Fix applying DES-CBC when using OpenSSL 3

After calling `#final` on the cipher object, it will return garbage from that moment forward. The cipher object can therefore not be reused in the iteration over keys. Reinitialize it everytime instead. This seems to be new behaviour in Ruby/OpenSSL3. See also: https://ruby.github.io/openssl/OpenSSL/Cipher.html#class-OpenSSL::Cipher-label-Calling+Cipher-23final
WinRb · May 4, 2022 · 4fd8f1b · 4fd8f1b
1 parent 719b1d3
commit 4fd8f1b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/net/ntlm.rb b/lib/net/ntlm.rb
@@ -123,9 +123,9 @@ def gen_keys(str)
       end
 
       def apply_des(plain, keys)
-        dec = OpenSSL::Cipher.new("des-cbc").encrypt
-        dec.padding = 0
         keys.map {|k|
+          dec = OpenSSL::Cipher.new("des-cbc").encrypt
+          dec.padding = 0
           dec.key = k
           dec.update(plain) + dec.final
         }