Additional comment changes for reformat of 1.0.0

Reviewed-by: Tim Hudson <tjh@openssl.org>

9 files changed, 47 insertions, 27 deletions

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 0fea8659ac..c3985bffe8 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -924,7 +924,8 @@ int dtls1_send_client_key_exchange(SSL *s)
                                 goto err;
                                 }
 
-			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ
+			/*-
+			 *   20010406 VRS - Earlier versions used KRB5 AP_REQ
 			**  in place of RFC 2712 KerberosWrapper, as in:
 			**
                         **  Send ticket (copy to *p, set n = length)
@@ -970,12 +971,13 @@ int dtls1_send_client_key_exchange(SSL *s)
 			if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
 			    goto err;
 
-			/*  20010420 VRS.  Tried it this way; failed.
-			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-			**				kssl_ctx->length);
-			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
-			*/
+			/*-
+			 *  20010420 VRS.  Tried it this way; failed.
+			 *	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+			 *	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+			 *				kssl_ctx->length);
+			 *	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+			 */
 
 			memset(iv, 0, sizeof iv);  /* per RFC 1510 */
 			EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
@@ -1353,7 +1355,7 @@ int dtls1_send_client_key_exchange(SSL *s)
 		
 		d = dtls1_set_message_header(s, d,
 		SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
-		/*
+		/*-
 		 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
 		 l2n3(n,d);
 		 l2n(s->d1->handshake_write_seq,d);
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index 3da2b4c8c2..23c7f12a42 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -126,14 +126,16 @@
 #include <openssl/des.h>
 #endif
 
-/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+/*-
+ * dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
  *
  * Returns:
  *   0: (in non-constant time) if the record is publically invalid (i.e. too
  *       short etc).
  *   1: if the record's padding is valid / the encryption was successful.
  *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured. */
+ *       an internal error occured.
+ */
 int dtls1_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index c3bbb9808e..bf4e44704f 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -410,10 +410,12 @@ dtls1_process_record(SSL *s)
 	rr->data=rr->input;
 
 	enc_err = s->method->ssl3_enc->enc(s,0);
-	/* enc_err is:
+	/*-
+	 * enc_err is:
 	 *    0: (in non-constant time) if the record is publically invalid.
 	 *    1: if the padding is valid
-	 *    -1: if the padding is invalid */
+	 *   -1: if the padding is invalid
+	 */
 	if (enc_err == 0)
 		{
 		/* For DTLS we simply ignore bad packets. */
@@ -970,9 +972,11 @@ start:
 			}
 		}
 
-	/* s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
+	/*-
+	 * s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
 	 * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
-	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+	 */
 
 	/* If we are a client, check for an incoming 'Hello Request': */
 	if ((!s->server) &&
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 6ada0a4a53..a8ab203627 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -1301,7 +1301,8 @@ kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,
 	}
 
 
-/*	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+/*-
+ *	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
  *		and krb5 AP_REQ message & message length,
  *	Return Kerberos session key and client principle
  *		to SSL Server in KSSL_CTX *kssl_ctx.
diff --git a/ssl/kssl.h b/ssl/kssl.h
index 434645de40..579ba64577 100644
--- a/ssl/kssl.h
+++ b/ssl/kssl.h
@@ -99,7 +99,8 @@ typedef unsigned char krb5_octet;
 
 #endif
 
-/*	Uncomment this to debug kssl problems or
+/*-
+ *	Uncomment this to debug kssl problems or
  *	to trace usage of the Kerberos session key
  *
  *	#define		KSSL_DEBUG
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index acd61dc546..d05b908f6c 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -572,16 +572,20 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 			}
 		else if ((bs <= 1) && (!s->s2->escape))
 			{
-			/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
-			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
+			/*-
+			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+			 */
 			s->s2->three_byte_header=0;
 			p=0;
 			}
 		else /* we may have to use a 3 byte header */
 			{
-			/* If s->s2->escape is not set, then
+			/*-
+			 * If s->s2->escape is not set, then
 			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
-			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER.
+			 */
 			p=(j%bs);
 			p=(p == 0)?0:(bs-p);
 			if (s->s2->escape)
@@ -595,7 +599,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 			}
 		}
 
-	/* Now
+	/*-
+	 * Now
 	 *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
 	 * holds, and if s->s2->three_byte_header is set, then even
 	 *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 2ba52c45a1..f352645e0d 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -465,7 +465,8 @@ void ssl3_cleanup_key_block(SSL *s)
 	s->s3->tmp.key_block_length=0;
 	}
 
-/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+/*-
+ * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
  *
  * Returns:
  *   0: (in non-constant time) if the record is publically invalid (i.e. too
@@ -744,7 +745,8 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
 		 * data we are hashing because that gives an attacker a
 		 * timing-oracle. */
 
-		/* npad is, at most, 48 bytes and that's with MD5:
+		/*-
+		 * npad is, at most, 48 bytes and that's with MD5:
 		 *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
 		 *
 		 * With SHA-1 (the largest hash speced for SSLv3) the hash size
diff --git a/ssl/ssl.h b/ssl/ssl.h
index b07a240135..bba674b130 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -171,7 +171,8 @@ extern "C" {
 #endif
 
 /* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
+/*-
+ * Version 0 - initial version
  * Version 1 - added the optional peer certificate
  */
 #define SSL_SESSION_ASN1_VERSION 0x0001
@@ -1264,10 +1265,12 @@ extern "C" {
 #define SSL_ST_READ_BODY			0xF1
 #define SSL_ST_READ_DONE			0xF2
 
-/* Obtain latest Finished message
+/*-
+ * Obtain latest Finished message
  *   -- that we sent (SSL_get_finished)
  *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
 size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ea9daced40..bb553aaefd 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -448,7 +448,7 @@
  * SSL_aDSS <- DSA_SIGN
  */
 
-/*
+/*-
 #define CERT_INVALID		0
 #define CERT_PUBLIC_KEY		1
 #define CERT_PRIVATE_KEY	2