Remove SSL_OP_TLS_D5_BUG.

This dates to SSLeay 0.9.0. The Internet seems to have completely
forgotten what "D5" is. (I can't find reference to it beyond
documentation of this quirk.) The use counter we added sees virtually no
hits.

Change-Id: I9781d401acb98ce3790b1b165fc257a6f5e9b155
Reviewed-on: https://boringssl-review.googlesource.com/6557
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b5ec1b5..ae6f391 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1587,16 +1587,6 @@
   return -1;
 }
 
-static struct CRYPTO_STATIC_MUTEX g_d5_bug_lock = CRYPTO_STATIC_MUTEX_INIT;
-static uint64_t g_d5_bug_use_count = 0;
-
-uint64_t OPENSSL_get_d5_bug_use_count(void) {
-  CRYPTO_STATIC_MUTEX_lock_read(&g_d5_bug_lock);
-  uint64_t ret = g_d5_bug_use_count;
-  CRYPTO_STATIC_MUTEX_unlock(&g_d5_bug_lock);
-  return ret;
-}
-
 int ssl3_get_client_key_exchange(SSL *s) {
   int al;
   CBS client_key_exchange;
@@ -1702,22 +1692,13 @@
       }
       /* TLS and [incidentally] DTLS{0xFEFF} */
       if (s->version > SSL3_VERSION) {
-        CBS copy = client_key_exchange;
         if (!CBS_get_u16_length_prefixed(&client_key_exchange,
                                          &encrypted_premaster_secret) ||
             CBS_len(&client_key_exchange) != 0) {
-          if (!(s->options & SSL_OP_TLS_D5_BUG)) {
-            al = SSL_AD_DECODE_ERROR;
-            OPENSSL_PUT_ERROR(SSL,
-                              SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-            goto f_err;
-          } else {
-            CRYPTO_STATIC_MUTEX_lock_write(&g_d5_bug_lock);
-            g_d5_bug_use_count++;
-            CRYPTO_STATIC_MUTEX_unlock(&g_d5_bug_lock);
-
-            encrypted_premaster_secret = copy;
-          }
+          al = SSL_AD_DECODE_ERROR;
+          OPENSSL_PUT_ERROR(SSL,
+                            SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+          goto f_err;
         }
       } else {
         encrypted_premaster_secret = client_key_exchange;
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 175e5bf..a310c49 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -1161,9 +1161,6 @@
   if (config->no_ssl3) {
     SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3);
   }
-  if (config->tls_d5_bug) {
-    SSL_set_options(ssl.get(), SSL_OP_TLS_D5_BUG);
-  }
   if (config->microsoft_big_sslv3_buffer) {
     SSL_set_options(ssl.get(), SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
   }
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index fd6ca71..4ac2341 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -535,11 +535,6 @@
 	// closed the connection) before or after sending app data.
 	AlertBeforeFalseStartTest alert
 
-	// SSL3RSAKeyExchange causes the client to always send an RSA
-	// ClientKeyExchange message without the two-byte length
-	// prefix, as if it were SSL3.
-	SSL3RSAKeyExchange bool
-
 	// SkipCipherVersionCheck causes the server to negotiate
 	// TLS 1.2 ciphers in earlier versions of TLS.
 	SkipCipherVersionCheck bool
diff --git a/ssl/test/runner/key_agreement.go b/ssl/test/runner/key_agreement.go
index 4a07ed7..f65ff6e 100644
--- a/ssl/test/runner/key_agreement.go
+++ b/ssl/test/runner/key_agreement.go
@@ -156,7 +156,7 @@
 		return nil, nil, err
 	}
 	ckx := new(clientKeyExchangeMsg)
-	if clientHello.vers != VersionSSL30 && !config.Bugs.SSL3RSAKeyExchange {
+	if clientHello.vers != VersionSSL30 {
 		ckx.ciphertext = make([]byte, len(encrypted)+2)
 		ckx.ciphertext[0] = byte(len(encrypted) >> 8)
 		ckx.ciphertext[1] = byte(len(encrypted))
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index befde86..afd23c9 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -3208,40 +3208,6 @@
 	}
 }
 
-func addD5BugTests() {
-	testCases = append(testCases, testCase{
-		testType: serverTest,
-		name:     "D5Bug-NoQuirk-Reject",
-		config: Config{
-			CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
-			Bugs: ProtocolBugs{
-				SSL3RSAKeyExchange: true,
-			},
-		},
-		shouldFail:    true,
-		expectedError: ":TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG:",
-	})
-	testCases = append(testCases, testCase{
-		testType: serverTest,
-		name:     "D5Bug-Quirk-Normal",
-		config: Config{
-			CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
-		},
-		flags: []string{"-tls-d5-bug"},
-	})
-	testCases = append(testCases, testCase{
-		testType: serverTest,
-		name:     "D5Bug-Quirk-Bug",
-		config: Config{
-			CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
-			Bugs: ProtocolBugs{
-				SSL3RSAKeyExchange: true,
-			},
-		},
-		flags: []string{"-tls-d5-bug"},
-	})
-}
-
 func addExtensionTests() {
 	testCases = append(testCases, testCase{
 		testType: clientTest,
@@ -4644,7 +4610,6 @@
 	addDDoSCallbackTests()
 	addVersionNegotiationTests()
 	addMinimumVersionTests()
-	addD5BugTests()
 	addExtensionTests()
 	addResumptionVersionTests()
 	addExtendedMasterSecretTests()
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index ba44b4d..afd9770 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -61,7 +61,6 @@
   { "-no-tls1", &TestConfig::no_tls1 },
   { "-no-ssl3", &TestConfig::no_ssl3 },
   { "-shim-writes-first", &TestConfig::shim_writes_first },
-  { "-tls-d5-bug", &TestConfig::tls_d5_bug },
   { "-expect-session-miss", &TestConfig::expect_session_miss },
   { "-expect-extended-master-secret",
     &TestConfig::expect_extended_master_secret },
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 2fabcfc..5ec15c7 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -45,7 +45,6 @@
   std::string expected_channel_id;
   std::string send_channel_id;
   bool shim_writes_first = false;
-  bool tls_d5_bug = false;
   std::string host_name;
   std::string advertise_alpn;
   std::string expected_alpn;