Fix output buffer check introduced in #1733

Sadly the condition used to relax output buffer checks that depended
on the `num` parameter does not really hold so this change effectively
reverts PR #1733.

As clarified on the OpenSSL mailing list [0] and during integration tests
the `num` parameter does not reflect the internal buffer cache size thus
one needs to pessimistically assume that each call to `cipher_update`
will need sufficient size to contain one additional block. Streaming
ciphers are not affected by this revert.

[0]: https://mta.openssl.org/pipermail/openssl-users/2022-December/015727.html