diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 769acb4..9cff959 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,6 +18,8 @@ jobs:
         target:
           - os: linux
             cpu: amd64
+          - os: linux-gcc-14 # this is to use ubuntu 24 and install gcc 14. Must be removed when ubuntu-latest is 24.04
+            cpu: amd64
           - os: linux
             cpu: i386
           - os: macos
@@ -31,6 +33,9 @@ jobs:
           - target:
               os: linux
             builder: ubuntu-latest
+          - target:
+              os: linux-gcc-14 # this is to use ubuntu 24 and install gcc 14. Must be removed when ubuntu-latest is 24.04
+            builder: ubuntu-24.04
           - target:
               os: macos
               cpu: amd64
@@ -163,10 +168,20 @@ jobs:
             bash build_nim.sh nim csources dist/nimble NimBinaries
           echo '${{ github.workspace }}/nim/bin' >> $GITHUB_PATH
 
+      - name: Use gcc 14
+        if : ${{ matrix.target.os == 'linux-gcc-14' }}
+        run: |
+          # Add GCC-14 to alternatives
+          sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 14
+
+          # Set GCC-14 as the default
+          sudo update-alternatives --set gcc /usr/bin/gcc-14
+
       - name: Run tests
         run: |
           nim --version
           nimble --version
+          gcc --version
           nimble install -y --depsOnly
           env NIMLANG=c nimble test
           # C++ support requires fixing const pointer proc assignments
diff --git a/bearssl/abi/bearssl_hash.nim b/bearssl/abi/bearssl_hash.nim
index ba2affb..81bfa8d 100644
--- a/bearssl/abi/bearssl_hash.nim
+++ b/bearssl/abi/bearssl_hash.nim
@@ -23,19 +23,20 @@ const
 {.compile: bearHashPath & "sha2small.c".}
 
 type
+  ConstPtrPtrHashClass* {.importc: "const br_hash_class**", header: "bearssl_hash.h", bycopy.} = pointer
+
   HashClass* {.importc: "br_hash_class", header: "bearssl_hash.h", bycopy.} = object
     contextSize* {.importc: "context_size".}: uint
     desc* {.importc: "desc".}: uint32
-    init* {.importc: "init".}: proc (ctx: ptr ptr HashClass) {.importcFunc.}
-    update* {.importc: "update".}: proc (ctx: ptr ptr HashClass; data: pointer;
+    init* {.importc: "init".}: proc (ctx: ConstPtrPtrHashClass) {.importcFunc.}
+    update* {.importc: "update".}: proc (ctx: ConstPtrPtrHashClass; data: pointer;
                                      len: uint) {.importcFunc.}
-    `out`* {.importc: "out".}: proc (ctx: ptr ptr HashClass; dst: pointer) {.importcFunc.}
-    state* {.importc: "state".}: proc (ctx: ptr ptr HashClass; dst: pointer): uint64 {.
+    `out`* {.importc: "out".}: proc (ctx: ConstPtrPtrHashClass; dst: pointer) {.importcFunc.}
+    state* {.importc: "state".}: proc (ctx: ConstPtrPtrHashClass; dst: pointer): uint64 {.
         importcFunc.}
-    setState* {.importc: "set_state".}: proc (ctx: ptr ptr HashClass; stb: pointer;
+    setState* {.importc: "set_state".}: proc (ctx: ConstPtrPtrHashClass; stb: pointer;
         count: uint64) {.importcFunc.}
 
-
 template hashdesc_Id*(id: untyped): untyped =
   ((uint32)(id) shl hashdesc_Id_Off)
 
diff --git a/bearssl/abi/bearssl_rsa.nim b/bearssl/abi/bearssl_rsa.nim
index 6c8df52..e1577d7 100644
--- a/bearssl/abi/bearssl_rsa.nim
+++ b/bearssl/abi/bearssl_rsa.nim
@@ -357,20 +357,20 @@ template rsaKbufPubSize*(size: untyped): untyped =
 
 
 type
-  RsaKeygen* {.importc: "br_rsa_keygen".} = proc (rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+  RsaKeygen* {.importc: "br_rsa_keygen".} = proc (rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
                   pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
       importcFunc.}
 
 
-proc rsaI15Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+proc rsaI15Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
                   pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
     importcFunc, importc: "br_rsa_i15_keygen", header: "bearssl_rsa.h".}
 
-proc rsaI31Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+proc rsaI31Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
                   pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
     importcFunc, importc: "br_rsa_i31_keygen", header: "bearssl_rsa.h".}
 
-proc rsaI62Keygen*(rngCtx: ptr ptr PrngClass; sk: ptr RsaPrivateKey; kbufPriv: pointer;
+proc rsaI62Keygen*(rngCtx: PrngClassPointerConst; sk: ptr RsaPrivateKey; kbufPriv: pointer;
                   pk: ptr RsaPublicKey; kbufPub: pointer; size: cuint; pubexp: uint32): uint32 {.
     importcFunc, importc: "br_rsa_i62_keygen", header: "bearssl_rsa.h".}
 
diff --git a/tests/test_brssl.nim b/tests/test_brssl.nim
index 6f85b2c..178877d 100644
--- a/tests/test_brssl.nim
+++ b/tests/test_brssl.nim
@@ -9,4 +9,4 @@ suite "x509":
     var x509: X509MinimalContext
 
     x509MinimalInit(x509, nil, nil, 0)
-    x509NoanchorInit(xwc, addr x509.vtable)
+    x509NoanchorInit(xwc, X509ClassPointerConst(addr x509.vtable))
diff --git a/tests/test_ec.nim b/tests/test_ec.nim
new file mode 100644
index 0000000..132aaaa
--- /dev/null
+++ b/tests/test_ec.nim
@@ -0,0 +1,20 @@
+import
+  unittest2,
+  ../bearssl/[rand, ec]
+
+{.used.}
+
+type
+  EcPrivateKey* = ref object
+    buffer*: array[EC_KBUF_PRIV_MAX_SIZE, byte]
+    key*: ec.EcPrivateKey
+
+suite "ec":
+  test "test ecKeygen interface":
+    let rng = HmacDrbgContext.new()
+
+    var ecimp = ecGetDefault()
+    var res = new EcPrivateKey
+    check ecKeygen(
+      PrngClassPointerConst(addr rng.vtable), ecimp, addr res.key, addr res.buffer[0], cint(EC_secp256r1)
+    ) != 0
diff --git a/tests/test_rsa.nim b/tests/test_rsa.nim
new file mode 100644
index 0000000..2fcfcf0
--- /dev/null
+++ b/tests/test_rsa.nim
@@ -0,0 +1,41 @@
+import
+  unittest2,
+  ../bearssl/[rand, rsa]
+
+{.used.}
+
+const
+  DefaultKeySize* = 3072 ## Default RSA key size in bits.
+  DefaultPublicExponent* = 65537'u32
+
+type
+  RsaPrivateKey* = ref object
+    buffer*: seq[byte]
+    seck*: rsa.RsaPrivateKey
+    pubk*: rsa.RsaPublicKey
+    pexp*: ptr byte
+    pexplen*: uint
+
+suite "rsa":
+  test "test rsaKeygenGetDefault interface":
+    let rng = HmacDrbgContext.new()
+
+    let
+      sko = 0
+      pko = rsaKbufPrivSize(DefaultKeySize)
+      eko = pko + rsaKbufPubSize(DefaultKeySize)
+      length = eko + ((DefaultKeySize + 7) shr 3)
+
+    let res = new RsaPrivateKey
+    res.buffer = newSeq[byte](length)
+
+    var keygen = rsaKeygenGetDefault()
+    check keygen(
+      addr rng.vtable,
+      addr res.seck,
+      addr res.buffer[sko],
+      addr res.pubk,
+      addr res.buffer[pko],
+      cuint(DefaultKeySize),
+      DefaultPublicExponent,
+    ) != 0