From 87a2eac7a8264a0e8d64a8db85d44ec22454e256 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>

Date: Wed, 7 Sep 2022 13:46:31 +0200

Subject: [PATCH 1/3] Add ENGINE_init and ENGINE_finish calls

According to manual page of ENGINE_init, it should be called explicitly

before any key operations happens. Make it active whole lifetime.

---

 lib/dns/openssl_link.c | 9 ++++++++-

 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c

index 333f34cb37..a3f63885fa 100644

--- a/lib/dns/openssl_link.c

+++ b/lib/dns/openssl_link.c

@@ -85,14 +85,20 @@ dst__openssl_init(const char *engine) {

 			result = DST_R_NOENGINE;

 			goto cleanup_rm;

 		}

+		if (!ENGINE_init(e)) {

+			result = DST_R_NOENGINE;

+			goto cleanup_rm;

+		}

 		/* This will init the engine. */

 		if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {

 			result = DST_R_NOENGINE;

-			goto cleanup_rm;

+			goto cleanup_init;

 		}

 	}

 	return (ISC_R_SUCCESS);

+cleanup_init:

+	ENGINE_finish(e);

 cleanup_rm:

 	if (e != NULL) {

 		ENGINE_free(e);

@@ -108,6 +114,7 @@ void

 dst__openssl_destroy(void) {

 #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000

 	if (e != NULL) {

+		ENGINE_finish(e);

 		ENGINE_free(e);

 	}

 	e = NULL;

-- 

2.37.2