raise valueerror for null x25519 derived keys (#4332)

* raise valueerror for null x25519 derived keys

OpenSSL errors when it hits this edge case and a null shared key is bad
anyway so let's raise an error

* empty commit

1 files changed, 5 insertions, 1 deletions

diff --git a/src/cryptography/hazmat/backends/openssl/x25519.py b/src/cryptography/hazmat/backends/openssl/x25519.py
index 5599c2fd..983ece6a 100644
--- a/src/cryptography/hazmat/backends/openssl/x25519.py
+++ b/src/cryptography/hazmat/backends/openssl/x25519.py
@@ -71,5 +71,9 @@ class _X25519PrivateKey(object):
         self._backend.openssl_assert(keylen[0] > 0)
         buf = self._backend._ffi.new("unsigned char[]", keylen[0])
         res = self._backend._lib.EVP_PKEY_derive(ctx, buf, keylen)
-        self._backend.openssl_assert(res == 1)
+        if res != 1:
+            raise ValueError(
+                "Null shared key derived from public/private pair."
+            )
+
         return self._backend._ffi.buffer(buf, keylen[0])[:]