Upgrade to OpenSSL 3

[glts]

The proposed change upgrades OpenSSL to version 3.

The change is not too big, it looks sensible to me, it is backwards compatible, and the test suite passes. I have done successful manual testing using opendkim-testmsg for both signing and verifying, using signature algorithms rsa-sha256 and ed25519-sha256. configure.ac hasn’t been updated yet. Feedback welcome.

[thegushi]

I notice new include files. What happens if this is built on a system that doesn't yet support openssl 3?

[glts]

The new include files already existed in OpenSSL < 3, but there needs to be the appropriate feature detection in configure.ac. I’m marking this pull request as in draft status.

[ghen2]

See also https://github.com/trusteddomainproject/OpenDKIM/pull/135.

[glts]

~~I cannot spend time investigating compatibility with legacy OpenSSL version 1.1.1 (EOL September 2023), so~~ removing the draft status and moving on for now.

[glts]

Rebased, and added a tiny commit which restores compatibility with OpenSSL version 1.1.1.

The pull request as now proposed simply moves to the non-deprecated APIs in OpenSSL 3, but all APIs were already present in OpenSSL 1.1.1.

[thegushi]

I'm likely to merge this, but which openSSL 3 system did you test it on?

[glts]

@thegushi I used Ubuntu 22.04 LTS with the packaged OpenSSL 3.0.2.

It’s good that for once a pull request is not received with total radio silence. However, I have four other pull requests open in this project, and I would prefer if you could merge them first. They are small, straightforward, benign, and they address real problems. Also they have been widely tested as they are included in Debian/Ubuntu. Would it be too much to ask to look through them and press that merge button?

[andreasschulze]

I'm using this patchset (with openssl-3.1.0). RSA and ED25519 signing as well as validation work as expected.
Not tested (because not used here): opendkim-genzone ...