SSL, getting an upper bound on the length of a decoded message based on the encoded message

Simply put, when given an encoded message of length n, is there anyway I can bound in advance the length of the decoded message (for memory allocation purposes)?

I thought that the length of the message added to the length of the 开发者_开发知识库cipher bits should be enough, but apparently it isn't...

Thanks in advance

No, since SSL supports compression.

Also, I'm not sure exactly what you're coding, but typically you have no idea what the length of the encoded message is. You can't assume that whatever chunk of data you just handed the SSL engine is the entire encoded message -- it can just be part of it.

In theory the cyphertext is at most (IV + plaintext + padding), where the IV and the padding are up to one block each. In practice things may be different: the plaintext may be zipped and automatically expanded on decompression. Or, as David said, the cyphertext may be split into chunks, each sent separately.

Better to use some flexible container to receive the message and later resize to the appropriate fixed size container if you need to. It is easier to avoid buffer overflow that way as well.