From 38f3d158f663cef68e8f83d7713f3df571d3dfb8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 12 Dec 2025 16:37:20 +0100
Subject: [PATCH] pki: Fix comparing public key of certificate

When the first key object is a certificate object, this match will
fall through to the generic key comparison that is unable to handle
the ed25519 keys and fails.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/pki.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pki.c b/src/pki.c
index 465fcc8a..5e762834 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -903,9 +903,9 @@ int ssh_key_cmp(const ssh_key k1,
     }
 
 #ifndef HAVE_LIBCRYPTO
-    if (k1->type == SSH_KEYTYPE_ED25519) {
+    if (ssh_key_type_plain(k1->type) == SSH_KEYTYPE_ED25519) {
         return pki_ed25519_key_cmp(k1, k2, what);
-    } else if (k1->type == SSH_KEYTYPE_SK_ED25519) {
+    } else if (ssh_key_type_plain(k1->type) == SSH_KEYTYPE_SK_ED25519) {
         return pki_ed25519_key_cmp(k1, k2, SSH_KEY_CMP_PUBLIC);
     }
 #endif