Remove null byte from PEM files (#3885)

microsoft · May 25, 2022 · 722c8f9 · 722c8f9
1 parent 31fe749
commit 722c8f9
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 4 deletions.
diff --git a/.daily_canary b/.daily_canary
@@ -1 +1 @@
-Nice rice
+Nice rice, mice
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Changed
 
+- Node and service PEM certificates no longer contain a trailing null byte.
+
 ### Added
 
 - The node-to-node interface configuration now supports a `published_address` to enable networks with nodes running in different (virtual) subnets (#3867).

diff --git a/include/ccf/crypto/pem.h b/include/ccf/crypto/pem.h
@@ -74,8 +74,7 @@ namespace crypto
 
     size_t size() const
     {
-      // +1 for null termination
-      return s.size() + 1;
+      return s.size();
     }
 
     bool empty() const

diff --git a/tests/infra/consortium.py b/tests/infra/consortium.py
@@ -715,8 +715,12 @@ def check_for_service(self, remote_node, status):
                 os.path.join(self.common_dir, "service_cert.pem")
             )
 
+            # Certs previously contained a terminating null byte. Strip it for comparison.
+            current_cert = current_cert.strip("\x00")
+            expected_cert = expected_cert.strip("\x00")
+
             assert (
-                current_cert == expected_cert[:-1]
+                current_cert == expected_cert
             ), "Current service certificate did not match with service_cert.pem"
             assert (
                 current_status == status.value