Thread
-
Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big
Daniel Gustafsson <daniel@yesql.se> — 2025-11-28T09:56:27Z
> On 28 Nov 2025, at 10:31, <Marco.Lebahn@kfw.de> <Marco.Lebahn@kfw.de> wrote: > > We don't change anything in the openssl packages or config - we patch only the postgresql-server from 16.10 to 16.11 > > aes works fine - bf does not work anymore Then something has changed in your OpenSSL environment without your knowing, either via the packaging or externally to that. Below I run PostgreSQL 16.11 with OpenSSL 3.0 without the legacy provider: $ openssl list -providers Providers: default name: OpenSSL Default Provider version: 3.0.9 status: active $ psql postgres psql (16.11) Type "help" for help. postgres=# SELECT encrypt('sdafgsdfgsdafgasdf', 'thelongkeyfoobar', 'bf'); ERROR: encrypt error: Cipher cannot be initialized Now with the legacy provider enabled: $ openssl list -providers Providers: default name: OpenSSL Default Provider version: 3.0.9 status: active legacy name: OpenSSL Legacy Provider version: 3.0.9 status: active $ psql postgres psql (16.11) Type "help" for help. postgres=# SELECT encrypt('sdafgsdfgsdafgasdf', 'thelongkeyfoobar', 'bf'); encrypt ---------------------------------------------------- \x74a761b105fbc8f535f666e952e00018deb1349fbf27a87b (1 row) -- Daniel Gustafsson