File openssl-CVE-2023-0217-4of4.patch of Package openssl-3.28534

commit c5255f06978a6537e69669d914df7a7316c53fe6
Author: Tomas Mraz <tomas@openssl.org>
Date:   Fri Jan 13 18:46:15 2023 +0100

    Add test for DSA pubkey without param import and check

Index: openssl-3.0.1/test/recipes/91-test_pkey_check.t
===================================================================
--- openssl-3.0.1.orig/test/recipes/91-test_pkey_check.t
+++ openssl-3.0.1/test/recipes/91-test_pkey_check.t
@@ -11,24 +11,36 @@ use strict;
 use warnings;
 
 use File::Spec;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw/:DEFAULT data_file with/;
 use OpenSSL::Test::Utils;
 
-sub check_key {
+sub pkey_check {
     my $f = shift;
+    my $pubcheck = shift;
+    my @checkopt = ('-check');
+
+    @checkopt = ('-pubcheck', '-pubin') if $pubcheck;
 
-    return run(app(['openssl', 'pkey', '-check', '-text',
+    return run(app(['openssl', 'pkey', @checkopt, '-text',
                     '-in', $f]));
 }
 
-sub check_key_notok {
+sub check_key {
     my $f = shift;
-    my $str = "$f should fail validation";
+    my $should_fail = shift;
+    my $pubcheck = shift;
+    my $str;
+
+    $str = "$f should fail validation" if $should_fail;
+    $str = "$f should pass validation" unless $should_fail;
 
     $f = data_file($f);
 
     if ( -s $f ) {
-        ok(!check_key($f), $str);
+        with({ exit_checker => sub { return shift == $should_fail; } },
+             sub {
+                  ok(pkey_check($f, $pubcheck), $str);
+             });
     } else {
         fail("Missing file $f");
     }
@@ -51,11 +63,32 @@ push(@tests, (
     "sm2_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
     )) unless disabled("sm2");
 
+my @negative_pubtests = ();
+
+push(@negative_pubtests, (
+    "dsapub_noparam.der"
+    )) unless disabled("dsa");
+
+my @positive_pubtests = ();
+
+push(@positive_pubtests, (
+    "dsapub.pem"
+    )) unless disabled("dsa");
+
 plan skip_all => "No tests within the current enabled feature set"
-    unless @tests;
+    unless @tests && @negative_pubtests && @positive_pubtests;
 
-plan tests => scalar(@tests);
+plan tests => scalar(@tests) + scalar(@negative_pubtests)
+    + scalar(@positive_pubtests);
 
 foreach my $t (@tests) {
-    check_key_notok($t);
+    check_key($t, 1, 0);
+}
+
+foreach my $t (@negative_pubtests) {
+    check_key($t, 1, 1);
+}
+
+foreach my $t (@positive_pubtests) {
+    check_key($t, 0, 1);
 }
Index: openssl-3.0.1/test/recipes/91-test_pkey_check_data/dsapub.pem
===================================================================
--- /dev/null
+++ openssl-3.0.1/test/recipes/91-test_pkey_check_data/dsapub.pem
@@ -0,0 +1,12 @@
+-----BEGIN PUBLIC KEY-----
+MIIBvzCCATQGByqGSM44BAEwggEnAoGBAIjbXpOVVciVNuagg26annKkghIIZFI4
+4WdMomnV+I/oXyxHbZTBBBpW9xy/E1+yMjbp4GmX+VxyDj3WxUWxXllzL+miEkzD
+9Xz638VzIBhjFbMvk1/N4kS4bKVUd9yk7HfvYzAdnRphk0WI+RoDiDrBNPPxSoQD
+CEWgvwgsLIDhAh0A6dbz1IQpQwGF4+Ca28x6OO+UfJJv3ggeZ++fNwKBgQCA9XKV
+lRrTY8ALBxS0KbZjpaIXuUj5nr3i1lIDyP3ISksDF0ekyLtn6eK9VijX6Pm65Np+
+4ic9Nr5WKLKhPaUSpLNRx1gDqo3sd92hYgiEUifzEuhLYfK/CsgFED+l2hDXtJUq
+bISNSHVwI5lsyNXLu7HI1Fk8F5UO3LqsboFAngOBhAACgYATxFY89nEYcUhgHGgr
+YDHhXBQfMKnTKYdvon4DN7WQ9ip+t4VUsLpTD1ZE9zrM2R/B04+8C6KGoViwyeER
+kS4dxWOkX71x4X2DlNpYevcR53tNcTDqmMD7YKfDDmrb0lftMyfW8aESaiymVMys
+DRjhKHBjdo0rZeSM8DAk3ctrXA==
+-----END PUBLIC KEY-----