| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Marco(dot)Lebahn(at)kfw(dot)de, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big |
| Date: | 2025-11-28 18:36:47 |
| Message-ID: | 7D06DFB4-49AE-44C3-80B1-69AFF15FF44D@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> On 28 Nov 2025, at 19:29, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> On 28 Nov 2025, at 11:38, <Marco(dot)Lebahn(at)kfw(dot)de> <Marco(dot)Lebahn(at)kfw(dot)de> wrote:
>>> It seems that < 16.11 does and not check if I use "bf" from legacy provider
>
>> OpenSSL doesn't support blowfish without the legacy provider loaded. Your
>> 16.10 is most likely linked against another version of OpenSSL, or at least
>> using another OpenSSL configuration/openssldir.
>
> It seems quite odd that this changed at a minor PG version update.
> I wonder if there was an upgrade of the underlying platform at the
> same time, or if the new version was built by a different packager.
Agreed, there must have been something else changing at the same time.
> I confirmed on a fresh Fedora installation (with OpenSSL 3.2.6)
> that it works as Daniel described. Blowfish and other old ciphers
> don't work with the out-of-the-box OpenSSL configuration, but if
> you edit `openssl info -configdir`/openssl.cnf and uncomment the
> lines that enable the legacy provider, it will work.
Thanks for confirming!
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2025-11-28 21:07:39 | BUG #19337: Errors during downloading metadata for repository pgdg-rhel9-extras |
| Previous Message | Tom Lane | 2025-11-28 18:29:21 | Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big |