RSA encryption: accept input=NULL if ilen=0

In mbedtls_rsa_rsaes_oaep_encrypt and
mbedtls_rsa_rsaes_pkcs1_v15_encrypt, if the input length is 0 (which
is unusual and mostly useless, but permitted) then it is fine for the
input pointer to be NULL. Don't return an error in this case.

When `input` is NULL, `memcpy( p, input, ilen )` has undefined
behavior even if `ilen` is zero. So skip the `memcpy` call in this
case. Likewise, in `mbedtls_rsa_rsaes_oaep_decrypt` and
`mbedtls_rsa_rsaes_pkcs1_v15_decrypt`, skip the `memcpy` call if
`*olen` is zero.

library/rsa.c

@@ -1122,6 +1122,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
     p += hlen;
     p += olen - 2 * hlen - 2 - ilen;
     *p++ = 1;
+    if( ilen != 0 )
         memcpy( p, input, ilen );
 
     mbedtls_md_init( &md_ctx );
@@ -1169,7 +1170,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     // We don't check p_rng because it won't be dereferenced here
-    if( f_rng == NULL || input == NULL || output == NULL )
+    if( f_rng == NULL || output == NULL )
+        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+    if( ilen != 0 && input == NULL )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 
     olen = ctx->len;
@@ -1209,6 +1212,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
     }
 
     *p++ = 0;
+    if( ilen != 0 )
         memcpy( p, input, ilen );
 
     return( ( mode == MBEDTLS_RSA_PUBLIC )
@@ -1373,6 +1377,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
     }
 
     *olen = ilen - (p - buf);
+    if( *olen != 0 )
         memcpy( output, p, *olen );
     ret = 0;
 
@@ -1471,6 +1476,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
     }
 
     *olen = ilen - (p - buf);
+    if( *olen != 0 )
         memcpy( output, p, *olen );
     ret = 0;