diff --git a/tests/api.c b/tests/api.c
index c66f2170f..6fb012986 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -18313,6 +18313,8 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
 #if defined(HAVE_PKCS7)
 #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) || \
      !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
+    /* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure.
+     * Reserve a bit more than that in case it might grow. */
     byte rid[256];
     byte cms[1024];
     XFILE cmsFile = XBADFILE;
@@ -18342,6 +18344,7 @@ static int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
         ret = wc_PKCS7_GetEnvelopedDataKariRid(cms, cmsSz, rid, &ridSz);
     }
     ExpectIntEQ(ret, 0);
+    ExpectIntLT(ridSz, sizeof(rid));
     ExpectIntGT(ridSz, ridKeyIdentifierOffset);
     /* The Subject Key Identifier hex file should have 2 hex characters for each
      * byte of the key identifier in the returned recipient ID (rid), plus a