diff --git a/src/aes/openssl/aes.c b/src/aes/openssl/aes.c
index 287a182..f991fdf 100644
--- a/src/aes/openssl/aes.c
+++ b/src/aes/openssl/aes.c
@@ -6,6 +6,7 @@
 #include <string.h>
 #include <openssl/aes.h>
 #include <openssl/evp.h>
+#include <openssl/err.h>
 #include <re_types.h>
 #include <re_fmt.h>
 #include <re_mem.h>
@@ -60,8 +61,10 @@ int aes_alloc(struct aes **aesp, enum aes_mode mode,
 	}
 
 	r = EVP_EncryptInit_ex(&st->ctx, cipher, NULL, key, iv);
-	if (!r)
+	if (!r) {
+		ERR_clear_error();
 		err = EPROTO;
+	}
 
  out:
 	if (err)
@@ -75,11 +78,14 @@ int aes_alloc(struct aes **aesp, enum aes_mode mode,
 
 void aes_set_iv(struct aes *aes, const uint8_t iv[AES_BLOCK_SIZE])
 {
-	if (!aes)
+	int r;
+
+	if (!aes || !iv)
 		return;
 
-	if (iv)
-		(void)EVP_EncryptInit_ex(&aes->ctx, NULL, NULL, NULL, iv);
+	r = EVP_EncryptInit_ex(&aes->ctx, NULL, NULL, NULL, iv);
+	if (!r)
+		ERR_clear_error();
 }
 
 
@@ -90,8 +96,10 @@ int aes_encr(struct aes *aes, uint8_t *out, const uint8_t *in, size_t len)
 	if (!aes || !out || !in || !len)
 		return EINVAL;
 
-	if (!EVP_EncryptUpdate(&aes->ctx, out, &c_len, in, (int)len))
+	if (!EVP_EncryptUpdate(&aes->ctx, out, &c_len, in, (int)len)) {
+		ERR_clear_error();
 		return EPROTO;
+	}
 
 	return 0;
 }
diff --git a/src/hmac/openssl/hmac.c b/src/hmac/openssl/hmac.c
index 4735ca8..1701a8c 100644
--- a/src/hmac/openssl/hmac.c
+++ b/src/hmac/openssl/hmac.c
@@ -5,6 +5,7 @@
  */
 
 #include <openssl/hmac.h>
+#include <openssl/err.h>
 #include <re_types.h>
 #include <re_mem.h>
 #include <re_hmac.h>
@@ -42,8 +43,10 @@ int hmac_create(struct hmac **hmacp, enum hmac_hash hash,
 	HMAC_CTX_init(&hmac->ctx);
 
 #if (OPENSSL_VERSION_NUMBER >= 0x00909000)
-	if (!HMAC_Init_ex(&hmac->ctx, key, (int)key_len, EVP_sha1(), NULL))
+	if (!HMAC_Init_ex(&hmac->ctx, key, (int)key_len, EVP_sha1(), NULL)) {
+		ERR_clear_error();
 		err = EPROTO;
+	}
 #else
 	HMAC_Init_ex(&hmac->ctx, key, (int)key_len, EVP_sha1(), NULL);
 #endif
@@ -68,19 +71,26 @@ int hmac_digest(struct hmac *hmac, uint8_t *md, size_t md_len,
 #if (OPENSSL_VERSION_NUMBER >= 0x00909000)
 	/* the HMAC context must be reset here */
 	if (!HMAC_Init_ex(&hmac->ctx, 0, 0, 0, NULL))
-		return EPROTO;
+		goto error;
 
 	if (!HMAC_Update(&hmac->ctx, data, (int)data_len))
-		return EPROTO;
+		goto error;
 	if (!HMAC_Final(&hmac->ctx, md, &len))
-		return EPROTO;
+		goto error;
+
+	return 0;
+
+ error:
+	ERR_clear_error();
+	return EPROTO;
+
 #else
 	/* the HMAC context must be reset here */
 	HMAC_Init_ex(&hmac->ctx, 0, 0, 0, NULL);
 
 	HMAC_Update(&hmac->ctx, data, (int)data_len);
 	HMAC_Final(&hmac->ctx, md, &len);
-#endif
 
 	return 0;
+#endif
 }