On 02/09/2021 16:43, Romain GEISSLER via openssl-users wrote:
I am using the following OpenSSL API: EVP_DigestSignInit, EVP_DigestVerifyInit, EVP_PKEY_size, EVP_SealInit, EVP_OpenInit. And it seems these all take an non-const EVP_PKEY* argument. Does it mean that EVP_PKEY* have some internal state which may be updated by these API and which I should definitely not call without thread syncronization in multiple threads ? Or the API of OpenSSL just miss the "const" keyword as really the key, once read, has absolutely no state modified by these APIs ?
Neither of the above. EVP_PKEY has internal state which may be modified by these API calls. However that internal state is controlled by an internal lock and is therefore thread safe.
Matt
