From f8d7fee58842a11ad7a0386b4e829e36cd6e9432 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 13 Feb 2023 09:58:16 +0100
Subject: [PATCH] pki: Use preference hints when loading keys from store

to avoid the need to login every time.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
---
 src/pki_crypto.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index aca19ce2..9c1f713f 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -2487,6 +2487,7 @@ int pki_uri_import(const char *uri_name,
 #else /* WITH_PKCS11_PROVIDER */
     OSSL_STORE_CTX *store = NULL;
     OSSL_STORE_INFO *info = NULL;
+    int rv, expect_type = OSSL_STORE_INFO_PKEY;
 
     /* The provider can be either configured in openssl.cnf or dynamically
      * loaded, assuming it does not need any special configuration */
@@ -2512,6 +2513,15 @@ int pki_uri_import(const char *uri_name,
                 ERR_error_string(ERR_get_error(), NULL));
         goto fail;
     }
+    if (key_type == SSH_KEY_PUBLIC) {
+        expect_type = OSSL_STORE_INFO_PUBKEY;
+    }
+    rv = OSSL_STORE_expect(store, expect_type);
+    if (rv != 1) {
+        SSH_LOG(SSH_LOG_TRACE,
+                "Failed to set the store preference. Ignoring the error: %s",
+                ERR_error_string(ERR_get_error(), NULL));
+    }
 
     for (info = OSSL_STORE_load(store);
          info != NULL;