fix(security): use ERR_get_error (oldest) for RSA empty-recovery match

The previous fixup used ERR_peek_last_error which returns the NEWEST
error in OpenSSL's FIFO queue. For verify_recover failures the queue
typically holds an outer wrapper error on top of the inner
padding-check error, so the narrow constants from the original code
(0x1C880004, low-byte 0x04) never matched and every recovery
went through throwOpaqueDecryptFailure.

Switch to ERR_get_error to read the OLDEST queued error — same
behavior as the original code that worked, restoring the empty
plaintext round-trip.

Author: boorad

packages/react-native-quick-crypto/cpp/cipher/HybridRsaCipher.cpp

@@ -298,7 +298,11 @@ std::shared_ptr<ArrayBuffer> HybridRsaCipher::publicDecrypt(const std::shared_pt
     // key — anyone can perform it — so the special case does not enable a
     // Bleichenbacher-style oracle. The fall-through still uses the opaque
     // throw helper.
-    unsigned long err = ERR_peek_last_error();
+    //
+    // Use ERR_get_error (oldest in the FIFO queue) to match the inner
+    // padding-check error rather than ERR_peek_last_error which returns
+    // the outer wrapper code that doesn't satisfy the narrow match.
+    unsigned long err = ERR_get_error();
     if ((err & 0xFFFFFFF) == 0x1C880004 || (err & 0xFF) == 0x04) {
       ERR_clear_error();
       EVP_PKEY_CTX_free(ctx);