From 9ad715ac53395d42da6a25af8c43b95e063dd5f9 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 1 Oct 2022 11:40:48 -0400
Subject: [PATCH] Handle error generating DH params with very very large key
 size (#7666)

Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52024
---
 src/cryptography/hazmat/backends/openssl/backend.py | 4 +++-
 tests/hazmat/primitives/test_dh.py                  | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index c71bcc9d6862..890e2f9521a9 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1709,7 +1709,9 @@ def generate_dh_parameters(
         res = self._lib.DH_generate_parameters_ex(
             dh_param_cdata, key_size, generator, self._ffi.NULL
         )
-        self.openssl_assert(res == 1)
+        if res != 1:
+            errors = self._consume_errors_with_text()
+            raise ValueError("Unable to generate DH parameters", errors)
 
         return _DHParameters(self, dh_param_cdata)
 
diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py
index b8216a9a79f7..6e708676bd19 100644
--- a/tests/hazmat/primitives/test_dh.py
+++ b/tests/hazmat/primitives/test_dh.py
@@ -148,6 +148,10 @@ def test_unsupported_generator_generate_dh(self, backend):
         with pytest.raises(ValueError):
             dh.generate_parameters(7, 512, backend)
 
+    def test_large_key_generate_dh(self):
+        with pytest.raises(ValueError):
+            dh.generate_parameters(2, 1 << 30)
+
     @pytest.mark.skip_fips(reason="non-FIPS parameters")
     def test_dh_parameters_supported(self, backend):
         valid_p = int(