The encrypt and decrypt path each appear to initialize an EVP_CIPHER_CTX twice using the same content key, which may represent a redundant AES key schedule. Re-using this context could avoid a redundant key schedule. This would likely require some refactoring of the aws_cryptosdk_session and the encrypt/decrypt paths, as well as the corresponding proofs.
The encrypt and decrypt path each appear to initialize an EVP_CIPHER_CTX twice using the same content key, which may represent a redundant AES key schedule. Re-using this context could avoid a redundant key schedule. This would likely require some refactoring of the aws_cryptosdk_session and the encrypt/decrypt paths, as well as the corresponding proofs.