Add use counters for SSL_OP_TLS_D5_BUG and SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER.

These are theh two remaining quirks (SSL_OP_LEGACY_SERVER_CONNECT
aside). Add counters so we can determine whether there are still clients
that trip up these cases.

Change-Id: I7e92f42f3830c1df675445ec15a852e5659eb499
Reviewed-on: https://boringssl-review.googlesource.com/6290
Reviewed-by: Adam Langley <alangley@gmail.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/ssl/tls_record.c b/ssl/tls_record.c
index 36e31b4e..bdc5c014 100644
--- a/ssl/tls_record.c
+++ b/ssl/tls_record.c
@@ -114,6 +114,7 @@
 #include <openssl/err.h>
 
 #include "internal.h"
+#include "../crypto/internal.h"
 
 
 /* kMaxEmptyRecords is the number of consecutive, empty records that will be
@@ -122,6 +123,16 @@
  * forever. */
 static const uint8_t kMaxEmptyRecords = 32;
 
+static struct CRYPTO_STATIC_MUTEX g_big_buffer_lock = CRYPTO_STATIC_MUTEX_INIT;
+static uint64_t g_big_buffer_use_count = 0;
+
+uint64_t OPENSSL_get_big_buffer_use_count(void) {
+  CRYPTO_STATIC_MUTEX_lock_read(&g_big_buffer_lock);
+  uint64_t ret = g_big_buffer_use_count;
+  CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock);
+  return ret;
+}
+
 size_t ssl_record_prefix_len(const SSL *ssl) {
   if (SSL_IS_DTLS(ssl)) {
     return DTLS1_RT_HEADER_LENGTH +
@@ -230,6 +241,14 @@ enum ssl_open_record_t tls_open_record(
     return ssl_open_record_error;
   }
 
+  if (extra > 0 &&
+      (ciphertext_len > SSL3_RT_MAX_ENCRYPTED_LENGTH ||
+       plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH)) {
+    CRYPTO_STATIC_MUTEX_lock_write(&g_big_buffer_lock);
+    g_big_buffer_use_count++;
+    CRYPTO_STATIC_MUTEX_unlock(&g_big_buffer_lock);
+  }
+
   /* Limit the number of consecutive empty records. */
   if (plaintext_len == 0) {
     ssl->s3->empty_record_count++;