pki: Avoild false positive matches when comparing certificates in mbedtls and gcrypt

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 0d5a2652b4)
2026-02-05 12:50:30 +09:00 · 2025-12-12 16:36:43 +01:00
parent 99957fb561
commit 03b29a6874
2 changed files with 2 additions and 2 deletions
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1355,7 +1355,7 @@ int pki_key_compare(const ssh_key k1,
        case SSH_KEYTYPE_SK_ED25519:
        case SSH_KEYTYPE_SK_ED25519_CERT01:
            /* ed25519 keys handled globally */
-            return 0;
+            return 1;
        case SSH_KEYTYPE_ECDSA_P256:
        case SSH_KEYTYPE_ECDSA_P256_CERT01:
        case SSH_KEYTYPE_ECDSA_P384:
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -782,7 +782,7 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
        case SSH_KEYTYPE_ED25519:
        case SSH_KEYTYPE_SK_ED25519:
            /* ed25519 keys handled globally */
-            rc = 0;
+            rc = 1;
            break;
        default:
            rc = 1;