openssl: Ensure underlying hash algorithm is available during HMAC init

Without this we only would learn that the algorithm isn't actually
available (e.g. due to FIPS mode) when set_key() is called later, so there
isn't any automatic fallback to other implementations.

Fixes #3284.

src/libstrongswan/plugins/openssl/openssl_hmac.c

@@ -185,6 +185,12 @@ static mac_t *hmac_create(hash_algorithm_t algo)
 	this->hmac = &this->hmac_ctx;
 #endif
 
+	/* make sure the underlying hash algorithm is supported */
+	if (!set_key(this, chunk_from_str("")))
+	{
+		destroy(this);
+		return NULL;
+	}
 	return &this->public;
 }