25.3.8-fips: openssl-cmake: shim fixes for MongoDB

[mkmkme]

This commit fixes three issues that led to MongoDB integration tests failing. I tried to explain each of the fixes with a proper documentation to the function/macro.

Changelog category (leave one):

• Not for changelog (changelog entry is not required)

CI/CD Options

Exclude tests:

• Fast test
• Integration Tests
• Stateless tests
• Stateful tests
• Performance tests
• All with ASAN
• All with TSAN
• All with MSAN
• All with UBSAN
• All with Coverage
• All with Aarch64
• All Regression
• Disable CI Cache

Regression jobs to run:

• Fast suites (mostly <1h)
• Aggregate Functions (2h)
• Alter (1.5h)
• Benchmark (30m)
• ClickHouse Keeper (1h)
• Iceberg (2h)
• LDAP (1h)
• Parquet (1.5h)
• RBAC (1.5h)
• SSL Server (1h)
• S3 (2h)
• Tiered Storage (2h)

[mkmkme]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7223ea8e64

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[mkmkme]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2ccd7df1c1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Validate BIO type before casting BIO_get_data to SSL

BIO_do_handshake now assumes b is always an SSL BIO and immediately casts BIO_get_data(b) to SSL *, but BIO_get_data for non-SSL BIOs returns other internal structs. If a caller invokes handshake on a wrapped chain head (e.g., a filter/connect BIO above SSL), SSL_get_rbio/SSL_do_handshake will run on an invalid pointer and can crash. The previous BIO_ctrl(...BIO_C_DO_STATE_MACHINE...) path delegated through BIO ctrl handlers instead of dereferencing arbitrary BIO payloads.

Useful? React with 👍 / 👎.

[mkmkme]

The only call site for this function in the entire codebase is mongoc-stream-tls-openssl.c:569, and openssl->bio is assigned at line 793 from bio_ssl, which is the SSL BIO created by BIO_new_ssl.

[chatgpt-codex-connector]

Preserve BIO_ctrl chain semantics in BIO_get_ssl shim

Replacing BIO_get_ssl with direct BIO_get_data(b) extraction drops BIO_ctrl forwarding semantics and only works when b is the SSL BIO itself. On chained BIOs, this macro will store the top BIO's private data pointer into sslp rather than the SSL object, which can later cause invalid SSL operations. OpenSSL's macro (BIO_ctrl(...BIO_C_GET_SSL...)) supports wrappers by routing through ctrl handlers.

Useful? React with 👍 / 👎.

[mkmkme]

In our use case (MongoDB contrib), every call for BIO_get_ssl is proven to be on the SSL BIO directly and called right after BIO_new_ssl

[Enmk]

LGTM

[DimensionWieldr]

AI audit returned 1 defect (potential memory leak). I think this one needs review.

Confirmed defects



  Medium: BIO reference count leak in `BIO_do_handshake`

  • Impact: The transport BIO (bio_mongoc_shim) is leaked on every MongoDB TLS connection teardown. Each leaked BIO is ~64-128 bytes. The freed-but-referenced BIO_METHOD (freed
    separately at mongoc-stream-tls-openssl.c:93) creates a dangling pointer inside the leaked BIO, though it is never dereferenced.
  • Anchor: contrib/openssl-cmake/include/evp_API_shim.h / BIO_do_handshake() lines 127-129
  • Trigger: Any MongoDB TLS connection in FIPS mode. Lifecycle: mongoc_stream_tls_openssl_new (line 766: BIO_push) → _mongoc_stream_tls_openssl_handshake (line 569:
    BIO_do_handshake) → _mongoc_stream_tls_openssl_destroy (line 90: BIO_free_all).
  • Why defect: SSL_set_bio(ssl, bio, bio) with rbio == wbio internally calls BIO_up_ref(rbio) once (OpenSSL ssl_lib.c:1557-1558: "If the two arguments are equal then one fewer 
    reference is granted by the caller than we want to take"). SSL_free later calls BIO_free_all on both rbio and wbio (2 decrements). The BIO chain walk adds 1 more decrement.
    Total decrements at cleanup = 3. The shim adds 2 manual BIO_up_ref + 1 internal = 3 extra refs on top of the initial refcount of 1 → final refcount = 4 − 3 = 1 (never freed).
    Only 1 manual BIO_up_ref is needed.
  • Fix direction: Remove one BIO_up_ref(BIO_next(b)) call (line 127 or 128).
  • Regression test: Open and close MongoDB TLS connections in FIPS mode under LSAN/ASAN; verify no leaked BIO allocations.


   contrib/openssl-cmake/include/evp_API_shim.h lines 127-129

          BIO_up_ref(BIO_next(b));
          BIO_up_ref(BIO_next(b));   // one too many
          SSL_set_bio(ssl, BIO_next(b), BIO_next(b));

[mkmkme]

AI audit returned 1 defect (potential memory leak). I think this one needs review.

Confirmed defects



  Medium: BIO reference count leak in `BIO_do_handshake`

  • Impact: The transport BIO (bio_mongoc_shim) is leaked on every MongoDB TLS connection teardown. Each leaked BIO is ~64-128 bytes. The freed-but-referenced BIO_METHOD (freed
    separately at mongoc-stream-tls-openssl.c:93) creates a dangling pointer inside the leaked BIO, though it is never dereferenced.
  • Anchor: contrib/openssl-cmake/include/evp_API_shim.h / BIO_do_handshake() lines 127-129
  • Trigger: Any MongoDB TLS connection in FIPS mode. Lifecycle: mongoc_stream_tls_openssl_new (line 766: BIO_push) → _mongoc_stream_tls_openssl_handshake (line 569:
    BIO_do_handshake) → _mongoc_stream_tls_openssl_destroy (line 90: BIO_free_all).
  • Why defect: SSL_set_bio(ssl, bio, bio) with rbio == wbio internally calls BIO_up_ref(rbio) once (OpenSSL ssl_lib.c:1557-1558: "If the two arguments are equal then one fewer 
    reference is granted by the caller than we want to take"). SSL_free later calls BIO_free_all on both rbio and wbio (2 decrements). The BIO chain walk adds 1 more decrement.
    Total decrements at cleanup = 3. The shim adds 2 manual BIO_up_ref + 1 internal = 3 extra refs on top of the initial refcount of 1 → final refcount = 4 − 3 = 1 (never freed).
    Only 1 manual BIO_up_ref is needed.
  • Fix direction: Remove one BIO_up_ref(BIO_next(b)) call (line 127 or 128).
  • Regression test: Open and close MongoDB TLS connections in FIPS mode under LSAN/ASAN; verify no leaked BIO allocations.


   contrib/openssl-cmake/include/evp_API_shim.h lines 127-129

          BIO_up_ref(BIO_next(b));
          BIO_up_ref(BIO_next(b));   // one too many
          SSL_set_bio(ssl, BIO_next(b), BIO_next(b));

This seems to be a real issue. Thanks! I'll fix it asap.

Reference: https://github.com/aws/aws-lc/blob/AWS-LC-FIPS-2.0.0/ssl/ssl_lib.cc#L748

[DimensionWieldr]

Fixed by #1616 . LGTM