Home > mailing lists

Re: BUG #17796: pgcrypto undecryptable blowfish data previous stored with openssl 1.1.1 with builtin decrypter one - Mailing list pgsql-bugs

From	Daniel Gustafsson
Subject	Re: BUG #17796: pgcrypto undecryptable blowfish data previous stored with openssl 1.1.1 with builtin decrypter one
Date	February 15, 2023 16:25:59
Msg-id	AE5DB690-E8EE-4E4C-917D-10ED65418459@yesql.se Whole thread Raw
In response to	BUG #17796: pgcrypto undecryptable blowfish data previous stored with openssl 1.1.1 with builtin decrypter one (PG Bug reporting form <noreply@postgresql.org>)
Responses	Re: BUG #17796: pgcrypto undecryptable blowfish data previous stored with openssl 1.1.1 with builtin decrypter one
List	pgsql-bugs

Tree view

> On 15 Feb 2023, at 13:15, PG Bug reporting form <noreply@postgresql.org> wrote:

> So, the problem seems that the builtin bf cipher implementation cannot
> decode the openssl one.

The internal implementation only support $2a$ hashes, are the OpenSSL hashes
$2b$ by any chance? The prefix of the hash includes this version number.

There is a patch floating around for improving blowfish support in pgcrypto but
it hasn't made its way in.

> Side note: if I enable legacy mode in openssl3 all works fine and pgcrypto
> use the openssl chiper, oblivious.
>
> Can it be solved?

If you relied on Blowfish in OpenSSL 1.1.1 then enabling the legacy provider in
OpenSSL 3.x, or downgrading to OpenSSL 1.1.1 is a solution.

--
Daniel Gustafsson

pgsql-bugs by date:

From: PG Bug reporting form
Date: 15 February 2023, 15:15:53
Subject: BUG #17796: pgcrypto undecryptable blowfish data previous stored with openssl 1.1.1 with builtin decrypter one

From: "agharta82@gmail.com"
Date: 15 February 2023, 17:03:49
Subject: Re: BUG #17796: pgcrypto undecryptable blowfish data previous stored with openssl 1.1.1 with builtin decrypter one

Re: BUG #17796: pgcrypto undecryptable blowfish data previous stored with openssl 1.1.1 with builtin decrypter one - Mailing list pgsql-bugs

Previous

Next