#elif defined(SIGN_OPENSSL)
/******************************************************************************/
+/* Defer as much as possible to the exim_dkim_signing_init and
+exim_dkim_verify_init() functions below. This increases startup time if we do
+not need the dkim functions */
void
exim_dkim_init(void)
{
-ERR_load_crypto_strings();
}
{
BIO * bp = BIO_new_mem_buf(privkey_pem, -1);
+/* Load crypto strings only when we need to init signing
+instead of in exim_dkim_init which impacts startup time.
+It is harmless to call it multiple times as it sets a static
+variable which causes it do nothing if called multiple times */
+ERR_load_crypto_strings();
+
if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL)))
return string_sprintf("privkey PEM-block import: %s",
ERR_error_string(ERR_get_error(), NULL));
&& EVP_DigestSignUpdate(ctx, data->data, data->len) > 0
&& EVP_DigestSignFinal(ctx, NULL, &siglen) > 0
&& (sig->data = store_get(siglen))
-
+
/* Obtain the signature (slen could change here!) */
&& EVP_DigestSignFinal(ctx, sig->data, &siglen) > 0
)
const uschar * s = pubkey->data;
uschar * ret = NULL;
+/* Load crypto strings only when we need to init verify
+instead of in exim_dkim_init which impacts startup time.
+It is harmless to call it multiple times as it sets a static
+variable which causes it do nothing if called multiple times */
+ERR_load_crypto_strings();
+
switch(fmt)
{
case KEYFMT_DER: