Thread

  1. Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big

    Daniel Gustafsson <daniel@yesql.se> — 2025-11-28T09:56:27Z

    > On 28 Nov 2025, at 10:31, <Marco.Lebahn@kfw.de> <Marco.Lebahn@kfw.de> wrote:
    > 
    > We don't change anything in the openssl packages or config - we patch only the postgresql-server from 16.10 to 16.11
    > 
    > aes works fine - bf does not work anymore
    
    Then something has changed in your OpenSSL environment without your knowing,
    either via the packaging or externally to that.  Below I run PostgreSQL 16.11
    with OpenSSL 3.0 without the legacy provider:
    
    $ openssl list -providers
    Providers:
      default
        name: OpenSSL Default Provider
        version: 3.0.9
        status: active
    
    $ psql postgres
    psql (16.11)
    Type "help" for help.
    
    postgres=# SELECT encrypt('sdafgsdfgsdafgasdf', 'thelongkeyfoobar', 'bf');
    ERROR:  encrypt error: Cipher cannot be initialized
    
    Now with the legacy provider enabled:
    
    $ openssl list -providers
    Providers:
      default
        name: OpenSSL Default Provider
        version: 3.0.9
        status: active
      legacy
        name: OpenSSL Legacy Provider
        version: 3.0.9
        status: active
    
    $ psql postgres
    psql (16.11)
    Type "help" for help.
    
    postgres=# SELECT encrypt('sdafgsdfgsdafgasdf', 'thelongkeyfoobar', 'bf');
                          encrypt
    ----------------------------------------------------
     \x74a761b105fbc8f535f666e952e00018deb1349fbf27a87b
    (1 row)
    
    --
    Daniel Gustafsson