diff --git a/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch b/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch
new file mode 100644
index 0000000000000000000000000000000000000000..afd87baea87f23507507763391a05655e159f6d8
--- /dev/null
+++ b/backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch
@@ -0,0 +1,36 @@
+From a8da305fa3dd6e34ba5aab3978281f652fd12883 Mon Sep 17 00:00:00 2001
+From: yangyangtiantianlonglong <yangtianlong1224@163.com>
+Date: Mon, 31 Jul 2023 07:04:41 -0700
+Subject: [PATCH] A null pointer dereference occurs when memory allocation
+ fails
+
+Fixes #21605
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21606)
+---
+ ssl/ssl_sess.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
+index cda6b7cc5b..2a5d21be79 100644
+--- a/ssl/ssl_sess.c
++++ b/ssl/ssl_sess.c
+@@ -139,8 +139,11 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+     dest->references = 1;
+ 
+     dest->lock = CRYPTO_THREAD_lock_new();
+-    if (dest->lock == NULL)
++    if (dest->lock == NULL) {
++        OPENSSL_free(dest);
++        dest = NULL;
+         goto err;
++    }
+ 
+     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+         goto err;
+-- 
+2.27.0
+
diff --git a/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch b/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..271c4815a36de4208a9f3d79fd5858b102e99f6b
--- /dev/null
+++ b/backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch
@@ -0,0 +1,37 @@
+From eec805ee71356c06f9a86192fa06507c3bb92b09 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sun, 23 Jul 2023 14:27:54 +0200
+Subject: [PATCH] Make DH_check set some error bits in recently added error
+
+The pre-existing error cases where DH_check returned zero
+are not related to the dh params in any way, but are only
+triggered by out-of-memory errors, therefore having *ret
+set to zero feels right, but since the new error case is
+triggered by too large p values that is something different.
+On the other hand some callers of this function might not
+be prepared to handle the return value correctly but only
+rely on *ret. Therefore we set some error bits in *ret as
+additional safety measure.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21533)
+---
+ crypto/dh/dh_check.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index e5f9dd5030..2001d2e7cb 100644
+--- a/crypto/dh/dh_check.c
++++ b/crypto/dh/dh_check.c
+@@ -104,6 +104,7 @@ int DH_check(const DH *dh, int *ret)
+     /* Don't do any checks at all with an excessively large modulus */
+     if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+         DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
++        *ret = DH_CHECK_P_NOT_PRIME;
+         return 0;
+     }
+ 
+-- 
+2.27.0
+
diff --git a/openssl.spec b/openssl.spec
index e0d9c8ac7e90242f945303e9892c7dd13e8bdc12..d227acbb937ed5b738e9a9e8046c410ce043daa9 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1m
-Release:     25
+Release:     26
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -68,6 +68,8 @@ Patch57:     backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.pat
 Patch58:     backport-x509-Handle-ossl_policy_level_add_node-errors.patch
 Patch59:     backport-x509-Fix-possible-use-after-free-when-OOM.patch
 Patch60:     Fix-FIPS-getenv-build-failure.patch
+Patch61:     backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch
+Patch62:     backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch
 
 BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@@ -274,6 +276,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Sep 22 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1:1.1.1m-26
+- Backport some upstream patches
+
 * Fri Sep 8 2023 reverse-world <ykx1990123@163.com> - 1:1.1.1m-25
 * fix FIPS getenv compatibility problem