From 87a2eac7a8264a0e8d64a8db85d44ec22454e256 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 7 Sep 2022 13:46:31 +0200
Subject: [PATCH 1/3] Add ENGINE_init and ENGINE_finish calls

According to manual page of ENGINE_init, it should be called explicitly
before any key operations happens. Make it active whole lifetime.
---
 lib/dns/openssl_link.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 333f34cb37..a3f63885fa 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -85,14 +85,20 @@ dst__openssl_init(const char *engine) {
 			result = DST_R_NOENGINE;
 			goto cleanup_rm;
 		}
+		if (!ENGINE_init(e)) {
+			result = DST_R_NOENGINE;
+			goto cleanup_rm;
+		}
 		/* This will init the engine. */
 		if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
 			result = DST_R_NOENGINE;
-			goto cleanup_rm;
+			goto cleanup_init;
 		}
 	}
 
 	return (ISC_R_SUCCESS);
+cleanup_init:
+	ENGINE_finish(e);
 cleanup_rm:
 	if (e != NULL) {
 		ENGINE_free(e);
@@ -108,6 +114,7 @@ void
 dst__openssl_destroy(void) {
 #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
 	if (e != NULL) {
+		ENGINE_finish(e);
 		ENGINE_free(e);
 	}
 	e = NULL;
-- 
2.37.2