Question about constness of EVP_PKEY* arguments in public API

Matt Caswell matt at
Thu Sep 2 16:24:01 UTC 2021

On 02/09/2021 16:43, Romain GEISSLER via openssl-users wrote:
> I am using the following OpenSSL API: EVP_DigestSignInit,
> EVP_DigestVerifyInit, EVP_PKEY_size, EVP_SealInit, EVP_OpenInit. And
> it seems these all take an non-const EVP_PKEY* argument. Does it mean
> that EVP_PKEY* have some internal state which may be updated by these
> API and which I should definitely not call without thread
> syncronization in multiple threads ? Or the API of OpenSSL just miss
> the "const" keyword as really the key, once read, has absolutely no
> state modified by these APIs ?

Neither of the above. EVP_PKEY has internal state which may be modified 
by these API calls. However that internal state is controlled by an 
internal lock and is therefore thread safe.


More information about the openssl-users mailing list