diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 62c8a931c..240b9bbba 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -70,6 +70,7 @@
 #define POLARSSL_ERR_X509_FILE_IO_ERROR                    -0x2B00  /**< Read/write of file failed. */
 #define POLARSSL_ERR_X509_PASSWORD_REQUIRED                -0x2B80  /**< Private key password can't be empty. */
 #define POLARSSL_ERR_X509_PASSWORD_MISMATCH                -0x2C00  /**< Given private key password does not allow for correct decryption. */
+#define POLARSSL_ERR_X509_UNKNOWN_NAMED_CURVE              -0x2C80  /**< Elliptic curve is unsupported (only NIST curves are supported). */
 /* \} name */
 
 /**
diff --git a/library/x509parse.c b/library/x509parse.c
index b51881a9a..840319f43 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -201,6 +201,38 @@ static int x509_get_alg( unsigned char **p,
     return( 0 );
 }
 
+/* Get an EC group id from an ECParameters buffer
+ *
+ * ECParameters ::= CHOICE {
+ *   namedCurve         OBJECT IDENTIFIER
+ *   -- implicitCurve   NULL
+ *   -- specifiedCurve  SpecifiedECDomain
+ * }
+ */
+static int x509_get_ecparams( unsigned char **p, const unsigned char *end,
+                              ecp_group_id *grp_id )
+{
+    int ret;
+    x509_buf curve;
+
+    curve.tag = **p;
+
+    if( ( ret = asn1_get_tag( p, end, &curve.len, ASN1_OID ) ) != 0 )
+        return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret );
+
+    curve.p = *p;
+    *p += curve.len;
+
+    if( *p != end )
+        return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
+                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+
+    if( ( ret = oid_get_ec_grp( &curve, grp_id ) ) != 0 )
+        return( POLARSSL_ERR_X509_UNKNOWN_NAMED_CURVE );
+
+    return( 0 );
+}
+
 /*
  *  AttributeTypeAndValue ::= SEQUENCE {
  *    type     AttributeType,