Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big

> On 28 Nov 2025, at 10:31, <Marco(dot)Lebahn(at)kfw(dot)de> <Marco(dot)Lebahn(at)kfw(dot)de> wrote:
>
> We don't change anything in the openssl packages or config - we patch only the postgresql-server from 16.10 to 16.11
>
> aes works fine - bf does not work anymore

Then something has changed in your OpenSSL environment without your knowing,
either via the packaging or externally to that. Below I run PostgreSQL 16.11
with OpenSSL 3.0 without the legacy provider:

$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.0.9
status: active

$ psql postgres
psql (16.11)
Type "help" for help.

postgres=# SELECT encrypt('sdafgsdfgsdafgasdf', 'thelongkeyfoobar', 'bf');
ERROR: encrypt error: Cipher cannot be initialized

Now with the legacy provider enabled:

$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.0.9
status: active
legacy
name: OpenSSL Legacy Provider
version: 3.0.9
status: active

$ psql postgres
psql (16.11)
Type "help" for help.

postgres=# SELECT encrypt('sdafgsdfgsdafgasdf', 'thelongkeyfoobar', 'bf');
encrypt
----------------------------------------------------
\x74a761b105fbc8f535f666e952e00018deb1349fbf27a87b
(1 row)

--
Daniel Gustafsson