Clearning the error stack at the very end will get rid of any other
optional fetch failures since fetch failures are treated as-if they are
unsupported by the provider.
/* We _must_ have HMAC */
evp_hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
if (evp_hmac == NULL) {
- ERR_clear_error();
FATAL_ERROR("OpenSSL failed to find an HMAC implementation. "
"Please make sure the default provider has an "
"EVP_MAC-HMAC implementation");
evp_hkdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_HKDF, NULL);
if (evp_hkdf == NULL) {
- ERR_clear_error();
FATAL_ERROR("OpenSSL failed to find an HKDF implementation. "
"Please make sure the default provider has an "
"EVP_KDF-HKDF implementation");
}
+ ERR_clear_error();
+
return ISC_R_SUCCESS;
}