diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
index 171605a683de..1e805d235aa2 100644
--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
@@ -17,7 +17,7 @@
 class _CipherContext(object):
     _ENCRYPT = 1
     _DECRYPT = 0
-    _MAX_CHUNK_SIZE = 2 ** 31
+    _MAX_CHUNK_SIZE = 2 ** 31 - 1
 
     def __init__(self, backend, cipher, mode, operation):
         self._backend = backend
diff --git a/tests/hazmat/primitives/test_ciphers.py b/tests/hazmat/primitives/test_ciphers.py
index 104e679e54a6..4d82f0c13f42 100644
--- a/tests/hazmat/primitives/test_ciphers.py
+++ b/tests/hazmat/primitives/test_ciphers.py
@@ -333,3 +333,12 @@ def test_update_into_auto_chunking(self, backend, monkeypatch):
         decbuf = bytearray(527)
         decprocessed = decryptor.update_into(buf[:processed], decbuf)
         assert decbuf[:decprocessed] == pt
+
+    def test_max_chunk_size_fits_in_int32(self, backend):
+        # max chunk must fit in signed int32 or else a call large enough to
+        # cause chunking will result in the very OverflowError we want to
+        # avoid with chunking.
+        key = b"\x00" * 16
+        c = ciphers.Cipher(AES(key), modes.ECB(), backend)
+        encryptor = c.encryptor()
+        backend._ffi.new("int *", encryptor._ctx._MAX_CHUNK_SIZE)