.c
index 83435d291..ceedffdbe 100644
--- a/wolfcrypt/src/ext_kyber.c
+++ b/wolfcrypt/src/ext_kyber.c
@@ -240,7 +240,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len)
     }
 
 #ifdef HAVE_LIBOQS
-    /* NOTE: SHAKE and AES variants have the same length ciphertext. */ 
+    /* NOTE: SHAKE and AES variants have the same length ciphertext. */
     if (ret == 0) {
         switch (key->type) {
         case KYBER_LEVEL1:
@@ -534,7 +534,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss,
 
 /**
  * Decode the private key.
- * 
+ *
  * We store the whole thing in the private key buffer. Note this means we cannot
  * do the encapsulation operation with the private key. But generally speaking
  * this is never done.
@@ -614,7 +614,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, unsigned char* in, word32 len)
 
 /**
  * Encode the private key.
- * 
+ *
  * We stored it as a blob so we can just copy it over.
  *
  * @param  [in]   key  Kyber key object.
@@ -664,7 +664,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len)
  */
 int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len)
 {
-    int ret = 0; 
+    int ret = 0;
     unsigned int pubLen = 0;
 
     if ((key == NULL) || (out == NULL)) {