diff --git a/pkcs12/crypto.go b/pkcs12/crypto.go
index 484ca51b71..96f4a1a56e 100644
--- a/pkcs12/crypto.go
+++ b/pkcs12/crypto.go
@@ -117,7 +117,7 @@ func pbDecrypt(info decryptable, password []byte) (decrypted []byte, err error)
 	}
 	ps := decrypted[len(decrypted)-psLen:]
 	decrypted = decrypted[:len(decrypted)-psLen]
-	if bytes.Compare(ps, bytes.Repeat([]byte{byte(psLen)}, psLen)) != 0 {
+	if !bytes.Equal(ps, bytes.Repeat([]byte{byte(psLen)}, psLen)) {
 		return nil, ErrDecryption
 	}
 
diff --git a/ssh/agent/client.go b/ssh/agent/client.go
index eb6bc71792..a2fa36f160 100644
--- a/ssh/agent/client.go
+++ b/ssh/agent/client.go
@@ -731,7 +731,7 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
 	if err != nil {
 		return err
 	}
-	if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
+	if !bytes.Equal(cert.Key.Marshal(), signer.PublicKey().Marshal()) {
 		return errors.New("agent: signer and cert have different public key")
 	}
 
diff --git a/ssh/certs.go b/ssh/certs.go
index 4600c20772..fc04d03e19 100644
--- a/ssh/certs.go
+++ b/ssh/certs.go
@@ -251,7 +251,7 @@ type algorithmOpenSSHCertSigner struct {
 // private key is held by signer. It returns an error if the public key in cert
 // doesn't match the key used by signer.
 func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
-	if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
+	if !bytes.Equal(cert.Key.Marshal(), signer.PublicKey().Marshal()) {
 		return nil, errors.New("ssh: signer and cert have different public key")
 	}