diff options
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | lib/global.c | 3 | ||||
-rw-r--r-- | lib/global.h | 3 | ||||
-rw-r--r-- | lib/libgnutls.map | 3 | ||||
-rw-r--r-- | lib/priority.c | 45 |
5 files changed, 51 insertions, 5 deletions
diff --git a/configure.ac b/configure.ac index ad1c45f14c..36426db605 100644 --- a/configure.ac +++ b/configure.ac @@ -214,7 +214,7 @@ AC_C_BIGENDIAN dnl No fork on MinGW, disable some self-tests until we fix them. dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs) -AC_CHECK_FUNCS([fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf],,) +AC_CHECK_FUNCS([fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime fmemopen vasprintf],,) if test "$ac_cv_func_vasprintf" != "yes";then AC_MSG_CHECKING([for va_copy]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ diff --git a/lib/global.c b/lib/global.c index c26543d570..f55851e7ea 100644 --- a/lib/global.c +++ b/lib/global.c @@ -38,6 +38,7 @@ #include <atfork.h> #include <system-keys.h> #include "str.h" +#include "global.h" /* Minimum library versions we accept. */ #define GNUTLS_MIN_LIBTASN1_VERSION "0.3.4" @@ -356,6 +357,7 @@ int gnutls_global_init(void) _gnutls_register_accel_crypto(); _gnutls_cryptodev_init(); + _gnutls_load_system_priorities(); #ifdef ENABLE_FIPS140 /* These self tests are performed on the overriden algorithms @@ -406,6 +408,7 @@ static void _gnutls_global_deinit(unsigned destructor) _gnutls_cryptodev_deinit(); _gnutls_supplemental_deinit(); + _gnutls_unload_system_priorities(); #ifdef ENABLE_PKCS11 /* Do not try to deinitialize the PKCS #11 libraries diff --git a/lib/global.h b/lib/global.h index e1a8f2e25c..45d8dcaff8 100644 --- a/lib/global.h +++ b/lib/global.h @@ -45,4 +45,7 @@ extern int gnutls_crypto_init(void); extern void gnutls_crypto_deinit(void); extern void _gnutls_tpm_global_deinit(void); +extern void _gnutls_load_system_priorities(void); +extern void _gnutls_unload_system_priorities(void); + #endif diff --git a/lib/libgnutls.map b/lib/libgnutls.map index de51dcc60c..4cccd3525a 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1130,8 +1130,9 @@ GNUTLS_PRIVATE_3_4 { _gnutls_mpi_ops; _gnutls_mpi_log; _gnutls_mpi_release; - # Internal symbols needed by tests/pkcs12_s2k: + # Internal symbols needed by tests/: _gnutls_pkcs12_string_to_key; _gnutls_bin2hex; _gnutls_mac_to_entry; + _gnutls_resolve_priorities; }; diff --git a/lib/priority.c b/lib/priority.c index be247be518..4934e3af15 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -34,6 +34,7 @@ #define MAX_ELEMENTS 64 +char *_gnutls_resolve_priorities(const char* priorities); static void prio_remove(priority_st * priority_list, unsigned int algo); static void prio_add(priority_st * priority_list, unsigned int algo); static void @@ -892,6 +893,40 @@ static char *check_str(char *line, size_t line_size, const char *needle, size_t return NULL; } +static const char *system_priority_file = SYSTEM_PRIORITY_FILE; +static char *system_priority_buf = NULL; +static size_t system_priority_buf_size = 0; + +void _gnutls_load_system_priorities(void) +{ + gnutls_datum_t data; + const char *p; + int ret; + + p = getenv("GNUTLS_SYSTEM_PRIORITY_FILE"); + if (p != NULL) + system_priority_file = p; + +#ifdef HAVE_FMEMOPEN + ret = gnutls_load_file(system_priority_file, &data); + if (ret < 0) + return; + + system_priority_buf = (char*)data.data; + system_priority_buf_size = data.size; +#endif + return; +} + +void _gnutls_unload_system_priorities(void) +{ +#ifdef HAVE_FMEMOPEN + gnutls_free(system_priority_buf); +#endif + system_priority_buf = NULL; + system_priority_buf_size = 0; +} + /* Returns the new priorities if SYSTEM is specified in * an allocated string, or just a copy of the provided * priorities, appended with any additional present in @@ -899,7 +934,7 @@ static char *check_str(char *line, size_t line_size, const char *needle, size_t * * The returned string must be released using free(). */ -static char *resolve_priorities(const char* priorities) +char *_gnutls_resolve_priorities(const char* priorities) { char *p = (char*)priorities; char *additional = NULL; @@ -924,7 +959,11 @@ size_t n, n2 = 0, line_size; ss_len = strlen(ss); } - fp = fopen(SYSTEM_PRIORITY_FILE, "r"); +#ifdef HAVE_FMEMOPEN + fp = fmemopen(system_priority_buf, system_priority_buf_size, "r"); +#endif + if (fp == NULL) + fp = fopen(system_priority_file, "r"); if (fp == NULL) {/* fail */ ret = NULL; goto finish; @@ -1095,7 +1134,7 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, if (priorities == NULL) priorities = "NORMAL"; - darg = resolve_priorities(priorities); + darg = _gnutls_resolve_priorities(priorities); if (darg == NULL) { gnutls_assert(); goto error; |