indent has problems with comments that are on the right hand side of a line.

Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Conflicts: crypto/bn/bn.h crypto/ec/ec_lcl.h crypto/rsa/rsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl.h ssl/ssl3.h Conflicts: crypto/ec/ec_lcl.h ssl/tls1.h Conflicts: crypto/ec/ecp_nistp224.c crypto/evp/evp.h ssl/d1_both.c ssl/ssl.h ssl/ssl_lib.c Conflicts: crypto/bio/bss_file.c crypto/ec/ec_lcl.h crypto/evp/evp.h crypto/store/str_mem.c crypto/whrlpool/wp_block.c crypto/x509/x509_vfy.h ssl/ssl.h ssl/ssl3.h ssl/ssltest.c ssl/t1_lib.c ssl/tls1.h Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-01-21 11:09:58 +0000
committer: Matt Caswell <matt@openssl.org> 2015-01-22 09:50:57 +0000
commit: c7c7a432df2fb0e0a359d5d383817b1348a71db6 (patch)
tree: bb78ecc1ddfbe5df8192c7e33f12da61ccfe6aa3 /ssl
parent: 5ba9d5bb3b79f32506a4fba061368c18890610e4 (diff)
10 files changed, 148 insertions, 88 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index b2de60eb0a..5a467c4c0f 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -436,10 +436,15 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 again:
 	i = dtls1_get_message_fragment(s, st1, stn, max, ok);
 	if ( i == DTLS1_HM_BAD_FRAGMENT ||
-		i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
+		i == DTLS1_HM_FRAGMENT_RETRY)
+		{
+		/* bad fragment received */
 		goto again;
+		}
 	else if ( i <= 0 && !*ok)
+		{
 		return i;
+		}
 
 	p = (unsigned char *)s->init_buf->data;
 	msg_len = msg_hdr->msg_len;
@@ -1121,7 +1126,8 @@ int dtls1_read_failed(SSL *s, int code)
 		return code;
 		}
 
-	if ( ! SSL_in_init(s))  /* done, no need to send a retransmit */
+	/* done, no need to send a retransmit */
+	if ( ! SSL_in_init(s))
 		{
 		BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
 		return code;
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 02d062a2e5..a22e43b507 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -289,8 +289,8 @@ dtls1_get_buffered_record(SSL *s)
 		(((PQ_64BIT)s->d1->handshake_read_seq) << 32) | 
 		((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
 	
-	if ( ! SSL_in_init(s))  /* if we're not (re)negotiating, 
-							   nothing buffered */
+    /* if we're not (re)negotiating, nothing buffered */
+	if ( ! SSL_in_init(s))
 		return 0;
 
 
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 77c27335aa..12de5a594f 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -232,19 +232,21 @@ end:
 
 int ssl23_get_client_hello(SSL *s)
 	{
-	char buf_space[11]; /* Request this many bytes in initial read.
-	                     * We can detect SSL 3.0/TLS 1.0 Client Hellos
-	                     * ('type == 3') correctly only when the following
-	                     * is in a single record, which is not guaranteed by
-	                     * the protocol specification:
-	                     * Byte  Content
-	                     *  0     type            \
-	                     *  1/2   version          > record header
-	                     *  3/4   length          /
-	                     *  5     msg_type        \
-	                     *  6-8   length           > Client Hello message
-	                     *  9/10  client_version  /
-	                     */
+    /*-
+     * Request this many bytes in initial read.
+     * We can detect SSL 3.0/TLS 1.0 Client Hellos
+     * ('type == 3') correctly only when the following
+     * is in a single record, which is not guaranteed by
+     * the protocol specification:
+     * Byte  Content
+     *  0     type            \
+     *  1/2   version          > record header
+     *  3/4   length          /
+     *  5     msg_type        \
+     *  6-8   length           > Client Hello message
+     *  9/10  client_version  /
+     */
+	char buf_space[11]; 
 	char *buf= &(buf_space[0]);
 	unsigned char *p,*d,*d_len,*dd;
 	unsigned int i;
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index b9c6c43c29..32d81b0792 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -214,11 +214,12 @@ int ssl3_get_finished(SSL *s, int a, int b)
 	 * change cipher spec message and is in s->s3->tmp.peer_finish_md
 	 */ 
 
+	/* 64 argument should actually be 36+4 :-) */
 	n=s->method->ssl_get_message(s,
 		a,
 		b,
 		SSL3_MT_FINISHED,
-		64, /* should actually be 36+4 :-) */
+		64,
 		&ok);
 
 	if (!ok) return((int)n);
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 035322738d..0b3829929a 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -773,7 +773,8 @@ struct ssl_ctx_st
 	int verify_mode;
 	unsigned int sid_ctx_length;
 	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
+	/* called 'verify_callback' in the SSL */
+	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
 
 	/* Default generate session ID callback. */
 	GEN_SESSION_CB generate_session_id;
@@ -885,22 +886,28 @@ struct ssl_st
 	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
 	 */
 	int version;
-	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+	/* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+	int type;
 
-	SSL_METHOD *method; /* SSLv3 */
+	/* SSLv3 */
+	SSL_METHOD *method;
 
 	/* There are 2 BIO's even though they are normally both the
 	 * same.  This is so data can be read and written to different
 	 * handlers */
 
 #ifndef OPENSSL_NO_BIO
-	BIO *rbio; /* used by SSL_read */
-	BIO *wbio; /* used by SSL_write */
-	BIO *bbio; /* used during session-id reuse to concatenate
-		    * messages */
+	/* used by SSL_read */
+	BIO *rbio;
+	/* used by SSL_write */
+	BIO *wbio;
+	/* used during session-id reuse to concatenate messages */
+	BIO *bbio;
 #else
-	char *rbio; /* used by SSL_read */
-	char *wbio; /* used by SSL_write */
+	/* used by SSL_read */
+	char *rbio;
+	/* used by SSL_write */
+	char *wbio;
 	char *bbio;
 #endif
 	/* This holds a variable that indicates what we were doing
@@ -921,19 +928,26 @@ struct ssl_st
 	 * test instead of an "init" member.
 	 */
 
-	int server;	/* are we the server side? - mostly used by SSL_clear*/
+	/* are we the server side? - mostly used by SSL_clear*/
+	int server;
 
-	int new_session;/* 1 if we are to use a new session.
-	                 * 2 if we are a server and are inside a handshake
-	                 *   (i.e. not just sending a HelloRequest)
-	                 * NB: For servers, the 'new' session may actually be a previously
-	                 * cached session or even the previous session unless
-	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-	int quiet_shutdown;/* don't send shutdown packets */
-	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
-			 * for received */
-	int state;	/* where we are */
-	int rstate;	/* where we are when reading */
+	/*
+	 * 1 if we are to use a new session.
+	 * 2 if we are a server and are inside a handshake
+	 *   (i.e. not just sending a HelloRequest)
+	 * NB: For servers, the 'new' session may actually be a previously
+	 * cached session or even the previous session unless
+	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+	 */
+	int new_session;
+	/* don't send shutdown packets */
+	int quiet_shutdown;
+	/* we have shut things down, 0x01 sent, 0x02 for received */
+	int shutdown;
+	/* where we are */
+	int state;
+	/* where we are when reading */
+	int rstate;
 
 	BUF_MEM *init_buf;	/* buffer used during init */
 	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */
@@ -1005,17 +1019,25 @@ struct ssl_st
 	GEN_SESSION_CB generate_session_id;
 
 	/* Used in SSL2 and SSL3 */
-	int verify_mode;	/* 0 don't care about verify failure.
-				 * 1 fail if verify fails */
-	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
+	/*
+	 * 0 don't care about verify failure.
+	 * 1 fail if verify fails
+	 */
+	int verify_mode;
+	/* fail if callback returns 0 */
+	int (*verify_callback)(int ok,X509_STORE_CTX *ctx);
 
-	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
+	/* optional informational callback */
+	void (*info_callback)(const SSL *ssl,int type,int val);
 
-	int error;		/* error bytes to be written */
-	int error_code;		/* actual code */
+	/* error bytes to be written */
+	int error;
+	/* actual code */
+	int error_code;
 
 #ifndef OPENSSL_NO_KRB5
-	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
+	/* Kerberos 5 context */
+	KSSL_CTX *kssl_ctx;
 #endif	/* OPENSSL_NO_KRB5 */
 
 	SSL_CTX *ctx;
@@ -1031,12 +1053,14 @@ struct ssl_st
 	STACK_OF(X509_NAME) *client_CA;
 
 	int references;
-	unsigned long options; /* protocol behaviour */
-	unsigned long mode; /* API behaviour */
+	/* protocol behaviour */
+	unsigned long options;
+	/* API behaviour */
+	unsigned long mode;
 	long max_cert_list;
 	int first_packet;
-	int client_version;	/* what was passed, used for
-				 * SSLv3/TLS rollback check */
+	/* what was passed, used for SSLv3/TLS rollback check */
+	int client_version;
 #ifndef OPENSSL_NO_TLSEXT
 	/* TLS extension debug callback */
 	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
@@ -1044,11 +1068,13 @@ struct ssl_st
 					void *arg);
 	void *tlsext_debug_arg;
 	char *tlsext_hostname;
-	int servername_done;   /* no further mod of servername 
-	                          0 : call the servername extension callback.
-	                          1 : prepare 2, allow last ack just after in server callback.
-	                          2 : don't call servername callback, no ack in server hello
-	                       */
+    /*-
+     * no further mod of servername 
+     * 0 : call the servername extension callback.
+     * 1 : prepare 2, allow last ack just after in server callback.
+     * 2 : don't call servername callback, no ack in server hello
+     */
+	int servername_done;
 	/* certificate status request info */
 	/* Status type or -1 if no status type */
 	int tlsext_status_type;
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 76f922e356..94767df4a0 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -301,23 +301,34 @@ extern "C" {
 
 typedef struct ssl3_record_st
 	{
-/*r */	int type;               /* type of record */
-/*rw*/	unsigned int length;    /* How many bytes available */
-/*r */	unsigned int off;       /* read/write offset into 'buf' */
-/*rw*/	unsigned char *data;    /* pointer to the record data */
-/*rw*/	unsigned char *input;   /* where the decode bytes are */
-/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
-/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
-/*r */  PQ_64BIT seq_num;       /* sequence number, needed by DTLS1 */
+		/* type of record */
+/*r */	int type;
+		/* How many bytes available */
+/*rw*/	unsigned int length;
+		/* read/write offset into 'buf' */
+/*r */	unsigned int off;
+		/* pointer to the record data */
+/*rw*/	unsigned char *data;
+		/* where the decode bytes are */
+/*rw*/	unsigned char *input;
+		/* only used with decompression - malloc()ed */
+/*r */	unsigned char *comp;
+		/* epoch number, needed by DTLS1 */
+/*r */  unsigned long epoch;
+		/* sequence number, needed by DTLS1 */
+/*r */  PQ_64BIT seq_num;
 	} SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
 	{
-	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-	                         * see ssl3_setup_buffers() */
-	size_t len;             /* buffer size */
-	int offset;             /* where to 'copy from' */
-	int left;               /* how many bytes left */
+	/* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+	unsigned char *buf;
+	/* buffer size */
+	size_t len;
+	/* where to 'copy from' */
+	int offset;
+	/* how many bytes left */
+	int left;
 	} SSL3_BUFFER;
 
 #define SSL3_CT_RSA_SIGN			1
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 409b9e7a2b..57d6138d3a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -172,10 +172,15 @@ int SSL_clear(SSL *s)
 	s->hit=0;
 	s->shutdown=0;
 
-#if 0 /* Disabled since version 1.10 of this file (early return not
-       * needed because SSL_clear is not called when doing renegotiation) */
-	/* This is set if we are doing dynamic renegotiation so keep
-	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
+#if 0
+	/*
+	 * Disabled since version 1.10 of this file (early return not
+     * needed because SSL_clear is not called when doing renegotiation)
+     */
+	/*
+	 * This is set if we are doing dynamic renegotiation so keep
+	 * the old cipher.  It is sort of a SSL_clear_lite :-)
+	 */
 	if (s->new_session) return(1);
 #else
 	if (s->new_session)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index dd5c4ac012..43ef447029 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -420,9 +420,12 @@ typedef struct cert_pkey_st
 typedef struct cert_st
 	{
 	/* Current active set */
-	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
-			 * Probably it would make more sense to store
-			 * an index, not a pointer. */
+	/*
+	 * ALWAYS points to an element of the pkeys array
+	 * Probably it would make more sense to store
+	 * an index, not a pointer.
+	 */
+	CERT_PKEY *key;
  
 	/* The following masks are for the key and auth
 	 * algorithms that are supported by the certs below */
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index e7802e1d9e..abf2279dcf 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -772,9 +772,11 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
 	if ((s->next == NULL) || (s->prev == NULL)) return;
 
 	if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
-		{ /* last element in list */
+		{
+		/* last element in list */
 		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
-			{ /* only one element in list */
+			{
+			/* only one element in list */
 			ctx->session_cache_head=NULL;
 			ctx->session_cache_tail=NULL;
 			}
@@ -787,12 +789,14 @@ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
 	else
 		{
 		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
-			{ /* first element in list */
+			{
+			/* first element in list */
 			ctx->session_cache_head=s->next;
 			s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
 			}
 		else
-			{ /* middle of list */
+			{
+			/* middle of list */
 			s->next->prev=s->prev;
 			s->prev->next=s->next;
 			}
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 020b576b3d..9ddda94139 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -114,8 +114,8 @@
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
-#define _BSD_SOURCE 1		/* Or gethostname won't be declared properly
-				   on Linux and GNU platforms. */
+/* Or gethostname won't be declared properly on Linux and GNU platforms. */
+#define _BSD_SOURCE 1
 
 #include <assert.h>
 #include <errno.h>
@@ -128,8 +128,8 @@
 #define USE_SOCKETS
 #include "e_os.h"
 
-#define _XOPEN_SOURCE 500	/* Or isascii won't be declared properly on
-				   VMS (at least with DECompHP C).  */
+/* Or isascii won't be declared properly on VMS (at least with DECompHP C).  */
+#define _XOPEN_SOURCE 500
 #include <ctype.h>
 
 #include <openssl/bio.h>
@@ -154,11 +154,13 @@
 #endif
 #include <openssl/bn.h>
 
-#define _XOPEN_SOURCE_EXTENDED	1 /* Or gethostname won't be declared properly
-				     on Compaq platforms (at least with DEC C).
-				     Do not try to put it earlier, or IPv6 includes
-				     get screwed...
-				  */
+/*
+ * Or gethostname won't be declared properly
+ * on Compaq platforms (at least with DEC C).
+ * Do not try to put it earlier, or IPv6 includes
+ * get screwed...
+*/
+#define _XOPEN_SOURCE_EXTENDED	1 
 
 #ifdef OPENSSL_SYS_WINDOWS
 #include <winsock.h>
author	Matt Caswell <matt@openssl.org>	2015-01-21 11:09:58 +0000
committer	Matt Caswell <matt@openssl.org>	2015-01-22 09:50:57 +0000
commit	c7c7a432df2fb0e0a359d5d383817b1348a71db6 (patch)
tree	bb78ecc1ddfbe5df8192c7e33f12da61ccfe6aa3 /ssl
parent	5ba9d5bb3b79f32506a4fba061368c18890610e4 (diff)