From 0fba4e28de2d0b5b8a262f512b65e487ded0c6e1 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 12 Jul 2018 22:19:21 +0530
Subject: raise valueerror for null x25519 derived keys (#4332)

* raise valueerror for null x25519 derived keys

OpenSSL errors when it hits this edge case and a null shared key is bad
anyway so let's raise an error

* empty commit
---
 src/cryptography/hazmat/backends/openssl/x25519.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/cryptography/hazmat/backends/openssl/x25519.py')

diff --git a/src/cryptography/hazmat/backends/openssl/x25519.py b/src/cryptography/hazmat/backends/openssl/x25519.py
index 5599c2fd..983ece6a 100644
--- a/src/cryptography/hazmat/backends/openssl/x25519.py
+++ b/src/cryptography/hazmat/backends/openssl/x25519.py
@@ -71,5 +71,9 @@ class _X25519PrivateKey(object):
         self._backend.openssl_assert(keylen[0] > 0)
         buf = self._backend._ffi.new("unsigned char[]", keylen[0])
         res = self._backend._lib.EVP_PKEY_derive(ctx, buf, keylen)
-        self._backend.openssl_assert(res == 1)
+        if res != 1:
+            raise ValueError(
+                "Null shared key derived from public/private pair."
+            )
+
         return self._backend._ffi.buffer(buf, keylen[0])[:]
-- 
cgit v1.2.3