<pre style='margin:0'>
Clemens Lang (neverpanic) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/e4a3923bb638e43dc83f0e261265c1128a8d10e1">https://github.com/macports/macports-ports/commit/e4a3923bb638e43dc83f0e261265c1128a8d10e1</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new e4a3923bb63 openssl3: Fix CVE-2023-5678
</span>e4a3923bb63 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit e4a3923bb638e43dc83f0e261265c1128a8d10e1
</span>Author: Clemens Lang <cal@macports.org>
AuthorDate: Tue Nov 7 12:35:22 2023 +0100
<span style='display:block; white-space:pre;color:#404040;'> openssl3: Fix CVE-2023-5678
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Backport a fix for a low severity denial of service vulnerability in
</span><span style='display:block; white-space:pre;color:#404040;'> X9.42 DH. See
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> https://mta.openssl.org/pipermail/openssl-announce/2023-November/000284.html
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> for the upstream advisory. You are very likely not affected by this,
</span><span style='display:block; white-space:pre;color:#404040;'> because X9.42 DH keys are not very common anymore. If you are, now would
</span><span style='display:block; white-space:pre;color:#404040;'> be a good time to move to well-known safe prime groups for
</span><span style='display:block; white-space:pre;color:#404040;'> Diffie-Hellman.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> No revbump of the openssl port, since this does not change which files
</span><span style='display:block; white-space:pre;color:#404040;'> are installed. Also no revbump of any of the dependent ports, since this
</span><span style='display:block; white-space:pre;color:#404040;'> fix does not change ABI.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> CVE: CVE-2023-5678
</span>---
devel/openssl3/Portfile | 4 +-
.../ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6.patch | 174 +++++++++++++++++++++
2 files changed, 177 insertions(+), 1 deletion(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/devel/openssl3/Portfile b/devel/openssl3/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 89d04fc63cc..59b61cdc5d9 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/devel/openssl3/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/devel/openssl3/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -11,7 +11,7 @@ legacysupport.newest_darwin_requires_legacy 8
</span> set major_v 3
name openssl$major_v
version ${major_v}.1.4
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 1
</span>
# Please revbump these ports when updating the openssl3 version/revision
# - freeradius (#43461)
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -52,6 +52,8 @@ checksums rmd160 44e8f5368a6f62508b8b83124239bf1ebbba8d18 \
</span> sha256 840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3 \
size 15569450
<span style='display:block; white-space:pre;background:#e0ffe0;'>+patchfiles ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> if {${os.platform} eq "darwin" && ${os.major} < 11} {
# Having the stdlib set to libc++ on 10.6 causes a dependency on a
# macports-clang compiler to be added, which would be a dep cycle.
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/devel/openssl3/files/ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6.patch b/devel/openssl3/files/ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6.patch
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..667bdbe8229
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/devel/openssl3/files/ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,174 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+From: Richard Levitte <levitte@openssl.org>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Date: Fri, 20 Oct 2023 09:18:19 +0200
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+We already check for an excessively large P in DH_generate_key(), but not in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+DH_check_pub_key(), and none of them check for an excessively large Q.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+This change adds all the missing excessive size checks of P and Q.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+It's to be noted that behaviours surrounding excessively sized P and Q
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+differ. DH_check() raises an error on the excessively sized P, but only
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+sets a flag for the excessively sized Q. This behaviour is mimicked in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+DH_check_pub_key().
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Reviewed-by: Tomas Mraz <tomas@openssl.org>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Reviewed-by: Matt Caswell <matt@openssl.org>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Reviewed-by: Hugo Landau <hlandau@openssl.org>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+(Merged from https://github.com/openssl/openssl/pull/22518)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Upstream-Stauts: Backport [github.com/openssl/openssl/commit/ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+---
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ crypto/dh/dh_check.c | 12 ++++++++++++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ crypto/dh/dh_err.c | 3 ++-
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ crypto/dh/dh_key.c | 12 ++++++++++++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ crypto/err/openssl.txt | 1 +
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ include/crypto/dherr.h | 2 +-
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ include/openssl/dh.h | 6 +++---
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ include/openssl/dherr.h | 3 ++-
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 7 files changed, 33 insertions(+), 6 deletions(-)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 7ba2beae7fd6b..e20eb62081c5e 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./crypto/dh/dh_check.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./crypto/dh/dh_check.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -249,6 +249,18 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /* Don't do any checks at all with an excessively large modulus */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ return 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ return 1;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return ossl_ffc_validate_public_key(&dh->params, pub_key, ret);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 4152397426cc9..f76ac0dd1463f 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./crypto/dh/dh_err.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./crypto/dh/dh_err.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1,6 +1,6 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Generated by util/mkerr.pl DO NOT EDIT
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Licensed under the Apache License 2.0 (the "License"). You may not use
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * this file except in compliance with the License. You can obtain a copy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -54,6 +54,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "parameter encoding error"},
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "unable to check generator"},
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index d84ea99241b9e..afc49f5cdc87d 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./crypto/dh/dh_key.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./crypto/dh/dh_key.c
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -49,6 +49,12 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto err;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (dh->params.q != NULL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ goto err;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -267,6 +273,12 @@ static int generate_key(DH *dh)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (dh->params.q != NULL
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ return 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index a1e6bbb617fcb..69e4f61aa1801 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./crypto/err/openssl.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./crypto/err/openssl.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -513,6 +513,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DH_R_NO_PRIVATE_VALUE:100:no private value
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DH_R_PEER_KEY_ERROR:111:peer key error
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++DH_R_Q_TOO_LARGE:130:q too large
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DH_R_SHARED_INFO_ERROR:113:shared info error
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/include/crypto/dherr.h b/include/crypto/dherr.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index bb24d131eb887..519327f795742 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./include/crypto/dherr.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./include/crypto/dherr.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1,6 +1,6 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Generated by util/mkerr.pl DO NOT EDIT
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Licensed under the Apache License 2.0 (the "License"). You may not use
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * this file except in compliance with the License. You can obtain a copy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/include/openssl/dh.h b/include/openssl/dh.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 8bc17448a0817..f1c0ed06b375a 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./include/openssl/dh.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./include/openssl/dh.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -144,7 +144,7 @@ DECLARE_ASN1_ITEM(DHparams)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_GENERATOR_3 3
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_GENERATOR_5 5
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-/* DH_check error codes */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++/* DH_check error codes, some of them shared with DH_check_pub_key */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * NB: These values must align with the equivalently named macros in
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * internal/ffc.h.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -154,10 +154,10 @@ DECLARE_ASN1_ITEM(DHparams)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_UNABLE_TO_CHECK_GENERATOR 0x04
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_NOT_SUITABLE_GENERATOR 0x08
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_CHECK_Q_NOT_PRIME 0x10
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-# define DH_CHECK_INVALID_Q_VALUE 0x20
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_CHECK_INVALID_J_VALUE 0x40
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_MODULUS_TOO_SMALL 0x80
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-# define DH_MODULUS_TOO_LARGE 0x100
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /* DH_check_pub_key error codes */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+index 5d2a762a96f8c..074a70145f9f5 100644
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./include/openssl/dherr.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./include/openssl/dherr.h
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1,6 +1,6 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Generated by util/mkerr.pl DO NOT EDIT
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Licensed under the Apache License 2.0 (the "License"). You may not use
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * this file except in compliance with the License. You can obtain a copy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -50,6 +50,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_R_NO_PRIVATE_VALUE 100
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_R_PARAMETER_ENCODING_ERROR 105
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_R_PEER_KEY_ERROR 111
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++# define DH_R_Q_TOO_LARGE 130
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_R_SHARED_INFO_ERROR 113
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # define DH_R_UNABLE_TO_CHECK_GENERATOR 121
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span></pre><pre style='margin:0'>
</pre>