BoringSSL: Const-correct the kPrintMethods table and Update citations from RFC 3447 to RFC 8017 (#3026)

### Issues:

### Description of changes: 
Cherry-picked and adapted from BoringSSL:
-
google/boringssl@42dea11
-
google/boringssl@92ae3b9

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

---------

Co-authored-by: David Benjamin <davidben@google.com>
Co-authored-by: Sanketh Menda <sgmenda@amazon.com>
Co-authored-by: Justin W Smith <103147162+justsmth@users.noreply.github.com>

Author: 4 people

crypto/evp_extra/p_rsa_asn1.c

@@ -107,7 +107,7 @@ static int rsa_priv_decode(EVP_PKEY *out, CBS *oid, CBS *params, CBS *key, CBS *
     return 0;
   }
 
-  // Per RFC 3447, A.1, the parameters have type NULL.
+  // Per RFC 8017, A.1, the parameters have type NULL.
   CBS null;
   if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) ||
       CBS_len(&null) != 0 ||

crypto/evp_extra/print.c

@@ -311,7 +311,7 @@ typedef struct {
   int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent);
 } EVP_PKEY_PRINT_METHOD;
 
-static EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
+static const EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
     {
         EVP_PKEY_RSA,
         rsa_pub_print,
@@ -340,7 +340,7 @@ static EVP_PKEY_PRINT_METHOD kPrintMethods[] = {
 
 static size_t kPrintMethodsLen = OPENSSL_ARRAY_SIZE(kPrintMethods);
 
-static EVP_PKEY_PRINT_METHOD *find_method(int type) {
+static const EVP_PKEY_PRINT_METHOD *find_method(int type) {
   for (size_t i = 0; i < kPrintMethodsLen; i++) {
     if (kPrintMethods[i].type == type) {
       return &kPrintMethods[i];
@@ -358,7 +358,7 @@ static int print_unsupported(BIO *out, const EVP_PKEY *pkey, int indent,
 
 int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
                           ASN1_PCTX *pctx) {
-  EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
+  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
   if (method != NULL && method->pub_print != NULL) {
     return method->pub_print(out, pkey, indent);
   }
@@ -367,7 +367,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent,
 
 int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
                            ASN1_PCTX *pctx) {
-  EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
+  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
   if (method != NULL && method->priv_print != NULL) {
     return method->priv_print(out, pkey, indent);
   }
@@ -376,7 +376,7 @@ int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent,
 
 int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent,
                           ASN1_PCTX *pctx) {
-  EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
+  const EVP_PKEY_PRINT_METHOD *method = find_method(EVP_PKEY_id(pkey));
   if (method != NULL && method->param_print != NULL) {
     return method->param_print(out, pkey, indent);
   }

crypto/rsa_extra/rsa_asn1.c

@@ -99,7 +99,7 @@ int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len,
 }
 
 // kVersionTwoPrime is the value of the version field for a two-prime
-// RSAPrivateKey structure (RFC 3447).
+// RSAPrivateKey structure (RFC 8017).
 static const uint64_t kVersionTwoPrime = 0;
 
 // Distinguisher for stripped JCA RSA private keys, sets zeroed values to NULL

ssl/handshake_server.cc

@@ -1389,7 +1389,7 @@ static enum ssl_hs_wait_t do_read_client_key_exchange(SSL_HANDSHAKE *hs) {
       return ssl_hs_error;
     }
 
-    // Check the padding. See RFC 3447, section 7.2.2.
+    // Check the padding. See RFC 8017, section 7.2.2.
     size_t padding_len = decrypt_len - premaster_secret.size();
     uint8_t good = constant_time_eq_int_8(decrypt_buf[0], 0) &
                    constant_time_eq_int_8(decrypt_buf[1], 2);