From 91c96af1c6cad9d297ce4fa32524ee84161327c1 Mon Sep 17 00:00:00 2001
From: Craig Comstock <craig.comstock@northern.tech>
Date: Wed, 5 Nov 2025 13:20:21 -0600
Subject: [PATCH] Added recent openssl commit which allows older platforms e.g.
 centos-6 to build

Without this change many assembler errors are produced due to insufficient detection of SHA512 Extensions availability.

Issue: https://github.com/openssl/openssl/issues/28463
Fix commit: https://github.com/openssl/openssl/commit/241d4826f8ee39c92d9b3233146c3e12314871ec

Changelog: none
Ticket: ENT-13491
---
 .../0010-Update-sha512-x86_64-pl.patch        | 44 +++++++++++++++++++
 deps-packaging/openssl/cfbuild-openssl.spec   |  2 +
 2 files changed, 46 insertions(+)
 create mode 100644 deps-packaging/openssl/0010-Update-sha512-x86_64-pl.patch

diff --git a/deps-packaging/openssl/0010-Update-sha512-x86_64-pl.patch b/deps-packaging/openssl/0010-Update-sha512-x86_64-pl.patch
new file mode 100644
index 000000000..bb86d6074
--- /dev/null
+++ b/deps-packaging/openssl/0010-Update-sha512-x86_64-pl.patch
@@ -0,0 +1,44 @@
+commit 241d4826f8ee39c92d9b3233146c3e12314871ec
+Author: rainerjung <rainer.jung@kippdata.de>
+Date:   Tue Sep 9 00:10:40 2025 +0200
+
+    Update sha512-x86_64.pl
+    
+    Do not use new assembler code for CPUs with SHA512 support in case the assembler only supports avx but not avx2.
+    
+    Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+    Reviewed-by: Paul Dale <paul.dale@oracle.com>
+    (Merged from https://github.com/openssl/openssl/pull/28488)
+
+diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl
+index cdc585c..029468d 100755
+--- a/crypto/sha/asm/sha512-x86_64.pl
++++ b/crypto/sha/asm/sha512-x86_64.pl
+@@ -574,7 +574,9 @@ $TABLE:
+ 	.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+ 	.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+ 	.asciz	"SHA512 block transform for x86_64, CRYPTOGAMS by <https://github.com/dot-asm>"
++___
+ 
++$code.=<<___ if ($avx>1);
+ # $K512 duplicates data every 16 bytes.
+ # The Intel(R) SHA512 implementation requires reads of 32 consecutive bytes.
+ .align 64
+@@ -620,6 +622,8 @@ ${TABLE}_single:
+     .quad 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c
+     .quad 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a
+     .quad 0x5fcb6fab3ad6faec, 0x6c44198c4a475817
++___
++$code.=<<___;
+ .previous
+ ___
+ }
+@@ -2379,7 +2383,7 @@ ___
+ }}
+ }}}}}
+ 
+-if ($SZ==8) {
++if ($SZ==8 && $avx>1) {
+ $code.=<<___;
+ .type ${func}_sha512ext,\@function,3
+ .align 64
diff --git a/deps-packaging/openssl/cfbuild-openssl.spec b/deps-packaging/openssl/cfbuild-openssl.spec
index 70f700192..d8dca18ee 100644
--- a/deps-packaging/openssl/cfbuild-openssl.spec
+++ b/deps-packaging/openssl/cfbuild-openssl.spec
@@ -7,6 +7,7 @@ Release: 1
 Source0: openssl-%{openssl_version}.tar.gz
 Patch0: 0006-Add-latomic-on-AIX-7.patch
 Patch1: 0008-Define-_XOPEN_SOURCE_EXTENDED-as-1.patch
+Patch2: 0010-Update-sha512-x86_64-pl.patch
 License: MIT
 Group: Other
 Url: https://cfengine.com
@@ -22,6 +23,7 @@ mkdir -p %{_builddir}
 
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build