Add missing patchfile, fix gettable params

Add the patchfile that was committed but not referenced in the spec
file. Fix the patch to apply on openssl 3.0.7 and fix the gettable FIPS
indicator parameter for the RSA asymmetric cipher implementation.

Resolves: rhbz#2179379
Signed-off-by: Clemens Lang <cllang@redhat.com>

0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch

@@ -29,10 +29,10 @@ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
 index 832502a034..e15d208421 100644
 --- a/include/openssl/core_names.h
 +++ b/include/openssl/core_names.h
-@@ -469,6 +469,7 @@ extern "C" {
- #define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL               "oaep-label"
- #define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION       "tls-client-version"
- #define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION   "tls-negotiated-version"
+@@ -477,6 +477,7 @@ extern "C" {
+ #ifdef FIPS_MODULE
+ #define OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED     "redhat-kat-oaep-seed"
+ #endif
 +#define OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR    "redhat-fips-indicator"
  
  /*
@@ -99,16 +99,14 @@ index 568452ec56..0a9adb4056 100644
      return 1;
  }
  
-@@ -410,6 +438,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
-                     NULL, 0),
-     OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
+@@ -465,6 +493,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
      OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
-+#ifdef FIPS_MODULE
+ #ifdef FIPS_MODULE
+     OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
 +    OSSL_PARAM_int(OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL),
-+#endif /* defined(FIPS_MODULE) */
+ #endif /* FIPS_MODULE */
      OSSL_PARAM_END
  };
- 
 diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
 index 882cf16125..b4cc0f9237 100644
 --- a/providers/implementations/kem/rsa_kem.c
@@ -120,8 +118,7 @@ index 882cf16125..b4cc0f9237 100644
 +#ifdef FIPS_MODULE
 +    OSSL_PARAM *p;
 +#endif /* defined(FIPS_MODULE) */
- 
--    return ctx != NULL;
++
 +    if (ctx == NULL)
 +        return 0;
 +
@@ -143,7 +140,8 @@ index 882cf16125..b4cc0f9237 100644
 +            return 0;
 +    }
 +#endif /* defined(FIPS_MODULE) */
-+
+ 
+-    return ctx != NULL;
 +    return 1;
  }
  

openssl.spec

@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.7
-Release: 10%{?dist}
+Release: 11%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -175,6 +175,8 @@ Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2175145
 Patch111: 0111-fips-Use-salt-16-bytes-in-PBKDF2-selftest.patch
 Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2179331
+Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -505,6 +507,12 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Mon Mar 20 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-11
+- Add missing reference to patchfile to add explicit FIPS indicator to RSA
+  encryption and RSASVE and fix the gettable parameter list for the RSA
+  asymmetric cipher implementation.
+  Resolves: rhbz#2179379
+
 * Fri Mar 17 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-10
 - Add explicit FIPS indicator to RSA encryption and RSASVE
   Resolves: rhbz#2179379