Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.

This dates to SSLeay 0.8.0 (or earlier). The use counter sees virtually
no hits.

Change-Id: Iff4c8899d5cb0ba4afca113c66d15f1d980ffe41
Reviewed-on: https://boringssl-review.googlesource.com/6558
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ce467ec..85700fa 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -546,10 +546,6 @@
  * support the renegotiation_info extension (RFC 5746). It is on by default. */
 #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
 
-/* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER allows for record sizes |SSL3_RT_MAX_EXTRA|
- * bytes above the maximum record size. */
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-
 /* SSL_OP_ALL enables the above bug workarounds that are enabled by many
  * consumers.
  * TODO(davidben): Determine which of the remaining may be removed now. */
@@ -2756,13 +2752,6 @@
 OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
                                               size_t max_send_fragment);
 
-/* OPENSSL_get_big_buffer_use_count returns the total number of invalid TLS
- * records that were accepted because of |SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER|.
- *
- * TODO(davidben): Remove this when (hopefully!) the quirk is demonstrated to be
- * unnecessary. */
-OPENSSL_EXPORT uint64_t OPENSSL_get_big_buffer_use_count(void);
-
 /* ssl_early_callback_ctx is passed to certain callbacks that are called very
  * early on during the server handshake. At this point, much of the SSL* hasn't
  * been filled out and only the ClientHello can be depended on. */
@@ -3181,6 +3170,7 @@
 #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0
 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0
 #define SSL_OP_EPHEMERAL_RSA 0
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0
 #define SSL_OP_MICROSOFT_SESS_ID_BUG 0
 #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0
 #define SSL_OP_NETSCAPE_CA_DN_BUG 0
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index 0d013d5..957b740 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -231,8 +231,6 @@
 
 #define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16
 
-#define SSL3_RT_MAX_EXTRA (16384)
-
 /* Maximum plaintext length: defined by SSL/TLS standards */
 #define SSL3_RT_MAX_PLAIN_LENGTH 16384
 /* Maximum compression overhead: defined by SSL/TLS standards */
diff --git a/ssl/ssl_buffer.c b/ssl/ssl_buffer.c
index f1abc53..7fd74e4 100644
--- a/ssl/ssl_buffer.c
+++ b/ssl/ssl_buffer.c
@@ -70,8 +70,8 @@
   memset(buf, 0, sizeof(SSL3_BUFFER));
 }
 
-OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH +
-                           SSL3_RT_MAX_EXTRA <= 0xffff,
+OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <=
+                           0xffff,
                        maximum_read_buffer_too_large);
 
 /* setup_read_buffer initializes the read buffer if not already initialized. It
@@ -90,9 +90,6 @@
   } else {
     cap += SSL3_RT_HEADER_LENGTH;
   }
-  if (ssl->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
-    cap += SSL3_RT_MAX_EXTRA;
-  }
 
   return setup_buffer(buf, header_len, cap);
 }
@@ -131,9 +128,6 @@
   SSL3_BUFFER *buf = &ssl->s3->read_buffer;
 
   if (len > buf->cap) {
-    /* This may occur if |SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER| was toggled after
-     * |setup_read_buffer| was called. Stay within bounds, but do not attempt to
-     * recover. */
     OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
     return -1;
   }
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index a310c49..644e89d 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -1161,9 +1161,6 @@
   if (config->no_ssl3) {
     SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3);
   }
-  if (config->microsoft_big_sslv3_buffer) {
-    SSL_set_options(ssl.get(), SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
-  }
   if (config->no_legacy_server_connect) {
     SSL_clear_options(ssl.get(), SSL_OP_LEGACY_SERVER_CONNECT);
   }
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index afd23c9..5a8f56b 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2125,20 +2125,6 @@
 			flags:      flags,
 			messageLen: maxPlaintext,
 		})
-		testCases = append(testCases, testCase{
-			name: suite.name + "-LargeRecord-Extra",
-			config: Config{
-				CipherSuites:         []uint16{suite.id},
-				Certificates:         []Certificate{cert},
-				PreSharedKey:         []byte(psk),
-				PreSharedKeyIdentity: pskIdentity,
-				Bugs: ProtocolBugs{
-					SendLargeRecords: true,
-				},
-			},
-			flags:      append(flags, "-microsoft-big-sslv3-buffer"),
-			messageLen: maxPlaintext + 16384,
-		})
 		if isDTLSCipher(suite.name) {
 			testCases = append(testCases, testCase{
 				protocol: dtls,
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index afd9770..4393c02 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -89,7 +89,6 @@
   { "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add },
   { "-check-close-notify", &TestConfig::check_close_notify },
   { "-shim-shuts-down", &TestConfig::shim_shuts_down },
-  { "-microsoft-big-sslv3-buffer", &TestConfig::microsoft_big_sslv3_buffer },
   { "-verify-fail", &TestConfig::verify_fail },
   { "-verify-peer", &TestConfig::verify_peer },
   { "-expect-verify-result", &TestConfig::expect_verify_result },
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 5ec15c7..fb1ff3c 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -89,7 +89,6 @@
   std::string ocsp_response;
   bool check_close_notify = false;
   bool shim_shuts_down = false;
-  bool microsoft_big_sslv3_buffer = false;
   bool verify_fail = false;
   bool verify_peer = false;
   bool expect_verify_result = false;
diff --git a/ssl/tls_record.c b/ssl/tls_record.c
index bdc5c01..e3eccd7 100644
--- a/ssl/tls_record.c
+++ b/ssl/tls_record.c
@@ -114,7 +114,6 @@
 #include <openssl/err.h>
 
 #include "internal.h"
-#include "../crypto/internal.h"
 
 
 /* kMaxEmptyRecords is the number of consecutive, empty records that will be
@@ -123,16 +122,6 @@
  * forever. */
 static const uint8_t kMaxEmptyRecords = 32;
 
-static struct CRYPTO_STATIC_MUTEX g_big_buffer_lock = CRYPTO_STATIC_MUTEX_INIT;
-static uint64_t g_big_buffer_use_count = 0;
-
-uint64_t OPENSSL_get_big_buffer_use_count(void) {
-  CRYPTO_STATIC_MUTEX_lock_read(&g_big_buffer_lock);
-  uint64_t ret = g_big_buffer_use_count;
-  CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock);
-  return ret;
-}
-
 size_t ssl_record_prefix_len(const SSL *ssl) {
   if (SSL_IS_DTLS(ssl)) {
     return DTLS1_RT_HEADER_LENGTH +
@@ -198,11 +187,7 @@
   }
 
   /* Check the ciphertext length. */
-  size_t extra = 0;
-  if (ssl->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {
-    extra = SSL3_RT_MAX_EXTRA;
-  }
-  if (ciphertext_len > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
+  if (ciphertext_len > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
     *out_alert = SSL_AD_RECORD_OVERFLOW;
     return ssl_open_record_error;
@@ -235,20 +220,12 @@
   }
 
   /* Check the plaintext length. */
-  if (plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
+  if (plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
     *out_alert = SSL_AD_RECORD_OVERFLOW;
     return ssl_open_record_error;
   }
 
-  if (extra > 0 &&
-      (ciphertext_len > SSL3_RT_MAX_ENCRYPTED_LENGTH ||
-       plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH)) {
-    CRYPTO_STATIC_MUTEX_lock_write(&g_big_buffer_lock);
-    g_big_buffer_use_count++;
-    CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock);
-  }
-
   /* Limit the number of consecutive empty records. */
   if (plaintext_len == 0) {
     ssl->s3->empty_record_count++;