reinitialize context before each Sign/Verify call to make it working with openssl 3.2

libi2pd/Crypto.h

@@ -39,9 +39,7 @@
 #	define LEGACY_OPENSSL 0
 #	if (OPENSSL_VERSION_NUMBER >= 0x010101000) // 1.1.1
 #		define OPENSSL_HKDF 1
-#		if (OPENSSL_VERSION_NUMBER < 0x030200000) // 3.2.0, regression in EVP_DigestSign
+#		define OPENSSL_EDDSA 1
-#			define OPENSSL_EDDSA 1
-#		endif
 #		define OPENSSL_X25519 1
 #		if (OPENSSL_VERSION_NUMBER != 0x030000000) // 3.0.0, regression in SipHash
 #			define OPENSSL_SIPHASH 1

libi2pd/Signature.cpp

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -15,7 +15,8 @@ namespace i2p
 namespace crypto
 {
 #if OPENSSL_EDDSA
-	EDDSA25519Verifier::EDDSA25519Verifier ()
+	EDDSA25519Verifier::EDDSA25519Verifier ():
+		m_Pkey (nullptr)
 	{
 		m_MDCtx = EVP_MD_CTX_create ();
 	}
@@ -23,17 +24,18 @@ namespace crypto
 	EDDSA25519Verifier::~EDDSA25519Verifier ()
 	{
 		EVP_MD_CTX_destroy (m_MDCtx);
+		EVP_PKEY_free (m_Pkey);
 	}
 
 	void EDDSA25519Verifier::SetPublicKey (const uint8_t * signingKey)
 	{
-		EVP_PKEY * pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_ED25519, NULL, signingKey, 32);
+		if (m_Pkey) EVP_PKEY_free (m_Pkey);
-		EVP_DigestVerifyInit (m_MDCtx, NULL, NULL, NULL, pkey);
+		m_Pkey = EVP_PKEY_new_raw_public_key (EVP_PKEY_ED25519, NULL, signingKey, 32);
-		EVP_PKEY_free (pkey);
 	}
 
 	bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
 	{
+		EVP_DigestVerifyInit (m_MDCtx, NULL, NULL, NULL, m_Pkey);
 		return EVP_DigestVerify (m_MDCtx, signature, 64, buf, len);
 	}
 
@@ -99,29 +101,26 @@ namespace crypto
 
 #if OPENSSL_EDDSA
 	EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey):
-		m_MDCtx (nullptr), m_Fallback (nullptr)
+		m_MDCtx (nullptr), m_Pkey (nullptr), m_Fallback (nullptr)
 	{
-		EVP_PKEY * pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_ED25519, NULL, signingPrivateKey, 32);
+		m_Pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_ED25519, NULL, signingPrivateKey, 32);
 		uint8_t publicKey[EDDSA25519_PUBLIC_KEY_LENGTH];
 		size_t len = EDDSA25519_PUBLIC_KEY_LENGTH;
-		EVP_PKEY_get_raw_public_key (pkey, publicKey, &len);
+		EVP_PKEY_get_raw_public_key (m_Pkey, publicKey, &len);
 		if (signingPublicKey && memcmp (publicKey, signingPublicKey, EDDSA25519_PUBLIC_KEY_LENGTH))
 		{
 			LogPrint (eLogWarning, "EdDSA public key mismatch. Fallback");
 			m_Fallback = new EDDSA25519SignerCompat (signingPrivateKey, signingPublicKey);
 		}
 		else
-		{
 			m_MDCtx = EVP_MD_CTX_create ();
-			EVP_DigestSignInit (m_MDCtx, NULL, NULL, NULL, pkey);
-		}
-		EVP_PKEY_free (pkey);
 	}
 
 	EDDSA25519Signer::~EDDSA25519Signer ()
 	{
 		if (m_Fallback) delete m_Fallback;
 		EVP_MD_CTX_destroy (m_MDCtx);
+		EVP_PKEY_free (m_Pkey);
 	}
 
 	void EDDSA25519Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const
@@ -131,7 +130,9 @@ namespace crypto
 		{
 			size_t l = 64;
 			uint8_t sig[64]; // temporary buffer for signature. openssl issue #7232
-			EVP_DigestSign (m_MDCtx, sig, &l, buf, len);
+			EVP_DigestSignInit (m_MDCtx, NULL, NULL, NULL, m_Pkey);
+			if (!EVP_DigestSign (m_MDCtx, sig, &l, buf, len))
+				LogPrint (eLogError, "EdDSA signing failed");
 			memcpy (signature, sig, 64);
 		}
 	}

libi2pd/Signature.h

@@ -1,5 +1,5 @@
 /*
-* Copyright (c) 2013-2021, The PurpleI2P Project
+* Copyright (c) 2013-2023, The PurpleI2P Project
 *
 * This file is part of Purple i2pd project and licensed under BSD3
 *
@@ -305,6 +305,7 @@ namespace crypto
 
 #if OPENSSL_EDDSA
 			EVP_MD_CTX * m_MDCtx;
+			EVP_PKEY * m_Pkey;
 #else
 			EDDSAPoint m_PublicKey;
 			uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
@@ -342,6 +343,7 @@ namespace crypto
 		private:
 
 			EVP_MD_CTX * m_MDCtx;
+			EVP_PKEY * m_Pkey;
 			EDDSA25519SignerCompat * m_Fallback;
 	};
 #else