crypto/rsa: apply fips140=only to opts.Hash in SignPSS

Change-Id: I6a6a46569bd364b36f83b9aef640eca94e045173
Reviewed-on: https://go-review.googlesource.com/c/go/+/641315
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>

diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go
index 24dfb38cf625bda5f87f003c140175cd7763bae4..347775df1603c049a6fda9f64f3c28235d839fb9 100644 (file)
--- a/src/crypto/rsa/fips.go
+++ b/src/crypto/rsa/fips.go
@@ -67,6 +67,11 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte,
        if err := checkFIPS140OnlyPrivateKey(priv); err != nil {
                return nil, err
        }
+
+       if opts != nil && opts.Hash != 0 {
+               hash = opts.Hash
+       }
+
        if fips140only.Enabled && !fips140only.ApprovedHash(hash.New()) {
                return nil, errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
        }
@@ -74,10 +79,6 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte,
                return nil, errors.New("crypto/rsa: only crypto/rand.Reader is allowed in FIPS 140-only mode")
        }
 
-       if opts != nil && opts.Hash != 0 {
-               hash = opts.Hash
-       }
-
        if boring.Enabled && rand == boring.RandReader {
                bkey, err := boringPrivateKey(priv)
                if err != nil {