Crypto signer backporting for DNS lib

cryptosigner.diff

diff --git a/dnssec.go b/dnssec.go
index 84cb214..9198d6d 100644
--- a/dnssec.go
+++ b/dnssec.go
@@ -18,8 +18,26 @@ import (
 	"sort"
 	"strings"
 	"time"
+	"io"
 )
 
+
+type cryptoSignerOpts interface {
+	HashFunc() crypto.Hash
+}
+
+type cryptoSigner interface {
+	Public() crypto.PublicKey
+	Sign(rand io.Reader, msg []byte, opts cryptoSignerOpts) (signature []byte, err error)
+}
+
+type basicOpts crypto.Hash
+
+func (h basicOpts) HashFunc() crypto.Hash {
+	return crypto.Hash(h)
+}
+
+
 // DNSSEC encryption algorithm codes.
 const (
 	_ uint8 = iota
@@ -254,7 +272,7 @@ func (d *DS) ToCDS() *CDS {
 // There is no check if RRSet is a proper (RFC 2181) RRSet.  If OrigTTL is non
 // zero, it is used as-is, otherwise the TTL of the RRset is used as the
 // OrigTTL.
-func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
+func (rr *RRSIG) Sign(k cryptoSigner, rrset []RR) error {
 	if k == nil {
 		return ErrPrivKey
 	}
@@ -318,8 +336,8 @@ func (rr *RRSIG) Sign(k crypto.Signer, rrset []RR) error {
 	return nil
 }
 
-func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte, error) {
-	signature, err := k.Sign(rand.Reader, hashed, hash)
+func sign(k cryptoSigner, hashed []byte, hash crypto.Hash, alg uint8) ([]byte, error) {
+	signature, err := k.Sign(rand.Reader, hashed, basicOpts(hash))
 	if err != nil {
 		return nil, err
 	}
@@ -348,7 +366,7 @@ func sign(k crypto.Signer, hashed []byte, hash crypto.Hash, alg uint8) ([]byte,
 		signature = append(signature, intToBytes(ecdsaSignature.S, intlen)...)
 		return signature, nil
 
-	// There is no defined interface for what a DSA backed crypto.Signer returns
+	// There is no defined interface for what a DSA backed cryptoSigner returns
 	case DSA, DSANSEC3SHA1:
 		// 	t := divRoundUp(divRoundUp(p.PublicKey.Y.BitLen(), 8)-64, 8)
 		// 	signature := []byte{byte(t)}
diff --git a/dnssec_test.go b/dnssec_test.go
index c315932..0ca63cd 100644
--- a/dnssec_test.go
+++ b/dnssec_test.go
@@ -723,7 +723,7 @@ func TestInvalidRRSet(t *testing.T) {
 	}
 
 	// Sign the good record set and then make sure verification fails on the bad record set
-	if err := signature.Sign(privatekey.(crypto.Signer), goodRecords); err != nil {
+	if err := signature.Sign(privatekey.(cryptoSigner), goodRecords); err != nil {
 		t.Fatal("Signing good records failed")
 	}
 
diff --git a/sig0.go b/sig0.go
index 0fccddb..edccdca 100644
--- a/sig0.go
+++ b/sig0.go
@@ -13,7 +13,7 @@ import (
 // Sign signs a dns.Msg. It fills the signature with the appropriate data.
 // The SIG record should have the SignerName, KeyTag, Algorithm, Inception
 // and Expiration set.
-func (rr *SIG) Sign(k crypto.Signer, m *Msg) ([]byte, error) {
+func (rr *SIG) Sign(k cryptoSigner, m *Msg) ([]byte, error) {
 	if k == nil {
 		return nil, ErrPrivKey
 	}
diff --git a/sig0_test.go b/sig0_test.go
index c13adf3..9675eba 100644
--- a/sig0_test.go
+++ b/sig0_test.go
@@ -41,7 +41,7 @@ func TestSIG0(t *testing.T) {
 		sigrr.Inception = now - 300
 		sigrr.KeyTag = keyrr.KeyTag()
 		sigrr.SignerName = keyrr.Hdr.Name
-		mb, err := sigrr.Sign(pk.(crypto.Signer), m)
+		mb, err := sigrr.Sign(pk.(cryptoSigner), m)
 		if err != nil {
 			t.Errorf("Failed to sign message using “%s”: %v", algstr, err)
 			continue
@@ -80,7 +80,7 @@ func TestSIG0(t *testing.T) {
 		}
 		sigrr.Expiration = 2
 		sigrr.Inception = 1
-		mb, _ = sigrr.Sign(pk.(crypto.Signer), m)
+		mb, _ = sigrr.Sign(pk.(cryptoSigner), m)
 		if err := sigrr.Verify(keyrr, mb); err == nil {
 			t.Errorf("Verify succeeded on an expired message using “%s”", algstr)
 			continue