diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
index ed30bb5410..5fbf110dd9 100644
--- a/tests/suites/test_suite_ssl_decrypt.function
+++ b/tests/suites/test_suite_ssl_decrypt.function
@@ -40,8 +40,6 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
     size_t buflen, olen = 0;
     size_t plaintext_len, block_size, i;
     unsigned char padlen; /* excluding the padding_length byte */
-    unsigned char add_data[13];
-    unsigned char mac[MBEDTLS_MD_MAX_SIZE];
     int exp_ret;
     const unsigned char pad_max_len = 255; /* Per the standard */
 
@@ -102,14 +100,6 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
     rec.data_len = plaintext_len;
     memset(rec.buf + rec.data_offset, 42, rec.data_len);
 
-    /* Serialized version of record header for MAC purposes */
-    memcpy(add_data, rec.ctr, 8);
-    add_data[8] = rec.type;
-    add_data[9] = rec.ver[0];
-    add_data[10] = rec.ver[1];
-    add_data[11] = (rec.data_len >> 8) & 0xff;
-    add_data[12] = (rec.data_len >> 0) & 0xff;
-
     /* Set dummy IV */
     memset(t0.iv_enc, 0x55, t0.ivlen);
     memcpy(rec.buf, t0.iv_enc, t0.ivlen);
@@ -117,16 +107,30 @@ void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac,
     /*
      * Prepare a pre-encryption record (with MAC and padding), and save it.
      */
+    mbedtls_ssl_transform *transform_out = &t0;
+    mbedtls_record *record = &rec;
+
+    /* Serialized version of record header for MAC purposes */
+    unsigned char add_data[13];
+    memcpy(add_data, record->ctr, 8);
+    add_data[8] = record->type;
+    add_data[9] = record->ver[0];
+    add_data[10] = record->ver[1];
+    add_data[11] = (record->data_len >> 8) & 0xff;
+    add_data[12] = (record->data_len >> 0) & 0xff;
 
     /* MAC with additional data */
-    TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13));
-    TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc,
-                                         rec.buf + rec.data_offset,
-                                         rec.data_len));
-    TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac));
-
-    memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen);
-    rec.data_len += t0.maclen;
+    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
+    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
+                                         record->buf + record->data_offset,
+                                         record->data_len));
+    /* Use a temporary buffer for the MAC, because with the truncated HMAC
+     * extension, there might not be enough room in the record for the
+     * full-length MAC. */
+    unsigned char mac[MBEDTLS_MD_MAX_SIZE];
+    TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
+    memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
+    record->data_len += transform_out->maclen;
 
     /* Pad */
     memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1);