crypto/ecdsa: apply fips140=only to deterministic ECDSA hash

Change-Id: I6a6a46567b1eaaef080ac0994afa83db2624a75a
Reviewed-on: https://go-review.googlesource.com/c/go/+/641316
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>

diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index f682e6b1c6cfa6f6c9a294f5fee5f87ed1337dfb..d9ebe56ef007e5767e8affe64f93a98decd2fbc6 100644 (file)
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -281,6 +281,9 @@ func signFIPSDeterministic[P ecdsa.Point[P]](c *ecdsa.Curve[P], hashFunc crypto.
        if err != nil {
                return nil, err
        }
+       if fips140only.Enabled && !fips140only.ApprovedHash(hashFunc.New()) {
+               return nil, errors.New("crypto/ecdsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
+       }
        sig, err := ecdsa.SignDeterministic(c, hashFunc.New, k, hash)
        if err != nil {
                return nil, err