From 6b9d0bbc2d6707a74c98bd2453de6cfd57ad490c Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 7 Nov 2023 22:35:03 +0000
Subject: [PATCH] Move CMS_RecipientInfo_ktri_get0_algs() down a few lines and
 fix its error check

---
 lib/libcrypto/rsa/rsa_ameth.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/libcrypto/rsa/rsa_ameth.c b/lib/libcrypto/rsa/rsa_ameth.c
index 7533264add5..6fb4403231a 100644
--- a/lib/libcrypto/rsa/rsa_ameth.c
+++ b/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.41 2023/11/07 22:32:09 tb Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.42 2023/11/07 22:35:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -1065,17 +1065,20 @@ rsa_cms_encrypt(CMS_RecipientInfo *ri)
 	int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
 	unsigned char *label;
 
-	if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
-		return 0;
 	if ((pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) != NULL) {
 		if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
 			return 0;
 	}
+
+	if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg))
+		return 0;
 	if (pad_mode == RSA_PKCS1_PADDING)
 		return rsa_alg_set_pkcs1_padding(alg);
+
 	/* Not supported */
 	if (pad_mode != RSA_PKCS1_OAEP_PADDING)
 		return 0;
+
 	if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
 		goto err;
 	if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
-- 
2.20.1