Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Marco.Lebahn@kfw.de
Cc: pgsql-bugs@lists.postgresql.org
Date: 2025-11-28T09:56:27Z
Lists: pgsql-bugs
> On 28 Nov 2025, at 10:31, <Marco.Lebahn@kfw.de> <Marco.Lebahn@kfw.de> wrote:
> 
> We don't change anything in the openssl packages or config - we patch only the postgresql-server from 16.10 to 16.11
> 
> aes works fine - bf does not work anymore

Then something has changed in your OpenSSL environment without your knowing,
either via the packaging or externally to that.  Below I run PostgreSQL 16.11
with OpenSSL 3.0 without the legacy provider:

$ openssl list -providers
Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.9
    status: active

$ psql postgres
psql (16.11)
Type "help" for help.

postgres=# SELECT encrypt('sdafgsdfgsdafgasdf', 'thelongkeyfoobar', 'bf');
ERROR:  encrypt error: Cipher cannot be initialized

Now with the legacy provider enabled:

$ openssl list -providers
Providers:
  default
    name: OpenSSL Default Provider
    version: 3.0.9
    status: active
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.9
    status: active

$ psql postgres
psql (16.11)
Type "help" for help.

postgres=# SELECT encrypt('sdafgsdfgsdafgasdf', 'thelongkeyfoobar', 'bf');
                      encrypt
----------------------------------------------------
 \x74a761b105fbc8f535f666e952e00018deb1349fbf27a87b
(1 row)

--
Daniel Gustafsson