fips: Mark operations using P-192 as not approved

P-192 is not an approved curve as of FIPS 186-5, so mark operations
using it as NOT approved in the SLI.

Signed-off-by: Angel Yankov <angel.yankov@suse.com>

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index cccad6f7d41708a24823a14aba25d53c9b0ed308..be4e1b74eac2b0688711f21066254d2fa933bd51 100644 (file)
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -2023,6 +2023,11 @@ static int _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
                        goto cleanup;
                }
 
+               /* P-192 is not supported in FIPS 140-3 */
+               if (curve_id == GNUTLS_ECC_CURVE_SECP192R1) {
+                       not_approved = true;
+               }
+
                ret = _gnutls_decode_ber_rs(signature, &tmp[0], &tmp[1]);
                if (ret < 0) {
                        gnutls_assert();