Fix conflicts between DH check flags and FFC check flags

There are comments in include/openssl/dh.h and include/internal/ffc.h
that they must be aligned with each other, and yet, clashes have been
introduced.

The simplest fix is to move the offending FFC flags out of the way, as they
are indeed internal and shouldn't affect any public interface, apart from
those that are aligned with the DH flags, which are public.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22518)

(cherry picked from commit 3629ce9c4cb638d9458d8febd21659920903a749)

diff --git a/include/internal/ffc.h b/include/internal/ffc.h
index c4f090875f33c64fefe13be30a2e24f8541cb010..e96f08d68e938036e669717df24c13d4f2515c80 100644 (file)
--- a/include/internal/ffc.h
+++ b/include/internal/ffc.h
@@ -58,8 +58,11 @@
 # define FFC_CHECK_INVALID_Q_VALUE            0x00020
 # define FFC_CHECK_INVALID_J_VALUE            0x00040
 
-# define FFC_CHECK_BAD_LN_PAIR                0x00080
-# define FFC_CHECK_INVALID_SEED_SIZE          0x00100
+/*
+ * 0x80, 0x100 reserved by include/openssl/dh.h with check bits that are not
+ * relevant for FFC.
+ */
+
 # define FFC_CHECK_MISSING_SEED_OR_COUNTER    0x00200
 # define FFC_CHECK_INVALID_G                  0x00400
 # define FFC_CHECK_INVALID_PQ                 0x00800
@@ -68,6 +71,8 @@
 # define FFC_CHECK_Q_MISMATCH                 0x04000
 # define FFC_CHECK_G_MISMATCH                 0x08000
 # define FFC_CHECK_COUNTER_MISMATCH           0x10000
+# define FFC_CHECK_BAD_LN_PAIR                0x20000
+# define FFC_CHECK_INVALID_SEED_SIZE          0x40000
 
 /* Validation Return codes */
 # define FFC_ERROR_PUBKEY_TOO_SMALL       0x01