From: "MartinBosslet (Martin Bosslet)" Date: 2012-12-20T10:22:41+09:00 Subject: [ruby-core:50996] [ruby-trunk - Bug #6939][Third Party's Issue] Uninformative exception in FIPS mode Issue #6939 has been updated by MartinBosslet (Martin Bosslet). Status changed from Assigned to Third Party's Issue This is indeed a third party issue. The exception message (or better, the lack thereof) is generated by OpenSSL. They're fine for RSA, DSA and EC ("key too short"), but miserable for DH, agreed. I really wouldn't want to start to improve OpenSSL error messages in the Ruby extension, that's not where this belongs IMHO. We could try to open an issue on the OpenSSL tracker, though. Closing as TPI for now, please feel free to reopen if your opinions differ from mine. ---------------------------------------- Bug #6939: Uninformative exception in FIPS mode https://bugs.ruby-lang.org/issues/6939#change-34881 Author: vo.x (Vit Ondruch) Status: Third Party's Issue Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: Target version: ruby -v: trunk # cat /proc/sys/crypto/fips_enabled 1 ]# irb irb(main):001:0> require 'openssl' => true irb(main):002:0> OpenSSL::PKey::DH.new(1024) => -----BEGIN DH PARAMETERS----- MIGHAoGBAMjWrD9U8wfqxMEMPBaBnihhTJb6CGgy7Auy1Aark27nFER3RuYY4ZXC 2lZ11/mDhyymW/LPNr8cupYgs5AsZttguT/zhpr6j2sobnjkcvj8T6FkQ42TC4Dw PS+O+Mdvz1BP8ZUWXV8QBxyxCKCanPVWvPGI8tC5amj9QM66VyUTAgEC -----END DH PARAMETERS----- irb(main):003:0> OpenSSL::PKey::DH.new(128) OpenSSL::PKey::DHError: BN lib from (irb):3:in `initialize' from (irb):3:in `new' from (irb):3 from /bin/irb:12:in `
' irb(main):004:0> Could you please provide better exception message? While it is fine that DH.new fails with short key, it is not obvious from the message what is the reason. Thank you. -- http://bugs.ruby-lang.org/