From 1bdcc9c8882875e056d0b3a34dffa33a8ea9b9d7 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 29 Jun 2022 08:34:04 +0000
Subject: There's tentacles, tentacles everywhere

ok beck jsing
---
 src/lib/libssl/ssl_clnt.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 5291175235..d49d8ef056 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.147 2022/06/29 08:27:51 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.148 2022/06/29 08:34:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1889,6 +1889,12 @@ ssl3_send_client_kex_dhe(SSL *s, CBB *cbb)
 	if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
 		goto err;
 
+	if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) {
+		SSLerror(s, SSL_R_DH_KEY_TOO_SMALL);
+		ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+		return 0;
+	}
+
 	if (!tls12_derive_master_secret(s, key, key_len))
 		goto err;
 
-- 
cgit v1.2.3-55-g6feb