pki: Avoild false positive matches when comparing certificates in mbedtls and gcrypt

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2026-02-04 12:20:42 +09:00 · 2025-12-12 16:36:43 +01:00
parent 5c496acef7
commit 0d5a2652b4
2 changed files with 2 additions and 2 deletions
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -1409,7 +1409,7 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
    case SSH_KEYTYPE_SK_ED25519:
    case SSH_KEYTYPE_SK_ED25519_CERT01:
        /* ed25519 keys handled globally */
-        return 0;
+        return 1;
    case SSH_KEYTYPE_ECDSA_P256:
    case SSH_KEYTYPE_ECDSA_P256_CERT01:
    case SSH_KEYTYPE_ECDSA_P384:
--- a/src/pki_mbedcrypto.c
+++ b/src/pki_mbedcrypto.c
@@ -782,7 +782,7 @@ int pki_key_compare(const ssh_key k1, const ssh_key k2, enum ssh_keycmp_e what)
        case SSH_KEYTYPE_ED25519:
        case SSH_KEYTYPE_SK_ED25519:
            /* ed25519 keys handled globally */
-            rc = 0;
+            rc = 1;
            break;
        default:
            rc = 1;