From 1ddfa8e4809f4364ea7323026136ce8d0b0c6cff Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 27 Sep 2021 16:08:39 +0200 Subject: NTLM: use DES_set_key_unchecked with OpenSSL ... as the previously used function DES_set_key() will in some cases reject using a key that it deems "weak" which will cause curl to continue using the unitialized buffer content as key instead. Assisted-by: Harry Sintonen Fixes #7779 Closes #7781 --- lib/curl_ntlm_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index 749b44e4a..70e360f24 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -150,7 +150,7 @@ static void setup_des_key(const unsigned char *key_56, DES_set_odd_parity(&key); /* Set the key */ - DES_set_key(&key, ks); + DES_set_key_unchecked(&key, ks); } #elif defined(USE_GNUTLS) -- cgit v1.2.1