From: J. Nick Koston Date: Wed, 2 Oct 2019 08:18:52 +0000 (-0500) Subject: Defer loading crypto strings for DKIM until needed to improve startup time X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/133f2ed09bdf9988aed1934de650cae0caa40f8d Defer loading crypto strings for DKIM until needed to improve startup time --- diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c index a47f824b8..b5cb71ecd 100644 --- a/src/src/pdkim/signing.c +++ b/src/src/pdkim/signing.c @@ -690,10 +690,12 @@ return NULL; #elif defined(SIGN_OPENSSL) /******************************************************************************/ +/* Defer as much as possible to the exim_dkim_signing_init and +exim_dkim_verify_init() functions below. This increases startup time if we do +not need the dkim functions */ void exim_dkim_init(void) { -ERR_load_crypto_strings(); } @@ -714,6 +716,12 @@ exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx) { BIO * bp = BIO_new_mem_buf(privkey_pem, -1); +/* Load crypto strings only when we need to init signing +instead of in exim_dkim_init which impacts startup time. +It is harmless to call it multiple times as it sets a static +variable which causes it do nothing if called multiple times */ +ERR_load_crypto_strings(); + if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL))) return string_sprintf("privkey PEM-block import: %s", ERR_error_string(ERR_get_error(), NULL)); @@ -772,7 +780,7 @@ if ( (ctx = EVP_MD_CTX_create()) && EVP_DigestSignUpdate(ctx, data->data, data->len) > 0 && EVP_DigestSignFinal(ctx, NULL, &siglen) > 0 && (sig->data = store_get(siglen)) - + /* Obtain the signature (slen could change here!) */ && EVP_DigestSignFinal(ctx, sig->data, &siglen) > 0 ) @@ -798,6 +806,12 @@ exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx) const uschar * s = pubkey->data; uschar * ret = NULL; +/* Load crypto strings only when we need to init verify +instead of in exim_dkim_init which impacts startup time. +It is harmless to call it multiple times as it sets a static +variable which causes it do nothing if called multiple times */ +ERR_load_crypto_strings(); + switch(fmt) { case KEYFMT_DER: