crypto: ECDSA/ECDH curve as a 2-tuple {{..old def..}, Name} from erl to nif

To enable EC selection by name that is a requirement for FIPS
in OpenSSL 3.0

3 files changed, 24 insertions, 9 deletions

diff --git a/lib/crypto/c_src/ec.c b/lib/crypto/c_src/ec.c
index f14768d134..124582c4f8 100644
--- a/lib/crypto/c_src/ec.c
+++ b/lib/crypto/c_src/ec.c
@@ -35,6 +35,8 @@ int get_curve_definition(ErlNifEnv* env, ERL_NIF_TERM *ret, ERL_NIF_TERM def,
     const ERL_NIF_TERM *field;
     int f_arity = -1;
     BIGNUM *p = NULL;
+    int arity = -1;
+    const ERL_NIF_TERM* curve_tuple;
 
     /* Here are two random curve definition examples, one prime_field and
        one characteristic_two_field. Both are from the crypto/src/crypto_ec_curves.erl.
@@ -66,8 +68,12 @@ int get_curve_definition(ErlNifEnv* env, ERL_NIF_TERM *ret, ERL_NIF_TERM def,
            };
     */
 
+    /* Separate the curve definition from the curve name */
+    if (!enif_get_tuple(env, def, &arity, &curve_tuple) || (arity != 2))
+        assign_goto(*ret, err, EXCP_ERROR(env, "Tuple arity 2 expected."));
+
     /* {Field, Prime, Point, Order, CoFactor} = CurveDef */
-    if (!enif_get_tuple(env, def, &c_arity, &curve) ||
+    if (!enif_get_tuple(env, curve_tuple[0], &c_arity, &curve) ||
         c_arity != 5)
         assign_goto(*ret, err, EXCP_ERROR_N(env, 1, "Bad curve def. Expect 5-tuple."));
 
@@ -792,6 +798,8 @@ int get_ec_key_sz(ErlNifEnv* env,
     BIGNUM *priv_key = NULL;
     EC_POINT *pub_key = NULL;
     EC_GROUP *group = NULL;
+    int arity = -1;
+    const ERL_NIF_TERM* curve_tuple;
 
     if (priv != atom_undefined) {
         if (!get_bn_from_bin(env, priv, &priv_key))
@@ -802,7 +810,10 @@ int get_ec_key_sz(ErlNifEnv* env,
             goto err;
     }
 
-    if ((key = ec_key_new(env, curve, size)) == NULL)
+    if (!enif_get_tuple(env, curve, &arity, &curve_tuple) || (arity != 2))
+        goto err;
+
+    if ((key = ec_key_new(env, curve_tuple[0], size)) == NULL)
         goto err;
 
     if ((group = EC_GROUP_dup(EC_KEY_get0_group(key))) == NULL)
diff --git a/lib/crypto/c_src/ecdh.c b/lib/crypto/c_src/ecdh.c
index 96c57f18e7..7509d9cb84 100644
--- a/lib/crypto/c_src/ecdh.c
+++ b/lib/crypto/c_src/ecdh.c
@@ -34,7 +34,7 @@ ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM a
 #  include "bn.h"
 
 ERL_NIF_TERM ecdh_compute_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
-/* (OtherPublicKey, Curve, My) */
+/* (OtherPublicKey, {CurveDef,CurveName}, My) */
 {
     ERL_NIF_TERM ret = atom_undefined;
     ErlNifBinary ret_bin;
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 7fef4351f6..e4b68da8a6 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -2314,17 +2314,21 @@ term_to_nif_curve({A, B, Seed}) ->
     {ensure_int_as_bin(A), ensure_int_as_bin(B), Seed}.
 
 nif_curve_params({PrimeField, Curve, BasePoint, Order, CoFactor}) ->
-    {term_to_nif_prime(PrimeField),
-     term_to_nif_curve(Curve),
-     ensure_int_as_bin(BasePoint),
-     ensure_int_as_bin(Order),
-     ensure_int_as_bin(CoFactor)};
+    {
+      {term_to_nif_prime(PrimeField),
+       term_to_nif_curve(Curve),
+       ensure_int_as_bin(BasePoint),
+       ensure_int_as_bin(Order),
+       ensure_int_as_bin(CoFactor)
+      },
+      undefined %% The curve name
+    };
 nif_curve_params(Curve) when is_atom(Curve) ->
     %% named curve
     case Curve of
         x448 -> {evp,Curve};
         x25519 -> {evp,Curve};
-        _ -> crypto_ec_curves:curve(Curve)
+        _ -> {crypto_ec_curves:curve(Curve), Curve}
     end.