diff --git a/fips_algorithms.h b/fips_algorithms.h
index 6ce67ac..625cb66 100644
--- a/fips_algorithms.h
+++ b/fips_algorithms.h
@@ -200,5 +200,12 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] = {
         offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
     { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1,  SFTKFIPSChkHashSp800,
         offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
+    /* concatentate fuctions used in hybrid operations */
+    /* The following functions add data at the end of a base key. If the base
+     * key is FIPS, and the resulting keys are strong enough, then the
+     * resulting key will also be FIPS and the resulting operations will be
+     * FIPS approved. */
+    { CKM_CONCATENATE_BASE_AND_KEY, { 112, CK_MAX, CKF_DERIVE }, 1, SFTKFIPSNone },
+    { CKM_CONCATENATE_BASE_AND_DATA, { 112, CK_MAX, CKF_DERIVE }, 1, SFTKFIPSNone },
 };
 const int SFTK_NUMBER_FIPS_ALGORITHMS = PR_ARRAY_SIZE(sftk_fips_mechs);
diff --git a/nss-3.112-big-endian-compression-fix.patch b/nss-3.112-big-endian-compression-fix.patch
new file mode 100644
index 0000000..6f19821
--- /dev/null
+++ b/nss-3.112-big-endian-compression-fix.patch
@@ -0,0 +1,71 @@
+diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c
+--- a/cmd/selfserv/selfserv.c
++++ b/cmd/selfserv/selfserv.c
+@@ -2078,13 +2078,13 @@
+     if (!input || !input->data || input->len == 0 || !output || outputLen == 0) {
+         PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+         return SECFailure;
+     }
+ 
+-    *usedLen = outputLen;
+-
+-    int ret = uncompress(output, (unsigned long *)usedLen, input->data, input->len);
++    unsigned long outputLenUL = outputLen;
++    int ret = uncompress(output, &outputLenUL, input->data, input->len);
++    *usedLen = outputLenUL;
+     if (ret != Z_OK) {
+         PR_SetError(SEC_ERROR_BAD_DATA, 0);
+         return SECFailure;
+     }
+ 
+@@ -2100,11 +2100,13 @@
+     }
+ 
+     unsigned long maxCompressedLen = compressBound(input->len);
+     SECITEM_AllocItem(NULL, output, maxCompressedLen);
+ 
+-    int ret = compress(output->data, (unsigned long *)&output->len, input->data, input->len);
++    unsigned long outputLenUL = output->len;
++    int ret = compress(output->data, &outputLenUL, input->data, input->len);
++    output->len = outputLenUL;
+     if (ret != Z_OK) {
+         PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+         return SECFailure;
+     }
+ 
+diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c
+--- a/cmd/tstclnt/tstclnt.c
++++ b/cmd/tstclnt/tstclnt.c
+@@ -1375,11 +1375,13 @@
+     }
+ 
+     unsigned long maxCompressedLen = compressBound(input->len);
+     SECITEM_AllocItem(NULL, output, maxCompressedLen);
+ 
+-    int ret = compress(output->data, (unsigned long *)&output->len, input->data, input->len);
++    unsigned long outputLenUL = output->len;
++    int ret = compress(output->data, &outputLenUL, input->data, input->len);
++    output->len = outputLenUL;
+     if (ret != Z_OK) {
+         PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+         return SECFailure;
+     }
+ 
+@@ -1394,13 +1396,13 @@
+     if (!input || !input->data || input->len == 0 || !output || outputLen == 0) {
+         PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+         return SECFailure;
+     }
+ 
+-    *usedLen = outputLen;
+-
+-    int ret = uncompress(output, (unsigned long *)usedLen, input->data, input->len);
++    unsigned long outputLenUL = outputLen;
++    int ret = uncompress(output, &outputLenUL, input->data, input->len);
++    *usedLen = outputLenUL;
+     if (ret != Z_OK) {
+         PR_SetError(SEC_ERROR_BAD_DATA, 0);
+         return SECFailure;
+     }
+ 
+
diff --git a/nss.spec b/nss.spec
index c2d3fa7..b1e0d17 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,6 +1,6 @@
 %global nss_version 3.112.0
 %global nspr_version 4.36.0
-%global baserelease 2
+%global baserelease 3
 %global nss_release %baserelease
 # NOTE: To avoid NVR clashes of nspr* packages:
 # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@@ -188,6 +188,7 @@ Patch93:          nss-3.112-add-ml-dsa-base-dsa.patch
 Patch94:          nss-3.112-add-ml-dsa-gtests-dsa.patch
 Patch95:          nss-3.112-add-ml-dsa-ssl-support-dsa.patch
 Patch96:          nss-3.112-fips-and-fixes.patch
+Patch97:          nss-3.112-big-endian-compression-fix.patch
 
 Patch100:         nspr-config-pc.patch
 Patch101:         nspr-gcc-atomics.patch
@@ -1194,6 +1195,10 @@ update-crypto-policies &> /dev/null || :
 
 
 %changelog
+* Fri Aug 1 2025 Bob Relyea <rrelyea@redhat.com> - 3.112.0-3
+- restore CONCATENATE functions accidentally remvoed in the last patch
+- fix big endian issue in tstclnt and selfserv in certificate compression
+
 * Wed Jul 30 2025 Bob Relyea <rrelyea@redhat.com> - 3.112.0-2
 - add fips required changes.
 - fix bugs found by QE