Additional comment changes for reformat of 0.9.8

Reviewed-by: Tim Hudson <tjh@openssl.org>

crypto/asn1/a_int.c

@@ -86,7 +86,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 	}
 	
 
-/* 
+/*- 
  * This converts an ASN1 INTEGER into its content encoding.
  * The internal representation is an ASN1_STRING whose data is a big endian
  * representation of the value, ignoring the sign. The sign is determined by

crypto/asn1/a_strnid.c

@@ -87,7 +87,8 @@ unsigned long ASN1_STRING_get_default_mask(void)
 	return global_mask;
 }
 
-/* This function sets the default to various "flavours" of configuration.
+/*-
+ * This function sets the default to various "flavours" of configuration.
  * based on an ASCII string. Currently this is:
  * MASK:XXXX : a numerical mask value.
  * nobmp : Don't use BMPStrings (just Printable, T61).

crypto/asn1/asn1_mac.h

@@ -354,7 +354,7 @@ err:\
 	if (((arg)=func()) == NULL) return(NULL)
 
 #define M_ASN1_New_Error(a) \
-/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+/*-	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
 		return(NULL);*/ \
 	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
 		return(NULL)

crypto/asn1/asn1t.h

@@ -567,7 +567,8 @@ const char *sname;		/* Structure name */
 #endif
 };
 
-/* These are values for the itype field and
+/*-
+ * These are values for the itype field and
  * determine how the type is interpreted.
  *
  * For PRIMITIVE types the underlying type

crypto/asn1/asn_mime.c

@@ -843,7 +843,8 @@ static void mime_param_free(MIME_PARAM *param)
 	OPENSSL_free(param);
 }
 
-/* Check for a multipart boundary. Returns:
+/*-
+ * Check for a multipart boundary. Returns:
  * 0 : no boundary
  * 1 : part boundary
  * 2 : final boundary

crypto/asn1/asn_moid.c

@@ -102,7 +102,8 @@ void ASN1_add_oid_module(void)
 	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
 	}
 
-/* Create an OID based on a name value pair. Accept two formats.
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
  * shortname = 1.2.3.4
  * shortname = some long name, 1.2.3.4
  */

crypto/bio/bss_file.c

@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-/*
+/*-
  * 03-Dec-1997	rdenny@dc3.com  Fix bug preventing use of stdin/stdout
  *		with binary data (e.g. asn1parse -inform DER < xxx) under
  *		Windows

crypto/bn/bn.h

@@ -622,7 +622,8 @@ int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	BN_CTX *ctx); /* r^2 + r = a mod p */
 #define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
  * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
  *     t^p[0] + t^p[1] + ... + t^p[k]
  * where m = p[0] > p[1] > ... > p[k] = 0.

crypto/bn/bn_const.c

@@ -3,7 +3,8 @@
 
 #include "bn.h"
 
-/* "First Oakley Default Group" from RFC2409, section 6.1.
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
  *
  * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
  *
@@ -26,7 +27,8 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
 	return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
 	}
 
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
  *
  * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
  *
@@ -52,7 +54,8 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
 	return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
 	}
 
-/* "1536-bit MODP Group" from RFC3526, Section 2.
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
  *
  * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
  *
@@ -83,7 +86,8 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
 	}
 
-/* "2048-bit MODP Group" from RFC3526, Section 3.
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
  *
  * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
  *
@@ -119,7 +123,8 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
 	}
 
-/* "3072-bit MODP Group" from RFC3526, Section 4.
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
  *
  * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
  *
@@ -165,7 +170,8 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
 	}
 
-/* "4096-bit MODP Group" from RFC3526, Section 5.
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
  *
  * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
  *
@@ -222,7 +228,8 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
 	}
 
-/* "6144-bit MODP Group" from RFC3526, Section 6.
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
  *
  * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
  *
@@ -300,7 +307,8 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
 	}
 
-/* "8192-bit MODP Group" from RFC3526, Section 7.
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
  *
  * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
  *

crypto/bn/bn_div.c

@@ -131,7 +131,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     && !defined(PEDANTIC) && !defined(BN_DIV3W)
 # if defined(__GNUC__) && __GNUC__>=2
 #  if defined(__i386) || defined (__i386__)
-   /*
+   /*-
     * There were two reasons for implementing this template:
     * - GNU C generates a call to a function (__udivdi3 to be exact)
     *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to

crypto/bn/bn_gf2m.c

@@ -313,7 +313,8 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	}
 
 
-/* Some functions allow for representation of the irreducible polynomials
+/*-
+ * Some functions allow for representation of the irreducible polynomials
  * as an int[], say p.  The irreducible f(t) is then of the form:
  *     t^p[0] + t^p[1] + ... + t^p[k]
  * where m = p[0] > p[1] > ... > p[k] = 0.

crypto/bn/bn_kron.c

@@ -66,7 +66,8 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	int ret = -2; /* avoid 'uninitialized' warning */
 	int err = 0;
 	BIGNUM *A, *B, *tmp;
-	/* In 'tab', only odd-indexed entries are relevant:
+	/*-
+	 * In 'tab', only odd-indexed entries are relevant:
 	 * For any odd BIGNUM n,
 	 *     tab[BN_lsw(n) & 7]
 	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation).

crypto/bn/bn_print.c

@@ -108,7 +108,8 @@ char *BN_bn2dec(const BIGNUM *a)
 	BIGNUM *t=NULL;
 	BN_ULONG *bn_data=NULL,*lp;
 
-	/* get an upper bound for the length of the decimal integer
+	/*-
+	 * get an upper bound for the length of the decimal integer
 	 * num <= (BN_num_bits(a) + 1) * log(2)
 	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
 	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 

crypto/cast/casttest.c

@@ -125,7 +125,7 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
 	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
 	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
 
-/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+/*-	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
 	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
 	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
 	}; 

crypto/crypto.h

@@ -495,7 +495,8 @@ int CRYPTO_remove_all_info(void);
 
 /* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
  * used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
+/*-
+ * The last argument has the following significance:
  *
  * 0:	called before the actual memory allocation has taken place
  * 1:	called after the actual memory allocation has taken place

crypto/des/des.c

@@ -233,7 +233,8 @@ int main(int argc, char **argv)
 			}
 		}
 	if (error) usage();
-	/* We either
+	/*-
+	 * We either
 	 * do checksum or
 	 * do encrypt or
 	 * do decrypt or

crypto/des/enc_read.c

@@ -198,7 +198,8 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
 		}
 	else
 		{
-		/* >output is a multiple of 8 byes, if len < rnum
+		/*-
+		 * >output is a multiple of 8 byes, if len < rnum
 		 * >we must be careful.  The user must be aware that this
 		 * >routine will write more bytes than he asked for.
 		 * >The length of the buffer must be correct.

crypto/des/ofb64ede.c

@@ -105,7 +105,7 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
 		}
 	if (save)
 		{
-/*		v0=ti[0];
+/*-		v0=ti[0];
 		v1=ti[1];*/
 		iv = &(*ivec)[0];
 		l2c(v0,iv);

crypto/des/set_key.c

@@ -56,7 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-/* set_key.c v 1.4 eay 24/9/91
+/*-
+ * set_key.c v 1.4 eay 24/9/91
  * 1.4 Speed up by 400% :-)
  * 1.3 added register declarations.
  * 1.2 unrolled make_key_sched a bit more

crypto/dsa/dsa_asn1.c

@@ -190,7 +190,8 @@ int DSA_size(const DSA *r)
 	return(ret);
 	}
 
-/* data has already been hashed (probably with SHA or SHA-1). */
+/*-
+ * data has already been hashed (probably with SHA or SHA-1). */
 /* returns
  *      1: correct signature
  *      0: incorrect signature

crypto/ebcdic.c

@@ -10,7 +10,8 @@ static void *dummy=&dummy;
 #else /*CHARSET_EBCDIC*/
 
 #include "ebcdic.h"
-/*      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
+/*-
+ *      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
  *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
  */
 

crypto/ec/ec2_smpl.c

@@ -802,7 +802,8 @@ int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
 	}
 
 
-/* Determines whether the given EC_POINT is an actual point on the curve defined
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
  * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
  *      y^2 + x*y = x^3 + a*x^2 + b.
  */

crypto/ec/ec_mult.c

@@ -182,7 +182,8 @@ static void ec_pre_comp_clear_free(void *pre_)
 
 
 
-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+/*-
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
  * This is an array  r[]  of values that are either zero or odd with an
  * absolute value less than  2^w  satisfying
  *     scalar = \sum_j r[j]*2^j
@@ -337,7 +338,8 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
 		  (b) >=   20 ? 2 : \
 		  1))
 
-/* Compute
+/*-
+ * Compute
  *      \sum scalars[i]*points[i],
  * also including
  *      scalar*generator

crypto/ec/ecp_smpl.c

@@ -663,7 +663,8 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *po
 	y = BN_CTX_get(ctx);
 	if (y == NULL) goto err;
 
-	/* Recover y.  We have a Weierstrass equation
+	/*-
+	 * Recover y.  We have a Weierstrass equation
 	 *     y^2 = x^3 + a*x + b,
 	 * so  y  is one of the square roots of  x^3 + a*x + b.
 	 */
@@ -1222,8 +1223,10 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_
 		if (!field_mul(group, n1, n0, n2, ctx)) goto err;
 		if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
 		if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
-		/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
-		 *    = 3 * X_a^2 - 3 * Z_a^4 */
+		/*-
+		 * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+		 *    = 3 * X_a^2 - 3 * Z_a^4
+		 */
 		}
 	else
 		{
@@ -1393,7 +1396,8 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C
 
 int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
 	{
-	/* return values:
+	/*-
+	 * return values:
 	 *  -1   error
 	 *   0   equal (in affine coordinates)
 	 *   1   not equal

crypto/engine/eng_padlock.c

@@ -281,7 +281,7 @@ struct padlock_cipher_data
 static volatile struct padlock_cipher_data *padlock_saved_context;
 #endif
 
-/*
+/*-
  * =======================================================
  * Inline assembler section(s).
  * =======================================================
@@ -840,7 +840,7 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	return 1;
 }
 
-/* 
+/*- 
  * Simplified version of padlock_aes_cipher() used when
  * 1) both input and output buffers are at aligned addresses.
  * or when

crypto/jpake/jpake.c

@@ -191,7 +191,7 @@ static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
     BIGNUM *h = BN_new();
     BIGNUM *t = BN_new();
 
-   /*
+   /*-
     * r in [0,q)
     * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
     */

crypto/lhash/lhash.c

@@ -449,7 +449,7 @@ unsigned long lh_strhash(const char *c)
 
 	if ((c == NULL) || (*c == '\0'))
 		return(ret);
-/*
+/*-
 	unsigned char b[16];
 	MD5(c,strlen(c),b);
 	return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); 

crypto/md4/md4_locl.h

@@ -86,7 +86,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 
 #include "md32_common.h"
 
-/*
+/*-
 #define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
 #define	G(x,y,z)	(((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
 */

crypto/mem_dbg.c

@@ -86,7 +86,8 @@ static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
 
 
 typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
+/*-
+ * For application-defined information (static C-string `info')
  * to be displayed in memory leak list.
  * Each thread has its own stack.  For applications, there is
  *   CRYPTO_push_info("...")     to push an entry,

crypto/pem/pem_all.c

@@ -418,7 +418,8 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 #endif
 
 
-/* The PrivateKey case is not that straightforward.
+/*-
+ * The PrivateKey case is not that straightforward.
  *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
  * does not work, RSA and DSA keys have specific strings.
  * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything

crypto/rand/randfile.c

@@ -107,8 +107,10 @@ static FILE *(*const vms_fopen)(const char *, const char *, ...) =
 
 int RAND_load_file(const char *file, long bytes)
 	{
-	/* If bytes >= 0, read up to 'bytes' bytes.
-	 * if bytes == -1, read complete file. */
+	/*-
+	 * If bytes >= 0, read up to 'bytes' bytes.
+	 * if bytes == -1, read complete file.
+	 */
 
 	MS_STATIC unsigned char buf[BUFSIZE];
 	struct stat sb;

crypto/rc4/rc4_enc.c

@@ -59,7 +59,8 @@
 #include <openssl/rc4.h>
 #include "rc4_locl.h"
 
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
  * From: sterndark@netcom.com (David Sterndark)
  * Subject: RC4 Algorithm revealed.

crypto/rc4/rc4_skey.c

@@ -82,7 +82,8 @@ const char *RC4_options(void)
 #endif
 	}
 
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
  * From: sterndark@netcom.com (David Sterndark)
  * Subject: RC4 Algorithm revealed.

crypto/threads/mttest.c

@@ -348,7 +348,7 @@ end:
 			fprintf(stderr,"-----\n");
 			lh_stats(SSL_CTX_sessions(s_ctx),stderr);
 			fprintf(stderr,"-----\n");
-		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+		/*-	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
 			fprintf(stderr,"-----\n"); */
 			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
 			fprintf(stderr,"-----\n");
@@ -388,7 +388,7 @@ int ndoit(SSL_CTX *ssl_ctx[2])
 	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
 	for (i=0; i<number_of_loops; i++)
 		{
-/*		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+/*-		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
 			CRYPTO_thread_id(),i,
 			ssl_ctx[0]->references,
 			ssl_ctx[1]->references); */

crypto/ui/ui.h

@@ -157,34 +157,36 @@ int UI_dup_error_string(UI *ui, const char *text);
    might get confused. */
 #define UI_INPUT_FLAG_DEFAULT_PWD	0x02
 
-/* The user of these routines may want to define flags of their own.  The core
-   UI won't look at those, but will pass them on to the method routines.  They
-   must use higher bits so they don't get confused with the UI bits above.
-   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
-   example of use is this:
-
-	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
-
+/*-
+ * The user of these routines may want to define flags of their own.  The core
+ * UI won't look at those, but will pass them on to the method routines.  They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+ * example of use is this:
+ *
+ *    #define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
 */
 #define UI_INPUT_FLAG_USER_BASE	16
 
 
-/* The following function helps construct a prompt.  object_desc is a
-   textual short description of the object, for example "pass phrase",
-   and object_name is the name of the object (might be a card name or
-   a file name.
-   The returned string shall always be allocated on the heap with
-   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
-   If the ui_method doesn't contain a pointer to a user-defined prompt
-   constructor, a default string is built, looking like this:
-
-	"Enter {object_desc} for {object_name}:"
-
-   So, if object_desc has the value "pass phrase" and object_name has
-   the value "foo.key", the resulting string is:
-
-	"Enter pass phrase for foo.key:"
+/*-
+ * The following function helps construct a prompt.  object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ *       "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ *       "Enter pass phrase for foo.key:"
 */
 char *UI_construct_prompt(UI *ui_method,
 	const char *object_desc, const char *object_name);

crypto/x509/by_dir.c

@@ -374,7 +374,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 			/* If we were going to up the reference count,
 			 * we would need to do it on a perl 'type'
 			 * basis */
-	/*		CRYPTO_add(&tmp->data.x509->references,1,
+	/*-		CRYPTO_add(&tmp->data.x509->references,1,
 				CRYPTO_LOCK_X509);*/
 			goto finish;
 			}

crypto/x509/x509_lu.c

@@ -318,7 +318,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
 			return 0;
 		}
 
-/*	if (ret->data.ptr != NULL)
+/*-	if (ret->data.ptr != NULL)
 		X509_OBJECT_free_contents(ret); */
 
 	ret->type=tmp->type;

crypto/x509/x509_r2x.c

@@ -84,7 +84,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 		{
 		if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
 		if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/*		xi->extensions=ri->attributes; <- bad, should not ever be done
+/*-		xi->extensions=ri->attributes; <- bad, should not ever be done
 		ri->attributes=NULL; */
 		}
 

crypto/x509/x509_vfy.c

@@ -397,14 +397,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 		!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
 	cb=ctx->verify_cb;
 
-	/* must_be_ca can have 1 of 3 values:
-	   -1: we accept both CA and non-CA certificates, to allow direct
-	       use of self-signed certificates (which are marked as CA).
-	   0:  we only accept non-CA certificates.  This is currently not
-	       used, but the possibility is present for future extensions.
-	   1:  we only accept CA certificates.  This is currently used for
-	       all certificates in the chain except the leaf certificate.
-	*/
+	/*-
+	 *  must_be_ca can have 1 of 3 values:
+	 * -1: we accept both CA and non-CA certificates, to allow direct
+	 *     use of self-signed certificates (which are marked as CA).
+	 * 0:  we only accept non-CA certificates.  This is currently not
+	 *     used, but the possibility is present for future extensions.
+	 * 1:  we only accept CA certificates.  This is currently used for
+	 *     all certificates in the chain except the leaf certificate.
+	 */
 	must_be_ca = -1;
 
 	/* A hack to keep people who don't want to modify their software

crypto/x509v3/v3_akey.c

@@ -100,7 +100,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 	return extlist;
 }
 
-/* Currently two options:
+/*-
+ * Currently two options:
  * keyid: use the issuers subject keyid, the value 'always' means its is
  * an error if the issuer certificate doesn't have a key id.
  * issuer: use the issuers cert issuer and serial number. The default is