We are trying to generate the hash of the subject name in certificates in fips mode by using the ³openssl x509 hash² command. Apparently this utility uses md5 algorithm to calculate the hash of the subject name and therefore this operation is not allowed in FIPS mode.
My question is , is there any flag that can be set in the environment or the OpenSSL config file that would allow subject name hash operation in FIPS mode? I know there is a flag that can be used programatically - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW). But I am concerned about using the OpenSSL binary and allow the hash operation by it in FIPS mode. What would be the way to achieve that? Thanks Anamitra
