From cd68beaaec2fafb4bd60e9b8655b93d91804cc69 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 23 Jan 2026 08:32:22 +0000
Subject: DH_check: teach this DoS vector about RFC 7919 primes

ok beck
---
 src/lib/libcrypto/dh/dh_check.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index 143699b4f6..d724e33eec 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_check.c,v 1.32 2026/01/23 08:21:52 tb Exp $ */
+/* $OpenBSD: dh_check.c,v 1.33 2026/01/23 08:32:22 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -115,6 +115,11 @@ static const get_p_fn get_well_known_p[] = {
 	BN_get_rfc3526_prime_4096,
 	BN_get_rfc3526_prime_6144,
 	BN_get_rfc3526_prime_8192,
+	BN_get_rfc7919_prime_2048,
+	BN_get_rfc7919_prime_3072,
+	BN_get_rfc7919_prime_4096,
+	BN_get_rfc7919_prime_6144,
+	BN_get_rfc7919_prime_8192,
 };
 
 #define N_WELL_KNOWN_P_FN (sizeof(get_well_known_p) / sizeof(get_well_known_p[0]))
-- 
cgit v1.2.3-55-g6feb