Unable to read the blob object data on FIPS enabled environment due to MD5 is restricted and missing API to enable/disable MD5 Content hash

[csi-amolpawar]

Describe the bug
Unable to read the blob object data on FIPS enabled environment

[user1@kk60-fips bin]$ fips-mode-setup --check
FIPS mode is enabled.
[user1@kk60-fips bin]$ ./blob-reader testcontainer testblob.txt 
error: Crypto error while init Md5Hash.

due to MD5 is restricted and missing API to enable/disable the MD5 content hash

Please refer this migration guide which clearly specify the missing MD5 configuration in version 12, was provided in the previous version 7.5
https://github.com/Azure/azure-sdk-for-cpp/blob/main/sdk/storage/MigrationGuide.md#blob-content-md5

To Reproduce
Steps to reproduce the behavior:
The issue is easily reproducible with below code

#include <iostream>
#include <string>
#include <sstream>
#include <memory>
#include <stdexcept>
#include <azure/storage/blobs.hpp>                       // For azure blob
#include <azure/storage/common/storage_exception.hpp>    // For azure exceptions

using namespace Azure::Storage;
using namespace Azure::Storage::Blobs;

int main(int argc, char** argv) try
{
  if(argc == 3)
  {
    std::string container(argv[1]), blob(argv[2]);
    std::string accountname("testaccount");
    std::string accountkey("accountkey");

    std::ostringstream url;
    url << "https://" << accountname << ".blob.core.windows.net/"
        << container <<  '/' << blob;

    auto credential = std::make_shared<StorageSharedKeyCredential>(
      accountname, accountkey);

    auto blob_client = std::make_unique<BlobClient>(url.str(), credential);
    auto blobsize = blob_client->GetProperties().Value.BlobSize;

    DownloadBlobOptions download_options;
    download_options.Range = { 0, blobsize };

    auto response = blob_client->Download(download_options).Value;
    auto contenthash = response.Details.HttpHeaders.ContentHash.Value;

    Azure::Core::Cryptography::Md5Hash md5hash;
    
    const auto BUFFER_SIZE = 4 * 1'024 * 1'024;
    std::array<char, BUFFER_SIZE> outbuf;
    auto stream = std::move(response.BodyStream);
    for (int64_t offset = 0; offset != blobsize; )
    {
      auto readsize = stream->Read((uint8_t*)outbuf.data(), BUFFER_SIZE);
      md5hash.Append((const uint8_t*)outbuf.data(), readsize);
      offset += readsize;
    }

    if(md5hash.Final() != contenthash)
    {
      std::ostringstream oss; oss << ": Download blob failed: "
        << "Bad Hash(md5/crc64)";
      throw std::runtime_error(oss.str());
    }
    std::cout << "The md4 hash is successful for az://" << argv[1] << "/" << argv[2] << std::endl;
  }
  else
  {
    std::cout << argv[0] << " <container> <blob>" << std::endl;
  }
  return 0;
}
catch(const std::exception& e)
{
  std::cout << "error: " << e.what() << std::endl;
}

Expected behavior
The program should able to read blob irrespective of its environment i.e on FIPS enabled by configuring the MD5 content hash flag as ON/OFF

Setup (please complete the following information):

• OS: Rocky Linux 9.5 (Blue Onyx)
• Version of the Library used : 12.10.0
• C++ Version: g++ (GCC) 11.5.0

Additional context
This should work as usual like Non FIPS environment

[user2@8e3dcaf8d95e azure]# fips-mode-setup --check
Installation of FIPS modules is not completed.
cat: /proc/sys/crypto/fips_enabled: No such file or directory
FIPS mode is .
[user2@8e3dcaf8d95e azure]# ./blob-reader testcontainer testblob.txt 
The md4 hash is successful for az://testcontainer/testblob.txt

[github-actions]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Jinming-Hu @microzchang @vinjiang.

[Jinming-Hu]

The exception is thrown from azure-core SDK

azure-sdk-for-cpp/sdk/core/azure-core/src/cryptography/md5.cpp

Line 201 in 2e7848d

throw std::runtime_error("Crypto error while init Md5Hash.");

[csi-amolpawar]

@Jinming-Hu Yes, Can we get API to enable/disable md5 and use method like CRC64 etc.