pki: Add support for comparing certificates

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2025-11-29 01:03:57 +03:00 · 2023-09-22 22:57:32 +02:00
parent 16ebd4597e
commit 44de06e8db
3 changed files with 22 additions and 1 deletions
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -295,7 +295,8 @@ enum ssh_keytypes_e{

 enum ssh_keycmp_e {
  SSH_KEY_CMP_PUBLIC = 0,
-  SSH_KEY_CMP_PRIVATE
+  SSH_KEY_CMP_PRIVATE = 1,
+  SSH_KEY_CMP_CERTIFICATE = 2,
 };

 #define SSH_ADDRSTRLEN 46
--- a/src/pki.c
+++ b/src/pki.c
@@ -685,6 +685,22 @@ int ssh_key_cmp(const ssh_key k1,
        }
    }

+    if (what == SSH_KEY_CMP_CERTIFICATE) {
+        if (!is_cert_type(k1->type) ||
+            !is_cert_type(k2->type)) {
+            return 1;
+        }
+        if (k1->cert == NULL || k2->cert == NULL) {
+            return 1;
+        }
+        if (ssh_buffer_get_len(k1->cert) != ssh_buffer_get_len(k2->cert)) {
+            return 1;
+        }
+        return memcmp(ssh_buffer_get(k1->cert),
+                      ssh_buffer_get(k2->cert),
+                      ssh_buffer_get_len(k1->cert));
+    }
+
    if (k1->type == SSH_KEYTYPE_ED25519 ||
        k1->type == SSH_KEYTYPE_SK_ED25519) {
        return pki_ed25519_key_cmp(k1, k2, what);
--- a/src/pki_ed25519_common.c
+++ b/src/pki_ed25519_common.c
@@ -121,6 +121,10 @@ int pki_ed25519_key_cmp(const ssh_key k1,
        if (cmp != 0) {
            return 1;
        }
+        break;
+    case SSH_KEY_CMP_CERTIFICATE:
+        /* handled globally */
+        return 1;
    }

    return 0;