diff --git a/programs/psa/aead_cipher_psa.c b/programs/psa/aead_cipher_psa.c
index 61f053033..a2b47d13d 100644
--- a/programs/psa/aead_cipher_psa.c
+++ b/programs/psa/aead_cipher_psa.c
@@ -67,11 +67,15 @@ const unsigned char iv1[12] = { 0x00 };
 const unsigned char add_data1[] = { 0x01, 0x02 };
 const unsigned char msg1_part1[] = { 0x03, 0x04 };
 const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
+const size_t msg1_size = sizeof( msg1_part1 ) + sizeof( msg1_part2 );
 
 const unsigned char iv2[12] = { 0x10 };
 const unsigned char add_data2[] = { 0x11, 0x12 };
 const unsigned char msg2_part1[] = { 0x13, 0x14 };
 const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
+const size_t msg2_size = sizeof( msg2_part1 ) + sizeof( msg2_part2 );
+
+const size_t msg_max_size = msg1_size > msg2_size ? msg1_size : msg2_size;
 
 const unsigned char key_bytes[32] = { 0x2a };
 
@@ -152,7 +156,7 @@ static int cipher_encrypt( mbedtls_cipher_context_t *ctx, size_t tag_len,
 {
     int ret;
     size_t olen;
-    unsigned char out[32];
+    unsigned char out[msg_max_size + 16];
     unsigned char *p = out;
 
     CHK( mbedtls_cipher_set_iv( ctx, iv, iv_len ) );
@@ -286,9 +290,9 @@ static int aead_encrypt( psa_key_id_t key, psa_algorithm_t alg,
 {
     psa_status_t status;
     size_t olen, olen_tag;
-    unsigned char out[32];
+    unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(msg_max_size)];
     unsigned char *p = out, *end = out + sizeof( out );
-    unsigned char tag[16];
+    unsigned char tag[PSA_AEAD_TAG_MAX_SIZE];
 
     psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT;
     CHK( psa_aead_encrypt_setup( &op, key, alg ) );