OpenSSL 1.1.0 refuses to sign with small RSA keys

[d0b3rm4n]

• Program: Authoritative
• Issue type: Bug report

Short description

Packages from http://repo.powerdns.com/ubuntu have broken rsasha256 support in Ubuntu 18.04 "Bionic Beaver".

Environment

• Operating system:

  cat /etc/os-release 
  NAME="Ubuntu"
  VERSION="18.04.1 LTS (Bionic Beaver)"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Ubuntu 18.04.1 LTS"
  VERSION_ID="18.04"
  HOME_URL="https://www.ubuntu.com/"
  SUPPORT_URL="https://help.ubuntu.com/"
  BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
  PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
  VERSION_CODENAME=bionic
  UBUNTU_CODENAME=bionic

• Software version:

  
  # pdns_server --version
  Sep 11 18:20:25 PowerDNS Authoritative Server 0.0.2447g2b86124 (C) 2001-2018 PowerDNS.COM BV
  Sep 11 18:20:25 Using 64-bits mode. Built using gcc 7.3.0 on Sep 10 2018 15:43:54 by root@c14237d9bec5.
  Sep 11 18:20:25 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
  Sep 11 18:20:25 Features: sodium openssl lua PKCS#11
  Sep 11 18:20:25 Built-in modules: 
  Sep 11 18:20:25 Configured with: " '--host=' '--build=' '--prefix=/usr' '--sysconfdir=/etc/powerdns' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib' '--with-dynmodules=bind ldap pipe gmysql godbc gpgsql gsqlite3 geoip lua lua2 mydns remote random opendbx tinydns' '--with-modules=' '--enable-tools' '--enable-ixfrdist' '--enable-unit-tests' '--with-lua=luajit' '--enable-experimental-pkcs11' '--enable-systemd' '--with-systemd=/lib/systemd/system' '--enable-libsodium' 'build_alias=' 'host_alias=' 'CFLAGS=-g -O2 -fdebug-prefix-map=/tmp/tmp.t66bmYxMoK/pdns-0.0.2447g2b86124=. -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/tmp/tmp.t66bmYxMoK/pdns-0.0.2447g2b86124=. -fstack-protector-strong -Wformat -Werror=format-security'"

cat /etc/apt/sources.list.d/powerdns.list

This file is managed by Puppet. DO NOT EDIT.

powerdns

deb [arch=amd64] http://repo.powerdns.com/ubuntu bionic-auth-master main

ldd /usr/sbin/pdns_server linux-vdso.so.1 (0x00007fffe69a8000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd29cd26000) libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007fd29c8ae000) libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007fd29c62a000) libcurl.so.4 => /usr/lib/x86_64-linux-gnu/libcurl.so.4 (0x00007fd29c3ab000) libsodium.so.23 => /usr/lib/x86_64-linux-gnu/libsodium.so.23 (0x00007fd29c15a000) libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007fd29be51000) libp11-kit.so.0 => /usr/lib/x86_64-linux-gnu/libp11-kit.so.0 (0x00007fd29bb22000) libluajit-5.1.so.2 => /usr/lib/x86_64-linux-gnu/libluajit-5.1.so.2 (0x00007fd29b8a9000) libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007fd29b51b000) libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fd29b17d000) libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007fd29af65000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fd29ad46000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd29a955000) /lib64/ld-linux-x86-64.so.2 (0x00007fd29d557000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fd29a74d000) liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007fd29a527000) liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007fd29a30b000) libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007fd299ff0000) libnghttp2.so.14 => /usr/lib/x86_64-linux-gnu/libnghttp2.so.14 (0x00007fd299dcb000) libidn2.so.0 => /usr/lib/x86_64-linux-gnu/libidn2.so.0 (0x00007fd299bae000) librtmp.so.1 => /usr/lib/x86_64-linux-gnu/librtmp.so.1 (0x00007fd299992000) libpsl.so.5 => /usr/lib/x86_64-linux-gnu/libpsl.so.5 (0x00007fd299784000) libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007fd29951a000) libgssapi_krb5.so.2 => /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007fd2992cf000) libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007fd29907d000) liblber-2.4.so.2 => /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 (0x00007fd298e6f000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fd298c52000) libffi.so.6 => /usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007fd298a4a000) libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007fd298835000) libunistring.so.2 => /usr/lib/x86_64-linux-gnu/libunistring.so.2 (0x00007fd2984b7000) libgnutls.so.30 => /usr/lib/x86_64-linux-gnu/libgnutls.so.30 (0x00007fd298152000) libhogweed.so.4 => /usr/lib/x86_64-linux-gnu/libhogweed.so.4 (0x00007fd297f1e000) libnettle.so.6 => /usr/lib/x86_64-linux-gnu/libnettle.so.6 (0x00007fd297ce8000) libgmp.so.10 => /usr/lib/x86_64-linux-gnu/libgmp.so.10 (0x00007fd297a67000) libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007fd297791000) libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007fd29755f000) libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007fd29735b000) libkrb5support.so.0 => /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007fd297150000) libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007fd296f35000) libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007fd296d1a000) libgssapi.so.3 => /usr/lib/x86_64-linux-gnu/libgssapi.so.3 (0x00007fd296ad9000) libtasn1.so.6 => /usr/lib/x86_64-linux-gnu/libtasn1.so.6 (0x00007fd2968c6000) libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007fd2966c2000) libheimntlm.so.0 => /usr/lib/x86_64-linux-gnu/libheimntlm.so.0 (0x00007fd2964b9000) libkrb5.so.26 => /usr/lib/x86_64-linux-gnu/libkrb5.so.26 (0x00007fd29622c000) libasn1.so.8 => /usr/lib/x86_64-linux-gnu/libasn1.so.8 (0x00007fd295f8a000) libhcrypto.so.4 => /usr/lib/x86_64-linux-gnu/libhcrypto.so.4 (0x00007fd295d54000) libroken.so.18 => /usr/lib/x86_64-linux-gnu/libroken.so.18 (0x00007fd295b3e000) libwind.so.0 => /usr/lib/x86_64-linux-gnu/libwind.so.0 (0x00007fd295915000) libheimbase.so.1 => /usr/lib/x86_64-linux-gnu/libheimbase.so.1 (0x00007fd295706000) libhx509.so.5 => /usr/lib/x86_64-linux-gnu/libhx509.so.5 (0x00007fd2954bc000) libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007fd295284000)

 - Software source: <!-- e.g. Operating system repository, PowerDNS repository, compiled yourself -->

### Steps to reproduce
1. Add zone: rmz-foo-test.fi, with A record for karhu.rmz-foo-test.fi
2. ```pdnsutil secure-zone rmz-foo-test.fi```
3.

pdnsutil add-zone-key rmz-foo-test.fi KSK active 256 rsasha256 Sep 11 18:27:55 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed Added a KSK with algorithm = 8, active=1 Requested specific key size of 256 bits 26

4. ```pdnsutil remove-zone-key rmz-foo-test.fi 25```
5.

pdnsutil show-zone rmz-foo-test.fi Sep 11 18:31:05 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed This is a Native zone Metadata items: API-RECTIFY 1 SOA-EDIT-API DEFAULT Zone has NSEC semantics keys: ID = 26 (CSK), flags = 257, tag = 30421, algo = 8, bits = 256 Active ( RSASHA256 ) CSK DNSKEY = rmz-foo-test.fi. IN DNSKEY 257 3 8 AwEAAcsyUjCh7DXgqqV37/I7KlXLleDrfYEX4KJHuACODxE5 ; ( RSASHA256 ) DS = rmz-foo-test.fi. IN DS 30421 8 1 57279e1118a2b442420c0512d70cabb807c0ad3c ; ( SHA1 digest ) DS = rmz-foo-test.fi. IN DS 30421 8 2 d39c9051da7ee6e554ef0005fd645e5fd4b5f81dc5295cb95106a95ab87dda07 ; ( SHA256 digest ) DS = rmz-foo-test.fi. IN DS 30421 8 4 92d240b079b021ee790e7df6fc3bb8c7cb666513e0bdc54a5d21b17b255a082c547356f5f6cc9195755235f17e74b4be ; ( SHA-384 digest )

6. 

dig @localhost rmz-foo-test.fi

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @localhost rmz-foo-test.fi ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24046 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1680 ;; QUESTION SECTION: ;rmz-foo-test.fi. IN A

;; AUTHORITY SECTION: rmz-foo-test.fi. 3600 IN SOA dnsmaster.example.com. noc.example.com. 2018091103 10800 3600 604800 3600

;; Query time: 5 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Sep 11 18:32:20 CEST 2018 ;; MSG SIZE rcvd: 105

7.

dig @localhost +dnssec rmz-foo-test.fi

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @localhost +dnssec rmz-foo-test.fi ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 22096 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1680 ;; QUESTION SECTION: ;rmz-foo-test.fi. IN A

;; Query time: 5 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Sep 11 18:32:31 CEST 2018 ;; MSG SIZE rcvd: 44

### Expected behaviour
<!-- What would you expect to happen when the reproduction steps are run -->
Output similar to this one (this is with ecdsa256 keys!!):

dig @localhost +dnssec rmz-foo-test.fi

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @localhost +dnssec rmz-foo-test.fi ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5629 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1680 ;; QUESTION SECTION: ;rmz-foo-test.fi. IN A

;; AUTHORITY SECTION: rmz-foo-test.fi. 3600 IN SOA dnsmaster.example.com. noc.example.com. 2018091103 10800 3600 604800 3600 rmz-foo-test.fi. 3600 IN RRSIG SOA 13 2 3600 20180920000000 20180830000000 31187 rmz-foo-test.fi. a+TrcwdRtxS9/9/jWYXXBmyVdfcxFJ9iz3peKB8NAk5iUh8Ew7guQocG TSXxWsSc901TrvH/RWrVQ+0KH7nBVw== rmz-foo-test.fi. 3600 IN NSEC karhu.rmz-foo-test.fi. SOA RRSIG NSEC DNSKEY rmz-foo-test.fi. 3600 IN RRSIG NSEC 13 2 3600 20180920000000 20180830000000 31187 rmz-foo-test.fi. MfwWyNmLGFt98SoWQ+8Bd9cK0PAhp9npMNMbZvl+gkicB8xpeloNhGb2 C0u5CwZBwIjWTnG59bGJPy5x3EbAkw==

;; Query time: 9 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Sep 11 18:25:37 CEST 2018 ;; MSG SIZE rcvd: 371

### Actual behaviour
<!-- What did happen? Please (if possible) provide logs, output from `dig` and/or tcpdump/wireshark data -->
Something goes wrong:

Sep 11 18:34:45 localhost pdns_server[29457]: Exception building answer packet for rmz-foo-test.fi/A (OpenSSL RSA failed to generate signature) sending out servfail

### Other information
I have the same problem with the pdns_server version from packages in ```http://repo.powerdns.com/ubuntu bionic-auth-41 main``` repository.
I had a longer chat in #powerdns with *Habbie* he pointed out I shall test it with master and if there the problem is the same I shall create a ticket. Some info I provided in the chat:
    - https://pastebin.com/HaC3cHn2
    - https://pastebin.com/KSeX0qFD

The problem is with any type:

dig @localhost +dnssec karhu.rmz-foo-test.fi

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @localhost +dnssec karhu.rmz-foo-test.fi ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48228 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1680 ;; QUESTION SECTION: ;karhu.rmz-foo-test.fi. IN A

;; Query time: 8 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Sep 11 18:44:42 CEST 2018 ;; MSG SIZE rcvd: 50

dig @localhost karhu.rmz-foo-test.fi

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @localhost karhu.rmz-foo-test.fi ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54816 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1680 ;; QUESTION SECTION: ;karhu.rmz-foo-test.fi. IN A

;; ANSWER SECTION: karhu.rmz-foo-test.fi. 3600 IN A 192.168.1.1

;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Sep 11 18:44:49 CEST 2018 ;; MSG SIZE rcvd: 66

<!--
Use the part below to file a feature request and delete the bug report part above.
-->
### Usecase
<!-- Tell what you're trying to achieve, without describing _what_ the requested feature should do -->
My registrar does not provide the option to provide ecdsa256 keys for .fi domains. Even thought it does for e.g. .nl domains. So I wanted to use rsasha256 which is the only option given by the registrar.

### Description
<!-- Describe as extensively as possible what you want the software to do -->
That pdns_server works with rsasha256 keys the same it does with ecdsa256 keys.

[pieterlexis]

Note: it looks like OpenSSL 1.1.0 errors because the RSA key is only 256 bits

[d0b3rm4n]

Note: it looks like OpenSSL 1.1.0 errors because the RSA key is only 256 bits

OK I can confirm that with

pdnsutil add-zone-key rmz-foo-test.fi KSK active 2048 rsasha256
Sep 11 19:08:22 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0 removed
Added a KSK with algorithm = 8, active=1
Requested specific key size of 2048 bits
27

it works as intended:

dig @localhost +dnssec karhu.rmz-foo-test.fi

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @localhost +dnssec karhu.rmz-foo-test.fi
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20743
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1680
;; QUESTION SECTION:
;karhu.rmz-foo-test.fi.         IN      A

;; ANSWER SECTION:
karhu.rmz-foo-test.fi.  3600    IN      RRSIG   A 8 3 3600 20180920000000 20180830000000 63490 rmz-foo-test.fi. B3SUfzxA4ibfqfJVItBUyNc49Dguyjs3MH8MdJtbAJdSC0mzTUw80Sqo ktmAoP/TiuA9SEYN+lyj3HZwBiyAxi5I+05en3n7CSWBFJwh3xQuHJFN xSJsUxfpy4jfFL+5+20hbLkv0Yg6/TnRwO/7OinDAuTfndB0ne9X6bo2 vbG/TdPd9XvU/LVGvLm/Dp+MswntLHOwajQhe0tStRETfJS6RcozinaZ Tyrxv0yzr+gz3JuvJ63bL7hPtipLD/ELBaI+ATZ+hCLUkUQZixREYWPI wAjbWUYLj/QOT1FqcUvtC0dzIfb8iXACQHnrZa8iZWm/vm0ihTBoNwCp QA/Oyw==
karhu.rmz-foo-test.fi.  3600    IN      A       192.168.1.1

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Sep 11 19:17:38 CEST 2018
;; MSG SIZE  rcvd: 369

Some warning and/or some better description or example in the man page might help to avoid this.

[Habbie]

Fixed in #6958