From ba2d3df75981449c56e8cc276b2a56319483fc4a Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Fri, 4 Aug 2017 13:59:24 -0400
Subject: [PATCH] Add DTLS_with_buffers_method.

WebRTC will need this (probably among other things) to lose crypto/x509
at some point.

Bug: chromium:706445
Change-Id: I988e7300c4d913986b6ebbd1fa4130548dde76a4
Reviewed-on: https://boringssl-review.googlesource.com/18904
Reviewed-by: David Benjamin <davidben@google.com>
---
 include/openssl/ssl.h | 4 ++++
 ssl/dtls_method.cc    | 9 +++++++++
 ssl/internal.h        | 4 ++++
 ssl/tls_method.cc     | 2 +-
 4 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index a5ac3251..0eb2cc58 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -192,6 +192,10 @@ OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void);
  * crypto/x509. */
 OPENSSL_EXPORT const SSL_METHOD *TLS_with_buffers_method(void);
 
+/* DTLS_with_buffers_method is like |DTLS_method|, but avoids all use of
+ * crypto/x509. */
+OPENSSL_EXPORT const SSL_METHOD *DTLS_with_buffers_method(void);
+
 /* SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL
  * on error. */
 OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
diff --git a/ssl/dtls_method.cc b/ssl/dtls_method.cc
index 1508b990..1d089e8d 100644
--- a/ssl/dtls_method.cc
+++ b/ssl/dtls_method.cc
@@ -142,6 +142,15 @@ const SSL_METHOD *DTLS_method(void) {
   return &kMethod;
 }
 
+const SSL_METHOD *DTLS_with_buffers_method(void) {
+  static const SSL_METHOD kMethod = {
+      0,
+      &kDTLSProtocolMethod,
+      &ssl_noop_x509_method,
+  };
+  return &kMethod;
+}
+
 /* Legacy version-locked methods. */
 
 const SSL_METHOD *DTLSv1_2_method(void) {
diff --git a/ssl/internal.h b/ssl/internal.h
index 8e70ea79..c8ed13b1 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1554,6 +1554,10 @@ struct SSLCertConfig {
  * crypto/x509. */
 extern const SSL_X509_METHOD ssl_crypto_x509_method;
 
+/* ssl_noop_x509_method provides the |SSL_X509_METHOD| functions that avoid
+ * crypto/x509. */
+extern const SSL_X509_METHOD ssl_noop_x509_method;
+
 struct SSL3_RECORD {
   /* type is the record type. */
   uint8_t type;
diff --git a/ssl/tls_method.cc b/ssl/tls_method.cc
index 89ff9ad9..b2c7b46a 100644
--- a/ssl/tls_method.cc
+++ b/ssl/tls_method.cc
@@ -155,7 +155,7 @@ static int ssl_noop_x509_ssl_ctx_new(SSL_CTX *ctx) { return 1; }
 static void ssl_noop_x509_ssl_ctx_free(SSL_CTX *ctx) { }
 static void ssl_noop_x509_ssl_ctx_flush_cached_client_CA(SSL_CTX *ctx) {}
 
-static const SSL_X509_METHOD ssl_noop_x509_method = {
+const SSL_X509_METHOD ssl_noop_x509_method = {
   ssl_noop_x509_check_client_CA_names,
   ssl_noop_x509_clear,
   ssl_noop_x509_free,