diff --git a/openssl-1_1.changes b/openssl-1_1.changes
index 27341ed..87258a0 100644
--- a/openssl-1_1.changes
+++ b/openssl-1_1.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jul 24 12:40:38 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
+
+- Dont pass zero length input to EVP_Cipher because assembler
+  optimized AES cannot handle zero size. [bsc#1213517]
+  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
+
 -------------------------------------------------------------------
 Thu Jul 20 07:48:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/openssl-1_1.spec b/openssl-1_1.spec
index 5d58c8f..8efc277 100644
--- a/openssl-1_1.spec
+++ b/openssl-1_1.spec
@@ -135,6 +135,8 @@ Patch80:        openssl-1_1-openssl-config.patch
 # PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus
 Patch81:        openssl-CVE-2023-3446.patch
 Patch82:        openssl-CVE-2023-3446-test.patch
+# PATCH-FIX-SUSE bsc#1213517 Dont pass zero length input to EVP_Cipher
+Patch83:        openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Provides:       ssl
diff --git a/openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch b/openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
new file mode 100644
index 0000000..71e5a26
--- /dev/null
+++ b/openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
@@ -0,0 +1,16 @@
+---
+ crypto/evp/e_aes.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/crypto/evp/e_aes.c
++++ b/crypto/evp/e_aes.c
+@@ -2742,6 +2742,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX
+ {
+     EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+ 
++    if (!len)
++        return 1;
++
+     if (dat->stream.cbc)
+         (*dat->stream.cbc) (in, out, len, &dat->ks,
+                             EVP_CIPHER_CTX_iv_noconst(ctx),