From d3b1804f6ce6f1a2b517a562246447d41ed0ffae Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 12 Nov 2018 22:47:57 -0500
Subject: error if the key length for x25519 isn't 32 bytes (#4584)

* error if the key length for x25519 isn't 32 bytes

* also test 33
---
 src/cryptography/hazmat/primitives/asymmetric/x25519.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/primitives/asymmetric/x25519.py b/src/cryptography/hazmat/primitives/asymmetric/x25519.py
index e0329f9d..f4bdf3db 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/x25519.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/x25519.py
@@ -21,6 +21,10 @@ class X25519PublicKey(object):
                 "X25519 is not supported by this version of OpenSSL.",
                 _Reasons.UNSUPPORTED_EXCHANGE_ALGORITHM
             )
+
+        if len(data) != 32:
+            raise ValueError("An X25519 public key is 32 bytes long")
+
         return backend.x25519_load_public_bytes(data)
 
     @abc.abstractmethod
-- 
cgit v1.2.3