From 133f2ed09bdf9988aed1934de650cae0caa40f8d Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Wed, 2 Oct 2019 03:18:52 -0500 Subject: [PATCH] Defer loading crypto strings for DKIM until needed to improve startup time --- src/src/pdkim/signing.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c index a47f824b8..b5cb71ecd 100644 --- a/src/src/pdkim/signing.c +++ b/src/src/pdkim/signing.c @@ -690,10 +690,12 @@ return NULL; #elif defined(SIGN_OPENSSL) /******************************************************************************/ +/* Defer as much as possible to the exim_dkim_signing_init and +exim_dkim_verify_init() functions below. This increases startup time if we do +not need the dkim functions */ void exim_dkim_init(void) { -ERR_load_crypto_strings(); } @@ -714,6 +716,12 @@ exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx) { BIO * bp = BIO_new_mem_buf(privkey_pem, -1); +/* Load crypto strings only when we need to init signing +instead of in exim_dkim_init which impacts startup time. +It is harmless to call it multiple times as it sets a static +variable which causes it do nothing if called multiple times */ +ERR_load_crypto_strings(); + if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL))) return string_sprintf("privkey PEM-block import: %s", ERR_error_string(ERR_get_error(), NULL)); @@ -772,7 +780,7 @@ if ( (ctx = EVP_MD_CTX_create()) && EVP_DigestSignUpdate(ctx, data->data, data->len) > 0 && EVP_DigestSignFinal(ctx, NULL, &siglen) > 0 && (sig->data = store_get(siglen)) - + /* Obtain the signature (slen could change here!) */ && EVP_DigestSignFinal(ctx, sig->data, &siglen) > 0 ) @@ -798,6 +806,12 @@ exim_dkim_verify_init(blob * pubkey, keyformat fmt, ev_ctx * verify_ctx) const uschar * s = pubkey->data; uschar * ret = NULL; +/* Load crypto strings only when we need to init verify +instead of in exim_dkim_init which impacts startup time. +It is harmless to call it multiple times as it sets a static +variable which causes it do nothing if called multiple times */ +ERR_load_crypto_strings(); + switch(fmt) { case KEYFMT_DER: -- 2.30.2