Additional comment changes for reformat of 0.9.8

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-16 09:21:50 +00:00 · 2015-01-16 09:21:50 +00:00 · 3e8042c38f
commit 3e8042c38f
parent 564ccc55d6
73 changed files with 215 additions and 139 deletions
--- a/MacOS/opensslconf.h
+++ b/MacOS/opensslconf.h
@ -23,7 +23,7 @@
 #if !defined(RC4_INT)
 /* using int types make the structure larger but make the code faster
 * on most boxes I have tested - up to %20 faster. */
-/*
+/*-
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@ -290,7 +290,7 @@ end:
 	OPENSSL_EXIT(ret);
 	}
-/*
+/*-
 *----------------------------------------------------------------------
 * int add_certs_from_file
 *
--- a/apps/gendh.c
+++ b/apps/gendh.c
@ -121,7 +121,7 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-2") == 0)
 			g=2;
-	/*	else if (strcmp(*argv,"-3") == 0)
+	/*-	else if (strcmp(*argv,"-3") == 0)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@ -183,7 +183,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	{
 	if (cert_file != NULL)
 		{
-		/*
+		/*-
 		SSL *ssl;
 		X509 *x509;
 		*/
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -1122,7 +1122,7 @@ SSL_set_tlsext_status_ids(con, ids);
 					FD_SET(SSL_get_fd(con),&writefds);
 			}
 #endif
-/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
+/*-			printf("mode tty(%d %d%d) ssl(%d%d)\n",
 				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 			/* Note: under VMS with SOCKETSHR the second parameter
--- a/apps/s_time.c
+++ b/apps/s_time.c
@ -659,7 +659,7 @@ end:
 	OPENSSL_EXIT(ret);
 	}
-/***********************************************************************
+/*-
 * doConnection - make a connection
 * Args:
 *		scon	= earlier ssl connection for session id, or NULL
--- a/apps/winrand.c
+++ b/apps/winrand.c
@ -53,7 +53,8 @@
 *
 */
-/* Usage: winrand [filename]
+/*-
 * Usage: winrand [filename]
 *
 * Collects entropy from mouse movements and other events and writes
 * random data to filename or .rnd
--- a/bugs/alpha.c
+++ b/bugs/alpha.c
@ -60,7 +60,8 @@
 * something to watch out for.  This was fine on linux/NT/Solaris but not
 * Alpha */
-/* it is basically an example of
+/*-
 * it is basically an example of
 * func(*(a++),*(a++))
 * which parameter is evaluated first?  It is not defined in ASN1 C.
 */
--- a/bugs/dggccbug.c
+++ b/bugs/dggccbug.c
@ -14,7 +14,8 @@
 * copies of the valiable, one in a register and one being an address
 * that is passed. */
-/* compare the out put from
+/*-
 * compare the out put from
 * gcc dggccbug.c; ./a.out
 * and
 * gcc -O dggccbug.c; ./a.out
--- a/bugs/sgiccbug.c
+++ b/bugs/sgiccbug.c
@ -11,7 +11,8 @@
 * Gage <agage@forgetmenot.Mines.EDU>
 */
-/* Compare the output from
+/*-
 * Compare the output from
 * cc sgiccbug.c; ./a.out
 * and
 * cc -O sgiccbug.c; ./a.out
--- a/bugs/ultrixcc.c
+++ b/bugs/ultrixcc.c
@ -1,6 +1,7 @@
 #include <stdio.h>
-/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
+/*-
 * This is a cc optimiser bug for ultrix 4.3, mips CPU.
 * What happens is that the compiler, due to the (a)&7,
 * does
 * i=a&7;
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@ -86,7 +86,7 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
 	}
-/* 
+/*- 
 * This converts an ASN1 INTEGER into its content encoding.
 * The internal representation is an ASN1_STRING whose data is a big endian
 * representation of the value, ignoring the sign. The sign is determined by
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@ -87,7 +87,8 @@ unsigned long ASN1_STRING_get_default_mask(void)
 	return global_mask;
 }
-/* This function sets the default to various "flavours" of configuration.
+/*-
 * This function sets the default to various "flavours" of configuration.
 * based on an ASCII string. Currently this is:
 * MASK:XXXX : a numerical mask value.
 * nobmp : Don't use BMPStrings (just Printable, T61).
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@ -354,7 +354,7 @@ err:\
 	if (((arg)=func()) == NULL) return(NULL)
 #define M_ASN1_New_Error(a) \
-/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+/*-	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
 		return(NULL);*/ \
 	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
 		return(NULL)
--- a/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
@ -567,7 +567,8 @@ const char *sname;		/* Structure name */
 #endif
 };
-/* These are values for the itype field and
+/*-
 * These are values for the itype field and
 * determine how the type is interpreted.
 *
 * For PRIMITIVE types the underlying type
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@ -843,7 +843,8 @@ static void mime_param_free(MIME_PARAM *param)
 	OPENSSL_free(param);
 }
-/* Check for a multipart boundary. Returns:
+/*-
 * Check for a multipart boundary. Returns:
 * 0 : no boundary
 * 1 : part boundary
 * 2 : final boundary
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@ -102,7 +102,8 @@ void ASN1_add_oid_module(void)
 	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
 	}
-/* Create an OID based on a name value pair. Accept two formats.
+/*-
 * Create an OID based on a name value pair. Accept two formats.
 * shortname = 1.2.3.4
 * shortname = some long name, 1.2.3.4
 */
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
-/*
+/*-
 * 03-Dec-1997	rdenny@dc3.com  Fix bug preventing use of stdin/stdout
 *		with binary data (e.g. asn1parse -inform DER < xxx) under
 *		Windows
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@ -622,7 +622,8 @@ int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 	BN_CTX *ctx); /* r^2 + r = a mod p */
 #define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
+/*-
 * Some functions allow for representation of the irreducible polynomials
 * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
 *     t^p[0] + t^p[1] + ... + t^p[k]
 * where m = p[0] > p[1] > ... > p[k] = 0.
--- a/crypto/bn/bn_const.c
+++ b/crypto/bn/bn_const.c
@ -3,7 +3,8 @@
 #include "bn.h"
-/* "First Oakley Default Group" from RFC2409, section 6.1.
+/*-
 * "First Oakley Default Group" from RFC2409, section 6.1.
 *
 * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
 *
@ -26,7 +27,8 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
 	return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
 	}
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
+/*-
 * "Second Oakley Default Group" from RFC2409, section 6.2.
 *
 * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
 *
@ -52,7 +54,8 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
 	return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
 	}
-/* "1536-bit MODP Group" from RFC3526, Section 2.
+/*-
 * "1536-bit MODP Group" from RFC3526, Section 2.
 *
 * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
 *
@ -83,7 +86,8 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
 	}
-/* "2048-bit MODP Group" from RFC3526, Section 3.
+/*-
 * "2048-bit MODP Group" from RFC3526, Section 3.
 *
 * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
 *
@ -119,7 +123,8 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
 	}
-/* "3072-bit MODP Group" from RFC3526, Section 4.
+/*-
 * "3072-bit MODP Group" from RFC3526, Section 4.
 *
 * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
 *
@ -165,7 +170,8 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
 	}
-/* "4096-bit MODP Group" from RFC3526, Section 5.
+/*-
 * "4096-bit MODP Group" from RFC3526, Section 5.
 *
 * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
 *
@ -222,7 +228,8 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
 	}
-/* "6144-bit MODP Group" from RFC3526, Section 6.
+/*-
 * "6144-bit MODP Group" from RFC3526, Section 6.
 *
 * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
 *
@ -300,7 +307,8 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
 	return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
 	}
-/* "8192-bit MODP Group" from RFC3526, Section 7.
+/*-
 * "8192-bit MODP Group" from RFC3526, Section 7.
 *
 * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
 *
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@ -131,7 +131,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
    && !defined(PEDANTIC) && !defined(BN_DIV3W)
 # if defined(__GNUC__) && __GNUC__>=2
 #  if defined(__i386) || defined (__i386__)
-   /*
+   /*-
    * There were two reasons for implementing this template:
    * - GNU C generates a call to a function (__udivdi3 to be exact)
    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@ -313,7 +313,8 @@ int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	}
-/* Some functions allow for representation of the irreducible polynomials
+/*-
 * Some functions allow for representation of the irreducible polynomials
 * as an int[], say p.  The irreducible f(t) is then of the form:
 *     t^p[0] + t^p[1] + ... + t^p[k]
 * where m = p[0] > p[1] > ... > p[k] = 0.
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
@ -66,7 +66,8 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	int ret = -2; /* avoid 'uninitialized' warning */
 	int err = 0;
 	BIGNUM *A, *B, *tmp;
-	/* In 'tab', only odd-indexed entries are relevant:
+	/*-
 	 * In 'tab', only odd-indexed entries are relevant:
 	 * For any odd BIGNUM n,
 	 *     tab[BN_lsw(n) & 7]
 	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@ -108,7 +108,8 @@ char *BN_bn2dec(const BIGNUM *a)
 	BIGNUM *t=NULL;
 	BN_ULONG *bn_data=NULL,*lp;
-	/* get an upper bound for the length of the decimal integer
+	/*-
 	 * get an upper bound for the length of the decimal integer
 	 * num <= (BN_num_bits(a) + 1) * log(2)
 	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
 	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 
--- a/crypto/cast/casttest.c
+++ b/crypto/cast/casttest.c
@ -125,7 +125,7 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
 	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
 	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+/*-	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
 	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
 	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
 	}; 
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@ -495,7 +495,8 @@ int CRYPTO_remove_all_info(void);
 /* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
 * used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
+/*-
 * The last argument has the following significance:
 *
 * 0:	called before the actual memory allocation has taken place
 * 1:	called after the actual memory allocation has taken place
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@ -233,7 +233,8 @@ int main(int argc, char **argv)
 			}
 		}
 	if (error) usage();
-	/* We either
+	/*-
 	 * We either
 	 * do checksum or
 	 * do encrypt or
 	 * do decrypt or
--- a/crypto/des/enc_read.c
+++ b/crypto/des/enc_read.c
@ -198,7 +198,8 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
 		}
 	else
 		{
-		/* >output is a multiple of 8 byes, if len < rnum
+		/*-
 		 * >output is a multiple of 8 byes, if len < rnum
 		 * >we must be careful.  The user must be aware that this
 		 * >routine will write more bytes than he asked for.
 		 * >The length of the buffer must be correct.
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@ -105,7 +105,7 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
 		}
 	if (save)
 		{
-/*		v0=ti[0];
+/*-		v0=ti[0];
 		v1=ti[1];*/
 		iv = &(*ivec)[0];
 		l2c(v0,iv);
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@ -56,7 +56,8 @@
 * [including the GNU Public Licence.]
 */
-/* set_key.c v 1.4 eay 24/9/91
+/*-
 * set_key.c v 1.4 eay 24/9/91
 * 1.4 Speed up by 400% :-)
 * 1.3 added register declarations.
 * 1.2 unrolled make_key_sched a bit more
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@ -190,7 +190,8 @@ int DSA_size(const DSA *r)
 	return(ret);
 	}
-/* data has already been hashed (probably with SHA or SHA-1). */
+/*-
 * data has already been hashed (probably with SHA or SHA-1). */
 /* returns
 *      1: correct signature
 *      0: incorrect signature
--- a/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
@ -10,7 +10,8 @@ static void *dummy=&dummy;
 #else /*CHARSET_EBCDIC*/
 #include "ebcdic.h"
-/*      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
+/*-
 *      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
 *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
 */
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@ -802,7 +802,8 @@ int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
 	}
-/* Determines whether the given EC_POINT is an actual point on the curve defined
+/*-
 * Determines whether the given EC_POINT is an actual point on the curve defined
 * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
 *      y^2 + x*y = x^3 + a*x^2 + b.
 */
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@ -182,7 +182,8 @@ static void ec_pre_comp_clear_free(void *pre_)
-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+/*-
 * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
 * This is an array  r[]  of values that are either zero or odd with an
 * absolute value less than  2^w  satisfying
 *     scalar = \sum_j r[j]*2^j
@ -337,7 +338,8 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
 		  (b) >=   20 ? 2 : \
 		  1))
-/* Compute
+/*-
 * Compute
 *      \sum scalars[i]*points[i],
 * also including
 *      scalar*generator
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@ -663,7 +663,8 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *po
 	y = BN_CTX_get(ctx);
 	if (y == NULL) goto err;
-	/* Recover y.  We have a Weierstrass equation
+	/*-
 	 * Recover y.  We have a Weierstrass equation
 	 *     y^2 = x^3 + a*x + b,
 	 * so  y  is one of the square roots of  x^3 + a*x + b.
 	 */
@ -1222,8 +1223,10 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_
 		if (!field_mul(group, n1, n0, n2, ctx)) goto err;
 		if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
 		if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
-		/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+		/*-
-		 *    = 3 * X_a^2 - 3 * Z_a^4 */
+		 * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
 		 *    = 3 * X_a^2 - 3 * Z_a^4
 		 */
 		}
 	else
 		{
@ -1393,7 +1396,8 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C
 int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
 	{
-	/* return values:
+	/*-
 	 * return values:
 	 *  -1   error
 	 *   0   equal (in affine coordinates)
 	 *   1   not equal
--- a/crypto/engine/eng_padlock.c
+++ b/crypto/engine/eng_padlock.c
@ -281,7 +281,7 @@ struct padlock_cipher_data
 static volatile struct padlock_cipher_data *padlock_saved_context;
 #endif
-/*
+/*-
 * =======================================================
 * Inline assembler section(s).
 * =======================================================
@ -840,7 +840,7 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
 	return 1;
 }
-/* 
+/*- 
 * Simplified version of padlock_aes_cipher() used when
 * 1) both input and output buffers are at aligned addresses.
 * or when
--- a/crypto/jpake/jpake.c
+++ b/crypto/jpake/jpake.c
@ -191,7 +191,7 @@ static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
    BIGNUM *h = BN_new();
    BIGNUM *t = BN_new();
-   /*
+   /*-
    * r in [0,q)
    * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
    */
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@ -449,7 +449,7 @@ unsigned long lh_strhash(const char *c)
 	if ((c == NULL) || (*c == '\0'))
 		return(ret);
-/*
+/*-
 	unsigned char b[16];
 	MD5(c,strlen(c),b);
 	return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); 
--- a/crypto/md4/md4_locl.h
+++ b/crypto/md4/md4_locl.h
@ -86,7 +86,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 #include "md32_common.h"
-/*
+/*-
 #define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
 #define	G(x,y,z)	(((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
 */
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@ -86,7 +86,8 @@ static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
 typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
+/*-
 * For application-defined information (static C-string `info')
 * to be displayed in memory leak list.
 * Each thread has its own stack.  For applications, there is
 *   CRYPTO_push_info("...")     to push an entry,
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@ -418,7 +418,8 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 #endif
-/* The PrivateKey case is not that straightforward.
+/*-
 * The PrivateKey case is not that straightforward.
 *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
 * does not work, RSA and DSA keys have specific strings.
 * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@ -107,8 +107,10 @@ static FILE *(*const vms_fopen)(const char *, const char *, ...) =
 int RAND_load_file(const char *file, long bytes)
 	{
-	/* If bytes >= 0, read up to 'bytes' bytes.
+	/*-
-	 * if bytes == -1, read complete file. */
+	 * If bytes >= 0, read up to 'bytes' bytes.
 	 * if bytes == -1, read complete file.
 	 */
 	MS_STATIC unsigned char buf[BUFSIZE];
 	struct stat sb;
--- a/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
@ -59,7 +59,8 @@
 #include <openssl/rc4.h>
 #include "rc4_locl.h"
-/* RC4 as implemented from a posting from
+/*-
 * RC4 as implemented from a posting from
 * Newsgroups: sci.crypt
 * From: sterndark@netcom.com (David Sterndark)
 * Subject: RC4 Algorithm revealed.
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@ -82,7 +82,8 @@ const char *RC4_options(void)
 #endif
 	}
-/* RC4 as implemented from a posting from
+/*-
 * RC4 as implemented from a posting from
 * Newsgroups: sci.crypt
 * From: sterndark@netcom.com (David Sterndark)
 * Subject: RC4 Algorithm revealed.
--- a/crypto/threads/mttest.c
+++ b/crypto/threads/mttest.c
@ -348,7 +348,7 @@ end:
 			fprintf(stderr,"-----\n");
 			lh_stats(SSL_CTX_sessions(s_ctx),stderr);
 			fprintf(stderr,"-----\n");
-		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+		/*-	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
 			fprintf(stderr,"-----\n"); */
 			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
 			fprintf(stderr,"-----\n");
@ -388,7 +388,7 @@ int ndoit(SSL_CTX *ssl_ctx[2])
 	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
 	for (i=0; i<number_of_loops; i++)
 		{
-/*		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+/*-		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
 			CRYPTO_thread_id(),i,
 			ssl_ctx[0]->references,
 			ssl_ctx[1]->references); */
--- a/crypto/ui/ui.h
+++ b/crypto/ui/ui.h
@ -157,34 +157,36 @@ int UI_dup_error_string(UI *ui, const char *text);
   might get confused. */
 #define UI_INPUT_FLAG_DEFAULT_PWD	0x02
-/* The user of these routines may want to define flags of their own.  The core
+/*-
-   UI won't look at those, but will pass them on to the method routines.  They
+ * The user of these routines may want to define flags of their own.  The core
-   must use higher bits so they don't get confused with the UI bits above.
+ * UI won't look at those, but will pass them on to the method routines.  They
-   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+ * must use higher bits so they don't get confused with the UI bits above.
-   example of use is this:
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
-
+ * example of use is this:
-	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
-
+ *    #define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
 *
 */
 #define UI_INPUT_FLAG_USER_BASE	16
-/* The following function helps construct a prompt.  object_desc is a
+/*-
-   textual short description of the object, for example "pass phrase",
+ * The following function helps construct a prompt.  object_desc is a
-   and object_name is the name of the object (might be a card name or
+ * textual short description of the object, for example "pass phrase",
-   a file name.
+ * and object_name is the name of the object (might be a card name or
-   The returned string shall always be allocated on the heap with
+ * a file name.
-   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ * The returned string shall always be allocated on the heap with
-
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-   If the ui_method doesn't contain a pointer to a user-defined prompt
+ *
-   constructor, a default string is built, looking like this:
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
-
+ * constructor, a default string is built, looking like this:
-	"Enter {object_desc} for {object_name}:"
+ *
-
+ *       "Enter {object_desc} for {object_name}:"
-   So, if object_desc has the value "pass phrase" and object_name has
+ *
-   the value "foo.key", the resulting string is:
+ * So, if object_desc has the value "pass phrase" and object_name has
-
+ * the value "foo.key", the resulting string is:
-	"Enter pass phrase for foo.key:"
+ *
 *       "Enter pass phrase for foo.key:"
 */
 char *UI_construct_prompt(UI *ui_method,
 	const char *object_desc, const char *object_name);
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@ -374,7 +374,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
 			/* If we were going to up the reference count,
 			 * we would need to do it on a perl 'type'
 			 * basis */
-	/*		CRYPTO_add(&tmp->data.x509->references,1,
+	/*-		CRYPTO_add(&tmp->data.x509->references,1,
 				CRYPTO_LOCK_X509);*/
 			goto finish;
 			}
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@ -318,7 +318,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
 			return 0;
 		}
-/*	if (ret->data.ptr != NULL)
+/*-	if (ret->data.ptr != NULL)
 		X509_OBJECT_free_contents(ret); */
 	ret->type=tmp->type;
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@ -84,7 +84,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 		{
 		if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
 		if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/*		xi->extensions=ri->attributes; <- bad, should not ever be done
+/*-		xi->extensions=ri->attributes; <- bad, should not ever be done
 		ri->attributes=NULL; */
 		}
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -397,14 +397,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 		!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
 	cb=ctx->verify_cb;
-	/* must_be_ca can have 1 of 3 values:
+	/*-
-	   -1: we accept both CA and non-CA certificates, to allow direct
+	 *  must_be_ca can have 1 of 3 values:
-	       use of self-signed certificates (which are marked as CA).
+	 * -1: we accept both CA and non-CA certificates, to allow direct
-	   0:  we only accept non-CA certificates.  This is currently not
+	 *     use of self-signed certificates (which are marked as CA).
-	       used, but the possibility is present for future extensions.
+	 * 0:  we only accept non-CA certificates.  This is currently not
-	   1:  we only accept CA certificates.  This is currently used for
+	 *     used, but the possibility is present for future extensions.
-	       all certificates in the chain except the leaf certificate.
+	 * 1:  we only accept CA certificates.  This is currently used for
-	*/
+	 *     all certificates in the chain except the leaf certificate.
 	 */
 	must_be_ca = -1;
 	/* A hack to keep people who don't want to modify their software
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@ -100,7 +100,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 	return extlist;
 }
-/* Currently two options:
+/*-
 * Currently two options:
 * keyid: use the issuers subject keyid, the value 'always' means its is
 * an error if the issuer certificate doesn't have a key id.
 * issuer: use the issuers cert issuer and serial number. The default is
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@ -1,7 +1,8 @@
 /* NOCW */
 /* demos/bio/saccept.c */
-/* A minimal program to server an SSL connection.
+/*-
 * A minimal program to server an SSL connection.
 * It uses blocking.
 * saccept host:port
 * host is the interface IP to use.  If any interface, use *:port
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@ -1,7 +1,8 @@
 /* NOCW */
 /* demos/bio/sconnect.c */
-/* A minimal program to do SSL to a passed host and port.
+/*-
 * A minimal program to do SSL to a passed host and port.
 * It is actually using non-blocking IO but in a very simple manner
 * sconnect host:port - it does a 'GET / HTTP/1.0'
 *
--- a/demos/easy_tls/easy-tls.c
+++ b/demos/easy_tls/easy-tls.c
@ -1,5 +1,5 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
+/*-
 * easy-tls.c -- generic TLS proxy.
 * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
 */
@ -62,7 +62,7 @@
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 */
-/*
+/*-
 * Attribution for OpenSSL library:
 *
 * This product includes cryptographic software written by Eric Young
@ -124,7 +124,8 @@ static char const rcsid[] =
 # include TLS_APP
 #endif
-/* Applications can define:
+/*-
 * Applications can define:
 *   TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
 *   TLS_CUMULATE_ERRORS 
 *   TLS_ERROR_BUFSIZ
--- a/demos/easy_tls/easy-tls.h
+++ b/demos/easy_tls/easy-tls.h
@ -1,5 +1,5 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
+/*-
 * easy-tls.h -- generic TLS proxy.
 * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
 */
--- a/demos/engines/ibmca/ica_openssl_api.h
+++ b/demos/engines/ibmca/ica_openssl_api.h
@ -62,7 +62,7 @@ typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
 | RSA Key Token format                           |
 *------------------------------------------------*/
-/*
+/*-
 * NOTE:  All the fields in the ICA_KEY_RSA_MODEXPO structure
 *        (lengths, offsets, exponents, modulus, etc.) are
 *        stored in big-endian format
@ -86,7 +86,7 @@ typedef struct _ICA_KEY_RSA_MODEXPO
 } ICA_KEY_RSA_MODEXPO;
 #define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
-/*
+/*-
 * NOTE:  All the fields in the ICA_KEY_RSA_CRT structure
 *        (lengths, offsets, exponents, modulus, etc.) are
 *        stored in big-endian format
--- a/demos/engines/zencod/hw_zencod.h
+++ b/demos/engines/zencod/hw_zencod.h
@ -114,7 +114,8 @@ typedef struct ZEN_data_st
 /* output : output data buffer */
 /* input : input data buffer */
 /* algo : hash algorithm, MD5 or SHA1 */
-/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
+/*-
 * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
 * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
 */
 /* For now separate this stuff that mad it easier to test */
--- a/demos/spkigen.c
+++ b/demos/spkigen.c
@ -1,5 +1,6 @@
 /* NOCW */
-/* demos/spkigen.c
+/*-
 * demos/spkigen.c
 * 18-Mar-1997 - eay - A quick hack :-) 
 * 		version 1.1, it would probably help to save or load the
 *		private key :-)
--- a/demos/tunala/cb.c
+++ b/demos/tunala/cb.c
@ -5,7 +5,8 @@
 /* For callbacks generating output, here are their file-descriptors. */
 static FILE *fp_cb_ssl_info = NULL;
 static FILE *fp_cb_ssl_verify = NULL;
-/* Output level:
+/*-
 * Output level:
 *     0 = nothing,
 *     1 = minimal, just errors,
 *     2 = minimal, all steps,
--- a/engines/e_cswift.c
+++ b/engines/e_cswift.c
@ -1065,9 +1065,11 @@ static int cswift_rand_bytes(unsigned char *buf, int num)
 	{
 		largenum.value = buf;
 		largenum.nbytes = sizeof(buf32);
-		/* tell CryptoSwift how many bytes we want and where we want it.
+		/*-
 		 * tell CryptoSwift how many bytes we want and where we want it.
 		 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
-		 *       - CryptoSwift can only do multiple of 32-bits. */
+		 *       - CryptoSwift can only do multiple of 32-bits.
 		 */
 		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
 		if (swrc != SW_OK)
 		{
--- a/fips/dh/dh_gen.c
+++ b/fips/dh/dh_gen.c
@ -77,7 +77,8 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
 	return dh_builtin_genparams(ret, prime_len, generator, cb);
 	}
-/* We generate DH parameters as follows
+/*-
 * We generate DH parameters as follows
 * find a prime q which is prime_len/2 bits long.
 * p=(2*q)+1 or (p-1)/2 = q
 * For this case, g is a generator if
--- a/fips/dh/fips_dh_check.c
+++ b/fips/dh/fips_dh_check.c
@ -62,7 +62,8 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
-/* Check that p is a safe prime and
+/*-
 * Check that p is a safe prime and
 * if g is 2, 3 or 5, check that is is a suitable generator
 * where
 * for 2, p mod 24 == 11
--- a/fips/dh/fips_dh_gen.c
+++ b/fips/dh/fips_dh_gen.c
@ -78,7 +78,8 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
 	return dh_builtin_genparams(ret, prime_len, generator, cb);
 	}
-/* We generate DH parameters as follows
+/*-
 * We generate DH parameters as follows
 * find a prime q which is prime_len/2 bits long.
 * p=(2*q)+1 or (p-1)/2 = q
 * For this case, g is a generator if
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@ -906,7 +906,8 @@ int dtls1_send_client_key_exchange(SSL *s)
                                goto err;
                                }
-			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ
+			/*-
 			 *   20010406 VRS - Earlier versions used KRB5 AP_REQ
 			**  in place of RFC 2712 KerberosWrapper, as in:
 			**
                        **  Send ticket (copy to *p, set n = length)
@ -952,12 +953,13 @@ int dtls1_send_client_key_exchange(SSL *s)
 			if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
 			    goto err;
-			/*  20010420 VRS.  Tried it this way; failed.
+			/*-
-			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+			 *  20010420 VRS.  Tried it this way; failed.
-			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+			 *	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-			**				kssl_ctx->length);
+			 *	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+			 *				kssl_ctx->length);
-			*/
+			 *	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
 			 */
 			memset(iv, 0, sizeof iv);  /* per RFC 1510 */
 			EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
@ -1060,7 +1062,7 @@ int dtls1_send_client_key_exchange(SSL *s)
 		d = dtls1_set_message_header(s, d,
 		SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
-		/*
+		/*-
 		 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
 		 l2n3(n,d);
 		 l2n(s->d1->handshake_write_seq,d);
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@ -126,14 +126,16 @@
 #include <openssl/des.h>
 #endif
-/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+/*-
 * dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
 *
 * Returns:
 *   0: (in non-constant time) if the record is publically invalid (i.e. too
 *       short etc).
 *   1: if the record's padding is valid / the encryption was successful.
 *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured. */
+ *       an internal error occured.
 */
 int dtls1_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@ -364,10 +364,12 @@ dtls1_process_record(SSL *s)
 	rr->data=rr->input;
 	enc_err = s->method->ssl3_enc->enc(s,0);
-	/* enc_err is:
+	/*-
 	 * enc_err is:
 	 *    0: (in non-constant time) if the record is publically invalid.
 	 *    1: if the padding is valid
-	 *    -1: if the padding is invalid */
+	 *   -1: if the padding is invalid
 	 */
 	if (enc_err == 0)
 		{
 		/* For DTLS we simply ignore bad packets. */
@ -919,9 +921,11 @@ start:
 			}
 		}
-	/* s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
+	/*-
 	 * s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
 	 * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
-	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
 	 */
 	/* If we are a client, check for an incoming 'Hello Request': */
 	if ((!s->server) &&
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@ -1300,7 +1300,8 @@ kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,
 	}
-/*	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+/*-
 *	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
 *		and krb5 AP_REQ message & message length,
 *	Return Kerberos session key and client principle
 *		to SSL Server in KSSL_CTX *kssl_ctx.
--- a/ssl/kssl.h
+++ b/ssl/kssl.h
@ -90,7 +90,8 @@ typedef unsigned char krb5_octet;
 #endif
-/*	Uncomment this to debug kssl problems or
+/*-
 *	Uncomment this to debug kssl problems or
 *	to trace usage of the Kerberos session key
 *
 *	#define		KSSL_DEBUG
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@ -561,16 +561,20 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 			}
 		else if ((bs <= 1) && (!s->s2->escape))
 			{
-			/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+			/*-
-			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
+			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
 			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
 			 */
 			s->s2->three_byte_header=0;
 			p=0;
 			}
 		else /* we may have to use a 3 byte header */
 			{
-			/* If s->s2->escape is not set, then
+			/*-
 			 * If s->s2->escape is not set, then
 			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
-			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER.
 			 */
 			p=(j%bs);
 			p=(p == 0)?0:(bs-p);
 			if (s->s2->escape)
@ -584,7 +588,8 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 			}
 		}
-	/* Now
+	/*-
 	 * Now
 	 *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
 	 * holds, and if s->s2->three_byte_header is set, then even
 	 *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@ -433,7 +433,8 @@ void ssl3_cleanup_key_block(SSL *s)
 	s->s3->tmp.key_block_length=0;
 	}
-/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+/*-
 * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
 *
 * Returns:
 *   0: (in non-constant time) if the record is publically invalid (i.e. too
@ -619,7 +620,8 @@ int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 		 * data we are hashing because that gives an attacker a
 		 * timing-oracle. */
-		/* npad is, at most, 48 bytes and that's with MD5:
+		/*-
 		 * npad is, at most, 48 bytes and that's with MD5:
 		 *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
 		 *
 		 * With SHA-1 (the largest hash speced for SSLv3) the hash size
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -198,7 +198,8 @@ extern "C" {
 #endif
 /* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
+/*-
 * Version 0 - initial version
 * Version 1 - added the optional peer certificate
 */
 #define SSL_SESSION_ASN1_VERSION 0x0001
@ -1134,10 +1135,12 @@ extern "C" {
 #define SSL_ST_READ_BODY			0xF1
 #define SSL_ST_READ_DONE			0xF2
-/* Obtain latest Finished message
+/*-
 * Obtain latest Finished message
 *   -- that we sent (SSL_get_finished)
 *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
 */
 size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@ -885,7 +885,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
 			if (!found)
 				break;	/* ignore this entry */
-			/* New algorithms:
+			/*-
 			 * New algorithms:
 			 *  1 - any old restrictions apply outside new mask
 			 *  2 - any new restrictions apply outside old mask
 			 *  3 - enforce old & new where masks intersect
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -396,7 +396,7 @@
 * SSL_aDSS <- DSA_SIGN
 */
-/*
+/*-
 #define CERT_INVALID		0
 #define CERT_PUBLIC_KEY		1
 #define CERT_PRIVATE_KEY	2