crypto: Fix OPENSSL_FIPS enabled builds

On Fedora and RHEL/CentOS, the standard OpenSSL library has the FIPS
module enabled by default.  On these platforms, the OPENSSL_FIPS macro
is always defined via /usr/include/openssl/opensslconf-*.h.

Without this fix, the following compilation error appears:

  ./src/openvpn/crypto.c: In function ‘print_cipher’:
  ./src/openvpn/crypto.c:1707:43: error: ‘cipher’ undeclared (first use in
this function); did you mean ‘iphdr’?
       if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
                                           ^~~~~~
The EVP_CIPHER_fetch() and EVP_CIPHER_free() methods are also provided
via the openssl_compat.h for older than OpenSSL 3.0.

Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220119182126.56880-1-openvpn@sf.lists.topphemmelig.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23570.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/crypto.c

@@ -34,6 +34,7 @@
 #include "error.h"
 #include "integer.h"
 #include "platform.h"
+#include "openssl_compat.h"
 
 #include "memdbg.h"
 
@@ -1704,10 +1705,14 @@ print_cipher(const char *ciphername)
         printf(", TLS client/server mode only");
     }
 #ifdef OPENSSL_FIPS
-    if (FIPS_mode() && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
+    evp_cipher_type *cipher = EVP_CIPHER_fetch(NULL, ciphername, NULL);
+
+    if (FIPS_mode() && cipher
+        && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_FIPS))
     {
         printf(", disabled by FIPS mode");
     }
+    EVP_CIPHER_free(cipher);
 #endif
 
     printf(")\n");