From ea8d9cec4739d6b06d25f3d01a1b7666d5a090ed Mon Sep 17 00:00:00 2001
From: Brad Spencer <bspencer@blackberry.com>
Date: Wed, 20 Dec 2017 13:41:14 -0400
Subject: [PATCH] Test the result of CMS_RecipientInfo_ktri_get0_algs() before
 using its output in rsa_cms_encrypt().

CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4966)

(cherry picked from commit 178989b4a3ed714fa169cae5865c75f156ec9fdb)
---
 crypto/rsa/rsa_ameth.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 5694140af8..8f7f8da24f 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -773,7 +773,8 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
     EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
     int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
     unsigned char *label;
-    CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg);
+    if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
+        return 0;
     if (pkctx) {
         if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
             return 0;
-- 
2.25.1