Broken ECDSA signatures may be generated with certain private keys
See below for what is currently believed to be the actual culprit behind intermittent validation failures occurring in system tests.
The original description of this issue follows:
check_signer loops directly over val->event->sigrdataset which lead to spurious validation failures. Cloning val->event->sigrdataset will make its use independent of any looping over the rdataset.
This was found by examining some unexpected failures in the dnssec system test. This was possibly exposed by the use of OpenSSL 3.0.0.
17-Nov-2021 12:04:59.413 received packet from 10.53.0.2#5300
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36571
;; flags: qr; QUESTION: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
; COOKIE: 2273409052bb1631010000006194553b76a5297853293327
;; QUESTION SECTION:
;auto-nsec3.example. IN A
;; AUTHORITY SECTION:
;auto-nsec3.example. 300 IN NS ns.auto-nsec3.example.
;auto-nsec3.example. 300 IN DS 52528 13 2 (
; 549C4AB8A70D7AA3A65C3F8003DF
; 53E425C5B9AFDE20399C6CA61009
; 3D89781E )
;auto-nsec3.example. 300 IN RRSIG DS 8 2 300 (
; 20211217000313 20211117000313 34390 example.
; jFWU9BNShOu9DCawKevJQi9twGb7
; eNmGWPzkMUT7qkDgK2Cyk9Duz1GA
; ibrcbY0sIp4Rp0kkJnZmtGIsp0Xh
; 54GWYFOGgCZZ0dnVTSSxWnvhtNOl
; TdpppKq6E1sZDHV0NTfiofP1Nmlo
; rYrUyouy5BwMW3F7taUvRZ4L/QVK
; IMU6nN6Ql4F1f/5f5Anr2PAPfJR0
; ctA3+Y/Kh9E9kylJLg== )
;; ADDITIONAL SECTION:
;ns.auto-nsec3.example. 300 IN A 10.53.0.317-Nov-2021 12:04:59.414 received packet from 10.53.0.3#5300
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29588
;; flags: qr aa; QUESTION: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
; COOKIE: ed700d3254682696010000006194553b1dedf2a8fb5abfa4
;; QUESTION SECTION:
;auto-nsec3.example. IN DNSKEY
;; ANSWER SECTION:
;auto-nsec3.example. 300 IN DNSKEY 256 3 13 (
; fwG+e1gwVJk7+gwjLrzYKK/QDkSo
; ZBapSLxWf/9m/oGHP2QMuH0td1UD
; XeWw486VfvyGr9WfFVqUiMqsYea+
; 8A==
; ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 52210
;auto-nsec3.example. 300 IN DNSKEY 257 3 13 (
; Zo+EoLnluv1C/L6QiZlj/Mywrv4/
; kX3s0L4jx9hQ78S862nhIGlMndLX
; fdq+D+sfEFf9WvN2LDK/olykcPc7
; 1A==
; ) ; KSK; alg = ECDSAP256SHA256 ; key id = 52528
;auto-nsec3.example. 300 IN DNSKEY 257 3 13 (
; zdEFO/z7PiHd4NwRkZ94ef4m76yi
; GwrhUd3oGIssEgN73XvDbdWyPiQl
; EVvVmnTjwF/rFDIRF+8Ip4yvJheI
; Ow==
; ) ; KSK; alg = ECDSAP256SHA256 ; key id = 6412
;auto-nsec3.example. 300 IN DNSKEY 256 3 13 (
; 1O4dFAm+FtWWN/h10whUgudZxPvj
; hFm7xYcPdWTbhG9v8lI3nqdvwAz0
; 42KmR6bOhfHBo96/s8ENKiVSdGH4
; Kg==
; ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 64471
;auto-nsec3.example. 300 IN RRSIG DNSKEY 13 2 300 (
; 20211217010315 20211117000316 6412 auto-nsec3.example.
; /ASeAP/nKeeOIPGYfDY/iexF/UWz
; lbum+6++QYIyjQt5pw6zmSfo/yZz
; QS1KD0uImVqGC/dTotg3s9abo8hY
; nA== )
;auto-nsec3.example. 300 IN RRSIG DNSKEY 13 2 300 (
; 20211217010315 20211117000316 52528 auto-nsec3.example.
; QEwKW9Hzufb4savsi2Wagt0Ts6Cg
; miQkNCKNzmcGyNGHrreMeOGMC+so
; XnrQbYgVLd9geyDSXDGkjDjvkPa4
; nQ== )
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): rctx_answer
17-Nov-2021 12:04:59.414 log_ns_ttl: fctx 0x123a0ec00: rctx_answer: auto-nsec3.example (in 'auto-nsec3.example'?): 1 300
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): cache_message
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): cache_name
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): resquery_response done
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): [result: success] query canceled in rctx_done(); responding
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): cancelquery
17-Nov-2021 12:04:59.414 dispatch 0x121f0eef0: detach: refcount 2
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): wait for validator
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): cancelqueries
17-Nov-2021 12:04:59.414 dispatch 0x121f0eef0: detach: refcount 1
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DNSKEY: starting
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DNSKEY: attempting positive response validation
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DNSKEY: validate_dnskey: creating validator for auto-nsec3.example DS
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DS: starting
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DS: attempting positive response validation
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DS: keyset with trust secure
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DS: verify rdataset (keyid=34390): success
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DS: marking as secure, noqname proof not needed
17-Nov-2021 12:04:59.414 validator @0x123a14e00: dns_validator_destroy
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DNSKEY: in validator_callback_ds
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DNSKEY: dsset with trust secure
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DNSKEY: verify rdataset (keyid=52528): RRSIG failed to verify
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DNSKEY: no RRSIG matching DS key
17-Nov-2021 12:04:59.414 validating auto-nsec3.example/DNSKEY: no valid signature found (DS)
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): received validation completion event
17-Nov-2021 12:04:59.414 validator @0x12393cc00: dns_validator_destroy
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): validation failed
17-Nov-2021 12:04:59.414 fctx 0x123a0ec00(auto-nsec3.example/DNSKEY): add_bad
17-Nov-2021 12:04:59.414 no valid RRSIG resolving 'auto-nsec3.example/DNSKEY/IN': 10.53.0.3#5300