diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index f682e6b1c6..d9ebe56ef0 100644
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -281,6 +281,9 @@ func signFIPSDeterministic[P ecdsa.Point[P]](c *ecdsa.Curve[P], hashFunc crypto.
 	if err != nil {
 		return nil, err
 	}
+	if fips140only.Enabled && !fips140only.ApprovedHash(hashFunc.New()) {
+		return nil, errors.New("crypto/ecdsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
+	}
 	sig, err := ecdsa.SignDeterministic(c, hashFunc.New, k, hash)
 	if err != nil {
 		return nil, err