5 files changed, 51 insertions, 5 deletions

diff --git a/configure.ac b/configure.ac
index ad1c45f14c..36426db605 100644
--- a/configure.ac
+++ b/configure.ac
@@ -214,7 +214,7 @@ AC_C_BIGENDIAN
 
 dnl No fork on MinGW, disable some self-tests until we fix them.
 dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs)
-AC_CHECK_FUNCS([fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime vasprintf],,)
+AC_CHECK_FUNCS([fork inet_ntop inet_pton getrusage getpwuid_r nanosleep daemon getpid clock_gettime iconv localtime fmemopen vasprintf],,)
 if test "$ac_cv_func_vasprintf" != "yes";then
   AC_MSG_CHECKING([for va_copy])
   AC_LINK_IFELSE([AC_LANG_PROGRAM([
diff --git a/lib/global.c b/lib/global.c
index c26543d570..f55851e7ea 100644
--- a/lib/global.c
+++ b/lib/global.c
@@ -38,6 +38,7 @@
 #include <atfork.h>
 #include <system-keys.h>
 #include "str.h"
+#include "global.h"
 
 /* Minimum library versions we accept. */
 #define GNUTLS_MIN_LIBTASN1_VERSION "0.3.4"
@@ -356,6 +357,7 @@ int gnutls_global_init(void)
 
 	_gnutls_register_accel_crypto();
 	_gnutls_cryptodev_init();
+	_gnutls_load_system_priorities();
 
 #ifdef ENABLE_FIPS140
 	/* These self tests are performed on the overriden algorithms
@@ -406,6 +408,7 @@ static void _gnutls_global_deinit(unsigned destructor)
 		_gnutls_cryptodev_deinit();
 
 		_gnutls_supplemental_deinit();
+		_gnutls_unload_system_priorities();
 
 #ifdef ENABLE_PKCS11
 		/* Do not try to deinitialize the PKCS #11 libraries
diff --git a/lib/global.h b/lib/global.h
index e1a8f2e25c..45d8dcaff8 100644
--- a/lib/global.h
+++ b/lib/global.h
@@ -45,4 +45,7 @@ extern int gnutls_crypto_init(void);
 extern void gnutls_crypto_deinit(void);
 extern void _gnutls_tpm_global_deinit(void);
 
+extern void _gnutls_load_system_priorities(void);
+extern void _gnutls_unload_system_priorities(void);
+
 #endif
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index de51dcc60c..4cccd3525a 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1130,8 +1130,9 @@ GNUTLS_PRIVATE_3_4 {
 	_gnutls_mpi_ops;
 	_gnutls_mpi_log;
 	_gnutls_mpi_release;
-	# Internal symbols needed by tests/pkcs12_s2k:
+	# Internal symbols needed by tests/:
 	_gnutls_pkcs12_string_to_key;
 	_gnutls_bin2hex;
 	_gnutls_mac_to_entry;
+	_gnutls_resolve_priorities;
 };
diff --git a/lib/priority.c b/lib/priority.c
index be247be518..4934e3af15 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -34,6 +34,7 @@
 
 #define MAX_ELEMENTS 64
 
+char *_gnutls_resolve_priorities(const char* priorities);
 static void prio_remove(priority_st * priority_list, unsigned int algo);
 static void prio_add(priority_st * priority_list, unsigned int algo);
 static void
@@ -892,6 +893,40 @@ static char *check_str(char *line, size_t line_size, const char *needle, size_t
 	return NULL;
 }
 
+static const char *system_priority_file = SYSTEM_PRIORITY_FILE;
+static char *system_priority_buf = NULL;
+static size_t system_priority_buf_size = 0;
+
+void _gnutls_load_system_priorities(void)
+{
+	gnutls_datum_t data;
+	const char *p;
+	int ret;
+
+	p = getenv("GNUTLS_SYSTEM_PRIORITY_FILE");
+	if (p != NULL)
+		system_priority_file = p;
+
+#ifdef HAVE_FMEMOPEN
+	ret = gnutls_load_file(system_priority_file, &data);
+	if (ret < 0)
+		return;
+
+	system_priority_buf = (char*)data.data;
+	system_priority_buf_size = data.size;
+#endif
+	return;
+}
+
+void _gnutls_unload_system_priorities(void)
+{
+#ifdef HAVE_FMEMOPEN
+	gnutls_free(system_priority_buf);
+#endif
+	system_priority_buf = NULL;
+	system_priority_buf_size = 0;
+}
+
 /* Returns the new priorities if SYSTEM is specified in
  * an allocated string, or just a copy of the provided
  * priorities, appended with any additional present in
@@ -899,7 +934,7 @@ static char *check_str(char *line, size_t line_size, const char *needle, size_t
  *
  * The returned string must be released using free().
  */
-static char *resolve_priorities(const char* priorities)
+char *_gnutls_resolve_priorities(const char* priorities)
 {
 char *p = (char*)priorities;
 char *additional = NULL;
@@ -924,7 +959,11 @@ size_t n, n2 = 0, line_size;
 			ss_len = strlen(ss);
 		}
 
-		fp = fopen(SYSTEM_PRIORITY_FILE, "r");
+#ifdef HAVE_FMEMOPEN
+		fp = fmemopen(system_priority_buf, system_priority_buf_size, "r");
+#endif
+		if (fp == NULL)
+			fp = fopen(system_priority_file, "r");
 		if (fp == NULL) {/* fail */
 			ret = NULL;
 			goto finish;
@@ -1095,7 +1134,7 @@ gnutls_priority_init(gnutls_priority_t * priority_cache,
 	if (priorities == NULL)
 		priorities = "NORMAL";
 
-	darg = resolve_priorities(priorities);
+	darg = _gnutls_resolve_priorities(priorities);
 	if (darg == NULL) {
 		gnutls_assert();
 		goto error;