diff --git a/ibmswtpm2-fix-empty-decrypt.patch b/ibmswtpm2-fix-empty-decrypt.patch
new file mode 100644
index 0000000..3f55682
--- /dev/null
+++ b/ibmswtpm2-fix-empty-decrypt.patch
@@ -0,0 +1,13 @@
+Index: ibmswtpm2-1119/src/CryptRsa.c
+===================================================================
+--- ibmswtpm2-1119.orig/src/CryptRsa.c
++++ ibmswtpm2-1119/src/CryptRsa.c
+@@ -469,7 +469,7 @@ RSAES_Decode(
+     pSize++;
+     // Make sure that pSize has not gone over the end and that there are at least 8
+     // bytes of pad data.
+-    fail = (pSize >= coded->size) | fail;
++    fail = (pSize > coded->size) | fail;
+     fail = ((pSize - 2) < 8) | fail;
+     if((message->size < (UINT16)(coded->size - pSize)) || fail)
+ 	return TPM_RC_VALUE;
diff --git a/ibmswtpm2.changes b/ibmswtpm2.changes
index 75a2e02..abdc39a 100644
--- a/ibmswtpm2.changes
+++ b/ibmswtpm2.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Dec 23 12:06:22 UTC 2019 - mgerstner <matthias.gerstner@suse.com>
+
+- Add ibmswtpm2-fix-empty-decrypt.patch: Fix a corner case in the emulator
+  that causes an error when trying to RSA-decrypt an empty message
+  (bsc#1159510). This fix was confirmed to be by the upstream author and is
+  supposed to be contained in the next release.
+
 -------------------------------------------------------------------
 Thu Jul  4 17:02:41 UTC 2019 - Michal Suchanek <msuchanek@suse.de>
 
diff --git a/ibmswtpm2.spec b/ibmswtpm2.spec
index a62d70d..c1054d8 100644
--- a/ibmswtpm2.spec
+++ b/ibmswtpm2.spec
@@ -34,6 +34,7 @@ URL:            https://sourceforge.net/projects/ibmswtpm2
 Source:         https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{version}.tar.gz
 Patch1:         makefile.patch
 Patch2:         ibmswtpm2-fix-uninitialized.patch
+Patch3:         ibmswtpm2-fix-empty-decrypt.patch
 BuildRequires:  libopenssl-devel >= 1.0
 
 %description