openGauss-third_party/dependency/openssl/CVE-2026-34182.patch-代码预览-openGauss-third_party:基于开源生态的数据库依赖编译项目 - AtomGit

luodongxufix: add CMS AEAD patches for CVE-2026-34182 and GH-21414

diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index a07395a..385ce18 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -108,12 +108,15 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
                 goto err;
             }
             piv = aparams.iv;
-            if (ec->taglen > 0
-                    && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                                           ec->taglen, ec->tag) <= 0) {
+
+            if (ec->taglen < 4 || ec->taglen > 16
+                    || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, (int)ec->taglen, ec->tag) <= 0) {
                 ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_AEAD_SET_TAG_ERROR);
                 goto err;
             }
+        } else if (auth) {
+            ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
+            goto err;
         }
     }
     len = EVP_CIPHER_CTX_get_key_length(ctx);