Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER and SSL_OP_TLS_D5_BUG support.

/* Dead forever, see CVE-2010-4180. */

# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0U

# define SSL_OP_TLSEXT_PADDING                           0x00000010U

# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020U

# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0U

# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U

/* Ancient SSLeay version, retained for compatibility */

# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0

# define SSL_OP_TLS_D5_BUG                               0x00000100U

# define SSL_OP_TLS_D5_BUG                               0x0U

/* Removed from OpenSSL 1.1.0 */

# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0U

    if (b->buf == NULL) {

        len = SSL3_RT_MAX_PLAIN_LENGTH

            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;

        if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) {

            s->s3->init_extra = 1;

            len += SSL3_RT_MAX_EXTRA;

        }

#ifndef OPENSSL_NO_COMP

        if (ssl_allow_compression(s))

            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;

    unsigned char md[EVP_MAX_MD_SIZE];

    short version;

    unsigned mac_size;

    size_t extra;

    unsigned empty_record_count = 0;

    rr = RECORD_LAYER_get_rrec(&s->rlayer);

    sess = s->session;

    if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)

        extra = SSL3_RT_MAX_EXTRA;

    else

        extra = 0;

    if (extra && !s->s3->init_extra) {

        /*

         * An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER set after

         * ssl3_setup_buffers() was done

         */

        SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);

        return -1;

    }

 again:

    /* check if we have the header */

    if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||

     */

    /* check is not needed I believe */

    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {

    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {

        al = SSL_AD_RECORD_OVERFLOW;

        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);

        goto f_err;

        if (i < 0 || mac == NULL

            || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)

            enc_err = -1;

        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)

        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)

            enc_err = -1;

    }

    /* r->length is now just compressed */

    if (s->expand != NULL) {

        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {

        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {

            al = SSL_AD_RECORD_OVERFLOW;

            SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);

            goto f_err;

        }

    }

    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {

    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {

        al = SSL_AD_RECORD_OVERFLOW;

        SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);

        goto f_err;

void ssl3_clear(SSL *s)

{

    int init_extra;

    ssl3_cleanup_key_block(s);

    sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);

    OPENSSL_free(s->s3->tmp.ciphers_raw);

    s->s3->is_probably_safari = 0;

#endif                         /* !OPENSSL_NO_EC */

    init_extra = s->s3->init_extra;

    ssl3_free_digest_list(s);

    if (s->s3->alpn_selected) {

    }

    memset(s->s3, 0, sizeof(*s->s3));

    s->s3->init_extra = init_extra;

    ssl_free_wbio_buffer(s);

    /* flags for countermeasure against known-IV weakness */

    int need_empty_fragments;

    int empty_fragment_done;

    /* The value of 'extra' when the buffers were initialized */

    int init_extra;

    /* used during startup, digest all incoming/outgoing packets */

    BIO *handshake_buffer;

    /*