From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 27 Jan 2025 13:21:43 +0000 (+0100)
Subject: crypto/internal/fips140/rsa: avoid CAST unsetting the service indicator
X-Git-Tag: go1.24rc3~2^2~16
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=b9872221cd024bae5239c001b351a84d32db7bf7;p=gostls13.git

crypto/internal/fips140/rsa: avoid CAST unsetting the service indicator

Without fipsApproved set, when the CAST runs it sets the service
indicator to false for the whole span.

This is a very late Go 1.24 change, but it is necessary for the frozen
FIPS module, and doesn't impact anything else than the FIPS status
indicator value.

Change-Id: I6a6a46567818135158c3c252b5480431a190572b
Reviewed-on: https://go-review.googlesource.com/c/go/+/644636
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
---

diff --git a/src/crypto/internal/fips140/rsa/cast.go b/src/crypto/internal/fips140/rsa/cast.go
index ec7b5f3aeb..b900b32c88 100644
--- a/src/crypto/internal/fips140/rsa/cast.go
+++ b/src/crypto/internal/fips140/rsa/cast.go
@@ -171,6 +171,7 @@ func testPrivateKey() *PrivateKey {
 			N: N, E: 65537,
 		},
 		d: d, p: p, q: q, qInv: qInv, dP: dP, dQ: dQ,
+		fipsApproved: true,
 	}
 
 }