[openssl/openssl] 59147c: BIO_f_cipher(): Increase internal buffer size used...
0 views
Skip to first unread message
Shane
Feb 6, 2026, 2:43:37 AM (yesterday) Feb 6
to openssl...@openssl.org
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 59147c96d2f010e5dd9d34fafef089b55ad4b5bb
https://github.com/openssl/openssl/commit/59147c96d2f010e5dd9d34fafef089b55ad4b5bb
Author: slontis <shane....@oracle.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
M crypto/evp/bio_enc.c
M doc/man3/BIO_f_cipher.pod
Log Message:
-----------
BIO_f_cipher(): Increase internal buffer size used by CipherUpdate()
Previously running the commandline "openssl enc -id-aes256-wrap-pad ...'
with a large PQ private key failed since AES-WRAP is not streamable,
and multiple calls to CipherUpdate() are not allowed. Increasing the
size causes CipherUpdate() to only be called once.
The size of the buffer has been changed from 4K to 8K.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Paul Dale <paul...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29940)
Commit: ca8a2bd6186f5478d0b8e03af90d6d1f6cd87161
https://github.com/openssl/openssl/commit/ca8a2bd6186f5478d0b8e03af90d6d1f6cd87161
Author: slontis <shane....@oracle.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
M providers/implementations/ciphers/cipher_aes_wrp.c
Log Message:
-----------
AES-WRAP fixes.
Partially fixes issue in Discussion 22861
AES-WRAP pad is documented as only working for non streaming cases.
It did not however enforce this, so a user could potentially
wrap something incorrectly without an error and then not be able to
unwrap it without an error. The code now checks that update is only
called once.
An internal function returned an int which could be negative for bad
input values, and the return value was assigned to a size_t which
ignored the error condition.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Paul Dale <paul...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29940)
Commit: baf4156f7052cf5fa08aaf5187dc1f5d25e49664
https://github.com/openssl/openssl/commit/baf4156f7052cf5fa08aaf5187dc1f5d25e49664
Author: slontis <shane....@oracle.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
A test/aeswrap_test.c
M test/build.info
A test/recipes/05-test_aes_wrap.t
M test/recipes/15-test_ml_dsa_codecs.t
Log Message:
-----------
AES-WRAP: Add tests
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Paul Dale <paul...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29940)
Compare: https://github.com/openssl/openssl/compare/cb095dd51377...baf4156f7052
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 59147c96d2f010e5dd9d34fafef089b55ad4b5bb
https://github.com/openssl/openssl/commit/59147c96d2f010e5dd9d34fafef089b55ad4b5bb
Author: slontis <shane....@oracle.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
M crypto/evp/bio_enc.c
M doc/man3/BIO_f_cipher.pod
Log Message:
-----------
BIO_f_cipher(): Increase internal buffer size used by CipherUpdate()
Previously running the commandline "openssl enc -id-aes256-wrap-pad ...'
with a large PQ private key failed since AES-WRAP is not streamable,
and multiple calls to CipherUpdate() are not allowed. Increasing the
size causes CipherUpdate() to only be called once.
The size of the buffer has been changed from 4K to 8K.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Paul Dale <paul...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29940)
Commit: ca8a2bd6186f5478d0b8e03af90d6d1f6cd87161
https://github.com/openssl/openssl/commit/ca8a2bd6186f5478d0b8e03af90d6d1f6cd87161
Author: slontis <shane....@oracle.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
M providers/implementations/ciphers/cipher_aes_wrp.c
Log Message:
-----------
AES-WRAP fixes.
Partially fixes issue in Discussion 22861
AES-WRAP pad is documented as only working for non streaming cases.
It did not however enforce this, so a user could potentially
wrap something incorrectly without an error and then not be able to
unwrap it without an error. The code now checks that update is only
called once.
An internal function returned an int which could be negative for bad
input values, and the return value was assigned to a size_t which
ignored the error condition.
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Paul Dale <paul...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29940)
Commit: baf4156f7052cf5fa08aaf5187dc1f5d25e49664
https://github.com/openssl/openssl/commit/baf4156f7052cf5fa08aaf5187dc1f5d25e49664
Author: slontis <shane....@oracle.com>
Date: 2026-02-06 (Fri, 06 Feb 2026)
Changed paths:
A test/aeswrap_test.c
M test/build.info
A test/recipes/05-test_aes_wrap.t
M test/recipes/15-test_ml_dsa_codecs.t
Log Message:
-----------
AES-WRAP: Add tests
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
Reviewed-by: Paul Dale <paul...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29940)
Compare: https://github.com/openssl/openssl/compare/cb095dd51377...baf4156f7052
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages