Fix invalid malloc failures in PEM_write_bio_PKCS8PrivateKey()

When `PEM_write_bio_PKCS8PrivateKey()` was passed an empty passphrase
string, `OPENSSL_memdup()` was incorrectly getting used for 0 bytes size
allocation, which resulted in malloc failures.

Fixes: https://github.com/openssl/openssl/issues/17506

Signed-off-by: Darshan Sen <raisinten@gmail.com>

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17507)

2 files changed, 3 insertions, 2 deletions

diff --git a/crypto/passphrase.c b/crypto/passphrase.c
index cb1bc66958..830872953a 100644
--- a/crypto/passphrase.c
+++ b/crypto/passphrase.c
@@ -41,7 +41,8 @@ int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data,
     ossl_pw_clear_passphrase_data(data);
     data->type = is_expl_passphrase;
     data->_.expl_passphrase.passphrase_copy =
-        OPENSSL_memdup(passphrase, passphrase_len);
+        passphrase_len != 0 ? OPENSSL_memdup(passphrase, passphrase_len)
+                            : OPENSSL_malloc(1);
     if (data->_.expl_passphrase.passphrase_copy == NULL) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
         return 0;
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 58769d68a3..871472cd32 100644
--- a/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
@@ -114,7 +114,7 @@ static int ui_read(UI *ui, UI_STRING *uis)
 
             if (len >= 0)
                 result[len] = '\0';
-            if (len <= 0)
+            if (len < 0)
                 return len;
             if (UI_set_result_ex(ui, uis, result, len) >= 0)
                 return 1;