OpenSSL exposes a uniform interface for encryption and decryption called "EVP". EVP functions generally accept an input, input length, and and output buffer and an output length(outl). EVP will process every byte in the input, and write it into the output. The exact cipher being used will determine how many bytes will be written into the output. For example, stream ciphers will generally add no overhead, while block ciphers can create as much as a block's worth of extra data. According to the OpenSSL documentation, OpenSSL will return however many bytes were written into the output buffer into outl. It does not appear to actually read data from this argument, and their example code shows the address of an uninitialized int being passed into EVP_EncryptUpdate.

While there are no known issues due to this behaviour, the Apple and Windows cryptography implementations appear to accept the size of the output buffer in their encryption/decryption routines and likely enforce invariants.

We should attempt to compute however many bytes we believe OpenSSL will consume from the output buffer, and throw a bad Status if it would overrun, before invoking EVP methods.