From de8a3cc6f62c298c9b5b98507a07845fbfb13614 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Tue, 14 Sep 2021 22:23:17 -0400
Subject: [PATCH] tpm2: Only call EVP_PKEY_CTX_set0_rsa_oaep_label when label
 != NULL (OSSL 3)

EVP_PKEY_CTX_set0_rsa_oaep_label must only be called with label != NULL.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/tpm2/crypto/openssl/CryptRsa.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index 51726ceb..a761e77d 100644
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1443,11 +1443,11 @@ CryptRsaDecrypt(
                 if (tmp == NULL)
                     ERROR_RETURN(TPM_RC_FAILURE);
                 memcpy(tmp, label->buffer, label->size);
-            }
 
-            if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
-                ERROR_RETURN(TPM_RC_FAILURE);
-            tmp = NULL;
+                if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
+                    ERROR_RETURN(TPM_RC_FAILURE);
+                tmp = NULL;
+            }
             break;
 	  default:
             ERROR_RETURN(TPM_RC_SCHEME);