ssl: return non-const RPK handle

`EVP_PKEY` is already immutable, it makes better sense to return as a
non-const pointer.

Signed-off-by: Xiangfei Ding <xfding@google.com>
Change-Id: Ic76f004e8e9190dd15be470d819a7c2d6a6a6964
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/97027
Reviewed-by: David Benjamin <davidben@google.com>
Reviewed-by: Lily Chen <chlily@google.com>
Presubmit-BoringSSL-Verified: boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Rudolf Polzer <rpolzer@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 77bf24b..c70ba07 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2004,8 +2004,7 @@
 
 // SSL_SESSION_get0_peer_rpk returns the peer raw public key stored in
 // `session`, or NULL if the peer did not send a raw public key.
-OPENSSL_EXPORT const EVP_PKEY *SSL_SESSION_get0_peer_rpk(
-    const SSL_SESSION *session);
+OPENSSL_EXPORT EVP_PKEY *SSL_SESSION_get0_peer_rpk(const SSL_SESSION *session);
 
 // SSL_SESSION_get0_signed_cert_timestamp_list sets `*out` and `*out_len` to
 // point to `*out_len` bytes of SCT information stored in `session`. This is
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index 960fdcc..0db1798 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -715,7 +715,8 @@
   }
 }
 
-static bool add_session_locked(SSLContext *ctx, UniquePtr<SSL_SESSION> session) {
+static bool add_session_locked(SSLContext *ctx,
+                               UniquePtr<SSL_SESSION> session) {
   SSL_SESSION *new_session = session.get();
   SSL_SESSION *old_session;
   if (!lh_SSL_SESSION_insert(ctx->sessions, &old_session, new_session)) {
@@ -892,7 +893,7 @@
   return session->certs.get();
 }
 
-const EVP_PKEY *SSL_SESSION_get0_peer_rpk(const SSL_SESSION *session) {
+EVP_PKEY *SSL_SESSION_get0_peer_rpk(const SSL_SESSION *session) {
   return session->peer_raw_public_key.get();
 }