diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index aece47d01..9451e528f 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -148,17 +148,23 @@ psa_status_t psa_load_se_persistent_data( { psa_status_t status; psa_storage_uid_t uid; + size_t length; status = psa_get_se_driver_its_file_uid( driver, &uid ); if( status != PSA_SUCCESS ) return( status ); + /* Read the amount of persistent data that the driver requests. + * If the data in storage is larger, it is truncated. If the data + * in storage is smaller, silently keep what is already at the end + * of the output buffer. */ /* psa_get_se_driver_its_file_uid ensures that the size_t * persistent_data_size is in range, but compilers don't know that, * so cast to reassure them. */ return( psa_its_get( uid, 0, (uint32_t) driver->internal.persistent_data_size, - driver->internal.persistent_data ) ); + driver->internal.persistent_data, + &length ) ); } psa_status_t psa_save_se_persistent_data( diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 43a19b3c6..687d22a9c 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -437,9 +437,16 @@ psa_status_t psa_crypto_save_transaction( void ) psa_status_t psa_crypto_load_transaction( void ) { - return( psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0, - sizeof( psa_crypto_transaction ), - &psa_crypto_transaction ) ); + psa_status_t status; + size_t length; + status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0, + sizeof( psa_crypto_transaction ), + &psa_crypto_transaction, &length ); + if( status != PSA_SUCCESS ) + return( status ); + if( length != sizeof( psa_crypto_transaction ) ) + return( PSA_ERROR_STORAGE_FAILURE ); + return( PSA_SUCCESS ); } psa_status_t psa_crypto_stop_transaction( void )