1 files changed, 38 insertions, 36 deletions

diff --git a/src/crypto/fipsmodule/rand/urandom.c b/src/crypto/fipsmodule/rand/urandom.c
index 8cbf7278..d2be7199 100644
--- a/src/crypto/fipsmodule/rand/urandom.c
+++ b/src/crypto/fipsmodule/rand/urandom.c
@@ -13,7 +13,7 @@
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
 #if !defined(_GNU_SOURCE)
-#define _GNU_SOURCE  /* needed for syscall() on Linux. */
+#define _GNU_SOURCE  // needed for syscall() on Linux.
 #endif
 
 #include <openssl/rand.h>
@@ -29,8 +29,10 @@
 #include <unistd.h>
 
 #if defined(OPENSSL_LINUX)
+#if defined(BORINGSSL_FIPS)
 #include <linux/random.h>
 #include <sys/ioctl.h>
+#endif
 #include <sys/syscall.h>
 #endif
 
@@ -65,40 +67,40 @@
 #error "system call number for getrandom is not the expected value"
 #endif
 
-#else  /* __NR_getrandom */
+#else  // __NR_getrandom
 
 #define __NR_getrandom EXPECTED_NR_getrandom
 
-#endif  /* __NR_getrandom */
+#endif  // __NR_getrandom
 
-#endif /* EXPECTED_NR_getrandom */
+#endif  // EXPECTED_NR_getrandom
 
 #if !defined(GRND_NONBLOCK)
 #define GRND_NONBLOCK 1
 #endif
 
-#endif  /* OPENSSL_LINUX */
+#endif  // OPENSSL_LINUX
 
-/* rand_lock is used to protect the |*_requested| variables. */
+// rand_lock is used to protect the |*_requested| variables.
 DEFINE_STATIC_MUTEX(rand_lock);
 
-/* The following constants are magic values of |urandom_fd|. */
+// The following constants are magic values of |urandom_fd|.
 static const int kUnset = 0;
 static const int kHaveGetrandom = -3;
 
-/* urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by
- * |rand_lock|. */
+// urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by
+// |rand_lock|.
 DEFINE_BSS_GET(int, urandom_fd_requested);
 
-/* urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. */
+// urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|.
 DEFINE_BSS_GET(int, urandom_fd);
 
 DEFINE_STATIC_ONCE(rand_once);
 
 #if defined(USE_NR_getrandom) || defined(BORINGSSL_FIPS)
-/* message writes |msg| to stderr. We use this because referencing |stderr|
- * with |fprintf| generates relocations, which is a problem inside the FIPS
- * module. */
+// message writes |msg| to stderr. We use this because referencing |stderr|
+// with |fprintf| generates relocations, which is a problem inside the FIPS
+// module.
 static void message(const char *msg) {
   ssize_t r;
   do {
@@ -107,10 +109,10 @@ static void message(const char *msg) {
 }
 #endif
 
-/* init_once initializes the state of this module to values previously
- * requested. This is the only function that modifies |urandom_fd| and
- * |urandom_buffering|, whose values may be read safely after calling the
- * once. */
+// init_once initializes the state of this module to values previously
+// requested. This is the only function that modifies |urandom_fd| and
+// |urandom_buffering|, whose values may be read safely after calling the
+// once.
 static void init_once(void) {
   CRYPTO_STATIC_MUTEX_lock_read(rand_lock_bss_get());
   int fd = *urandom_fd_requested_bss_get();
@@ -140,7 +142,7 @@ static void init_once(void) {
       return;
     }
   }
-#endif  /* USE_NR_getrandom */
+#endif  // USE_NR_getrandom
 
   if (fd == kUnset) {
     do {
@@ -154,9 +156,9 @@ static void init_once(void) {
 
   assert(kUnset == 0);
   if (fd == kUnset) {
-    /* Because we want to keep |urandom_fd| in the BSS, we have to initialise
-     * it to zero. But zero is a valid file descriptor too. Thus if open
-     * returns zero for /dev/urandom, we dup it to get a non-zero number. */
+    // Because we want to keep |urandom_fd| in the BSS, we have to initialise
+    // it to zero. But zero is a valid file descriptor too. Thus if open
+    // returns zero for /dev/urandom, we dup it to get a non-zero number.
     fd = dup(fd);
     close(kUnset);
 
@@ -166,10 +168,10 @@ static void init_once(void) {
   }
 
 #if defined(BORINGSSL_FIPS)
-  /* In FIPS mode we ensure that the kernel has sufficient entropy before
-   * continuing. This is automatically handled by getrandom, which requires
-   * that the entropy pool has been initialised, but for urandom we have to
-   * poll. */
+  // In FIPS mode we ensure that the kernel has sufficient entropy before
+  // continuing. This is automatically handled by getrandom, which requires
+  // that the entropy pool has been initialised, but for urandom we have to
+  // poll.
   for (;;) {
     int entropy_bits;
     if (ioctl(fd, RNDGETENTCNT, &entropy_bits)) {
@@ -190,7 +192,7 @@ static void init_once(void) {
 
   int flags = fcntl(fd, F_GETFD);
   if (flags == -1) {
-    /* Native Client doesn't implement |fcntl|. */
+    // Native Client doesn't implement |fcntl|.
     if (errno != ENOSYS) {
       abort();
     }
@@ -211,9 +213,9 @@ void RAND_set_urandom_fd(int fd) {
 
   assert(kUnset == 0);
   if (fd == kUnset) {
-    /* Because we want to keep |urandom_fd| in the BSS, we have to initialise
-     * it to zero. But zero is a valid file descriptor too. Thus if dup
-     * returned zero we dup it again to get a non-zero number. */
+    // Because we want to keep |urandom_fd| in the BSS, we have to initialise
+    // it to zero. But zero is a valid file descriptor too. Thus if dup
+    // returned zero we dup it again to get a non-zero number.
     fd = dup(fd);
     close(kUnset);
 
@@ -238,8 +240,8 @@ void RAND_set_urandom_fd(int fd) {
 void __msan_unpoison(void *, size_t);
 #endif
 
-/* fill_with_entropy writes |len| bytes of entropy into |out|. It returns one
- * on success and zero on error. */
+// fill_with_entropy writes |len| bytes of entropy into |out|. It returns one
+// on success and zero on error.
 static char fill_with_entropy(uint8_t *out, size_t len) {
   while (len > 0) {
     ssize_t r;
@@ -252,13 +254,13 @@ static char fill_with_entropy(uint8_t *out, size_t len) {
 
 #if defined(OPENSSL_MSAN)
       if (r > 0) {
-        /* MSAN doesn't recognise |syscall| and thus doesn't notice that we
-         * have initialised the output buffer. */
+        // MSAN doesn't recognise |syscall| and thus doesn't notice that we
+        // have initialised the output buffer.
         __msan_unpoison(out, r);
       }
-#endif /* OPENSSL_MSAN */
+#endif  // OPENSSL_MSAN
 
-#else /* USE_NR_getrandom */
+#else  // USE_NR_getrandom
       abort();
 #endif
     } else {
@@ -277,7 +279,7 @@ static char fill_with_entropy(uint8_t *out, size_t len) {
   return 1;
 }
 
-/* CRYPTO_sysrand puts |requested| random bytes into |out|. */
+// CRYPTO_sysrand puts |requested| random bytes into |out|.
 void CRYPTO_sysrand(uint8_t *out, size_t requested) {
   if (requested == 0) {
     return;