diff --git a/openssl-1.0.0-name-hash.patch b/openssl-1.0.0-name-hash.patch
new file mode 100644
index 0000000..9098c0a
--- /dev/null
+++ b/openssl-1.0.0-name-hash.patch
@@ -0,0 +1,22 @@
+diff -up openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash openssl-1.0.0/crypto/x509/x509_cmp.c
+--- openssl-1.0.0/crypto/x509/x509_cmp.c.name-hash	2010-01-12 18:27:10.000000000 +0100
++++ openssl-1.0.0/crypto/x509/x509_cmp.c	2010-04-06 16:44:52.000000000 +0200
+@@ -236,10 +236,17 @@ unsigned long X509_NAME_hash_old(X509_NA
+ 	{
+ 	unsigned long ret=0;
+ 	unsigned char md[16];
++	EVP_MD_CTX ctx; 
+ 
+ 	/* Make sure X509_NAME structure contains valid cached encoding */
+ 	i2d_X509_NAME(x,NULL);
+-	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
++
++	EVP_MD_CTX_init(&ctx);
++	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
++        EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)
++		&& EVP_DigestUpdate(&ctx, x->bytes->data, x->bytes->length)
++		&& EVP_DigestFinal_ex(&ctx, md, NULL);
++	EVP_MD_CTX_cleanup(&ctx);
+ 
+ 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+ 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
diff --git a/openssl.spec b/openssl.spec
index c890c1a..20e028e 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -60,6 +60,7 @@ Patch49: openssl-1.0.0-beta4-algo-doc.patch
 Patch50: openssl-1.0.0-beta4-dtls1-abi.patch
 Patch51: openssl-1.0.0-version.patch
 Patch52: openssl-1.0.0-beta4-aesni.patch
+Patch53: openssl-1.0.0-name-hash.patch
 # Backported fixes including security fixes
 
 License: OpenSSL
@@ -140,6 +141,7 @@ from other formats to the formats used by the OpenSSL toolkit.
 %patch50 -p1 -b .dtls1-abi
 %patch51 -p1 -b .version
 %patch52 -p1 -b .aesni
+%patch53 -p1 -b .name-hash
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -387,6 +389,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %changelog
 * Tue Apr  6 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-2
 - set UTC timezone on pod2man run (#578842)
+- make X509_NAME_hash_old work in FIPS mode
 
 * Tue Mar 30 2010 Tomas Mraz <tmraz@redhat.com> 1.0.0-1
 - update to final 1.0.0 upstream release