openwrt/packages
1
0
Fork 0
mirror of https://github.com/coolsnowwolf/packages.git synced 2025-05-01 01:03:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

ldns: fix compilation

Browse Source
This commit is contained in:
AmadeusGhost 2020-03-18 11:38:05 +08:00
parent 422768a6b8
commit 51a9a9c291
5 changed files with 453 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
libs/ldns/Makefile
View File

@ -8,19 +8,21 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=ldns PKG_NAME:=ldns
PKG_VERSION:=1.6.17 PKG_VERSION:=1.7.1
PKG_RELEASE:=2 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns
PKG_HASH:=8b88e059452118e8949a2752a55ce59bc71fa5bc414103e17f5b6b06f9bcc8cd PKG_HASH:=8ac84c16bdca60e710eea75782356f3ac3b55680d40e1530d7cea474ac208229
PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Nicolas Thill <nico@openwrt.org> PKG_CPE_ID:=cpe:/a:nlnetlabs:ldns
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
PKG_INSTALL:=1 PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
@ -53,14 +55,31 @@ define Package/drill
endef endef
define Package/drill/description define Package/drill/description
drill is a tool to designed to get all sorts of information out of the DNS. It ldns includes the drill tool, which is much like dig from BIND. It was
is specificly designed to be used with DNSSEC. designed with DNSSEC in mind and should be a useful debugging/query tool
for DNSSEC.
endef
define Package/ldns-examples
$(call Package/libldns/Default)
SECTION:=net
CATEGORY:=Network
SUBMENU:=IP Addresses and Names
TITLE:=Example programs from NLNetLabs ldns library
DEPENDS+= +libldns +libpcap +drill
endef
define Package/ldns-examples/description
A few example programs are included in the source of ldns. They include tools
which can create DNSSEC keys and DNSSEC zone files.
endef endef
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
--disable-ecdsa \ --disable-dsa \
--disable-gost \ --disable-gost \
--enable-ecdsa \
--with-drill \ --with-drill \
--with-examples \
--with-ssl="$(STAGING_DIR)/usr" --with-ssl="$(STAGING_DIR)/usr"
define Build/InstallDev define Build/InstallDev
@ -68,6 +87,8 @@ define Build/InstallDev
$(CP) $(PKG_INSTALL_DIR)/usr/include/ldns $(1)/usr/include/ $(CP) $(PKG_INSTALL_DIR)/usr/include/ldns $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libldns.{a,so*} $(1)/usr/lib/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libldns.{a,so*} $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_BUILD_DIR)/packaging/libldns.pc $(1)/usr/lib/pkgconfig
endef endef
define Package/libldns/install define Package/libldns/install
@ -80,5 +101,33 @@ define Package/drill/install
$(CP) $(PKG_INSTALL_DIR)/usr/bin/drill $(1)/usr/bin/ $(CP) $(PKG_INSTALL_DIR)/usr/bin/drill $(1)/usr/bin/
endef endef
define Package/ldns-examples/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-chaos $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-compare-zones $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-dane $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-dpa $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-gen-zone $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-key2ds $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-keyfetcher $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-keygen $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-mx $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-notify $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-nsec3-hash $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-read-zone $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-revoke $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-rrsig $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-signzone $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-test-edns $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-testns $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-update $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-verify-zone $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-version $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-walk $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-zcat $(1)/usr/bin/
$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-zsplit $(1)/usr/bin/
endef
$(eval $(call BuildPackage,libldns)) $(eval $(call BuildPackage,libldns))
$(eval $(call BuildPackage,drill)) $(eval $(call BuildPackage,drill))
$(eval $(call BuildPackage,ldns-examples))

11
libs/ldns/patches/001-compile-for-darwin.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/configure.ac
+++ b/configure.ac
@@ -881,7 +881,7 @@ AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([--with-xcode-sdk],
[],[with_xcode_sdk="yes"])
if test "x_$with_xcode_sdk" != "x_no" ; then
# check OSX deployment target, if needed
- if echo $build_os | grep darwin > /dev/null; then
+ if echo $target_os | grep darwin > /dev/null; then
sdk_p=`xcode-select -print-path`;
if test "x_$with_xcode_sdk" = "x_yes" ; then
sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )"

11
libs/ldns/patches/001-perl5-defined-array.patch
View File

@ -1,11 +0,0 @@
--- a/doc/doxyparse.pl
+++ b/doc/doxyparse.pl
@@ -273,7 +273,7 @@ foreach (keys %manpages) {
print MAN $MAN_MIDDLE;
- if (defined(@$also)) {
+ if (@$also) {
print MAN "\n.SH SEE ALSO\n\\fI";
print MAN join "\\fR, \\fI", @$also;
print MAN "\\fR.\nAnd ";

54
libs/ldns/patches/010-openssl-deprecated.patch Normal file
View File

@ -0,0 +1,54 @@
From cee98e71bb3d69e41cd4d2c6e33c68639dd1eaf0 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Thu, 5 Dec 2019 12:13:44 -0800
Subject: [PATCH] Fix compilation without deprecated APIs
---
dnssec_verify.c | 2 ++
drill/drill.c | 2 ++
keys.c | 1 +
3 files changed, 5 insertions(+)
diff --git a/dnssec_verify.c b/dnssec_verify.c
index d22962eb..99a7515d 100644
--- a/dnssec_verify.c
+++ b/dnssec_verify.c
@@ -597,7 +597,9 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE *out,
if (tree->parent_status[i]
== LDNS_STATUS_SSL_ERR) {
printf("; SSL Error: ");
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
ERR_load_crypto_strings();
+#endif
ERR_print_errors_fp(stdout);
printf("\n");
}
diff --git a/drill/drill.c b/drill/drill.c
index 6efd29a5..186bdff2 100644
--- a/drill/drill.c
+++ b/drill/drill.c
@@ -994,10 +994,12 @@ main(int argc, char *argv[])
xfree(tsig_algorithm);
#ifdef HAVE_SSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
EVP_cleanup();
#endif
+#endif
#ifdef USE_WINSOCK
WSACleanup();
#endif
diff --git a/keys.c b/keys.c
index 016f9731..06afb739 100644
--- a/keys.c
+++ b/keys.c
@@ -15,6 +15,7 @@
#include <ldns/ldns.h>
#ifdef HAVE_SSL
+#include <openssl/ui.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>
#include <openssl/bn.h>

333
libs/ldns/patches/020-openssl-dsa.patch Normal file
View File

@ -0,0 +1,333 @@
From 8a12d9183271b2b16f399c3fe867f149dbf753d7 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Thu, 20 Feb 2020 18:58:52 -0800
Subject: [PATCH] Fix compilation without DSA and deprecated APIs
Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
dnssec.c | 2 ++
examples/ldns-dane.c | 2 ++
examples/ldns-keygen.c | 2 ++
examples/ldns-signzone.c | 16 ++++++++++++++++
examples/ldns-verify-zone.c | 2 ++
host2str.c | 8 ++++++++
keys.c | 10 +++++++---
ldns/keys.h | 8 ++++++++
rr_functions.c | 4 ++++
9 files changed, 51 insertions(+), 3 deletions(-)
diff --git a/dnssec.c b/dnssec.c
index 482cefd6..71508600 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -332,6 +332,7 @@ uint16_t ldns_calc_keytag_raw(const uint8_t* key, size_t keysize)
}
#ifdef HAVE_SSL
+#ifdef USE_DSA
DSA *
ldns_key_buf2dsa(const ldns_buffer *key)
{
@@ -407,6 +408,7 @@ ldns_key_buf2dsa_raw(const unsigned char* key, size_t len)
#endif /* OPENSSL_VERSION_NUMBER */
return dsa;
}
+#endif /* USE_DSA */
RSA *
ldns_key_buf2rsa(const ldns_buffer *key)
diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index 4c31fd8f..7b33ad18 100644
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -1680,9 +1680,11 @@ main(int argc, char* const* argv)
assert(0);
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
/* ssl inititalize */
SSL_load_error_strings();
SSL_library_init();
+#endif
/* ssl load validation store */
if (! assume_pkix_validity || CAfile || CApath) {
diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
index 62b8d228..237016e5 100644
--- a/examples/ldns-keygen.c
+++ b/examples/ldns-keygen.c
@@ -148,6 +148,7 @@ main(int argc, char *argv[])
exit(1);
}
break;
+#ifdef USE_DSA
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
if (bits < 512 || bits > 1024) {
@@ -156,6 +157,7 @@ main(int argc, char *argv[])
exit(1);
}
break;
+#endif /* USE_DSA */
#ifdef USE_GOST
case LDNS_SIGN_ECC_GOST:
if(!ldns_key_EVP_load_gost_id()) {
diff --git a/examples/ldns-signzone.c b/examples/ldns-signzone.c
index 7d24ad90..abae352a 100644
--- a/examples/ldns-signzone.c
+++ b/examples/ldns-signzone.c
@@ -72,10 +72,14 @@ usage(FILE *fp, const char *prog) {
fprintf ( fp, "\n " );
__LIST ( RSAMD5 );
+#ifdef USE_DSA
__LIST ( DSA );
+#endif
__LIST ( RSASHA1 );
fprintf ( fp, "\n " );
+#ifdef USE_DSA
__LIST ( DSA_NSEC3 );
+#endif
__LIST ( RSASHA1_NSEC3 );
__LIST ( RSASHA256 );
fprintf ( fp, "\n " );
@@ -350,11 +354,15 @@ parse_algspec ( const char * const p )
__MATCH ( RSAMD5 );
__MATCH ( RSASHA1 );
+#ifdef USE_DSA
__MATCH ( DSA );
+#endif
__MATCH ( RSASHA1_NSEC3 );
__MATCH ( RSASHA256 );
__MATCH ( RSASHA512 );
+#ifdef USE_DSA
__MATCH ( DSA_NSEC3 );
+#endif
__MATCH ( ECC_GOST );
__MATCH ( ECDSAP256SHA256 );
__MATCH ( ECDSAP384SHA384 );
@@ -419,8 +427,10 @@ load_key ( const char * const p, ENGINE * const e )
case LDNS_SIGN_RSASHA1_NSEC3:
case LDNS_SIGN_RSASHA256:
case LDNS_SIGN_RSASHA512:
+#ifdef USE_DSA
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
+#endif
case LDNS_SIGN_ECC_GOST:
#ifdef USE_ECDSA
case LDNS_SIGN_ECDSAP256SHA256:
@@ -995,9 +1005,13 @@ main(int argc, char *argv[])
#ifdef HAVE_SSL
if (ERR_peek_error()) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
ERR_load_crypto_strings();
+#endif
ERR_print_errors_fp(stderr);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL)
ERR_free_strings();
+#endif
}
#endif
exit(EXIT_FAILURE);
@@ -1018,7 +1032,9 @@ main(int argc, char *argv[])
#ifndef OPENSSL_NO_ENGINE
shutdown_openssl ( engine );
#else
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
CRYPTO_cleanup_all_ex_data();
+#endif
#endif
free(prog);
diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c
index c17bd21c..a5a1d003 100644
--- a/examples/ldns-verify-zone.c
+++ b/examples/ldns-verify-zone.c
@@ -113,7 +113,9 @@ print_rr_status_error(FILE* stream, ldns_rr* rr, ldns_status status)
if (status != LDNS_STATUS_OK) {
print_rr_error(stream, rr, ldns_get_errorstr_by_id(status));
if (verbosity > 0 && status == LDNS_STATUS_SSL_ERR) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
ERR_load_crypto_strings();
+#endif
ERR_print_errors_fp(stream);
}
}
diff --git a/host2str.c b/host2str.c
index 3ca23c20..29a5f5c9 100644
--- a/host2str.c
+++ b/host2str.c
@@ -49,10 +49,14 @@
ldns_lookup_table ldns_algorithms[] = {
{ LDNS_RSAMD5, "RSAMD5" },
{ LDNS_DH, "DH" },
+#ifdef USE_DSA
{ LDNS_DSA, "DSA" },
+#endif /* USE_DSA */
{ LDNS_ECC, "ECC" },
{ LDNS_RSASHA1, "RSASHA1" },
+#ifdef USE_DSA
{ LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" },
+#endif /* USE_DSA */
{ LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
#ifdef USE_SHA2
{ LDNS_RSASHA256, "RSASHA256"},
@@ -2133,7 +2137,9 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
unsigned char *bignum;
#ifdef HAVE_SSL
RSA *rsa;
+#ifdef USE_DSA
DSA *dsa;
+#endif /* USE_DSA */
#endif /* HAVE_SSL */
if (!k) {
@@ -2243,6 +2249,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
RSA_free(rsa);
break;
+#ifdef USE_DSA
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
dsa = ldns_key_dsa_key(k);
@@ -2283,6 +2290,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
goto error;
}
break;
+#endif /* USE_DSA */
case LDNS_SIGN_ECC_GOST:
/* no format defined, use blob */
#if defined(HAVE_SSL) && defined(USE_GOST)
diff --git a/keys.c b/keys.c
index 06afb739..ddff6f35 100644
--- a/keys.c
+++ b/keys.c
@@ -905,6 +905,7 @@ ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
return NULL;
}
+#ifdef USE_DSA
DSA *
ldns_key_new_frm_fp_dsa(FILE *f)
{
@@ -1015,6 +1016,7 @@ ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
BN_free(pub_key);
return NULL;
}
+#endif /* USE_DSA */
unsigned char *
ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
@@ -1149,9 +1151,9 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
#endif /* HAVE_EVP_PKEY_KEYGEN */
#endif /* HAVE_SSL */
break;
+#ifdef USE_DSA
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
-#ifdef USE_DSA
#ifdef HAVE_SSL
# if OPENSSL_VERSION_NUMBER < 0x00908000L
d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
@@ -1878,10 +1880,10 @@ ldns_key2rr(const ldns_key *k)
#endif
size++;
break;
+#ifdef USE_DSA
case LDNS_SIGN_DSA:
ldns_rr_push_rdf(pubkey,
ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
-#ifdef USE_DSA
#ifdef HAVE_SSL
dsa = ldns_key_dsa_key(k);
if (dsa) {
@@ -1901,10 +1903,10 @@ ldns_key2rr(const ldns_key *k)
#endif /* HAVE_SSL */
#endif /* USE_DSA */
break;
+#ifdef USE_DSA
case LDNS_SIGN_DSA_NSEC3:
ldns_rr_push_rdf(pubkey,
ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
-#ifdef USE_DSA
#ifdef HAVE_SSL
dsa = ldns_key_dsa_key(k);
if (dsa) {
@@ -2165,7 +2167,9 @@ ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name)
ldns_lookup_table aliases[] = {
/* from bind dnssec-keygen */
{LDNS_SIGN_HMACMD5, "HMAC-MD5"},
+#ifdef USE_DSA
{LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
+#endif /* USE_DSA */
{LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
/* old ldns usage, now RFC names */
#ifdef USE_DSA
diff --git a/ldns/keys.h b/ldns/keys.h
index df4bb22b..826f876f 100644
--- a/ldns/keys.h
+++ b/ldns/keys.h
@@ -45,10 +45,14 @@ enum ldns_enum_algorithm
{
LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
LDNS_DH = 2,
+#ifdef USE_DSA
LDNS_DSA = 3,
+#endif /* USE_DSA */
LDNS_ECC = 4,
LDNS_RSASHA1 = 5,
+#ifdef USE_DSA
LDNS_DSA_NSEC3 = 6,
+#endif /* USE_DSA */
LDNS_RSASHA1_NSEC3 = 7,
LDNS_RSASHA256 = 8, /* RFC 5702 */
LDNS_RSASHA512 = 10, /* RFC 5702 */
@@ -90,11 +94,15 @@ enum ldns_enum_signing_algorithm
{
LDNS_SIGN_RSAMD5 = LDNS_RSAMD5,
LDNS_SIGN_RSASHA1 = LDNS_RSASHA1,
+#ifdef USE_DSA
LDNS_SIGN_DSA = LDNS_DSA,
+#endif /* USE_DSA */
LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3,
LDNS_SIGN_RSASHA256 = LDNS_RSASHA256,
LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
+#ifdef USE_DSA
LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3,
+#endif /* USE_DSA */
LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST,
LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
diff --git a/rr_functions.c b/rr_functions.c
index 20a0bfaa..8d72696b 100644
--- a/rr_functions.c
+++ b/rr_functions.c
@@ -269,14 +269,17 @@ ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
const size_t len,
const ldns_algorithm alg)
{
+#ifdef USE_DSA
/* for DSA keys */
uint8_t t;
+#endif /* USE_DSA */
/* for RSA keys */
uint16_t exp;
uint16_t int16;
switch ((ldns_signing_algorithm)alg) {
+#ifdef USE_DSA
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
if (len > 0) {
@@ -286,6 +289,7 @@ ldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
return 0;
}
break;
+#endif /* USE_DSA */
case LDNS_SIGN_RSAMD5:
case LDNS_SIGN_RSASHA1:
case LDNS_SIGN_RSASHA1_NSEC3: