Cleanup OpenSSL reference on bad domain name

Free/detach tsigkey and sig0key when exiting and then call
dst_lib_destroy if we have previously called dst_lib_init.  This will,
in theory, allow OPENSSL_cleanup to free all memory.

bin/dig/dighost.c

@@ -227,6 +227,9 @@ clear_current_lookup(void);
 static bool
 next_origin(dig_lookup_t *oldlookup);
 
+static void
+cleanup_openssl_refs(void);
+
 static int
 count_dots(char *string) {
 	char *s;
@@ -2334,6 +2337,7 @@ setup_lookup(dig_lookup_t *lookup) {
 				clear_current_lookup();
 				return (false);
 #else  /* if TARGET_OS_IPHONE */
+				cleanup_openssl_refs();
 				digexit();
 #endif /* if TARGET_OS_IPHONE */
 			}
@@ -4660,6 +4664,25 @@ cancel_all(void) {
 	}
 }
 
+static void
+cleanup_openssl_refs(void) {
+	if (tsigkey != NULL) {
+		debug("freeing TSIG key %p", tsigkey);
+		dns_tsigkey_detach(&tsigkey);
+	}
+
+	if (sig0key != NULL) {
+		debug("freeing SIG(0) key %p", sig0key);
+		dst_key_free(&sig0key);
+	}
+
+	if (is_dst_up) {
+		debug("destroy DST lib");
+		dst_lib_destroy();
+		is_dst_up = false;
+	}
+}
+
 /*%
  * Destroy all of the libs we are using, and get everything ready for a
  * clean shutdown.
@@ -4681,27 +4704,13 @@ destroy_libs(void) {
 
 	clear_searchlist();
 
-	if (tsigkey != NULL) {
+	cleanup_openssl_refs();
-		debug("freeing TSIG key %p", tsigkey);
-		dns_tsigkey_detach(&tsigkey);
-	}
-
-	if (sig0key != NULL) {
-		debug("freeing SIG(0) key %p", sig0key);
-		dst_key_free(&sig0key);
-	}
 
 	if (namebuf != NULL) {
 		debug("freeing key %p", tsigkey);
 		isc_buffer_free(&namebuf);
 	}
 
-	if (is_dst_up) {
-		debug("destroy DST lib");
-		dst_lib_destroy();
-		is_dst_up = false;
-	}
-
 	debug("Removing log context");
 	isc_log_destroy(&lctx);