diff --git a/openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch b/openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch
new file mode 100644
index 0000000..f802793
--- /dev/null
+++ b/openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch
@@ -0,0 +1,170 @@
+From e544577b41f22533d6e6188fc7fad22845d5e6ee Mon Sep 17 00:00:00 2001
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+Date: Mon, 3 Feb 2025 13:36:47 +0100
+Subject: [PATCH] provider: Fix segfault with 'openssl list -key-managers
+ -verbose'
+
+Command 'openssl list -key-managers -verbose' calls OpenSSL function
+EVP_KEYMGMT_gen_settable_params() which in turn calls the provider's
+gen_settable_params() function, but with NULL for the keygen operation
+context. This causes segfaults in IBMCAs gen_settable_params() functions,
+as they assume that the keygen operation context is not NULL.
+
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+---
+ src/provider/dh_keymgmt.c  | 51 ++++++++++++++++++++++++++++++++++----
+ src/provider/rsa_keymgmt.c | 31 +++++++++++++++++------
+ 2 files changed, 70 insertions(+), 12 deletions(-)
+
+diff --git a/src/provider/dh_keymgmt.c b/src/provider/dh_keymgmt.c
+index d4d68bf..5e7e952 100644
+--- a/src/provider/dh_keymgmt.c
++++ b/src/provider/dh_keymgmt.c
+@@ -43,6 +43,8 @@ static OSSL_FUNC_keymgmt_gen_set_template_fn ibmca_keymgmt_dh_gen_set_template;
+ static OSSL_FUNC_keymgmt_gen_set_params_fn ibmca_keymgmt_dh_gen_set_params;
+ static OSSL_FUNC_keymgmt_gen_settable_params_fn
+                                         ibmca_keymgmt_dh_gen_settable_params;
++static OSSL_FUNC_keymgmt_gen_settable_params_fn
++                                        ibmca_keymgmt_dhx_gen_settable_params;
+ static OSSL_FUNC_keymgmt_gen_fn ibmca_keymgmt_dh_gen;
+ static OSSL_FUNC_keymgmt_has_fn ibmca_keymgmt_dh_has;
+ static OSSL_FUNC_keymgmt_match_fn ibmca_keymgmt_dh_match;
+@@ -529,23 +531,62 @@ static int ibmca_keymgmt_dh_gen_set_params(void *vgenctx,
+     return 1;
+ }
+ 
++static const OSSL_PARAM ibmca_dh_op_ctx_settable_params[] = {
++    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
++    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
++    OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
++    OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
++    OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_GENERATOR, NULL),
++    OSSL_PARAM_END
++};
++
++static const OSSL_PARAM ibmca_dhx_op_ctx_settable_params[] = {
++    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
++    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
++    OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL),
++    OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
++    OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),
++    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),
++    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),
++    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),
++    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
++    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
++    OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
++    OSSL_PARAM_END
++};
++
+ static const OSSL_PARAM *ibmca_keymgmt_dh_gen_settable_params(void *vgenctx,
+                                                               void *vprovctx)
+ {
+     const struct ibmca_op_ctx *genctx = vgenctx;
+     const struct ibmca_prov_ctx *provctx = vprovctx;
+-    const OSSL_PARAM *p, *params;
++    const OSSL_PARAM *params, *p;
+ 
+     UNUSED(genctx);
+ 
+     if (provctx == NULL)
+         return NULL;
+ 
+-    if (genctx->dh.gen.pctx == NULL)
+-        return NULL;
++    params = ibmca_dh_op_ctx_settable_params;
++    for (p = params; p != NULL && p->key != NULL; p++)
++        ibmca_debug_ctx(provctx, "param: %s", p->key);
+ 
+-    params = EVP_PKEY_CTX_settable_params(genctx->dh.gen.pctx);
++    return params;
++}
+ 
++static const OSSL_PARAM *ibmca_keymgmt_dhx_gen_settable_params(void *vgenctx,
++                                                               void *vprovctx)
++{
++    const struct ibmca_op_ctx *genctx = vgenctx;
++    const struct ibmca_prov_ctx *provctx = vprovctx;
++    const OSSL_PARAM *params, *p;
++
++    UNUSED(genctx);
++
++    if (provctx == NULL)
++        return NULL;
++
++    params = ibmca_dhx_op_ctx_settable_params;
+     for (p = params; p != NULL && p->key != NULL; p++)
+         ibmca_debug_ctx(provctx, "param: %s", p->key);
+ 
+@@ -1964,7 +2005,7 @@ static const OSSL_DISPATCH ibmca_dhx_keymgmt_functions[] = {
+     { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,
+             (void (*)(void))ibmca_keymgmt_dh_gen_set_params },
+     { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
+-            (void (*)(void))ibmca_keymgmt_dh_gen_settable_params },
++            (void (*)(void))ibmca_keymgmt_dhx_gen_settable_params },
+     { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ibmca_keymgmt_dh_gen },
+     { OSSL_FUNC_KEYMGMT_GEN_CLEANUP,
+               (void (*)(void))ibmca_keymgmt_gen_cleanup },
+diff --git a/src/provider/rsa_keymgmt.c b/src/provider/rsa_keymgmt.c
+index ce49c88..2d7570a 100644
+--- a/src/provider/rsa_keymgmt.c
++++ b/src/provider/rsa_keymgmt.c
+@@ -53,6 +53,8 @@ static OSSL_FUNC_keymgmt_gen_set_template_fn ibmca_keymgmt_rsa_gen_set_template;
+ static OSSL_FUNC_keymgmt_gen_set_params_fn ibmca_keymgmt_rsa_gen_set_params;
+ static OSSL_FUNC_keymgmt_gen_settable_params_fn
+                                         ibmca_keymgmt_rsa_gen_settable_params;
++static OSSL_FUNC_keymgmt_gen_settable_params_fn
++                                    ibmca_keymgmt_rsa_pss_gen_settable_params;
+ static OSSL_FUNC_keymgmt_gen_fn ibmca_keymgmt_rsa_gen;
+ static OSSL_FUNC_keymgmt_has_fn ibmca_keymgmt_rsa_has;
+ static OSSL_FUNC_keymgmt_match_fn ibmca_keymgmt_rsa_match;
+@@ -1071,19 +1073,34 @@ static const OSSL_PARAM *ibmca_keymgmt_rsa_gen_settable_params(void *vgenctx,
+ {
+     const struct ibmca_op_ctx *genctx = vgenctx;
+     const struct ibmca_prov_ctx *provctx = vprovctx;
+-
+     const OSSL_PARAM *params, *p;
+ 
++    UNUSED(genctx);
++
+     if (provctx == NULL)
+         return NULL;
+ 
+-    ibmca_debug_ctx(provctx, "type: %d", genctx->type);
++    params = ibmca_rsa_op_ctx_settable_params;
++    for (p = params; p != NULL && p->key != NULL; p++)
++        ibmca_debug_ctx(provctx, "param: %s", p->key);
+ 
+-    if (genctx->type == EVP_PKEY_RSA_PSS)
+-        params = ibmca_rsa_pss_op_ctx_settable_params;
+-    else
+-        params = ibmca_rsa_op_ctx_settable_params;
++    return params;
++}
+ 
++static const OSSL_PARAM *ibmca_keymgmt_rsa_pss_gen_settable_params(
++                                                               void *vgenctx,
++                                                               void *vprovctx)
++{
++    const struct ibmca_op_ctx *genctx = vgenctx;
++    const struct ibmca_prov_ctx *provctx = vprovctx;
++    const OSSL_PARAM *params, *p;
++
++    UNUSED(genctx);
++
++    if (provctx == NULL)
++        return NULL;
++
++    params = ibmca_rsa_pss_op_ctx_settable_params;
+     for (p = params; p != NULL && p->key != NULL; p++)
+         ibmca_debug_ctx(provctx, "param: %s", p->key);
+ 
+@@ -2256,7 +2273,7 @@ static const OSSL_DISPATCH ibmca_rsapss_keymgmt_functions[] = {
+     { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS,
+             (void (*)(void))ibmca_keymgmt_rsa_gen_set_params },
+     { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
+-            (void (*)(void))ibmca_keymgmt_rsa_gen_settable_params },
++            (void (*)(void))ibmca_keymgmt_rsa_pss_gen_settable_params },
+     { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ibmca_keymgmt_rsa_gen },
+     { OSSL_FUNC_KEYMGMT_GEN_CLEANUP,
+             (void (*)(void))ibmca_keymgmt_gen_cleanup },
diff --git a/openssl-ibmca.changes b/openssl-ibmca.changes
index fca31be..3cb40c2 100644
--- a/openssl-ibmca.changes
+++ b/openssl-ibmca.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Feb  4 09:00:25 UTC 2025 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
+
+- Applied a patch (bsc#1236770) 
+  * openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch 
+    for openssl list -key-managers -verbose causes core dump
+
 -------------------------------------------------------------------
 Wed Oct 30 08:35:12 UTC 2024 - Nikolay Gueorguiev <nikolay.gueorguiev@suse.com>
 
diff --git a/openssl-ibmca.spec b/openssl-ibmca.spec
index abd03b0..d93d961 100644
--- a/openssl-ibmca.spec
+++ b/openssl-ibmca.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package openssl-ibmca
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -64,6 +64,7 @@ Patch10:        openssl-ibmca-01-engine-Enable-external-AES-GCM-IV-when-libica-i
 Patch11:        openssl-ibmca-02-test-provider-Do-not-link-against-libica-use-dlopen-instead.patch
 Patch12:        openssl-ibmca-03-test-provider-Explicitly-initialize-OpenSSL-after-setting-env-vars.patch
 Patch13:        openssl-ibmca-04-engine-Fix-compile-error.patch
+Patch14:        openssl-ibmca-05-provider-Fix-segfault-with-openssl-list-key-managers.patch
 ###
 
 %description