Make the configure.ac script compatible with OpenSSL 3.0.0

OpenSSL 3.0.0 deprecates many low level API functions.

In preparation for the future support of linking BIND with OpenSSL 3.0.0
without the deprecated API functions, change the configure.ac script to
use functions which are available on all supported versions of OpenSSL
and LibreSSL.

diff --git a/configure.ac b/configure.ac
index d17d8f20b2b7455f717a129f983c2da3f156a7d2..0542042098491bc1691f58c2391005404e36a23c 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -638,39 +638,35 @@ AC_CHECK_FUNCS([SSL_CTX_set_min_proto_version])
 # Check for algorithm support in OpenSSL
 #
 
-AC_CHECK_FUNCS([ECDSA_sign ECDSA_verify], [:],
-              [AC_MSG_FAILURE([ECDSA support in OpenSSL is mandatory.])])
+AC_CHECK_FUNCS([EVP_DigestSignInit EVP_DigestVerifyInit], [:],
+              [AC_MSG_FAILURE([EVP_DigestSignInit/EVP_DigestVerifyInit support in OpenSSL is mandatory.])])
 
 AC_MSG_CHECKING([for ECDSA P-256 support])
 AC_COMPILE_IFELSE(
-    [AC_LANG_PROGRAM([[#include <openssl/evp.h>
-                      #include <openssl/ec.h>]],
-                    [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);]])],
+    [AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+                    [[EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(NID_X9_62_prime256v1, NULL);]])],
     [AC_MSG_RESULT([yes])],
     [AC_MSG_FAILURE([not found.  ECDSA P-256 support in OpenSSL is mandatory.])])
 
 AC_MSG_CHECKING([for ECDSA P-384 support])
 AC_COMPILE_IFELSE(
-    [AC_LANG_PROGRAM([[#include <openssl/evp.h>
-                      #include <openssl/ec.h>]],
-                    [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);]])],
+    [AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+                    [[EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(NID_secp384r1, NULL);]])],
     [AC_MSG_RESULT([yes])],
     [AC_MSG_FAILURE([not found.  ECDSA P-384 support in OpenSSL is mandatory.])])
 
 AC_MSG_CHECKING([for Ed25519 support])
 AC_COMPILE_IFELSE(
-    [AC_LANG_PROGRAM([[#include <openssl/evp.h>
-                      #include <openssl/ec.h>]],
-                    [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_ED25519);]])],
+    [AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+                    [[EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);]])],
     [AC_DEFINE([HAVE_OPENSSL_ED25519], [1], [define if OpenSSL supports Ed25519])
      AC_MSG_RESULT([yes])],
     [AC_MSG_RESULT([no])])
 
 AC_MSG_CHECKING([for Ed448 support])
 AC_COMPILE_IFELSE(
-    [AC_LANG_PROGRAM([[#include <openssl/evp.h>
-                      #include <openssl/ec.h>]],
-                    [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_ED448);]])],
+    [AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+                    [[EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);]])],
     [AC_DEFINE([HAVE_OPENSSL_ED448], [1], [define if OpenSSL supports Ed448])
      AC_MSG_RESULT([yes])],
     [AC_MSG_RESULT([no])])