Commit 59147c96d2 for openssl.org
commit 59147c96d2f010e5dd9d34fafef089b55ad4b5bb
Author: slontis <shane.lontis@oracle.com>
Date: Thu Feb 5 09:28:34 2026 +1100
BIO_f_cipher(): Increase internal buffer size used by CipherUpdate()
Previously running the commandline "openssl enc -id-aes256-wrap-pad ...'
with a large PQ private key failed since AES-WRAP is not streamable,
and multiple calls to CipherUpdate() are not allowed. Increasing the
size causes CipherUpdate() to only be called once.
The size of the buffer has been changed from 4K to 8K.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29940)
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index 0daa5bccc3..dc09c0773f 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -22,7 +22,12 @@ static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int enc_new(BIO *h);
static int enc_free(BIO *data);
static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps);
-#define ENC_BLOCK_SIZE (1024 * 4)
+/*
+ * ENC_BLOCK_SIZE has been sized to handle ciphers that do not support streaming.
+ * i.e. For AES Key wrapping of larger PQ private keys the buffer needs to be
+ * large enough to process the input/output in one EVP_CipherUpdate() call.
+ */
+#define ENC_BLOCK_SIZE (1024 * 8)
#define ENC_MIN_CHUNK (256)
#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH)
diff --git a/doc/man3/BIO_f_cipher.pod b/doc/man3/BIO_f_cipher.pod
index cb6b14a0c0..f733f12cf6 100644
--- a/doc/man3/BIO_f_cipher.pod
+++ b/doc/man3/BIO_f_cipher.pod
@@ -58,6 +58,10 @@ should be called to determine if the decrypt was successful.
As always, if BIO_gets() or BIO_puts() support is needed then it can
be achieved by preceding the cipher BIO with a buffering BIO.
+BIO_f_cipher() uses a fixed size buffer when calling EVP_CipherUpdate(),
+which is a potential point of failure for ciphers that do not support
+streaming (such as AES-WRAP).
+
=head1 RETURN VALUES
BIO_f_cipher() returns the cipher BIO method.
@@ -71,7 +75,7 @@ BIO_get_cipher_ctx() returns 1 for success and <=0 for failure.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy