chore(NODE-4266): improve error message for SCRAM-SHA-1 in FIPS mode (#…

…3258)

No tests because the Node.js driver CI doesn’t have a FIPS setup.
MONGOSH-1232 will add integration tests for this message.

src/cmap/auth/scram.ts

@@ -261,7 +261,17 @@ function passwordDigest(username: string, password: string) {
     throw new MongoInvalidArgumentError('Password cannot be empty');
   }
 
-  const md5 = crypto.createHash('md5');
+  let md5: crypto.Hash;
+  try {
+    md5 = crypto.createHash('md5');
+  } catch (err) {
+    if (crypto.getFips()) {
+      // This error is (slightly) more helpful than what comes from OpenSSL directly, e.g.
+      // 'Error: error:060800C8:digital envelope routines:EVP_DigestInit_ex:disabled for FIPS'
+      throw new Error('Auth mechanism SCRAM-SHA-1 is not supported in FIPS mode');
+    }
+    throw err;
+  }
   md5.update(`${username}:mongo:${password}`, 'utf8');
   return md5.digest('hex');
 }