diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 7d8a4830..94385a0d 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -29,6 +29,7 @@ jobs:
             test-wrapper
             thkdf
             toaepsha2
+            top_state
             tpubkey
             trand
             trsapss
diff --git a/.gitignore b/.gitignore
index 916f1ffc..97a8f39a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,7 @@ tests/openssl.cnf.softhsm
 tests/tmp.softhsm
 tests/tmp.softokn
 tests/tdigests
+tests/tdigest_dupctx
 tests/tsession
 tests/tgenkey
 tests/treadkeys
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 1f9b7100..83a58b90 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -10,7 +10,7 @@ testssrcdir=@abs_srcdir@
 #VALGRIND_SUPPRESSIONS_FILES = $(top_srcdir)/tests/pkcs11-provider.supp
 VALGRIND_FLAGS = --num-callers=30 -q --keep-debuginfo=yes
 
-check_PROGRAMS = tsession tgenkey tlsctx tdigests treadkeys tcmpkeys tfork pincache
+check_PROGRAMS = tsession tgenkey tlsctx tdigests tdigest_dupctx treadkeys tcmpkeys tfork pincache
 
 tsession_SOURCES = tsession.c
 tsession_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS)
@@ -28,6 +28,10 @@ tdigests_SOURCES = tdigests.c
 tdigests_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS)
 tdigests_LDADD = $(OPENSSL_LIBS)
 
+tdigest_dupctx_SOURCES = tdigest_dupctx.c
+tdigest_dupctx_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS)
+tdigest_dupctx_LDADD = $(OPENSSL_LIBS)
+
 treadkeys_SOURCES = treadkeys.c
 treadkeys_CFLAGS = $(STD_CFLAGS) $(OPENSSL_CFLAGS)
 treadkeys_LDADD = $(OPENSSL_LIBS)
@@ -63,7 +67,7 @@ dist_check_SCRIPTS = \
 	helpers.sh setup-softhsm.sh setup-softokn.sh softhsm-proxy.sh \
 	test-wrapper tbasic tcerts tecc tecdh tedwards tdemoca thkdf \
 	toaepsha2 trsapss tdigest ttls tpubkey tfork turi trand tecxc \
-	tcms
+	tcms top_state
 
 test_LIST = \
 	basic-softokn.t basic-softhsm.t \
@@ -85,7 +89,8 @@ test_LIST = \
 	tls-softokn.t tls-softhsm.t \
 	uri-softokn.t uri-softhsm.t \
 	ecxc-softhsm.t \
-	cms-softokn.t
+	cms-softokn.t \
+	op_state-softhsm.t
 
 .PHONY: $(test_LIST)
 
diff --git a/tests/tdigest_dupctx.c b/tests/tdigest_dupctx.c
new file mode 100644
index 00000000..1e38c531
--- /dev/null
+++ b/tests/tdigest_dupctx.c
@@ -0,0 +1,54 @@
+/* Copyright (C) 2022 Simo Sorce <simo@redhat.com>
+   SPDX-License-Identifier: Apache-2.0 */
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/provider.h>
+
+#define EXIT_TEST_SKIPPED 77
+
+int main(int argc, char *argv[])
+{
+    const char *propq = "provider=pkcs11";
+    const char *digest = "sha256";
+    const char *provname;
+    const OSSL_PROVIDER *pk11prov;
+
+    EVP_MD *pk11md = EVP_MD_fetch(NULL, digest, propq);
+    if (!pk11md) {
+        fprintf(stderr, "%s: Unsupported by pkcs11 token\n", digest);
+        exit(EXIT_FAILURE);
+    }
+
+    pk11prov = EVP_MD_get0_provider(pk11md);
+    provname = OSSL_PROVIDER_get0_name(pk11prov);
+
+    if (strcmp(provname, "pkcs11") != 0) {
+        fprintf(stderr, "%s: Not a pkcs11 method, provider=%s\n", digest,
+                provname);
+        EVP_MD_free(pk11md);
+        exit(EXIT_FAILURE);
+    }
+
+    EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+    EVP_DigestInit_ex(mdctx, pk11md, NULL);
+
+    EVP_MD_CTX *mdctx_dup = EVP_MD_CTX_new();
+    EVP_MD_CTX_copy(mdctx_dup, mdctx);
+
+    char error_string[2048];
+    ERR_error_string_n(ERR_peek_last_error(), error_string,
+                       sizeof error_string);
+    printf("%s\n", error_string);
+
+    EVP_MD_CTX_free(mdctx);
+    EVP_MD_CTX_free(mdctx_dup);
+
+    EVP_MD_free(pk11md);
+
+    exit(EXIT_SUCCESS);
+}
diff --git a/tests/top_state b/tests/top_state
new file mode 100755
index 00000000..cd734a25
--- /dev/null
+++ b/tests/top_state
@@ -0,0 +1,25 @@
+#!/bin/bash -e
+# Copyright (C) 2022 Simo Sorce <simo@redhat.com>
+# SPDX-License-Identifier: Apache-2.0
+
+source "${TESTSSRCDIR}/helpers.sh"
+
+title PARA "OSSL error stack has error from failing C_Get/SetOperationState"
+# We need to configure early loading otherwise no digests are loaded,
+# and all checks are skipped
+sed "s/#pkcs11-module-load-behavior/pkcs11-module-load-behavior = early/" \
+    "${OPENSSL_CONF}" > "${OPENSSL_CONF}.op_state.early_load"
+OPENSSL_CONF=${OPENSSL_CONF}.op_state.early_load
+
+$CHECKER ./tdigest_dupctx | grep -e "error:.*:pkcs11::reason(84)"
+
+
+title PARA "No error is logged when quirk no-operation-state is enabled"
+sed "s/pkcs11-module-quirks = /pkcs11-module-quirks = no-operation-state /" \
+    "${OPENSSL_CONF}" > "${OPENSSL_CONF}.no_op_state"
+OPENSSL_CONF=${OPENSSL_CONF}.no_op_state
+
+title PARA "Test Digests support"
+$CHECKER ./tdigest_dupctx | grep -e "error:.*:lib(0)::reason(0)"
+
+exit 0