git://git.exim.org
/
users
/
heiko
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
59e6a17
)
Defer loading crypto strings for DKIM until needed to improve startup time
author
J. Nick Koston
<nick@cpanel.net>
Wed, 2 Oct 2019 08:18:52 +0000
(
03:18
-0500)
committer
Heiko Schlittermann (HS12-RIPE)
<hs@schlittermann.de>
Thu, 3 Oct 2019 10:30:23 +0000
(12:30 +0200)
src/src/pdkim/signing.c
patch
|
blob
|
history
diff --git
a/src/src/pdkim/signing.c
b/src/src/pdkim/signing.c
index a47f824b81c9e9aedff11fdc85713e517484ba8c..b5cb71ecdd08b03f249887a38a7ccc942837b953 100644
(file)
--- a/
src/src/pdkim/signing.c
+++ b/
src/src/pdkim/signing.c
@@
-690,10
+690,12
@@
return NULL;
#elif defined(SIGN_OPENSSL)
/******************************************************************************/
#elif defined(SIGN_OPENSSL)
/******************************************************************************/
+/* Defer as much as possible to the exim_dkim_signing_init and
+exim_dkim_verify_init() functions below. This increases startup time if we do
+not need the dkim functions */
void
exim_dkim_init(void)
{
void
exim_dkim_init(void)
{
-ERR_load_crypto_strings();
}
}
@@
-714,6
+716,12
@@
exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx)
{
BIO * bp = BIO_new_mem_buf(privkey_pem, -1);
{
BIO * bp = BIO_new_mem_buf(privkey_pem, -1);
+/* Load crypto strings only when we need to init signing
+instead of in exim_dkim_init which impacts startup time.
+It is harmless to call it multiple times as it sets a static
+variable which causes it do nothing if called multiple times */
+ERR_load_crypto_strings();
+
if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL)))
return string_sprintf("privkey PEM-block import: %s",
ERR_error_string(ERR_get_error(), NULL));
if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL)))
return string_sprintf("privkey PEM-block import: %s",
ERR_error_string(ERR_get_error(), NULL));
@@
-772,7
+780,7
@@
if ( (ctx = EVP_MD_CTX_create())
&& EVP_DigestSignUpdate(ctx, data->data, data->len) > 0
&& EVP_DigestSignFinal(ctx, NULL, &siglen) > 0
&& (sig->data = store_get(siglen))
&& EVP_DigestSignUpdate(ctx, data->data, data->len) > 0
&& EVP_DigestSignFinal(ctx, NULL, &siglen) > 0
&& (sig->data = store_get(siglen))
-
+
/* Obtain the signature (slen could change here!) */
&& EVP_DigestSignFinal(ctx, sig->data, &siglen) > 0
)
/* Obtain the signature (slen could change here!) */
&& EVP_DigestSignFinal(ctx, sig->data, &siglen) > 0
)
@@
-798,6
+806,12
@@
exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx)
const uschar * s = pubkey->data;
uschar * ret = NULL;
const uschar * s = pubkey->data;
uschar * ret = NULL;
+/* Load crypto strings only when we need to init verify
+instead of in exim_dkim_init which impacts startup time.
+It is harmless to call it multiple times as it sets a static
+variable which causes it do nothing if called multiple times */
+ERR_load_crypto_strings();
+
switch(fmt)
{
case KEYFMT_DER:
switch(fmt)
{
case KEYFMT_DER: