Move more comments that confuse indent

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-21 19:18:47 +00:00 · 2015-01-21 19:18:47 +00:00 · 68d39f3ce6
commit 68d39f3ce6
parent f9be4da00e
34 changed files with 211 additions and 115 deletions
--- a/apps/apps.c
+++ b/apps/apps.c
@ -110,10 +110,12 @@
 */
 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-#define _POSIX_C_SOURCE 2	/* On VMS, you need to define this to get
+/* On VMS, you need to define this to get
-				   the declaration of fileno().  The value
+ * the declaration of fileno().  The value
-				   2 is to make sure no function defined
+ * 2 is to make sure no function defined
-				   in POSIX-2 is left undefined. */
+ * in POSIX-2 is left undefined.
 */
 #define _POSIX_C_SOURCE 2
 #endif
 #include <stdio.h>
 #include <stdlib.h>
--- a/apps/ca.c
+++ b/apps/ca.c
@ -1497,7 +1497,8 @@ bad:
 			}
-		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */
+		/* we have a CRL number that need updating */
 		if (crlnumberfile != NULL)
 			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
 		if (crlnumber)
--- a/apps/passwd.c
+++ b/apps/passwd.c
@ -310,7 +310,8 @@ err:
 */
 static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	{
-	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
+	/* "$apr1$..salt..$.......md5hash..........\0" */
 	static char out_buf[6 + 9 + 24 + 2];
 	unsigned char buf[MD5_DIGEST_LENGTH];
 	char *salt_out;
 	int n;
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@ -108,7 +108,8 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
+/* conflicts with winsock2 stuff on netware */
 #if !defined(OPENSSL_SYS_NETWARE)
 #include <sys/types.h>
 #endif
 #include <openssl/opensslconf.h>
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -149,7 +149,8 @@
 #include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
+/* conflicts with winsock2 stuff on netware */
 #if !defined(OPENSSL_SYS_NETWARE)
 #include <sys/types.h>
 #endif
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@ -151,7 +151,8 @@ static int bio_new(BIO *bio)
 		return 0;
 	b->peer = NULL;
-	b->size = 17*1024; /* enough for one TLS record (just a default) */
+	/* enough for one TLS record (just a default) */
 	b->size = 17*1024;
 	b->buf = NULL;
 	bio->ptr = b;
--- a/crypto/bio/bss_rtcp.c
+++ b/crypto/bio/bss_rtcp.c
@ -76,11 +76,16 @@ typedef unsigned short io_channel;
 /*************************************************************************/
 struct io_status { short status, count; long flags; };
-struct rpc_msg {		/* Should have member alignment inhibited */
+/* Should have member alignment inhibited */
-   char channel;		/* 'A'-app data. 'R'-remote client 'G'-global */
+struct rpc_msg {
-   char function;		/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   /* 'A'-app data. 'R'-remote client 'G'-global */
-   unsigned short int length;	/* Amount of data returned or max to return */
+   char channel;
-   char data[4092];		/* variable data */
+   /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
   char function;
   /* Amount of data returned or max to return */
   unsigned short int length;
   /* variable data */
   char data[4092];
 };
 #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -351,6 +351,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
 			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
 			}
 		/*
 		 * workaround for ultrix cc: without 'case 0', the optimizer does
 		 * the switch table by doing a=top&3; a--; goto jump_table[a];
 		 * which fails for top== 0
 		 */
 		switch (b->top&3)
 			{
 		case 3:	A[2]=B[2];
@ -358,11 +363,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 		case 1:	A[0]=B[0];
 		case 0:
 			;
 			/*
 			 * workaround for ultrix cc: without 'case 0', the optimizer does
 			 * the switch table by doing a=top&3; a--; goto jump_table[a];
 			 * which fails for top== 0
 			 */
 			}
 		}
@ -452,12 +452,13 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
 		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
 		}
 	/* ultrix cc workaround, see comments in bn_expand_internal */
 	switch (b->top&3)
 		{
 		case 3: A[2]=B[2];
 		case 2: A[1]=B[1];
 		case 1: A[0]=B[0];
-		case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
+		case 0: ;
 		}
 #else
 	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
--- a/crypto/bn/rsaz_exp.c
+++ b/crypto/bn/rsaz_exp.c
@ -60,7 +60,8 @@ void rsaz_1024_red2norm_avx2(void *norm,const void *red);
 # define ALIGN64
 # pragma align 64(one,two80)
 #else
-# define ALIGN64	/* not fatal, might hurt performance a little */
+/* not fatal, might hurt performance a little */
 # define ALIGN64
 #endif
 ALIGN64 static const BN_ULONG one[40] = {
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@ -286,7 +286,8 @@ typedef struct bio_st BIO_dummy;
 struct crypto_ex_data_st
 	{
 	STACK_OF(void) *sk;
-	int dummy; /* gcc is screwing up this data structure :-( */
+	/* gcc is screwing up this data structure :-( */
 	int dummy;
 	};
 DECLARE_STACK_OF(void)
--- a/crypto/des/des_ver.h
+++ b/crypto/des/des_ver.h
@ -67,5 +67,7 @@
 #define DES_version OSSL_DES_version
 #define libdes_version OSSL_libdes_version
-OPENSSL_EXTERN const char OSSL_DES_version[];	/* SSLeay version string */
+/* SSLeay version string */
-OPENSSL_EXTERN const char OSSL_libdes_version[];	/* old libdes version string */
+OPENSSL_EXTERN const char OSSL_DES_version[];
 /* old libdes version string */
 OPENSSL_EXTERN const char OSSL_libdes_version[];
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@ -91,19 +91,20 @@
 #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
 #define DSA_FLAG_CACHE_MONT_P	0x01
-#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the
+/* new with 0.9.7h; the
-                                              * built-in DSA
+ * built-in DSA
-                                              * implementation now
+ * implementation now
-                                              * uses constant time
+ * uses constant time
-                                              * modular exponentiation
+ * modular exponentiation
-                                              * for secret exponents
+ * for secret exponents
-                                              * by default. This flag
+ * by default. This flag
-                                              * causes the faster
+ * causes the faster
-                                              * variable sliding
+ * variable sliding
-                                              * window method to be
+ * window method to be
-                                              * used for all
+ * used for all
-                                              * exponents.
+ * exponents.
-                                              */
+ */
 #define DSA_FLAG_NO_EXP_CONSTTIME       0x02
 /* If this flag is set the DSA method is FIPS compliant and can be used
 * in FIPS mode. This is set in the validated module method. If an
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@ -390,8 +390,9 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
 		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
 		}
-	
+
-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+	/* test required by X9.62 */
 	if (!EC_POINT_is_on_curve(group, point, ctx))
 		{
 		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
 		goto err;
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@ -1563,9 +1563,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
 			if (!skip)
 				{
 				/* Arg 1 below is for "mixed" */
 				point_add(nq[0], nq[1], nq[2],
 					nq[0], nq[1], nq[2],
-					1 /* mixed */, tmp[0], tmp[1], tmp[2]);
+					1, tmp[0], tmp[1], tmp[2]);
 				}
 			else
 				{
@ -1582,9 +1583,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
 			bits |= get_bit(g_scalar, i);
 			/* select the point to add, in constant time */
 			select_point(bits, 16, g_pre_comp[0], tmp);
 			/* Arg 1 below is for "mixed" */
 			point_add(nq[0], nq[1], nq[2],
 				nq[0], nq[1], nq[2],
-				1 /* mixed */, tmp[0], tmp[1], tmp[2]);
+				1, tmp[0], tmp[1], tmp[2]);
 			}
 		/* do other additions every 5 doublings */
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@ -1460,9 +1460,10 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
 			select_point(bits, 16, g_pre_comp, tmp);
 			if (!skip)
 				{
 				/* The 1 argument below is for "mixed" */
 				point_add(nq[0], nq[1], nq[2],
 					nq[0], nq[1], nq[2],
-					1 /* mixed */, tmp[0], tmp[1], tmp[2]);
+					1, tmp[0], tmp[1], tmp[2]);
 				}
 			else
 				{
--- a/crypto/ec/ecp_nistputil.c
+++ b/crypto/ec/ecp_nistputil.c
@ -79,7 +79,8 @@ void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
 			/* tmp_felem(i-1) is the product of Z(0) .. Z(i-1),
 			 * tmp_felem(i) is the inverse of the product of Z(0) .. Z(i)
 			 */
-			felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i)); /* 1/Z(i) */
+			 /* 1/Z(i) */
 			felem_mul(tmp_felem(num), tmp_felem(i-1), tmp_felem(i));
 		else
 			felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */
--- a/crypto/ec/ecp_oct.c
+++ b/crypto/ec/ecp_oct.c
@ -416,8 +416,9 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
 		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
 		}
-	
+
-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+	/* test required by X9.62 */
 	if (!EC_POINT_is_on_curve(group, point, ctx))
 		{
 		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
 		goto err;
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@ -212,7 +212,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 	u64		seqnum;
 #endif
-	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)	/* ask for IVs in bulk */
+	/* ask for IVs in bulk */
 	if (RAND_bytes((IVs=blocks[0].c),16*x4)<=0)
 		return 0;
 	ctx = (SHA1_MB_CTX *)(storage+32-((size_t)storage%32));	/* align */
@ -229,7 +230,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
 	/* populate descriptors with pointers and IVs */
 	hash_d[0].ptr = inp;
 	ciph_d[0].inp = inp;
-	ciph_d[0].out = out+5+16;	/* 5+16 is place for header and explicit IV */
+	/* 5+16 is place for header and explicit IV */
 	ciph_d[0].out = out+5+16;
 	memcpy(ciph_d[0].out-16,IVs,16);
 	memcpy(ciph_d[0].iv,IVs,16);	IVs += 16;
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@ -227,7 +227,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
 	/* populate descriptors with pointers and IVs */
 	hash_d[0].ptr = inp;
 	ciph_d[0].inp = inp;
-	ciph_d[0].out = out+5+16;	/* 5+16 is place for header and explicit IV */
+	/* 5+16 is place for header and explicit IV */
 	ciph_d[0].out = out+5+16;
 	memcpy(ciph_d[0].out-16,IVs,16);
 	memcpy(ciph_d[0].iv,IVs,16);	IVs += 16;
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@ -2089,7 +2089,8 @@ static const u8	T19[]= {
 /* Test Case 20 */
 #define K20 K1
 #define A20 A1
-static const u8 IV20[64]={0xff,0xff,0xff,0xff};	/* this results in 0xff in counter LSB */
+/* this results in 0xff in counter LSB */
 static const u8 IV20[64]={0xff,0xff,0xff,0xff};
 static const u8	P20[288];
 static const u8	C20[]= {
 			0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@ -158,7 +158,8 @@ static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
                                           * holds CRYPTO_LOCK_RAND
                                           * (to prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
+/* valid iff crypto_lock_rand is set */
 static CRYPTO_THREADID locking_threadid;
 #ifdef PREDICT
@ -571,7 +572,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 		for (i=0; i<MD_DIGEST_LENGTH/2; i++)
 			{
-			state[st_idx++]^=local_md[i]; /* may compete with other threads */
+			/* may compete with other threads */
 			state[st_idx++]^=local_md[i];
 			if (st_idx >= st_num)
 				st_idx=0;
 			if (i < j)
--- a/crypto/seed/seed.h
+++ b/crypto/seed/seed.h
@ -89,7 +89,8 @@
 #error SEED is disabled.
 #endif
-#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */
+/* look whether we need 'long' to get 32 bits */
 #ifdef AES_LONG
 # ifndef SEED_LONG
 #  define SEED_LONG 1
 # endif
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@ -571,7 +571,8 @@ X509_ALGOR *encryption;
 } PBE2PARAM;
 typedef struct PBKDF2PARAM_st {
-ASN1_TYPE *salt;	/* Usually OCTET STRING but could be anything */
+/* Usually OCTET STRING but could be anything */
 ASN1_TYPE *salt;
 ASN1_INTEGER *iter;
 ASN1_INTEGER *keylength;
 X509_ALGOR *prf;
@ -582,7 +583,8 @@ X509_ALGOR *prf;
 struct pkcs8_priv_key_info_st
        {
-        int broken;     /* Flag for various broken formats */
+        /* Flag for various broken formats */
        int broken;
 #define PKCS8_OK		0
 #define PKCS8_NO_OCTET		1
 #define PKCS8_EMBEDDED_PARAM	2
@ -590,7 +592,8 @@ struct pkcs8_priv_key_info_st
 #define PKCS8_NEG_PRIVKEY	4
        ASN1_INTEGER *version;
        X509_ALGOR *pkeyalg;
-        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+        /* Should be OCTET STRING but some are broken */
        ASN1_TYPE *pkey;
        STACK_OF(X509_ATTRIBUTE) *attributes;
        };
--- a/demos/engines/ibmca/hw_ibmca.c
+++ b/demos/engines/ibmca/hw_ibmca.c
@ -764,10 +764,12 @@ they could cause potential side affects on either the card or the result */
        BN_bn2bin(dmq1, pkey);  /* Copy over dmq1 */
        pkey += qSize;     /* move pointer */
-	pkey += pSize - BN_num_bytes(p);  /* set up for zero padding of next field */
+	/* set up for zero padding of next field */
 	pkey += pSize - BN_num_bytes(p);
        BN_bn2bin(p, pkey);
-        pkey += BN_num_bytes(p);  /* increment pointer by number of bytes moved  */
+	/* increment pointer by number of bytes moved  */
        pkey += BN_num_bytes(p);
        BN_bn2bin(q, pkey);
        pkey += qSize ;  /* move the pointer */
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@ -419,7 +419,8 @@ void ENGINE_load_chil(void)
 static DSO *hwcrhk_dso = NULL;
 static HWCryptoHook_ContextHandle hwcrhk_context = 0;
 #ifndef OPENSSL_NO_RSA
-static int hndidx_rsa = -1;    /* Index for KM handle.  Not really used yet. */
+/* Index for KM handle.  Not really used yet. */
 static int hndidx_rsa = -1;
 #endif
 /* These are the function pointers that are (un)set when the library has
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@ -337,10 +337,12 @@ void ENGINE_load_sureware(void)
 * implicitly. */
 static DSO *surewarehk_dso = NULL;
 #ifndef OPENSSL_NO_RSA
-static int rsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */
+/* Index for KM handle.  Not really used yet. */
 static int rsaHndidx = -1;
 #endif
 #ifndef OPENSSL_NO_DSA
-static int dsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */
+/* Index for KM handle.  Not really used yet. */
 static int dsaHndidx = -1;
 #endif
 /* These are the function pointers that are (un)set when the library has
--- a/engines/e_ubsec.c
+++ b/engines/e_ubsec.c
@ -782,9 +782,13 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 		goto err;
 	}
-	if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
+	if (p_UBSEC_dsa_sign_ioctl(fd,
 		/* compute hash before signing */
 		0,
 		(unsigned char *)dgst, d_len,
-		NULL, 0,  /* compute random value */
+		NULL,
 		/* compute random value */
 		0,
 		(unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
 		(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
 		(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@ -712,7 +712,8 @@ again:
 			{
 			if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
 				return -1;
-			dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
+			/* Mark receipt of record. */
 			dtls1_record_bitmap_update(s, bitmap);
 			}
 		rr->length = 0;
 		s->packet_length = 0;
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@ -1813,8 +1813,10 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
                                princ,
-                                0 /* IGNORE_VNO */,
+                                /* IGNORE_VNO */
-                                0 /* IGNORE_ENCTYPE */,
+                                0,
                                /* IGNORE_ENCTYPE */
                                0,
                                &entry);
    if ( krb5rc == KRB5_KT_NOTFOUND ) {
        rc = 1;
@ -1898,7 +1900,8 @@ void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
 	krb5_free_data_contents(NULL, data);
 #endif
 	}
-#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
+#endif
 /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
 /*  Given pointers to KerberosTime and struct tm structs, convert the
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -582,7 +582,8 @@ struct ssl_session_st
 * the workaround is not needed.  Unfortunately some broken SSL/TLS
 * implementations cannot handle it at all, which is why we include
 * it in SSL_OP_ALL. */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
+/* added in 0.9.6e */
 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
 *             This used to be 0x000FFFFFL before 0.9.7. */
@ -1699,27 +1700,40 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 /* These alert types are for SSLv3 and TLSv1 */
 #define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
+/* fatal */
-#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */
+#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE
 /* fatal */
 #define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC
 #define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED
 #define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
+/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */
+#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE
-#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */
+/* fatal */
 #define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE
 /* Not for TLS */
 #define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE
 #define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE
 #define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE
 #define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED
 #define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED
 #define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
+/* fatal */
-#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */
+#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER
-#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */
+/* fatal */
-#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */
+#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA
 /* fatal */
 #define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED
 /* fatal */
 #define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR
 #define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION/* fatal */
+/* fatal */
-#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */
+#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION
-#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
+/* fatal */
-#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */
+#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION
 /* fatal */
 #define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY
 /* fatal */
 #define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR
 #define SSL_AD_USER_CANCELLED		TLS1_AD_USER_CANCELLED
 #define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION
 #define SSL_AD_UNSUPPORTED_EXTENSION	TLS1_AD_UNSUPPORTED_EXTENSION
@ -1727,8 +1741,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_AD_UNRECOGNIZED_NAME	TLS1_AD_UNRECOGNIZED_NAME
 #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
 #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
-#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
+/* fatal */
-#define SSL_AD_INAPPROPRIATE_FALLBACK	TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
+#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
 /* fatal */
 #define SSL_AD_INAPPROPRIATE_FALLBACK	TLS1_AD_INAPPROPRIATE_FALLBACK
 #define SSL_ERROR_NONE			0
 #define SSL_ERROR_SSL			1
@ -2119,7 +2135,8 @@ int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
 int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
 int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
 int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
+/* PEM type */
 int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
 					    const char *file);
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -288,32 +288,56 @@
 */
 /* Bits for algorithm_mkey (key exchange algorithm) */
-#define SSL_kRSA		0x00000001L /* RSA key exchange */
+/* RSA key exchange */
-#define SSL_kDHr		0x00000002L /* DH cert, RSA CA cert */
+#define SSL_kRSA		0x00000001L
-#define SSL_kDHd		0x00000004L /* DH cert, DSA CA cert */
+/* DH cert, RSA CA cert */
-#define SSL_kDHE		0x00000008L /* tmp DH key no DH cert */
+#define SSL_kDHr		0x00000002L
-#define SSL_kEDH		SSL_kDHE    /* synonym */
+/* DH cert, DSA CA cert */
-#define SSL_kKRB5		0x00000010L /* Kerberos5 key exchange */
+#define SSL_kDHd		0x00000004L
-#define SSL_kECDHr		0x00000020L /* ECDH cert, RSA CA cert */
+/* tmp DH key no DH cert */
-#define SSL_kECDHe		0x00000040L /* ECDH cert, ECDSA CA cert */
+#define SSL_kDHE		0x00000008L
-#define SSL_kECDHE		0x00000080L /* ephemeral ECDH */
+/* synonym */
-#define SSL_kEECDH		SSL_kECDHE  /* synonym */
+#define SSL_kEDH		SSL_kDHE
-#define SSL_kPSK		0x00000100L /* PSK */
+/* Kerberos5 key exchange */
-#define SSL_kGOST       0x00000200L /* GOST key exchange */
+#define SSL_kKRB5		0x00000010L
-#define SSL_kSRP        0x00000400L /* SRP */
+/* ECDH cert, RSA CA cert */
 #define SSL_kECDHr		0x00000020L
 /* ECDH cert, ECDSA CA cert */
 #define SSL_kECDHe		0x00000040L
 /* ephemeral ECDH */
 #define SSL_kECDHE		0x00000080L
 /* synonym */
 #define SSL_kEECDH		SSL_kECDHE
 /* PSK */
 #define SSL_kPSK		0x00000100L
 /* GOST key exchange */
 #define SSL_kGOST       0x00000200L
 /* SRP */
 #define SSL_kSRP        0x00000400L
 /* Bits for algorithm_auth (server authentication) */
-#define SSL_aRSA		0x00000001L /* RSA auth */
+/* RSA auth */
-#define SSL_aDSS 		0x00000002L /* DSS auth */
+#define SSL_aRSA		0x00000001L
-#define SSL_aNULL 		0x00000004L /* no auth (i.e. use ADH or AECDH) */
+/* DSS auth */
-#define SSL_aDH 		0x00000008L /* Fixed DH auth (kDHd or kDHr) */
+#define SSL_aDSS 		0x00000002L
-#define SSL_aECDH 		0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
+/* no auth (i.e. use ADH or AECDH) */
-#define SSL_aKRB5               0x00000020L /* KRB5 auth */
+#define SSL_aNULL 		0x00000004L
-#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
+/* Fixed DH auth (kDHd or kDHr) */
-#define SSL_aPSK                0x00000080L /* PSK auth */
+#define SSL_aDH 		0x00000008L
-#define SSL_aGOST94				0x00000100L /* GOST R 34.10-94 signature auth */
+/* Fixed ECDH auth (kECDHe or kECDHr) */
-#define SSL_aGOST01 			0x00000200L /* GOST R 34.10-2001 signature auth */
+#define SSL_aECDH 		0x00000010L
-#define SSL_aSRP 		0x00000400L /* SRP auth */
+/* KRB5 auth */
 #define SSL_aKRB5               0x00000020L
 /* ECDSA auth*/
 #define SSL_aECDSA              0x00000040L
 /* PSK auth */
 #define SSL_aPSK                0x00000080L
 /* GOST R 34.10-94 signature auth */
 #define SSL_aGOST94				0x00000100L
 /* GOST R 34.10-2001 signature auth */
 #define SSL_aGOST01 			0x00000200L
 /* SRP auth */
 #define SSL_aSRP 		0x00000400L
 /* Bits for algorithm_enc (symmetric encryption) */
--- a/ssl/ssl_task.c
+++ b/ssl/ssl_task.c
@ -144,11 +144,16 @@ static int s_nbio=0;
 #endif
 #define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
 /*************************************************************************/
-struct rpc_msg {		/* Should have member alignment inhibited */
+/* Should have member alignment inhibited */
-   char channel;		/* 'A'-app data. 'R'-remote client 'G'-global */
+struct rpc_msg {
-   char function;		/* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+    /* 'A'-app data. 'R'-remote client 'G'-global */
-   unsigned short int length;	/* Amount of data returned or max to return */
+   char channel;
-   char data[4092];		/* variable data */
+   /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
   char function;
   /* Amount of data returned or max to return */
   unsigned short int length;
   /* variable data */
   char data[4092];
 };
 #define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@ -1616,8 +1616,10 @@ bad:
 #ifdef TLSEXT_TYPE_opaque_prf_input
 	SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
 	SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
-	SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
+	/* or &co2 or NULL */
-	SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
+	SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
 	/* or &so2 or NULL */
 	SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
 #endif
 	if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@ -1279,7 +1279,8 @@ int tls1_alert_code(int code)
 	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
 	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
 	case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
-#if 0 /* not appropriate for TLS, not used for DTLS */
+#if 0
 	/* not appropriate for TLS, not used for DTLS */
 	case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
 					  (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
 #endif