pki: Use preference hints when loading keys from store

to avoid the need to login every time. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2026-02-04 12:20:42 +09:00 · 2023-02-13 09:58:16 +01:00
parent 2539d72b7c
commit f8d7fee588
1 changed files with 10 additions and 0 deletions
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -2487,6 +2487,7 @@ int pki_uri_import(const char *uri_name,
 #else /* WITH_PKCS11_PROVIDER */
    OSSL_STORE_CTX *store = NULL;
    OSSL_STORE_INFO *info = NULL;
+    int rv, expect_type = OSSL_STORE_INFO_PKEY;

    /* The provider can be either configured in openssl.cnf or dynamically
     * loaded, assuming it does not need any special configuration */
@@ -2512,6 +2513,15 @@ int pki_uri_import(const char *uri_name,
                ERR_error_string(ERR_get_error(), NULL));
        goto fail;
    }
+    if (key_type == SSH_KEY_PUBLIC) {
+        expect_type = OSSL_STORE_INFO_PUBKEY;
+    }
+    rv = OSSL_STORE_expect(store, expect_type);
+    if (rv != 1) {
+        SSH_LOG(SSH_LOG_TRACE,
+                "Failed to set the store preference. Ignoring the error: %s",
+                ERR_error_string(ERR_get_error(), NULL));
+    }

    for (info = OSSL_STORE_load(store);
         info != NULL;