More comments

Conflicts:
	crypto/dsa/dsa_vrf.c
	crypto/ec/ec2_smpl.c
	crypto/ec/ecp_smpl.c

Conflicts:
	demos/bio/saccept.c
	ssl/d1_clnt.c

Conflicts:
	bugs/dggccbug.c
	demos/tunala/cb.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

bugs/alpha.c

@@ -60,7 +60,8 @@
  * something to watch out for.  This was fine on linux/NT/Solaris but not
  * Alpha */
 
-/* it is basically an example of
+/*-
+ * it is basically an example of
  * func(*(a++),*(a++))
  * which parameter is evaluated first?  It is not defined in ASN1 C.
  */

crypto/bio/bss_file.c

@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-/*
+/*-
  * 03-Dec-1997	rdenny@dc3.com  Fix bug preventing use of stdin/stdout
  *		with binary data (e.g. asn1parse -inform DER < xxx) under
  *		Windows

crypto/crypto.h

@@ -517,7 +517,8 @@ int CRYPTO_remove_all_info(void);
 
 /* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
  * used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
+/*-
+ * The last argument has the following significance:
  *
  * 0:	called before the actual memory allocation has taken place
  * 1:	called after the actual memory allocation has taken place

crypto/dso/dso_dlfcn.c

@@ -397,7 +397,7 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
 	}
 
 #ifdef __sgi
-/*
+/*-
 This is a quote from IRIX manual for dladdr(3c):
 
      <dlfcn.h> does not contain a prototype for dladdr or definition of

crypto/ec/ec2_smpl.c

@@ -553,7 +553,8 @@ int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
 	}
 
 
-/* Determines whether the given EC_POINT is an actual point on the curve defined
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
  * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
  *      y^2 + x*y = x^3 + a*x^2 + b.
  */

crypto/ec/ecp_smpl.c

@@ -871,8 +871,10 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_
 		if (!field_mul(group, n1, n0, n2, ctx)) goto err;
 		if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
 		if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
-		/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+		/*-
-		 *    = 3 * X_a^2 - 3 * Z_a^4 */
+		 * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+		 *    = 3 * X_a^2 - 3 * Z_a^4
+		 */
 		}
 	else
 		{
@@ -1042,7 +1044,8 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C
 
 int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
 	{
-	/* return values:
+	/*-
+	 * return values:
 	 *  -1   error
 	 *   0   equal (in affine coordinates)
 	 *   1   not equal

crypto/jpake/jpake.c

@@ -201,7 +201,7 @@ static int generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
     BIGNUM *h = BN_new();
     BIGNUM *t = BN_new();
 
-   /*
+   /*-
     * r in [0,q)
     * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
     */

demos/bio/saccept.c

@@ -1,7 +1,8 @@
 /* NOCW */
 /* demos/bio/saccept.c */
 
-/* A minimal program to serve an SSL connection.
+/*-
+ * A minimal program to serve an SSL connection.
  * It uses blocking.
  * saccept host:port
  * host is the interface IP to use.  If any interface, use *:port

demos/bio/sconnect.c

@@ -1,7 +1,8 @@
 /* NOCW */
 /* demos/bio/sconnect.c */
 
-/* A minimal program to do SSL to a passed host and port.
+/*-
+ * A minimal program to do SSL to a passed host and port.
  * It is actually using non-blocking IO but in a very simple manner
  * sconnect host:port - it does a 'GET / HTTP/1.0'
  *

demos/engines/zencod/hw_zencod.h

@@ -114,7 +114,8 @@ typedef struct ZEN_data_st
 /* output : output data buffer */
 /* input : input data buffer */
 /* algo : hash algorithm, MD5 or SHA1 */
-/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
+/*-
+ * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
  * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
  */
 /* For now separate this stuff that mad it easier to test */

engines/e_cswift.c

@@ -1065,9 +1065,11 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 	{
 		largenum.value = buf;
 		largenum.nbytes = sizeof(buf32);
-		/* tell CryptoSwift how many bytes we want and where we want it.
+		/*-
+		 * tell CryptoSwift how many bytes we want and where we want it.
 		 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
-		 *       - CryptoSwift can only do multiple of 32-bits. */
+		 *       - CryptoSwift can only do multiple of 32-bits.
+		 */
 		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
 		if (swrc != SW_OK)
 		{

ssl/kssl.c

@@ -1301,7 +1301,8 @@ kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,
 	}
 
 
-/*	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+/*-
+ *	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
  *		and krb5 AP_REQ message & message length,
  *	Return Kerberos session key and client principle
  *		to SSL Server in KSSL_CTX *kssl_ctx.

ssl/s3_enc.c

@@ -485,7 +485,8 @@ void ssl3_cleanup_key_block(SSL *s)
 	s->s3->tmp.key_block_length=0;
 	}
 
-/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+/*-
+ * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
  *
  * Returns:
  *   0: (in non-constant time) if the record is publically invalid (i.e. too
@@ -774,7 +775,8 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
 		 * data we are hashing because that gives an attacker a
 		 * timing-oracle. */
 
-		/* npad is, at most, 48 bytes and that's with MD5:
+		/*-
+		 * npad is, at most, 48 bytes and that's with MD5:
 		 *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
 		 *
 		 * With SHA-1 (the largest hash speced for SSLv3) the hash size

ssl/ssl_locl.h

@@ -488,7 +488,7 @@
  * SSL_aDSS <- DSA_SIGN
  */
 
-/*
+/*-
 #define CERT_INVALID		0
 #define CERT_PUBLIC_KEY		1
 #define CERT_PRIVATE_KEY	2