Fix conflicts between DH check flags and FFC check flags

There are comments in include/openssl/dh.h and include/internal/ffc.h
that they must be aligned with each other, and yet, clashes have been
introduced.

The simplest fix is to move the offending FFC flags out of the way, as they
are indeed internal and shouldn't affect any public interface, apart from
those that are aligned with the DH flags, which are public.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22453)

diff --git a/include/internal/ffc.h b/include/internal/ffc.h
index 01b8a4f9d30a69119a3f5569e4c64b3977b1c4d2..edd8381e8df432390c1a4b9571e7afa76f4e493b 100644 (file)
--- a/include/internal/ffc.h
+++ b/include/internal/ffc.h
@@ -58,8 +58,11 @@
 # define FFC_CHECK_INVALID_Q_VALUE            0x00020
 # define FFC_CHECK_INVALID_J_VALUE            0x00040
 
-# define FFC_CHECK_BAD_LN_PAIR                0x00080
-# define FFC_CHECK_INVALID_SEED_SIZE          0x00100
+/*
+ * 0x80, 0x100 reserved by include/openssl/dh.h with check bits that are not
+ * relevant for FFC.
+ */
+
 # define FFC_CHECK_MISSING_SEED_OR_COUNTER    0x00200
 # define FFC_CHECK_INVALID_G                  0x00400
 # define FFC_CHECK_INVALID_PQ                 0x00800
@@ -68,6 +71,8 @@
 # define FFC_CHECK_Q_MISMATCH                 0x04000
 # define FFC_CHECK_G_MISMATCH                 0x08000
 # define FFC_CHECK_COUNTER_MISMATCH           0x10000
+# define FFC_CHECK_BAD_LN_PAIR                0x20000
+# define FFC_CHECK_INVALID_SEED_SIZE          0x40000
 
 /* Validation Return codes */
 # define FFC_ERROR_PUBKEY_TOO_SMALL       0x01