EVP_EncryptInit_ex2() operation

Tomas Mraz tomas at openssl.org
Tue Sep 28 07:12:26 UTC 2021

On Mon, 2021-09-27 at 15:15 -0400, Ken Goldman wrote:
> Does it make sense to initialize the context once and then use it
> multiple times, or is cleaner to create a new one from the raw key
> byte string each time?

It is not necessary. The reinitialization is supported to avoid
recreating key schedule if the key used is the same.

> I've seen sample code that uses this to 'reset' the context for a new
> encryption.
>         EVP_EncryptInit_ex2(e, NULL, NULL, NULL, NULL);
> 1. Is this guaranteed?  Documented?

We do not change the behavior of existing operations and modes (or at
least not intentionally). This call is even tested at least for some
ciphers and modes. However the documentation of it is missing.

> 2. Does the iv get reset as well?

Only for some modes (namely CBC, CFB, OFB) due to history.

> 3. Is the padding retained, or must I call
> EVP_CIPHER_CTX_set_padding() again?

It should be retained. It is initialized only when a new key is set.

Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your

More information about the openssl-users mailing list