I've just eliminated further type casts from evp.h as far as possible,
changed the single remaining (char *) to (void *),
and made the type given for EVP_PKEY_CTX_set_mac_key() in EVP_PKEY_CTX_ctrl.pod() consistent with its 'implementation' as a macro (which includes a cast) in evp.h.

Nice clean-up!

Pleased to hear!

It caused quite a lot of work for me, in particular since constifying some functions required constifying many further declarations. In some cases it was pretty hard to find out that although a cast to const was needed this is semantically justified. Occasionally I was able to do some code rearrangements that persuaded the compiler that adding const is fine.

@DDvO, sorry for all the unnecessary noise

FYI, Travis currently reports this:

../_srcdist/crypto/evp/pmeth_lib.c:253:15: error: conflicting types for 'EVP_PKEY_CTX_dup'
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
               ^
In file included from ../_srcdist/include/openssl/pem.h:16:0,
                 from ../_srcdist/include/openssl/ui.h:19,
                 from ../_srcdist/include/openssl/engine.h:24,
                 from ../_srcdist/crypto/evp/pmeth_lib.c:13:
../_srcdist/include/openssl/evp.h:1399:15: note: previous declaration of 'EVP_PKEY_CTX_dup' was here
 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);

../_srcdist/crypto/evp/pmeth_lib.c:253:15: error: conflicting types for 'EVP_PKEY_CTX_dup'

Thanks for pointing this out; when reverting to the old format I forgot to add the 'const'. Fixed.

Meanwhile I've also been able to constify i2d_ECPrivateKey(), i2d_ECParameters(), i2d_X509_AUX(), and i2d_SSL_SESSION() (where for the latter a justified cast from const is needed for technical reasons).

Then I realized that all the _const variants of the various DECLARE_ASN1_ and IMPLEMENT_ASN1_ macros as well as of the I2D_OF, ASN1_i2d_bio_of, ASN1_i2d_fp_of, and ASN1_dup_of macros are not needed any more after constifying (most of) the i2d_ functions. So I eliminated all of them, since the 'normal' ones can now include the const.
This significantly reduces redundancy in asn1.h and asn1t.h and avoids two evil casts to remove const in IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname.

Moreover, I've folded various 'manual' declarations of i2d_, d2i_ and _it functions by the use of DECLARE_ASN1_FUNCTIONS and friends.

I've just updated ParseC.pm to handle the new DECLARE_ASN1_* macros
and improved the macro argument matching there to allow whitespace after ','.

I've also constified most of the i2d_ functions with BIO or FILE output
and added comments where this is not possible (due to CMS_stream() and PKCS7_stream()).

Yesterday I noticed that - for whatever reason - Travis CI had not been run again after my last updates of Jan 25th, such that some outdated build errors still showed :-(
This is not the first time I experience this CI misbehavior.

The most elegant workaround for this issue I found meanwhile is to rebase and force-push :-)

Travis refuses to run jobs on PRs that it thinks has merge problems with the branch the PR started off from.

Travis refuses to run jobs on PRs that it thinks has merge problems with the branch the PR started off from.

This would indeed be a good reason, but AFAICS the (only) conflicting commit that has been pushed onto the master in the meantime (e85d19c) was pushed on Jan 27, which was several days after Travis took a break on this PR.

Travis refuses to run jobs on PRs that it thinks has merge problems with the branch the PR started off from.

This would indeed be a good reason, but AFAICS the (only) conflicting commit that has been pushed onto the master in the meantime (e85d19c) was pushed on Jan 27, which was several days after Travis took a break on this PR.

This time Travis simply got stuck on two builds :-/ saying

No output has been received in the last 10m0s, this potentially indicates a stalled build or something wrong with the build itself.

Ive restarted those two jobs, let's hope that changes things

I've restarted those two jobs, let's hope that changes things

It did - thanks :)

The last comments on the contents of this PR have been answered a week ago.
Does anyone have further ones, or how to proceed now?

Thanks @mattcaswell for your review and first approval.

@levitte, since you also requested changes and gave many comments on this PR that lead to various major improvements, I think it would be very beneficial if you could do the second review.

@levitte, when do you think you can do the final review/approval?

Looking now. Sorry, was distracted by Other Stuff™

Thanks @levitte -
I'm very glad that this large and trick set of internal improvements is approved now!

I squashed the commits and pushed this. Thanks @DDvO for this significant contribution!

@DDvO it's a pity that this constification was not backported to 1.1.1! Im currently porting my company's code from 1.0.2 to 1.1.1 and I stumbled over constness problems which you already fixed on master. I tried a cherry-pick, all conflicts were trivially resolvable (new files which did not exist yet in 1.1.1, as well as the new EVP_MAC and EVP_MAC_CTX prototypes in evp.h).

Unfortunately, the cm_pmeth.c file was alredy deleted in master when your patch got merged, so this file was not constified by you.

crypto/cmac/cm_pmeth.c:134:5: error: initialization of \
'int (*)(EVP_PKEY_CTX *, const EVP_PKEY_CTX *)' {aka 'int (*)(struct evp_pkey_ctx_st *, const struct evp_pkey_ctx_st *)'}
        from incompatible pointer type 'int (*)(EVP_PKEY_CTX *, EVP_PKEY_CTX *)'
               {aka 'int (*)(struct evp_pkey_ctx_st *, struct evp_pkey_ctx_st *)'} [-Werror=incompatible-pointer-types]
     pkey_cmac_copy,
     ^~~~~~~~~~~~~~

Would it be a great effort for you to fix the constification for me and create a pull request for 1.1.1? Your help would be highly appreciated!

Ideally, you would call the pull request

 constify *_dup() and *i2d_*() and related fns, add DECLARE_ASN1_DUP_FUNCTION [1.1.1]

and refer to #8029 in the description. To give you a start, I pushed the cherry-picked commit to mspncp@6e36edb on my repository clone. (It's on the branch pr-8029-constify-dup-111).

To obtain a local copy of the branch, you can do the following

$ git fetch https://github.com/mspncp/openssl pr-8029-constify-dup-111 
From https://github.com/mspncp/openssl
 * branch                  pr-8029-constify-dup-111 -> FETCH_HEAD

$ git checkout -b pr-8029-constify-dup-111 FETCH_HEAD
Switched to a new branch 'pr-8029-constify-dup-111'

I'll give it a try..

I'll give it a try..

On the next morning, with more sleep, the problem turned out to be easy to fix. I'll open a pull request soon. Thanks again for volunteering and sorry for interrupting you.

See #9347. Feedback welcome.