Add DTLS_with_buffers_method.

WebRTC will need this (probably among other things) to lose crypto/x509
at some point.

Bug: chromium:706445
Change-Id: I988e7300c4d913986b6ebbd1fa4130548dde76a4
Reviewed-on: https://boringssl-review.googlesource.com/18904
Reviewed-by: David Benjamin <davidben@google.com>

include/openssl/ssl.h

@@ -192,6 +192,10 @@ OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void);
  * crypto/x509. */
 OPENSSL_EXPORT const SSL_METHOD *TLS_with_buffers_method(void);
 
+/* DTLS_with_buffers_method is like |DTLS_method|, but avoids all use of
+ * crypto/x509. */
+OPENSSL_EXPORT const SSL_METHOD *DTLS_with_buffers_method(void);
+
 /* SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL
  * on error. */
 OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);

ssl/dtls_method.cc

@@ -142,6 +142,15 @@ const SSL_METHOD *DTLS_method(void) {
   return &kMethod;
 }
 
+const SSL_METHOD *DTLS_with_buffers_method(void) {
+  static const SSL_METHOD kMethod = {
+      0,
+      &kDTLSProtocolMethod,
+      &ssl_noop_x509_method,
+  };
+  return &kMethod;
+}
+
 /* Legacy version-locked methods. */
 
 const SSL_METHOD *DTLSv1_2_method(void) {

ssl/internal.h

@@ -1554,6 +1554,10 @@ struct SSLCertConfig {
  * crypto/x509. */
 extern const SSL_X509_METHOD ssl_crypto_x509_method;
 
+/* ssl_noop_x509_method provides the |SSL_X509_METHOD| functions that avoid
+ * crypto/x509. */
+extern const SSL_X509_METHOD ssl_noop_x509_method;
+
 struct SSL3_RECORD {
   /* type is the record type. */
   uint8_t type;

ssl/tls_method.cc

@@ -155,7 +155,7 @@ static int ssl_noop_x509_ssl_ctx_new(SSL_CTX *ctx) { return 1; }
 static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) { }
 static void ssl_noop_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {}
 
-static const SSL_X509_METHOD ssl_noop_x509_method = {
+const SSL_X509_METHOD ssl_noop_x509_method = {
   ssl_noop_x509_check_client_CA_names,
   ssl_noop_x509_clear,
   ssl_noop_x509_free,