Fix code to generate the test signatues.

* ctx needs to be destroyed before it is regenerated.
* emit the name of the signature to be replaced.
* cleanup memory before asserting so post longjump doesn't detect a
  memory leak.
* comment code.

lib/dns/tests/dst_test.c

@@ -203,8 +203,16 @@ check_sig(const char *datapath, const char *sigpath, const char *keyname,
 	assert_int_equal(result, ISC_R_SUCCESS);
 	result = dst_context_verify(ctx, &sigreg);
 
+	/*
+	 * Compute the expected signature and emit it
+	 * so the precomputed signature can be updated.
+	 * This should only be done if the covered data
+	 * is updated.
+	 */
 	if (expect && result != ISC_R_SUCCESS) {
 		isc_result_t result2;
+
+		dst_context_destroy(&ctx);
 		result2 = dst_context_create(
 			key, dt_mctx, DNS_LOGCATEGORY_GENERAL, false, 0, &ctx);
 		assert_int_equal(result2, ISC_R_SUCCESS);
@@ -228,18 +236,16 @@ check_sig(const char *datapath, const char *sigpath, const char *keyname,
 
 		isc_hex_totext(&r, 0, "", &hb);
 
-		fprintf(stderr, "%s\n", hexbuf);
-
-		dst_context_destroy(&ctx);
+		fprintf(stderr, "# %s:\n# %s\n", sigpath, hexbuf);
 	}
 
-	assert_true((expect && (result == ISC_R_SUCCESS)) ||
-		    (!expect && (result != ISC_R_SUCCESS)));
-
 	isc_mem_put(dt_mctx, data, size + 1);
 	dst_context_destroy(&ctx);
 	dst_key_free(&key);
 
+	assert_true((expect && (result == ISC_R_SUCCESS)) ||
+		    (!expect && (result != ISC_R_SUCCESS)));
+
 	return;
 }