diff --git a/libwvdrmengine/cdm/core/src/crypto_session.cpp b/libwvdrmengine/cdm/core/src/crypto_session.cpp
index 6cefeaa3..f8e11ad2 100644
--- a/libwvdrmengine/cdm/core/src/crypto_session.cpp
+++ b/libwvdrmengine/cdm/core/src/crypto_session.cpp
@@ -1447,8 +1447,13 @@ CdmResponseType CryptoSession::GetBootCertificateChain(
           &additional_signature_length);
     });
   }
-  return MapOEMCryptoResult(sts, GET_BOOT_CERTIFICATE_CHAIN_ERROR,
-                            "GetBootCertificateChain");
+  if (sts != OEMCrypto_SUCCESS) {
+    return MapOEMCryptoResult(sts, GET_BOOT_CERTIFICATE_CHAIN_ERROR,
+                              "GetBootCertificateChain");
+  }
+  bcc->resize(bcc_length);
+  additional_signature->resize(additional_signature_length);
+  return NO_ERROR;
 }
 
 CdmResponseType CryptoSession::GenerateCertificateKeyPair(
@@ -1494,6 +1499,11 @@ CdmResponseType CryptoSession::GenerateCertificateKeyPair(
             &wrapped_private_key_length, &oemcrypto_key_type),
         metrics_, oemcrypto_generate_certificate_key_pair_, status);
   });
+  if (status != OEMCrypto_SUCCESS) {
+    return MapOEMCryptoResult(status, GENERATE_CERTIFICATE_KEY_PAIR_ERROR,
+                              "GenerateCertificateKeyPair");
+  }
+
   public_key->resize(public_key_length);
   public_key_signature->resize(public_key_signature_length);
   wrapped_private_key->resize(wrapped_private_key_length);
@@ -1505,13 +1515,10 @@ CdmResponseType CryptoSession::GenerateCertificateKeyPair(
   } else {
     LOGE("Unexpected key type returned from GenerateCertificateKeyPair: %d",
          static_cast<int>(oemcrypto_key_type));
-    return MapOEMCryptoResult(status,
-                              GENERATE_CERTIFICATE_KEY_PAIR_UNKNOWN_TYPE_ERROR,
-                              "GenerateCertificateKeyPair");
+    return GENERATE_CERTIFICATE_KEY_PAIR_UNKNOWN_TYPE_ERROR;
   }
 
-  return MapOEMCryptoResult(status, GENERATE_CERTIFICATE_KEY_PAIR_ERROR,
-                            "GenerateCertificateKeyPair");
+  return NO_ERROR;
 }
 
 CdmResponseType CryptoSession::LoadOemCertificatePrivateKey(
@@ -1539,7 +1546,9 @@ CdmResponseType CryptoSession::LoadOemCertificatePrivateKey(
 // Private.
 CdmResponseType CryptoSession::SelectKey(const std::string& key_id,
                                          CdmCipherMode cipher_mode) {
+  RETURN_IF_NOT_OPEN(CRYPTO_SESSION_NOT_OPEN);
   const OEMCryptoResult sts = WithOecSessionLock("SelectKey", [&] {
+    RETURN_IF_NULL(key_session_, OEMCrypto_ERROR_INVALID_SESSION);
     return key_session_->SelectKey(key_id, cipher_mode);
   });