diff --git a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
index dc0474e4..01596307 100644
--- a/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
+++ b/libwvdrmengine/oemcrypto/test/oec_session_util.cpp
@@ -1009,7 +1009,7 @@ void Session::GenerateDerivedKeysFromSessionKey() {
   // Uses test certificate.
   vector<uint8_t> session_key;
   vector<uint8_t> enc_session_key;
-  if (public_rsa_ == nullptr) PreparePublicKey();
+  ASSERT_NE(public_rsa_, nullptr) << "No public RSA key loaded in test code.";
   // A failure here probably indicates that there is something wrong with the
   // test program and its dependency on BoringSSL.
   ASSERT_TRUE(GenerateRSASessionKey(&session_key, &enc_session_key));
@@ -1297,12 +1297,11 @@ void Session::VerifyRSASignature(const vector<uint8_t>& message,
                                  const uint8_t* signature,
                                  size_t signature_length,
                                  RSA_Padding_Scheme padding_scheme) {
-  EXPECT_TRUE(nullptr != public_rsa_)
-      << "No public RSA key loaded in test code.\n";
+  ASSERT_NE(public_rsa_, nullptr) << "No public RSA key loaded in test code.";
 
-  EXPECT_EQ(static_cast<size_t>(RSA_size(public_rsa_)), signature_length)
+  ASSERT_EQ(static_cast<size_t>(RSA_size(public_rsa_)), signature_length)
       << "Signature size is wrong. " << signature_length << ", should be "
-      << RSA_size(public_rsa_) << "\n";
+      << RSA_size(public_rsa_);
 
   if (padding_scheme == kSign_RSASSA_PSS) {
     boringssl_ptr<EVP_PKEY, EVP_PKEY_free> pkey(EVP_PKEY_new());
diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
index 9e2bc7e7..da8d5ec2 100644
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_session_tests_helper.cpp
@@ -81,6 +81,6 @@ void SessionUtil::InstallTestRSAKey(Session* s) {
     ASSERT_NO_FATAL_FAILURE(s->InstallRSASessionTestKey(wrapped_rsa_key_));
   }
   // Test RSA key should be loaded.
-  ASSERT_NO_FATAL_FAILURE(s->GenerateDerivedKeysFromSessionKey());
+  ASSERT_NO_FATAL_FAILURE(s->PreparePublicKey());
 }
 }  // namespace wvoec
diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
index 3526d57f..e584e20f 100644
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -688,6 +688,7 @@ TEST_F(OEMCryptoProv30Test, GetCertOnlyAPI16) {
   ASSERT_NO_FATAL_FAILURE(s.open());
   // Install the DRM Cert's RSA key.
   ASSERT_NO_FATAL_FAILURE(s.InstallRSASessionTestKey(wrapped_rsa_key_));
+  ASSERT_NO_FATAL_FAILURE(s.PreparePublicKey());
   // Request the OEM Cert. -- This should NOT load the OEM Private key.
   vector<uint8_t> public_cert;
   size_t public_cert_length = 0;
@@ -4885,6 +4886,7 @@ class LicenseWithUsageEntry {
     ASSERT_NO_FATAL_FAILURE(session_.open());
     ASSERT_NO_FATAL_FAILURE(session_.ReloadUsageEntry());
     ASSERT_NO_FATAL_FAILURE(util->InstallTestRSAKey(&session_));
+    ASSERT_NO_FATAL_FAILURE(session_.GenerateDerivedKeysFromSessionKey());
     ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
   }
 
@@ -6008,6 +6010,7 @@ TEST_P(OEMCryptoUsageTableTest, ReloadUsageTableWithSkew) {
                                      old_usage_entry_1.data(),
                                      old_usage_entry_1.size()));
   ASSERT_NO_FATAL_FAILURE(InstallTestRSAKey(&s));
+  ASSERT_NO_FATAL_FAILURE(s.GenerateDerivedKeysFromSessionKey());
   ASSERT_EQ(OEMCrypto_SUCCESS, entry.license_messages().LoadResponse());
 }