KNF comments, reflowing and moving out of the middle of argument lists in

places

ok jsing@

1 files changed, 84 insertions, 45 deletions

diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index bd4267238ff..f27588fcff8 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_both.c,v 1.22 2014/07/02 20:45:26 miod Exp $ */
+/* $OpenBSD: d1_both.c,v 1.23 2014/07/10 08:25:00 guenther Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -233,8 +233,11 @@ dtls1_do_write(SSL *s, int type)
 		s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
 		    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
 
-		/* I've seen the kernel return bogus numbers when it doesn't know
-		 * (initial write), so just make sure we have a reasonable number */
+		/*
+		 * I've seen the kernel return bogus numbers when it
+		 * doesn't know the MTU (ie., the initial write), so just
+		 * make sure we have a reasonable number
+		 */
 		if (s->d1->mtu < dtls1_min_mtu()) {
 			s->d1->mtu = 0;
 			s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
@@ -306,11 +309,12 @@ dtls1_do_write(SSL *s, int type)
 		ret = dtls1_write_bytes(s, type,
 		    &s->init_buf->data[s->init_off], len);
 		if (ret < 0) {
-			/* might need to update MTU here, but we don't know
-			 * which previous packet caused the failure -- so can't
-			 * really retransmit anything.  continue as if everything
-			 * is fine and wait for an alert to handle the
-			 * retransmit
+			/*
+			 * Might need to update MTU here, but we don't know
+			 * which previous packet caused the failure -- so
+			 * can't really retransmit anything.  continue as
+			 * if everything is fine and wait for an alert to
+			 * handle the retransmit
 			 */
 			if (BIO_ctrl(SSL_get_wbio(s),
 			    BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
@@ -320,22 +324,30 @@ dtls1_do_write(SSL *s, int type)
 				return (-1);
 		} else {
 
-			/* bad if this assert fails, only part of the handshake
-			 * message got sent.  but why would this happen? */
+			/*
+			 * Bad if this assert fails, only part of the
+			 * handshake message got sent.  but why would
+			 * this happen?
+			 */
 			OPENSSL_assert(len == (unsigned int)ret);
 
 			if (type == SSL3_RT_HANDSHAKE &&
 			    !s->d1->retransmitting) {
-				/* should not be done for 'Hello Request's, but in that case
-				 * we'll ignore the result anyway */
+				/*
+				 * Should not be done for 'Hello Request's,
+				 * but in that case we'll ignore the result
+				 * anyway
+				 */
 				unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
 				const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
 				int xlen;
 
 				if (frag_off == 0 &&
 				    s->version != DTLS1_BAD_VER) {
-					/* reconstruct message header is if it
-					 * is being sent in single fragment */
+					/*
+					 * Reconstruct message header is if it
+					 * is being sent in single fragment
+					 */
 					*p++ = msg_hdr->type;
 					l2n3(msg_hdr->msg_len, p);
 					s2n (msg_hdr->seq, p);
@@ -373,7 +385,8 @@ dtls1_do_write(SSL *s, int type)
 }
 
 
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1),
  * maximum acceptable body length 'max'.
  * Read an entire handshake message.  Handshake messages arrive in
  * fragments.
@@ -386,8 +399,10 @@ dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 	unsigned char *p;
 	unsigned long msg_len;
 
-	/* s3->tmp is used to store messages that are unexpected, caused
-	 * by the absence of an optional handshake message */
+	/*
+	 * s3->tmp is used to store messages that are unexpected, caused
+	 * by the absence of an optional handshake message
+	 */
 	if (s->s3->tmp.reuse_message) {
 		s->s3->tmp.reuse_message = 0;
 		if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
@@ -472,8 +487,10 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
 
 	if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
 	{
-		/* msg_len is limited to 2^24, but is effectively checked
-		 * against max above */
+		/*
+		 * msg_len is limited to 2^24, but is effectively checked
+		 * against max above
+		 */
 		if (!BUF_MEM_grow_clean(s->init_buf,
 		    msg_len + DTLS1_HM_HEADER_LENGTH)) {
 			SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
@@ -486,8 +503,10 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
 		s->d1->r_msg_hdr.type = msg_hdr->type;
 		s->d1->r_msg_hdr.seq = msg_hdr->seq;
 	} else if (msg_len != s->d1->r_msg_hdr.msg_len) {
-		/* They must be playing with us! BTW, failure to enforce
-		 * upper limit would open possibility for buffer overrun. */
+		/*
+		 * They must be playing with us! BTW, failure to enforce
+		 * upper limit would open possibility for buffer overrun.
+		 */
 		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,
 		    SSL_R_EXCESSIVE_MESSAGE_SIZE);
 		return SSL_AD_ILLEGAL_PARAMETER;
@@ -499,7 +518,8 @@ dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
 static int
 dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
 {
-	/* (0) check whether the desired fragment is available
+	/*
+	 * (0) check whether the desired fragment is available
 	 * if so:
 	 * (1) copy over the fragment to s->init_buf->data[]
 	 * (2) update s->init_num
@@ -561,7 +581,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 	if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
 		goto err;
 
-	/* Determine maximum allowed message size. Depends on (user set)
+	/*
+	 * Determine maximum allowed message size. Depends on (user set)
 	 * maximum certificate length, but 16k is minimum.
 	 */
 	if (DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <
@@ -595,7 +616,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 		}
 	}
 
-	/* If message is already reassembled, this must be a
+	/*
+	 * If message is already reassembled, this must be a
 	 * retransmit and can be dropped.
 	 */
 	if (frag->reassembly == NULL) {
@@ -672,13 +694,15 @@ dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
 	seq64be[7] = (unsigned char) msg_hdr->seq;
 	item = pqueue_find(s->d1->buffered_messages, seq64be);
 
-	/* If we already have an entry and this one is a fragment,
+	/*
+	 * If we already have an entry and this one is a fragment,
 	 * don't discard it and rather try to reassemble it.
 	 */
 	if (item != NULL && frag_len < msg_hdr->msg_len)
 		item = NULL;
 
-	/* Discard the message if sequence number was already there, is
+	/*
+	 * Discard the message if sequence number was already there, is
 	 * too far in the future, already in the queue or if we received
 	 * a FINISHED before the SERVER_HELLO, which then must be a stale
 	 * retransmit.
@@ -791,10 +815,12 @@ again:
 
 	if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
 	    wire[0] == SSL3_MT_HELLO_REQUEST) {
-		/* The server may always send 'Hello Request' messages --
+		/*
+		 * The server may always send 'Hello Request' messages --
 		 * we are doing a handshake anyway now, so ignore them
 		 * if their format is correct. Does not count for
-		 * 'Finished' MAC. */
+		 * 'Finished' MAC.
+		 */
 		if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
 			if (s->msg_callback)
 				s->msg_callback(0, s->version,
@@ -834,8 +860,10 @@ again:
 	} else
 		i = 0;
 
-	/* XDTLS:  an incorrectly formatted fragment should cause the
-	 * handshake to fail */
+	/*
+	 * XDTLS:  an incorrectly formatted fragment should cause the
+	 * handshake to fail
+	 */
 	if (i != (int)frag_len) {
 		al = SSL3_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
@@ -845,10 +873,12 @@ again:
 
 	*ok = 1;
 
-	/* Note that s->init_num is *not* used as current offset in
+	/*
+	 * Note that s->init_num is *not* used as current offset in
 	 * s->init_buf->data, but as a counter summing up fragments'
 	 * lengths: as soon as they sum up to handshake packet
-	 * length, we assume we have got all the fragments. */
+	 * length, we assume we have got all the fragments.
+	 */
 	s->init_num = frag_len;
 	return frag_len;
 
@@ -878,7 +908,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 		p += i;
 		l = i;
 
-		/* Copy the finished so we can use it for
+		/*
+		 * Copy the finished so we can use it for
 		 * renegotiation checks
 		 */
 		if (s->type == SSL_ST_CONNECT) {
@@ -907,7 +938,8 @@ dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 	return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
 }
 
-/* for these 2 messages, we need to
+/*
+ * for these 2 messages, we need to
  * ssl->enc_read_ctx			re-init
  * ssl->s3->read_sequence		zero
  * ssl->s3->read_mac_secret		re-init
@@ -1031,8 +1063,10 @@ dtls1_read_failed(SSL *s, int code)
 	}
 
 	if (!dtls1_is_timer_expired(s)) {
-		/* not a timeout, none of our business,
-		   let higher layers handle this.  in fact it's probably an error */
+		/*
+		 * not a timeout, none of our business, let higher layers
+		 * handle this.  in fact it's probably an error
+		 */
 		return code;
 	}
 
@@ -1048,13 +1082,16 @@ dtls1_read_failed(SSL *s, int code)
 int
 dtls1_get_queue_priority(unsigned short seq, int is_ccs)
 {
-	/* The index of the retransmission queue actually is the message sequence number,
-	 * since the queue only contains messages of a single handshake. However, the
-	 * ChangeCipherSpec has no message sequence number and so using only the sequence
-	 * will result in the CCS and Finished having the same index. To prevent this,
-	 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
-	 * This does not only differ CSS and Finished, it also maintains the order of the
-	 * index (important for priority queues) and fits in the unsigned short variable.
+	/*
+	 * The index of the retransmission queue actually is the message
+	 * sequence number, since the queue only contains messages of a
+	 * single handshake. However, the ChangeCipherSpec has no message
+	 * sequence number and so using only the sequence will result in
+	 * the CCS and Finished having the same index. To prevent this, the
+	 * sequence number is multiplied by 2. In case of a CCS 1 is
+	 * subtracted.  This does not only differ CSS and Finished, it also
+	 * maintains the order of the index (important for priority queues)
+	 * and fits in the unsigned short variable.
 	 */
 	return seq * 2 - is_ccs;
 }
@@ -1092,8 +1129,10 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	hm_fragment *frag;
 	unsigned char seq64be[8];
 
-	/* this function is called immediately after a message has
-	 * been serialized */
+	/*
+	 * This function is called immediately after a message has
+	 * been serialized
+	 */
 	OPENSSL_assert(s->init_off == 0);
 
 	frag = dtls1_hm_fragment_new(s->init_num, 0);