Thread

  1. Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big

    Daniel Gustafsson <daniel@yesql.se> — 2025-11-28T18:36:47Z

    > On 28 Nov 2025, at 19:29, Tom Lane <tgl@sss.pgh.pa.us> wrote:
    > 
    > Daniel Gustafsson <daniel@yesql.se> writes:
    >> On 28 Nov 2025, at 11:38, <Marco.Lebahn@kfw.de> <Marco.Lebahn@kfw.de> wrote:
    >>> It seems that < 16.11 does and not check if I use "bf" from legacy provider
    > 
    >> OpenSSL doesn't support blowfish without the legacy provider loaded.  Your
    >> 16.10 is most likely linked against another version of OpenSSL, or at least
    >> using another OpenSSL configuration/openssldir.
    > 
    > It seems quite odd that this changed at a minor PG version update.
    > I wonder if there was an upgrade of the underlying platform at the
    > same time, or if the new version was built by a different packager.
    
    Agreed, there must have been something else changing at the same time.
    
    > I confirmed on a fresh Fedora installation (with OpenSSL 3.2.6)
    > that it works as Daniel described.  Blowfish and other old ciphers
    > don't work with the out-of-the-box OpenSSL configuration, but if
    > you edit `openssl info -configdir`/openssl.cnf and uncomment the
    > lines that enable the legacy provider, it will work.
    
    Thanks for confirming!
    
    --
    Daniel Gustafsson