diff --git a/lib/luks1/keyencryption.c b/lib/luks1/keyencryption.c
index 3bc9c33a..7c2afd7e 100644
--- a/lib/luks1/keyencryption.c
+++ b/lib/luks1/keyencryption.c
@@ -120,7 +120,7 @@ static int LUKS_endec_template(char *src, size_t srcLength,
 	} else
 		r = 0;
  out:
-	if(devfd != -1)
+	if (devfd != -1)
 		close(devfd);
 	dm_remove_device(ctx, name, 1, dmd.size);
 	return r;
@@ -176,7 +176,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
 		goto out;
 
 	devfd = device_open(device, O_RDWR);
-	if (devfd == -1)
+	if (devfd < 0)
 		goto out;
 
 	if (lseek(devfd, sector * SECTOR_SIZE, SEEK_SET) == -1 ||
@@ -185,7 +185,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
 
 	r = 0;
 out:
-	if(devfd != -1)
+	if (devfd >= 0)
 		close(devfd);
 	if (r)
 		log_err(ctx, _("IO error while encrypting keyslot.\n"));
@@ -235,7 +235,7 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
 		goto bad;
 
 	devfd = device_open(device, O_RDONLY);
-	if (devfd == -1)
+	if (devfd < 0)
 		goto bad;
 
 	if (lseek(devfd, sector * SECTOR_SIZE, SEEK_SET) == -1 ||
@@ -250,7 +250,7 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
 
 	return r;
 bad:
-	if(devfd != -1)
+	if (devfd >= 0)
 		close(devfd);
 
 	log_err(ctx, _("IO error while decrypting keyslot.\n"));
diff --git a/lib/luks1/keymanage.c b/lib/luks1/keymanage.c
index 40117b28..4a9cbd61 100644
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -176,7 +176,7 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
 	log_dbg("Output backup file size: %zu bytes.", buffer_size);
 
 	devfd = device_open(device, O_RDONLY);
-	if(devfd == -1) {
+	if (devfd < 0) {
 		log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device_path(device));
 		r = -EINVAL;
 		goto out;
@@ -209,7 +209,7 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
 
 	r = 0;
 out:
-	if (devfd != -1)
+	if (devfd >= 0)
 		close(devfd);
 	crypt_memzero(&hdr, sizeof(hdr));
 	crypt_safe_free(buffer);
@@ -291,7 +291,7 @@ int LUKS_hdr_restore(
 		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device));
 
 	devfd = device_open(device, O_RDWR);
-	if (devfd == -1) {
+	if (devfd < 0) {
 		if (errno == EACCES)
 			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
 				device_path(device));
@@ -311,7 +311,7 @@ int LUKS_hdr_restore(
 	/* Be sure to reload new data */
 	r = LUKS_read_phdr(hdr, 1, 0, ctx);
 out:
-	if (devfd != -1)
+	if (devfd >= 0)
 		close(devfd);
 	crypt_safe_free(buffer);
 	return r;
@@ -493,7 +493,7 @@ int LUKS_read_phdr_backup(const char *backup_file,
 		(int)hdr_size, backup_file);
 
 	devfd = open(backup_file, O_RDONLY);
-	if(-1 == devfd) {
+	if (devfd == -1) {
 		log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file);
 		return -ENOENT;
 	}
@@ -532,7 +532,7 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
 		hdr_size, device_path(device));
 
 	devfd = device_open(device, O_RDONLY);
-	if (devfd == -1) {
+	if (devfd < 0) {
 		log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}
@@ -578,7 +578,7 @@ int LUKS_write_phdr(struct luks_phdr *hdr,
 		return r;
 
 	devfd = device_open(device, O_RDWR);
-	if(-1 == devfd) {
+	if (devfd < 0) {
 		if (errno == EACCES)
 			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
 				device_path(device));
diff --git a/lib/tcrypt/tcrypt.c b/lib/tcrypt/tcrypt.c
index 8675ff12..254dd1ba 100644
--- a/lib/tcrypt/tcrypt.c
+++ b/lib/tcrypt/tcrypt.c
@@ -620,7 +620,7 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
 	} else
 		devfd = device_open(device, O_RDONLY);
 
-	if (devfd == -1) {
+	if (devfd < 0) {
 		log_err(cd, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}
diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
index 2b47bca0..725c36dd 100644
--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
@@ -166,7 +166,7 @@ int crypt_wipe(struct device *device,
 
 	/* coverity[toctou] */
 	devfd = device_open(device, flags);
-	if (devfd == -1) {
+	if (devfd < 0) {
 		free(buffer);
 		return errno ? -errno : -EINVAL;
 	}
diff --git a/lib/verity/verity.c b/lib/verity/verity.c
index 332d99ec..225df084 100644
--- a/lib/verity/verity.c
+++ b/lib/verity/verity.c
@@ -78,13 +78,13 @@ int VERITY_read_sb(struct crypt_device *cd,
 	}
 
 	devfd = device_open(device, O_RDONLY);
-	if(devfd == -1) {
+	if (devfd < 0) {
 		log_err(cd, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}
 
-	if(lseek(devfd, sb_offset, SEEK_SET) < 0 ||
-	   read_blockwise(devfd, bsize, &sb, hdr_size) < hdr_size) {
+	if (lseek(devfd, sb_offset, SEEK_SET) < 0 ||
+	    read_blockwise(devfd, bsize, &sb, hdr_size) < hdr_size) {
 		close(devfd);
 		return -EIO;
 	}
@@ -176,7 +176,7 @@ int VERITY_write_sb(struct crypt_device *cd,
 	}
 
 	devfd = device_open(device, O_RDWR);
-	if(devfd == -1) {
+	if (devfd < 0) {
 		log_err(cd, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}