On Mon, 2021-09-27 at 15:15 -0400, Ken Goldman wrote: > Does it make sense to initialize the context once and then use it > multiple times, or is cleaner to create a new one from the raw key > byte string each time? It is not necessary. The reinitialization is supported to avoid recreating key schedule if the key used is the same. > I've seen sample code that uses this to 'reset' the context for a new > encryption. > > EVP_EncryptInit_ex2(e, NULL, NULL, NULL, NULL); > > 1. Is this guaranteed? Documented? We do not change the behavior of existing operations and modes (or at least not intentionally). This call is even tested at least for some ciphers and modes. However the documentation of it is missing. > 2. Does the iv get reset as well? Only for some modes (namely CBC, CFB, OFB) due to history. > 3. Is the padding retained, or must I call > EVP_CIPHER_CTX_set_padding() again? It should be retained. It is initialized only when a new key is set. -- Tomáš Mráz No matter how far down the wrong road you've gone, turn back. Turkish proverb [You'll know whether the road is wrong if you carefully listen to your conscience.]