diff --git a/tests/hwsim/test_eap_proto.py b/tests/hwsim/test_eap_proto.py
index 0aa292c37..50d898a18 100644
--- a/tests/hwsim/test_eap_proto.py
+++ b/tests/hwsim/test_eap_proto.py
@@ -82,6 +82,22 @@ def add_message_authenticator_attr(reply, digest):
         digest = b"0x" + binascii.hexlify(digest)
     reply.AddAttribute("Message-Authenticator", digest)
 
+def build_message_auth(pkt, reply):
+    hmac_obj = hmac.new(reply.secret, digestmod=hashlib.md5)
+    hmac_obj.update(struct.pack("B", reply.code))
+    hmac_obj.update(struct.pack("B", reply.id))
+
+    reply.AddAttribute("Message-Authenticator", 16*b'\x00')
+    attrs = reply._PktEncodeAttributes()
+
+    # Length
+    flen = 4 + 16 + len(attrs)
+    hmac_obj.update(struct.pack(">H", flen))
+    hmac_obj.update(pkt.authenticator)
+    hmac_obj.update(attrs)
+    del reply[80]
+    add_message_authenticator_attr(reply, hmac_obj.digest())
+
 def run_pyrad_server(srv, t_stop, eap_handler):
     srv.RunWithStop(t_stop, eap_handler)
 
@@ -113,21 +129,8 @@ def start_radius_server(eap_handler):
                 logger.info("No EAP request available")
             reply.code = pyrad.packet.AccessChallenge
 
-            hmac_obj = hmac.new(reply.secret, digestmod=hashlib.md5)
-            hmac_obj.update(struct.pack("B", reply.code))
-            hmac_obj.update(struct.pack("B", reply.id))
-
             # reply attributes
-            reply.AddAttribute("Message-Authenticator", 16*b'\x00')
-            attrs = reply._PktEncodeAttributes()
-
-            # Length
-            flen = 4 + 16 + len(attrs)
-            hmac_obj.update(struct.pack(">H", flen))
-            hmac_obj.update(pkt.authenticator)
-            hmac_obj.update(attrs)
-            del reply[80]
-            add_message_authenticator_attr(reply, hmac_obj.digest())
+            build_message_auth(pkt, reply)
 
             self.SendReplyPacket(pkt.fd, reply)
 
diff --git a/tests/hwsim/test_radius.py b/tests/hwsim/test_radius.py
index a98a75a5e..cfa8378c2 100644
--- a/tests/hwsim/test_radius.py
+++ b/tests/hwsim/test_radius.py
@@ -22,7 +22,7 @@ import hostapd
 from utils import *
 from test_ap_hs20 import build_dhcp_ack
 from test_ap_ft import ft_params1
-from test_eap_proto import add_message_authenticator_attr
+from test_eap_proto import add_message_authenticator_attr, build_message_auth
 
 def connect(dev, ssid, wait_connect=True):
     dev.connect(ssid, key_mgmt="WPA-EAP", scan_freq="2412",
@@ -1233,6 +1233,8 @@ def start_radius_psk_server(psk, invalid_code=False, acct_interim_interval=0,
             if self.t_events['session_timeout']:
                 reply.AddAttribute("Session-Timeout",
                                    self.t_events['session_timeout'])
+            build_message_auth(pkt, reply)
+
             self.SendReplyPacket(pkt.fd, reply)
 
         def RunWithStop(self, t_events):
@@ -1587,6 +1589,7 @@ def test_ap_vlan_wpa2_psk_radius_required(dev, apdev):
                 reply.AddAttribute("Tunnel-Type", 13)
                 reply.AddAttribute("Tunnel-Medium-Type", 6)
                 reply.AddAttribute("Tunnel-Private-Group-ID", "1")
+            build_message_auth(pkt, reply)
             self.SendReplyPacket(pkt.fd, reply)
 
         def RunWithStop(self, t_events):