Dare I ask... why not just use the OpenSSL binary?

That't my plan B. or C.

cons (for me):
1. that would be probably slow if you have a lot of small files (process creation overhead)
2. I need to use custom key and IV (-K and -iv options for openssl "enc" command)
That options are visible in command line, thus it's considered unsecure, I don't see the way it can be hidden (unlike, say, option "-k" can be hidden using --kfile)