KNF comments, reflowing and moving out of the middle of argument lists in

places

ok jsing@

6 files changed, 300 insertions, 186 deletions

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index bd4267238f..f27588fcff 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.22 2014/07/02 20:45:26 miod Exp $ */
+/* $OpenBSD: d1_both.c,v 1.23 2014/07/10 08:25:00 guenther Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -233,8 +233,11 @@ dtls1_do_write(SSL *s, int type)
                 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
                     BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
 
-                /* I've seen the kernel return bogus numbers when it doesn't know
-                 * (initial write), so just make sure we have a reasonable number */
+                /*
+                 * I've seen the kernel return bogus numbers when it
+                 * doesn't know the MTU (ie., the initial write), so just
+                 * make sure we have a reasonable number
+                 */
                 if (s->d1->mtu < dtls1_min_mtu()) {
                         s->d1->mtu = 0;
                         s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
@@ -306,11 +309,12 @@ dtls1_do_write(SSL *s, int type)
                 ret = dtls1_write_bytes(s, type,
                     &s->init_buf->data[s->init_off], len);
                 if (ret < 0) {
-                        /* might need to update MTU here, but we don't know
-                         * which previous packet caused the failure -- so can't
-                         * really retransmit anything.  continue as if everything
-                         * is fine and wait for an alert to handle the
-                         * retransmit
+                        /*
+                         * Might need to update MTU here, but we don't know
+                         * which previous packet caused the failure -- so
+                         * can't really retransmit anything.  continue as
+                         * if everything is fine and wait for an alert to
+                         * handle the retransmit
                          */
                         if (BIO_ctrl(SSL_get_wbio(s),
                             BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
@@ -320,22 +324,30 @@ dtls1_do_write(SSL *s, int type)
                                 return (-1);
                 } else {
 
-                        /* bad if this assert fails, only part of the handshake
-                         * message got sent.  but why would this happen? */
+                        /*
+                         * Bad if this assert fails, only part of the
+                         * handshake message got sent.  but why would
+                         * this happen?
+                         */
                         OPENSSL_assert(len == (unsigned int)ret);
 
                         if (type == SSL3_RT_HANDSHAKE &&
                             !s->d1->retransmitting) {
-                                /* should not be done for 'Hello Request's, but in that case
-                                 * we'll ignore the result anyway */
+                                /*
+                                 * Should not be done for 'Hello Request's,
+                                 * but in that case we'll ignore the result
+                                 * anyway
+                                 */
                                 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
                                 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
                                 int xlen;
 
                                 if (frag_off == 0 &&
                                     s->version != DTLS1_BAD_VER) {
-                                        /* reconstruct message header is if it
-                                         * is being sent in single fragment */
+                                        /*
+                                         * Reconstruct message header is if it
+                                         * is being sent in single fragment
+                                         */
                                         *p++ = msg_hdr->type;
                                         l2n3(msg_hdr->msg_len, p);
                                         s2n (msg_hdr->seq, p);
@@ -373,7 +385,8 @@ dtls1_do_write(SSL *s, int type)
 }
 
 
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1),
  * maximum acceptable body length 'max'.
  * Read an entire handshake message.  Handshake messages arrive in
  * fragments.
@@ -386,8 +399,10 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
         unsigned char *p;
         unsigned long msg_len;
 
-        /* s3->tmp is used to store messages that are unexpected, caused
-         * by the absence of an optional handshake message */
+        /*
+         * s3->tmp is used to store messages that are unexpected, caused
+         * by the absence of an optional handshake message
+         */
         if (s->s3->tmp.reuse_message) {
                 s->s3->tmp.reuse_message = 0;
                 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
@@ -472,8 +487,10 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
 
         if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
         {
-                /* msg_len is limited to 2^24, but is effectively checked
-                 * against max above */
+                /*
+                 * msg_len is limited to 2^24, but is effectively checked
+                 * against max above
+                 */
                 if (!BUF_MEM_grow_clean(s->init_buf,
                     msg_len + DTLS1_HM_HEADER_LENGTH)) {
                         SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
@@ -486,8 +503,10 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
                 s->d1->r_msg_hdr.type = msg_hdr->type;
                 s->d1->r_msg_hdr.seq = msg_hdr->seq;
         } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
-                /* They must be playing with us! BTW, failure to enforce
-                 * upper limit would open possibility for buffer overrun. */
+                /*
+                 * They must be playing with us! BTW, failure to enforce
+                 * upper limit would open possibility for buffer overrun.
+                 */
                 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
                     SSL_R_EXCESSIVE_MESSAGE_SIZE);
                 return SSL_AD_ILLEGAL_PARAMETER;
@@ -499,7 +518,8 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
 static int
 dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
 {
-        /* (0) check whether the desired fragment is available
+        /*
+         * (0) check whether the desired fragment is available
          * if so:
          * (1) copy over the fragment to s->init_buf->data[]
          * (2) update s->init_num
@@ -561,7 +581,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
         if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
                 goto err;
 
-        /* Determine maximum allowed message size. Depends on (user set)
+        /*
+         * Determine maximum allowed message size. Depends on (user set)
          * maximum certificate length, but 16k is minimum.
          */
         if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <
@@ -595,7 +616,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                 }
         }
 
-        /* If message is already reassembled, this must be a
+        /*
+         * If message is already reassembled, this must be a
          * retransmit and can be dropped.
          */
         if (frag->reassembly == NULL) {
@@ -672,13 +694,15 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
         seq64be[7] = (unsigned char) msg_hdr->seq;
         item = pqueue_find(s->d1->buffered_messages, seq64be);
 
-        /* If we already have an entry and this one is a fragment,
+        /*
+         * If we already have an entry and this one is a fragment,
          * don't discard it and rather try to reassemble it.
          */
         if (item != NULL && frag_len < msg_hdr->msg_len)
                 item = NULL;
 
-        /* Discard the message if sequence number was already there, is
+        /*
+         * Discard the message if sequence number was already there, is
          * too far in the future, already in the queue or if we received
          * a FINISHED before the SERVER_HELLO, which then must be a stale
          * retransmit.
@@ -791,10 +815,12 @@ again:
 
         if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
             wire[0] == SSL3_MT_HELLO_REQUEST) {
-                /* The server may always send 'Hello Request' messages --
+                /*
+                 * The server may always send 'Hello Request' messages --
                  * we are doing a handshake anyway now, so ignore them
                  * if their format is correct. Does not count for
-                 * 'Finished' MAC. */
+                 * 'Finished' MAC.
+                 */
                 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
                         if (s->msg_callback)
                                 s->msg_callback(0, s->version,
@@ -834,8 +860,10 @@ again:
         } else
                 i = 0;
 
-        /* XDTLS:  an incorrectly formatted fragment should cause the
-         * handshake to fail */
+        /*
+         * XDTLS:  an incorrectly formatted fragment should cause the
+         * handshake to fail
+         */
         if (i != (int)frag_len) {
                 al = SSL3_AD_ILLEGAL_PARAMETER;
                 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
@@ -845,10 +873,12 @@ again:
 
         *ok = 1;
 
-        /* Note that s->init_num is *not* used as current offset in
+        /*
+         * Note that s->init_num is *not* used as current offset in
          * s->init_buf->data, but as a counter summing up fragments'
          * lengths: as soon as they sum up to handshake packet
-         * length, we assume we have got all the fragments. */
+         * length, we assume we have got all the fragments.
+         */
         s->init_num = frag_len;
         return frag_len;
 
@@ -878,7 +908,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                 p += i;
                 l = i;
 
-                /* Copy the finished so we can use it for
+                /*
+                 * Copy the finished so we can use it for
                  * renegotiation checks
                  */
                 if (s->type == SSL_ST_CONNECT) {
@@ -907,7 +938,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
         return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
 }
 
-/* for these 2 messages, we need to
+/*
+ * for these 2 messages, we need to
  * ssl->enc_read_ctx                    re-init
  * ssl->s3->read_sequence               zero
  * ssl->s3->read_mac_secret             re-init
@@ -1031,8 +1063,10 @@ dtls1_read_failed(SSL *s, int code)
         }
 
         if (!dtls1_is_timer_expired(s)) {
-                /* not a timeout, none of our business,
-                   let higher layers handle this.  in fact it's probably an error */
+                /*
+                 * not a timeout, none of our business, let higher layers
+                 * handle this.  in fact it's probably an error
+                 */
                 return code;
         }
 
@@ -1048,13 +1082,16 @@ dtls1_read_failed(SSL *s, int code)
 int
 dtls1_get_queue_priority(unsigned short seq, int is_ccs)
 {
-        /* The index of the retransmission queue actually is the message sequence number,
-         * since the queue only contains messages of a single handshake. However, the
-         * ChangeCipherSpec has no message sequence number and so using only the sequence
-         * will result in the CCS and Finished having the same index. To prevent this,
-         * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
-         * This does not only differ CSS and Finished, it also maintains the order of the
-         * index (important for priority queues) and fits in the unsigned short variable.
+        /*
+         * The index of the retransmission queue actually is the message
+         * sequence number, since the queue only contains messages of a
+         * single handshake. However, the ChangeCipherSpec has no message
+         * sequence number and so using only the sequence will result in
+         * the CCS and Finished having the same index. To prevent this, the
+         * sequence number is multiplied by 2. In case of a CCS 1 is
+         * subtracted.  This does not only differ CSS and Finished, it also
+         * maintains the order of the index (important for priority queues)
+         * and fits in the unsigned short variable.
          */
         return seq * 2 - is_ccs;
 }
@@ -1092,8 +1129,10 @@ dtls1_buffer_message(SSL *s, int is_ccs)
         hm_fragment *frag;
         unsigned char seq64be[8];
 
-        /* this function is called immediately after a message has
-         * been serialized */
+        /*
+         * This function is called immediately after a message has
+         * been serialized
+         */
         OPENSSL_assert(s->init_off == 0);
 
         frag = dtls1_hm_fragment_new(s->init_num, 0);
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index f24d0f9cf8..a3e62ea323 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.68 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -312,8 +312,10 @@ ssl3_accept(SSL *s)
                                 ret = -1;
                                 goto end;
                         } else {
-                                /* s->state == SSL_ST_RENEGOTIATE,
-                                 * we will just send a HelloRequest */
+                                /*
+                                 * s->state == SSL_ST_RENEGOTIATE,
+                                 * we will just send a HelloRequest
+                                 */
                                 s->ctx->stats.sess_accept_renegotiate++;
                                 s->state = SSL3_ST_SW_HELLO_REQ_A;
                         }
@@ -404,19 +406,21 @@ ssl3_accept(SSL *s)
                             )
                                 /*
                                  * option SSL_OP_EPHEMERAL_RSA sends temporary
-                                 * RSA key even when forbidden by protocol specs
-                                 * (handshake may fail as clients are not
-                                 * required to be able to handle this)
+                                 * RSA key even when forbidden by protocol
+                                 * specs (handshake may fail as clients are
+                                 * not required to be able to handle this)
                                  */
                                 s->s3->tmp.use_rsa_tmp = 1;
                         else
                                 s->s3->tmp.use_rsa_tmp = 0;
 
 
-                        /* only send if a DH key exchange, fortezza or
+                        /*
+                         * Only send if a DH key exchange, fortezza or
                          * RSA but we have a sign only certificate
                          *
-                         * PSK: may send PSK identity hints
+                         * PSK: send ServerKeyExchange if PSK identity
+                         * hint is provided
                          *
                          * For ECC ciphersuites, we send a serverKeyExchange
                          * message only if the cipher suite is either
@@ -425,8 +429,6 @@ ssl3_accept(SSL *s)
                          * public key for key exchange.
                          */
                         if (s->s3->tmp.use_rsa_tmp
-                        /* PSK: send ServerKeyExchange if PSK identity
-                         * hint if provided */
 #ifndef OPENSSL_NO_PSK
                             || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
@@ -1070,8 +1072,10 @@ ssl3_get_client_hello(SSL *s)
                         }
                 }
                 if (j == 0) {
-                        /* we need to have the cipher in the cipher
-                         * list if we are asked to reuse it */
+                        /*
+                         * We need to have the cipher in the cipher
+                         * list if we are asked to reuse it
+                         */
                         al = SSL_AD_ILLEGAL_PARAMETER;
                         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
                             SSL_R_REQUIRED_CIPHER_MISSING);
@@ -1841,8 +1845,7 @@ ssl3_send_server_key_exchange(SSL *s)
                 *(d++) = SSL3_MT_SERVER_KEY_EXCHANGE;
                 l2n3(n, d);
 
-                /* we should now have things packed up, so lets send
-                 * it off */
+                /* we should now have things packed up, so lets send it off */
                 s->init_num = n + 4;
                 s->init_off = 0;
         }
@@ -1928,9 +1931,7 @@ ssl3_send_certificate_request(SSL *s)
                 *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
                 l2n3(n, d);
 
-                /* we should now have things packed up, so lets send
-                 * it off */
-
+                /* we should now have things packed up, so lets send it off */
                 s->init_num = n + 4;
                 s->init_off = 0;
 #ifdef NETSCAPE_HANG_BUG
@@ -1975,10 +1976,9 @@ ssl3_get_client_key_exchange(SSL *s)
         EC_POINT *clnt_ecpoint = NULL;
         BN_CTX *bn_ctx = NULL;
 
-
+        /* 2048 maxlen is a guess.  How long a key does that permit? */
         n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
-            SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE,
-            2048, /* ??? */ &ok);
+            SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
         if (!ok)
                 return ((int)n);
         p = (unsigned char *)s->init_msg;
@@ -1990,8 +1990,10 @@ ssl3_get_client_key_exchange(SSL *s)
                 if (s->s3->tmp.use_rsa_tmp) {
                         if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
                                 rsa = s->cert->rsa_tmp;
-                        /* Don't do a callback because rsa_tmp should
-                         * be sent already */
+                        /*
+                         * Don't do a callback because rsa_tmp should
+                         * be sent already
+                         */
                         if (rsa == NULL) {
                                 al = SSL_AD_HANDSHAKE_FAILURE;
                                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2054,7 +2056,8 @@ ssl3_get_client_key_exchange(SSL *s)
                                 al = SSL_AD_DECODE_ERROR;
                                 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
 
-                                /* The Klima-Pokorny-Rosa extension of
+                                /*
+                                 * The Klima-Pokorny-Rosa extension of
                                  * Bleichenbacher's attack
                                  * (http://eprint.iacr.org/2003/052/) exploits
                                  * the version number check as a "bad version
@@ -2227,7 +2230,8 @@ ssl3_get_client_key_exchange(SSL *s)
                         }
                         ret = 2; /* Skip certificate verify processing */
                 } else {
-                        /* Get client's public key from encoded point
+                        /*
+                         * Get client's public key from encoded point
                          * in the ClientKeyExchange message.
                          */
                         if ((bn_ctx = BN_CTX_new()) == NULL) {
@@ -2474,9 +2478,9 @@ ssl3_get_cert_verify(SSL *s)
         EVP_MD_CTX mctx;
         EVP_MD_CTX_init(&mctx);
 
+        /* 516 maxlen is enough for 4096 bit RSA key with TLS v1.2 */
         n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
-            SSL3_ST_SR_CERT_VRFY_B, -1,
-            516, /* Enough for 4096 bit RSA key with TLS v1.2 */ &ok);
+            SSL3_ST_SR_CERT_VRFY_B, -1, 516, &ok);
         if (!ok)
                 return ((int)n);
 
@@ -2815,8 +2819,10 @@ ssl3_get_client_certificate(SSL *s)
         s->session->peer = sk_X509_shift(sk);
         s->session->verify_result = s->verify_result;
 
-        /* With the current implementation, sess_cert will always be NULL
-         * when we arrive here. */
+        /*
+         * With the current implementation, sess_cert will always be NULL
+         * when we arrive here
+         */
         if (s->session->sess_cert == NULL) {
                 s->session->sess_cert = ssl_sess_cert_new();
                 if (s->session->sess_cert == NULL) {
@@ -2828,8 +2834,11 @@ ssl3_get_client_certificate(SSL *s)
         if (s->session->sess_cert->cert_chain != NULL)
                 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
         s->session->sess_cert->cert_chain = sk;
-        /* Inconsistency alert: cert_chain does *not* include the
-         * peer's own certificate, while we do include it in s3_clnt.c */
+
+        /*
+         * Inconsistency alert: cert_chain does *not* include the
+         * peer's own certificate, while we do include it in s3_clnt.c
+         */
 
         sk = NULL;
 
@@ -3080,9 +3089,9 @@ ssl3_get_next_proto(SSL *s)
                 return (-1);
         }
 
+        /* 514 maxlen is enough for the payload format below */
         n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
-            SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO,
-            514,  /* See the payload format below */ &ok);
+            SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
         if (!ok)
                 return ((int)n);
 
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index bd4267238f..f27588fcff 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.22 2014/07/02 20:45:26 miod Exp $ */
+/* $OpenBSD: d1_both.c,v 1.23 2014/07/10 08:25:00 guenther Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -233,8 +233,11 @@ dtls1_do_write(SSL *s, int type)
                 s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
                     BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
 
-                /* I've seen the kernel return bogus numbers when it doesn't know
-                 * (initial write), so just make sure we have a reasonable number */
+                /*
+                 * I've seen the kernel return bogus numbers when it
+                 * doesn't know the MTU (ie., the initial write), so just
+                 * make sure we have a reasonable number
+                 */
                 if (s->d1->mtu < dtls1_min_mtu()) {
                         s->d1->mtu = 0;
                         s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
@@ -306,11 +309,12 @@ dtls1_do_write(SSL *s, int type)
                 ret = dtls1_write_bytes(s, type,
                     &s->init_buf->data[s->init_off], len);
                 if (ret < 0) {
-                        /* might need to update MTU here, but we don't know
-                         * which previous packet caused the failure -- so can't
-                         * really retransmit anything.  continue as if everything
-                         * is fine and wait for an alert to handle the
-                         * retransmit
+                        /*
+                         * Might need to update MTU here, but we don't know
+                         * which previous packet caused the failure -- so
+                         * can't really retransmit anything.  continue as
+                         * if everything is fine and wait for an alert to
+                         * handle the retransmit
                          */
                         if (BIO_ctrl(SSL_get_wbio(s),
                             BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
@@ -320,22 +324,30 @@ dtls1_do_write(SSL *s, int type)
                                 return (-1);
                 } else {
 
-                        /* bad if this assert fails, only part of the handshake
-                         * message got sent.  but why would this happen? */
+                        /*
+                         * Bad if this assert fails, only part of the
+                         * handshake message got sent.  but why would
+                         * this happen?
+                         */
                         OPENSSL_assert(len == (unsigned int)ret);
 
                         if (type == SSL3_RT_HANDSHAKE &&
                             !s->d1->retransmitting) {
-                                /* should not be done for 'Hello Request's, but in that case
-                                 * we'll ignore the result anyway */
+                                /*
+                                 * Should not be done for 'Hello Request's,
+                                 * but in that case we'll ignore the result
+                                 * anyway
+                                 */
                                 unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
                                 const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
                                 int xlen;
 
                                 if (frag_off == 0 &&
                                     s->version != DTLS1_BAD_VER) {
-                                        /* reconstruct message header is if it
-                                         * is being sent in single fragment */
+                                        /*
+                                         * Reconstruct message header is if it
+                                         * is being sent in single fragment
+                                         */
                                         *p++ = msg_hdr->type;
                                         l2n3(msg_hdr->msg_len, p);
                                         s2n (msg_hdr->seq, p);
@@ -373,7 +385,8 @@ dtls1_do_write(SSL *s, int type)
 }
 
 
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1),
  * maximum acceptable body length 'max'.
  * Read an entire handshake message.  Handshake messages arrive in
  * fragments.
@@ -386,8 +399,10 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
         unsigned char *p;
         unsigned long msg_len;
 
-        /* s3->tmp is used to store messages that are unexpected, caused
-         * by the absence of an optional handshake message */
+        /*
+         * s3->tmp is used to store messages that are unexpected, caused
+         * by the absence of an optional handshake message
+         */
         if (s->s3->tmp.reuse_message) {
                 s->s3->tmp.reuse_message = 0;
                 if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
@@ -472,8 +487,10 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
 
         if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
         {
-                /* msg_len is limited to 2^24, but is effectively checked
-                 * against max above */
+                /*
+                 * msg_len is limited to 2^24, but is effectively checked
+                 * against max above
+                 */
                 if (!BUF_MEM_grow_clean(s->init_buf,
                     msg_len + DTLS1_HM_HEADER_LENGTH)) {
                         SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
@@ -486,8 +503,10 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
                 s->d1->r_msg_hdr.type = msg_hdr->type;
                 s->d1->r_msg_hdr.seq = msg_hdr->seq;
         } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
-                /* They must be playing with us! BTW, failure to enforce
-                 * upper limit would open possibility for buffer overrun. */
+                /*
+                 * They must be playing with us! BTW, failure to enforce
+                 * upper limit would open possibility for buffer overrun.
+                 */
                 SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
                     SSL_R_EXCESSIVE_MESSAGE_SIZE);
                 return SSL_AD_ILLEGAL_PARAMETER;
@@ -499,7 +518,8 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
 static int
 dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
 {
-        /* (0) check whether the desired fragment is available
+        /*
+         * (0) check whether the desired fragment is available
          * if so:
          * (1) copy over the fragment to s->init_buf->data[]
          * (2) update s->init_num
@@ -561,7 +581,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
         if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
                 goto err;
 
-        /* Determine maximum allowed message size. Depends on (user set)
+        /*
+         * Determine maximum allowed message size. Depends on (user set)
          * maximum certificate length, but 16k is minimum.
          */
         if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <
@@ -595,7 +616,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                 }
         }
 
-        /* If message is already reassembled, this must be a
+        /*
+         * If message is already reassembled, this must be a
          * retransmit and can be dropped.
          */
         if (frag->reassembly == NULL) {
@@ -672,13 +694,15 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
         seq64be[7] = (unsigned char) msg_hdr->seq;
         item = pqueue_find(s->d1->buffered_messages, seq64be);
 
-        /* If we already have an entry and this one is a fragment,
+        /*
+         * If we already have an entry and this one is a fragment,
          * don't discard it and rather try to reassemble it.
          */
         if (item != NULL && frag_len < msg_hdr->msg_len)
                 item = NULL;
 
-        /* Discard the message if sequence number was already there, is
+        /*
+         * Discard the message if sequence number was already there, is
          * too far in the future, already in the queue or if we received
          * a FINISHED before the SERVER_HELLO, which then must be a stale
          * retransmit.
@@ -791,10 +815,12 @@ again:
 
         if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
             wire[0] == SSL3_MT_HELLO_REQUEST) {
-                /* The server may always send 'Hello Request' messages --
+                /*
+                 * The server may always send 'Hello Request' messages --
                  * we are doing a handshake anyway now, so ignore them
                  * if their format is correct. Does not count for
-                 * 'Finished' MAC. */
+                 * 'Finished' MAC.
+                 */
                 if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
                         if (s->msg_callback)
                                 s->msg_callback(0, s->version,
@@ -834,8 +860,10 @@ again:
         } else
                 i = 0;
 
-        /* XDTLS:  an incorrectly formatted fragment should cause the
-         * handshake to fail */
+        /*
+         * XDTLS:  an incorrectly formatted fragment should cause the
+         * handshake to fail
+         */
         if (i != (int)frag_len) {
                 al = SSL3_AD_ILLEGAL_PARAMETER;
                 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
@@ -845,10 +873,12 @@ again:
 
         *ok = 1;
 
-        /* Note that s->init_num is *not* used as current offset in
+        /*
+         * Note that s->init_num is *not* used as current offset in
          * s->init_buf->data, but as a counter summing up fragments'
          * lengths: as soon as they sum up to handshake packet
-         * length, we assume we have got all the fragments. */
+         * length, we assume we have got all the fragments.
+         */
         s->init_num = frag_len;
         return frag_len;
 
@@ -878,7 +908,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
                 p += i;
                 l = i;
 
-                /* Copy the finished so we can use it for
+                /*
+                 * Copy the finished so we can use it for
                  * renegotiation checks
                  */
                 if (s->type == SSL_ST_CONNECT) {
@@ -907,7 +938,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
         return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
 }
 
-/* for these 2 messages, we need to
+/*
+ * for these 2 messages, we need to
  * ssl->enc_read_ctx                    re-init
  * ssl->s3->read_sequence               zero
  * ssl->s3->read_mac_secret             re-init
@@ -1031,8 +1063,10 @@ dtls1_read_failed(SSL *s, int code)
         }
 
         if (!dtls1_is_timer_expired(s)) {
-                /* not a timeout, none of our business,
-                   let higher layers handle this.  in fact it's probably an error */
+                /*
+                 * not a timeout, none of our business, let higher layers
+                 * handle this.  in fact it's probably an error
+                 */
                 return code;
         }
 
@@ -1048,13 +1082,16 @@ dtls1_read_failed(SSL *s, int code)
 int
 dtls1_get_queue_priority(unsigned short seq, int is_ccs)
 {
-        /* The index of the retransmission queue actually is the message sequence number,
-         * since the queue only contains messages of a single handshake. However, the
-         * ChangeCipherSpec has no message sequence number and so using only the sequence
-         * will result in the CCS and Finished having the same index. To prevent this,
-         * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
-         * This does not only differ CSS and Finished, it also maintains the order of the
-         * index (important for priority queues) and fits in the unsigned short variable.
+        /*
+         * The index of the retransmission queue actually is the message
+         * sequence number, since the queue only contains messages of a
+         * single handshake. However, the ChangeCipherSpec has no message
+         * sequence number and so using only the sequence will result in
+         * the CCS and Finished having the same index. To prevent this, the
+         * sequence number is multiplied by 2. In case of a CCS 1 is
+         * subtracted.  This does not only differ CSS and Finished, it also
+         * maintains the order of the index (important for priority queues)
+         * and fits in the unsigned short variable.
          */
         return seq * 2 - is_ccs;
 }
@@ -1092,8 +1129,10 @@ dtls1_buffer_message(SSL *s, int is_ccs)
         hm_fragment *frag;
         unsigned char seq64be[8];
 
-        /* this function is called immediately after a message has
-         * been serialized */
+        /*
+         * This function is called immediately after a message has
+         * been serialized
+         */
         OPENSSL_assert(s->init_off == 0);
 
         frag = dtls1_hm_fragment_new(s->init_num, 0);
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index f24d0f9cf8..a3e62ea323 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.68 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.69 2014/07/10 08:25:00 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -312,8 +312,10 @@ ssl3_accept(SSL *s)
                                 ret = -1;
                                 goto end;
                         } else {
-                                /* s->state == SSL_ST_RENEGOTIATE,
-                                 * we will just send a HelloRequest */
+                                /*
+                                 * s->state == SSL_ST_RENEGOTIATE,
+                                 * we will just send a HelloRequest
+                                 */
                                 s->ctx->stats.sess_accept_renegotiate++;
                                 s->state = SSL3_ST_SW_HELLO_REQ_A;
                         }
@@ -404,19 +406,21 @@ ssl3_accept(SSL *s)
                             )
                                 /*
                                  * option SSL_OP_EPHEMERAL_RSA sends temporary
-                                 * RSA key even when forbidden by protocol specs
-                                 * (handshake may fail as clients are not
-                                 * required to be able to handle this)
+                                 * RSA key even when forbidden by protocol
+                                 * specs (handshake may fail as clients are
+                                 * not required to be able to handle this)
                                  */
                                 s->s3->tmp.use_rsa_tmp = 1;
                         else
                                 s->s3->tmp.use_rsa_tmp = 0;
 
 
-                        /* only send if a DH key exchange, fortezza or
+                        /*
+                         * Only send if a DH key exchange, fortezza or
                          * RSA but we have a sign only certificate
                          *
-                         * PSK: may send PSK identity hints
+                         * PSK: send ServerKeyExchange if PSK identity
+                         * hint is provided
                          *
                          * For ECC ciphersuites, we send a serverKeyExchange
                          * message only if the cipher suite is either
@@ -425,8 +429,6 @@ ssl3_accept(SSL *s)
                          * public key for key exchange.
                          */
                         if (s->s3->tmp.use_rsa_tmp
-                        /* PSK: send ServerKeyExchange if PSK identity
-                         * hint if provided */
 #ifndef OPENSSL_NO_PSK
                             || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
@@ -1070,8 +1072,10 @@ ssl3_get_client_hello(SSL *s)
                         }
                 }
                 if (j == 0) {
-                        /* we need to have the cipher in the cipher
-                         * list if we are asked to reuse it */
+                        /*
+                         * We need to have the cipher in the cipher
+                         * list if we are asked to reuse it
+                         */
                         al = SSL_AD_ILLEGAL_PARAMETER;
                         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
                             SSL_R_REQUIRED_CIPHER_MISSING);
@@ -1841,8 +1845,7 @@ ssl3_send_server_key_exchange(SSL *s)
                 *(d++) = SSL3_MT_SERVER_KEY_EXCHANGE;
                 l2n3(n, d);
 
-                /* we should now have things packed up, so lets send
-                 * it off */
+                /* we should now have things packed up, so lets send it off */
                 s->init_num = n + 4;
                 s->init_off = 0;
         }
@@ -1928,9 +1931,7 @@ ssl3_send_certificate_request(SSL *s)
                 *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
                 l2n3(n, d);
 
-                /* we should now have things packed up, so lets send
-                 * it off */
-
+                /* we should now have things packed up, so lets send it off */
                 s->init_num = n + 4;
                 s->init_off = 0;
 #ifdef NETSCAPE_HANG_BUG
@@ -1975,10 +1976,9 @@ ssl3_get_client_key_exchange(SSL *s)
         EC_POINT *clnt_ecpoint = NULL;
         BN_CTX *bn_ctx = NULL;
 
-
+        /* 2048 maxlen is a guess.  How long a key does that permit? */
         n = s->method->ssl_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
-            SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE,
-            2048, /* ??? */ &ok);
+            SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
         if (!ok)
                 return ((int)n);
         p = (unsigned char *)s->init_msg;
@@ -1990,8 +1990,10 @@ ssl3_get_client_key_exchange(SSL *s)
                 if (s->s3->tmp.use_rsa_tmp) {
                         if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
                                 rsa = s->cert->rsa_tmp;
-                        /* Don't do a callback because rsa_tmp should
-                         * be sent already */
+                        /*
+                         * Don't do a callback because rsa_tmp should
+                         * be sent already
+                         */
                         if (rsa == NULL) {
                                 al = SSL_AD_HANDSHAKE_FAILURE;
                                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
@@ -2054,7 +2056,8 @@ ssl3_get_client_key_exchange(SSL *s)
                                 al = SSL_AD_DECODE_ERROR;
                                 /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
 
-                                /* The Klima-Pokorny-Rosa extension of
+                                /*
+                                 * The Klima-Pokorny-Rosa extension of
                                  * Bleichenbacher's attack
                                  * (http://eprint.iacr.org/2003/052/) exploits
                                  * the version number check as a "bad version
@@ -2227,7 +2230,8 @@ ssl3_get_client_key_exchange(SSL *s)
                         }
                         ret = 2; /* Skip certificate verify processing */
                 } else {
-                        /* Get client's public key from encoded point
+                        /*
+                         * Get client's public key from encoded point
                          * in the ClientKeyExchange message.
                          */
                         if ((bn_ctx = BN_CTX_new()) == NULL) {
@@ -2474,9 +2478,9 @@ ssl3_get_cert_verify(SSL *s)
         EVP_MD_CTX mctx;
         EVP_MD_CTX_init(&mctx);
 
+        /* 516 maxlen is enough for 4096 bit RSA key with TLS v1.2 */
         n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
-            SSL3_ST_SR_CERT_VRFY_B, -1,
-            516, /* Enough for 4096 bit RSA key with TLS v1.2 */ &ok);
+            SSL3_ST_SR_CERT_VRFY_B, -1, 516, &ok);
         if (!ok)
                 return ((int)n);
 
@@ -2815,8 +2819,10 @@ ssl3_get_client_certificate(SSL *s)
         s->session->peer = sk_X509_shift(sk);
         s->session->verify_result = s->verify_result;
 
-        /* With the current implementation, sess_cert will always be NULL
-         * when we arrive here. */
+        /*
+         * With the current implementation, sess_cert will always be NULL
+         * when we arrive here
+         */
         if (s->session->sess_cert == NULL) {
                 s->session->sess_cert = ssl_sess_cert_new();
                 if (s->session->sess_cert == NULL) {
@@ -2828,8 +2834,11 @@ ssl3_get_client_certificate(SSL *s)
         if (s->session->sess_cert->cert_chain != NULL)
                 sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
         s->session->sess_cert->cert_chain = sk;
-        /* Inconsistency alert: cert_chain does *not* include the
-         * peer's own certificate, while we do include it in s3_clnt.c */
+
+        /*
+         * Inconsistency alert: cert_chain does *not* include the
+         * peer's own certificate, while we do include it in s3_clnt.c
+         */
 
         sk = NULL;
 
@@ -3080,9 +3089,9 @@ ssl3_get_next_proto(SSL *s)
                 return (-1);
         }
 
+        /* 514 maxlen is enough for the payload format below */
         n = s->method->ssl_get_message(s, SSL3_ST_SR_NEXT_PROTO_A,
-            SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO,
-            514,  /* See the payload format below */ &ok);
+            SSL3_ST_SR_NEXT_PROTO_B, SSL3_MT_NEXT_PROTO, 514, &ok);
         if (!ok)
                 return ((int)n);
 
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index 5b5ffac06f..6aae59e310 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.40 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.41 2014/07/10 08:25:00 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -195,9 +195,11 @@ ssl_cert_dup(CERT *cert)
                 return (NULL);
         }
 
+        /*
+         * same as ret->key = ret->pkeys + (cert->key - cert->pkeys),
+         * if you find that more readable
+         */
         ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
-        /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
-         * if you find that more readable */
 
         ret->valid = cert->valid;
         ret->mask_k = cert->mask_k;
@@ -256,9 +258,11 @@ ssl_cert_dup(CERT *cert)
                         CRYPTO_LOCK_EVP_PKEY);
 
                         switch (i) {
-                                /* If there was anything special to do for
+                                /*
+                                 * If there was anything special to do for
                                  * certain types of keys, we'd do it here.
-                                 * (Nothing at the moment, I think.) */
+                                 * (Nothing at the moment, I think.)
+                                 */
 
                         case SSL_PKEY_RSA_ENC:
                         case SSL_PKEY_RSA_SIGN:
@@ -285,12 +289,15 @@ ssl_cert_dup(CERT *cert)
                 }
         }
 
-        /* ret->extra_certs *should* exist, but currently the own certificate
-         * chain is held inside SSL_CTX */
+        /*
+         * ret->extra_certs *should* exist, but currently the own certificate
+         * chain is held inside SSL_CTX
+         */
 
         ret->references = 1;
-        /* Set digests to defaults. NB: we don't copy existing values as they
-         * will be set during handshake.
+        /*
+         * Set digests to defaults. NB: we don't copy existing values
+         * as they will be set during handshake.
          */
         ssl_cert_set_default_md(ret);
 
@@ -339,7 +346,8 @@ ssl_cert_free(CERT *c)
 int
 ssl_cert_inst(CERT **o)
 {
-        /* Create a CERT if there isn't already one
+        /*
+         * Create a CERT if there isn't already one
          * (which cannot really happen, as it is initially created in
          * SSL_CTX_new; but the earlier code usually allows for that one
          * being non-existant, so we follow that behaviour, as it might
@@ -431,16 +439,17 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
         X509_STORE_CTX_set_ex_data(&ctx,
             SSL_get_ex_data_X509_STORE_CTX_idx(), s);
 
-        /* We need to inherit the verify parameters. These can be determined by
-         * the context: if its a server it will verify SSL client certificates
-         * or vice versa.
+        /*
+         * We need to inherit the verify parameters. These can be
+         * determined by the context: if its a server it will verify
+         * SSL client certificates or vice versa.
          */
-
         X509_STORE_CTX_set_default(&ctx,
             s->server ? "ssl_client" : "ssl_server");
 
-        /* Anything non-default in "param" should overwrite anything in the
-         * ctx.
+        /*
+         * Anything non-default in "param" should overwrite anything
+         * in the ctx.
          */
         X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
 
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 5b5ffac06f..6aae59e310 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.40 2014/07/09 11:25:42 jsing Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.41 2014/07/10 08:25:00 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -195,9 +195,11 @@ ssl_cert_dup(CERT *cert)
                 return (NULL);
         }
 
+        /*
+         * same as ret->key = ret->pkeys + (cert->key - cert->pkeys),
+         * if you find that more readable
+         */
         ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
-        /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
-         * if you find that more readable */
 
         ret->valid = cert->valid;
         ret->mask_k = cert->mask_k;
@@ -256,9 +258,11 @@ ssl_cert_dup(CERT *cert)
                         CRYPTO_LOCK_EVP_PKEY);
 
                         switch (i) {
-                                /* If there was anything special to do for
+                                /*
+                                 * If there was anything special to do for
                                  * certain types of keys, we'd do it here.
-                                 * (Nothing at the moment, I think.) */
+                                 * (Nothing at the moment, I think.)
+                                 */
 
                         case SSL_PKEY_RSA_ENC:
                         case SSL_PKEY_RSA_SIGN:
@@ -285,12 +289,15 @@ ssl_cert_dup(CERT *cert)
                 }
         }
 
-        /* ret->extra_certs *should* exist, but currently the own certificate
-         * chain is held inside SSL_CTX */
+        /*
+         * ret->extra_certs *should* exist, but currently the own certificate
+         * chain is held inside SSL_CTX
+         */
 
         ret->references = 1;
-        /* Set digests to defaults. NB: we don't copy existing values as they
-         * will be set during handshake.
+        /*
+         * Set digests to defaults. NB: we don't copy existing values
+         * as they will be set during handshake.
          */
         ssl_cert_set_default_md(ret);
 
@@ -339,7 +346,8 @@ ssl_cert_free(CERT *c)
 int
 ssl_cert_inst(CERT **o)
 {
-        /* Create a CERT if there isn't already one
+        /*
+         * Create a CERT if there isn't already one
          * (which cannot really happen, as it is initially created in
          * SSL_CTX_new; but the earlier code usually allows for that one
          * being non-existant, so we follow that behaviour, as it might
@@ -431,16 +439,17 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
         X509_STORE_CTX_set_ex_data(&ctx,
             SSL_get_ex_data_X509_STORE_CTX_idx(), s);
 
-        /* We need to inherit the verify parameters. These can be determined by
-         * the context: if its a server it will verify SSL client certificates
-         * or vice versa.
+        /*
+         * We need to inherit the verify parameters. These can be
+         * determined by the context: if its a server it will verify
+         * SSL client certificates or vice versa.
          */
-
         X509_STORE_CTX_set_default(&ctx,
             s->server ? "ssl_client" : "ssl_server");
 
-        /* Anything non-default in "param" should overwrite anything in the
-         * ctx.
+        /*
+         * Anything non-default in "param" should overwrite anything
+         * in the ctx.
          */
         X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);