From 45546822b857bedbb8163a03baddf3aedb3e2fd7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Tue, 23 Jun 2026 17:10:39 +0200
Subject: [PATCH] crypto: fix large DH generator validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Unfortunately, `std::optional<>` implements `operator<` in such a way
that this check will fail for very large generators. Since `bn_g` is
unsigned, if its value does not fit into a single word, we can be
certain that it is at least 2. By only checking the value if it does
indeed fit into a word, the check correctly ignores very large
generators.

Signed-off-by: Tobias Nießen <tniessen@tnie.de>
---
 src/crypto/crypto_dh.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc
index c99cf2fb23619a..c5d38d1d52407d 100644
--- a/src/crypto/crypto_dh.cc
+++ b/src/crypto/crypto_dh.cc
@@ -196,7 +196,7 @@ void New(const FunctionCallbackInfo<Value>& args) {
 #endif
       return ThrowCryptoError(env, ERR_get_error(), "Invalid generator");
     }
-    if (bn_g.getWord() < 2) {
+    if (bn_g.getWord().has_value() && bn_g.getWord().value() < 2) {
 #ifndef OPENSSL_IS_BORINGSSL
       ERR_put_error(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR, __FILE__, __LINE__);
 #else