Hi Wiktor,
> and, more importantly,
> - given EVP_CIPHER_CTX object and the length of the input buffer, is
> it possible to calculate the needed output buffer size without
> explicitly keeping external state?
I may not have understood your question, but, as stated in [1], isn't :
"the amount of data written can be anything from zero bytes to (inl + cipher_block_size) bytes" (at a maximum)
what you are asking for ?
Resulting in cipher_block_size bytes needed (at max, may be 0) when calling EVP_CipherFinal() ?
>From : https://www.openssl.org/docs/manmaster/man3/EVP_EncryptUpdate.html
“The encrypted final data is written to out which should have sufficient space for one cipher block”.
Hope this helps,
Regards,
Michel.
[1]: https://mta.openssl.org/pipermail/openssl-users/2022-November/015623.html
