openpgp: Honor `OPENSSL_NO_OCB` build parameter.

  - If OpenSSL is built with the `OPENSSL_NO_OCB` directive it will
  not have OCB.

  - Stop advertising OCB as supported in that case.

  - Use GCM as the default algorithm if OCB is not available.

  - Tested by appending `println!("cargo:rustc-cfg=osslconf=\"{}\"",
  "OPENSSL_NO_OCB");` to build.rs.

  - See https://github.com/sfackler/rust-openssl/pull/1952

2 files changed, 7 insertions, 2 deletions

diff --git a/openpgp/src/crypto/backend/openssl.rs b/openpgp/src/crypto/backend/openssl.rs
index 96679e2d..aabf94cf 100644
--- a/openpgp/src/crypto/backend/openssl.rs
+++ b/openpgp/src/crypto/backend/openssl.rs
@@ -28,13 +28,17 @@ impl AEADAlgorithm {
     /// algorithm and the most performing one, but fall back to any
     /// supported algorithm.
     pub(crate) const fn const_default() -> AEADAlgorithm {
-        AEADAlgorithm::OCB
+        if cfg!(not(osslconf = "OPENSSL_NO_OCB")) {
+            AEADAlgorithm::OCB
+        } else {
+            AEADAlgorithm::GCM
+        }
     }
 
     pub(crate) fn is_supported_by_backend(&self) -> bool {
         match self {
             AEADAlgorithm::EAX => false,
-            AEADAlgorithm::OCB => true,
+            AEADAlgorithm::OCB => cfg!(not(osslconf = "OPENSSL_NO_OCB")),
             AEADAlgorithm::GCM => true,
             AEADAlgorithm::Private(_) |
             AEADAlgorithm::Unknown(_) => false,
diff --git a/openpgp/src/crypto/backend/openssl/aead.rs b/openpgp/src/crypto/backend/openssl/aead.rs
index 84ce3c7e..b592e6d8 100644
--- a/openpgp/src/crypto/backend/openssl/aead.rs
+++ b/openpgp/src/crypto/backend/openssl/aead.rs
@@ -63,6 +63,7 @@ impl AEADAlgorithm {
         op: CipherOp,
     ) -> Result<Box<dyn Aead>> {
         match self {
+            #[cfg(not(osslconf = "OPENSSL_NO_OCB"))]
             AEADAlgorithm::OCB => {
                 let cipher = match sym_algo {
                     SymmetricAlgorithm::AES128 => Cipher::aes_128_ocb(),