cms_RecipientInfo_pwri_crypt: plug leak of kekalg
cms: fix incorrect length check in kek_unwrap_key()

An incorrect length check can result in a 4-byte overwrite and an
8-byte overread.

From Stanislav Fort and Viktor Dukhovni via OpenSSL.
CVE-2025-9230.

ok jsing

this is errata/7.6/023_libcrypto.patch.sig