diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5dd93af9b..ab4d18fb9 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3401,14 +3401,13 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
     if( operation->id == 0 )
-    {
         return( PSA_ERROR_BAD_STATE );
-    }
 
     if( operation->iv_set || ! operation->iv_required )
-    {
         return( PSA_ERROR_BAD_STATE );
-    }
+
+    if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
+        return( PSA_ERROR_INVALID_ARGUMENT );
 
     status = psa_driver_wrapper_cipher_set_iv( operation,
                                                iv,
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index 3130e8b18..72c3f4762 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -138,7 +138,9 @@ psa_status_t mbedtls_psa_cipher_generate_iv(
  *
  * \param[in,out] operation     Active cipher operation.
  * \param[in] iv                Buffer containing the IV to use.
- * \param[in] iv_length         Size of the IV in bytes.
+ * \param[in] iv_length         Size of the IV in bytes. It is guaranteed by
+ *                              the core to be less or equal to
+ *                              PSA_CIPHER_IV_MAX_SIZE.
  *
  * \retval #PSA_SUCCESS
  * \retval #PSA_ERROR_INVALID_ARGUMENT