diff --git a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
index 8612bdae..580dffbe 100644
--- a/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
+++ b/libwvdrmengine/oemcrypto/test/oemcrypto_test.cpp
@@ -4555,6 +4555,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange1_API16) {
   provisioning_messages.PrepareSession(keybox_);
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
   provisioning_messages.core_response().enc_private_key.offset =
       provisioning_messages.encrypted_response_buffer().size() + 1;
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
@@ -4570,6 +4572,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange2_API16) {
   provisioning_messages.PrepareSession(keybox_);
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
   provisioning_messages.core_response().enc_private_key_iv.offset =
       provisioning_messages.encrypted_response_buffer().size() + 1;
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
@@ -4585,6 +4589,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange3_API16) {
   provisioning_messages.PrepareSession(keybox_);
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
   // If the offset is before the end, but the offset+length is bigger, then
   // the message should be rejected.
   provisioning_messages.core_response().enc_private_key.offset =
@@ -4602,6 +4608,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange4_API16) {
   provisioning_messages.PrepareSession(keybox_);
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
   // If the offset is before the end, but the offset+length is bigger, then
   // the message should be rejected.
   provisioning_messages.core_response().enc_private_key_iv.offset =
@@ -4619,6 +4627,8 @@ TEST_F(OEMCryptoLoadsCertificate, CertificateProvisionBadRange5Prov30_API16) {
   provisioning_messages.PrepareSession(keybox_);
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.SignAndVerifyRequest());
   ASSERT_NO_FATAL_FAILURE(provisioning_messages.CreateDefaultResponse());
+  // Encrypt and sign once, so that we can use the size of the response.
+  ASSERT_NO_FATAL_FAILURE(provisioning_messages.EncryptAndSignResponse());
   // If the offset is before the end, but the offset+length is bigger, then
   // the message should be rejected.
   provisioning_messages.core_response().encrypted_message_key.offset =