Project

General

Profile

Actions
Copy link

Bug #6939

closed

Uninformative exception in FIPS mode

Bug #6939: Uninformative exception in FIPS mode

Added by vo.x (Vit Ondruch) about 13 years ago. Updated almost 13 years ago.

Status:
Third Party's Issue
Assignee:
MartinBosslet (Martin Bosslet)
Target version:
-
ruby -v:
trunk
Backport:
[ruby-core:47327]

Description

cat /proc/sys/crypto/fips_enabled

1
]# irb
irb(main):001:0> require 'openssl'
=> true
irb(main):002:0> OpenSSL::PKey::DH.new(1024)
=> -----BEGIN DH PARAMETERS-----
MIGHAoGBAMjWrD9U8wfqxMEMPBaBnihhTJb6CGgy7Auy1Aark27nFER3RuYY4ZXC
2lZ11/mDhyymW/LPNr8cupYgs5AsZttguT/zhpr6j2sobnjkcvj8T6FkQ42TC4Dw
PS+O+Mdvz1BP8ZUWXV8QBxyxCKCanPVWvPGI8tC5amj9QM66VyUTAgEC
-----END DH PARAMETERS-----

irb(main):003:0> OpenSSL::PKey::DH.new(128)
OpenSSL::PKey::DHError: BN lib
from (irb):3:in initialize' from (irb):3:in new'
from (irb):3
from /bin/irb:12:in `'
irb(main):004:0>

Could you please provide better exception message? While it is fine that DH.new fails with short key, it is not obvious from the message what is the reason. Thank you.

Actions
Copy link

Also available in: PDF Atom