Add a test for the failure condition of EC_KEY_new_by_curve_name

2 files changed, 28 insertions, 5 deletions

diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index be636ae..86410c0 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -642,10 +642,13 @@ class Context(object):
         _lib.SSL_CTX_set_tmp_dh(self._context, dh)
 
 
-    def _set_tmp_ecdh_curve_by_nid(self, nid):
+    def _set_tmp_ecdh_curve_by_nid(self, name, nid):
         """
         Select a curve to use by the OpenSSL NID associated with that curve.
 
+        :param name: The name of the curve identified by the NID.
+        :type name: str
+
         :param nid: The OpenSSL NID to use.
         :type nid: int
 
@@ -654,7 +657,7 @@ class Context(object):
         """
         ecdh = _lib.EC_KEY_new_by_curve_name(nid)
         if ecdh == _ffi.NULL:
-            raise UnsupportedEllipticCurve(sn)
+            raise UnsupportedEllipticCurve(name)
         _lib.SSL_CTX_set_tmp_ecdh(self._context, ecdh)
         _lib.EC_KEY_free(ecdh)
 
@@ -679,7 +682,7 @@ class Context(object):
             nid = _lib.OBJ_sn2nid(curve_name.encode('ascii'))
             if nid == _lib.NID_undef:
                 raise UnknownObject(curve_name)
-            return self._set_tmp_ecdh_curve_by_nid(nid)
+            return self._set_tmp_ecdh_curve_by_nid(curve_name, nid)
         raise ECNotAvailable()
 
 
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index 5e9fd83..beb5d28 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -38,7 +38,7 @@ from OpenSSL.SSL import (
     SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)
 from OpenSSL.SSL import (
     _Cryptography_HAS_EC, ELLIPTIC_CURVE_DESCRIPTIONS,
-    ECNotAvailable, UnknownObject)
+    ECNotAvailable, UnknownObject, UnsupportedEllipticCurve)
 
 from OpenSSL.SSL import (
     Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)
@@ -1204,7 +1204,7 @@ class ContextTests(TestCase, _LoopbackMixin):
             _lib.Cryptography_HAS_EC = has_ec
 
 
-    def test_set_tmp_ecdh_curve_bad_sn(self):
+    def test_set_tmp_ecdh_curve_bad_curve_name(self):
         """
         :py:obj:`Context.set_tmp_ecdh_curve` raises :py:obj:`UnknownObject` if
         passed a curve_name that OpenSSL does not recognize and EC is
@@ -1223,6 +1223,26 @@ class ContextTests(TestCase, _LoopbackMixin):
                 "non-existent curve name")
 
 
+    def test_set_tmp_ecdh_curve_bad_nid(self):
+        """
+        :py:obj:`Context._set_tmp_ecdh_curve_by_nid`, an implementation detail
+        of :py:obj:`Context.set_tmp_ecdh_curve`, raises
+        :py:obj:`UnsupportedEllipticCurve` raises if passed a NID that does not
+        identify a supported curve.
+        """
+        context = Context(TLSv1_METHOD)
+        try:
+            context._set_tmp_ecdh_curve_by_nid(
+                u"curve", _lib.OBJ_sn2nid(b"sha256"))
+        except UnsupportedEllipticCurve:
+            pass
+        else:
+            self.fail(
+                "_set_tmp_ecdh_curve_by_nid did not raise "
+                "UnsupportedEllipticCurve for a NID that does not "
+                "identify a supported curve.")
+
+
     def test_set_tmp_ecdh_curve_not_a_curve(self):
         """
         :py:obj:`Context.set_tmp_ecdh_curve` raises