tpm2: Only call EVP_PKEY_CTX_set0_rsa_oaep_label when label != NULL (OSSL 3)

EVP_PKEY_CTX_set0_rsa_oaep_label must only be called with label != NULL.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c
index 77ed123e630dcf5190e19d39230966b6dc486e1c..4ed04384feb0f69c0d9affec47266946a0dc4336 100644 (file)
--- a/src/tpm2/crypto/openssl/CryptRsa.c
+++ b/src/tpm2/crypto/openssl/CryptRsa.c
@@ -1443,11 +1443,11 @@ CryptRsaDecrypt(
                 if (tmp == NULL)
                     ERROR_RETURN(TPM_RC_FAILURE);
                 memcpy(tmp, label->buffer, label->size);
-            }
 
-            if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
-                ERROR_RETURN(TPM_RC_FAILURE);
-            tmp = NULL;
+                if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, tmp, label->size) <= 0)
+                    ERROR_RETURN(TPM_RC_FAILURE);
+                tmp = NULL;
+            }
             break;
          default:
             ERROR_RETURN(TPM_RC_SCHEME);