From 191e6e90bf6e37404bb65a4bf9b8a3211d77395d Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 22 Nov 2016 10:49:42 +0800
Subject: error if private_value is <= 0 in ec.derive_private_key (#3273)

---
 src/cryptography/hazmat/primitives/asymmetric/ec.py | 3 +++
 tests/hazmat/primitives/test_ec.py                  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/cryptography/hazmat/primitives/asymmetric/ec.py b/src/cryptography/hazmat/primitives/asymmetric/ec.py
index 023a2d15..a527387b 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/ec.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/ec.py
@@ -257,6 +257,9 @@ def derive_private_key(private_value, curve, backend):
     if not isinstance(private_value, six.integer_types):
         raise TypeError("private_value must be an integer type.")
 
+    if private_value <= 0:
+        raise ValueError("private_value must be a positive integer.")
+
     if not isinstance(curve, EllipticCurve):
         raise TypeError("curve must provide the EllipticCurve interface.")
 
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index d2b570dd..7127071f 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -125,6 +125,9 @@ def test_derive_private_key_errors(backend):
     with pytest.raises(TypeError):
         ec.derive_private_key(10, 'five', backend)
 
+    with pytest.raises(ValueError):
+        ec.derive_private_key(-7, curve, backend)
+
 
 def test_ec_numbers():
     numbers = ec.EllipticCurvePrivateNumbers(
-- 
cgit v1.2.3