Test support with legacy HMAC K files with nsupdate

tsig-keygen generates key files that are different to those that
where generated by dnssec-keygen.  Check that nsupdate can still
read those old format files.

bin/tests/system/nsupdate/tests.sh

@@ -1011,6 +1011,32 @@ else
     echo_i "skipped: DH not supported in FIPS mode"
 fi
 
+n=$((n + 1))
+ret=0
+echo_i "check TSIG key algorithms using legacy K file pairs (nsupdate -k) ($n)"
+if $FEATURETEST --md5
+then
+	ALGS="157 161 162 163 164 165"
+else
+	ALGS="161 162 163 164 165"
+	echo_i "skipping disabled md5 (157) algorithm"
+fi
+for alg in $ALGS; do
+    $NSUPDATE -k ns1/legacy/Klegacy-${alg}.+${alg}+*.key <<END > /dev/null || ret=1
+server 10.53.0.1 ${PORT}
+update add ${alg}.keytests.nil. 600 A 10.10.10.3
+send
+END
+done
+sleep 2
+for alg in $ALGS; do
+    $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
+done
+if [ $ret -ne 0 ]; then
+    echo_i "failed"
+    status=1
+fi
+
 n=$((n + 1))
 ret=0
 echo_i "check TSIG key algorithms (nsupdate -k) ($n)"