diff --git a/mozilla-nss.changes b/mozilla-nss.changes
index 704022e..d69f949 100644
--- a/mozilla-nss.changes
+++ b/mozilla-nss.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Wed Mar  5 10:17:10 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
+
+- Updated nss-fips-approved-crypto-non-ec.patch to not pass in
+  bad targetKeyLength parameters when checking for FIPS approval
+  after keygen. This was causing false rejections.
+
+- Updated nss-fips-approved-crypto-non-ec.patch to approve
+  RSA signature verification  mechanisms with PKCS padding and
+  legacy moduli (bsc#1222834).
+
 -------------------------------------------------------------------
 Sun Mar  2 09:04:20 UTC 2025 - Wolfgang Rosenauer <wr@rosenauer.org>
 
diff --git a/nss-fips-approved-crypto-non-ec.patch b/nss-fips-approved-crypto-non-ec.patch
index ca36ad4..1102ed6 100644
--- a/nss-fips-approved-crypto-non-ec.patch
+++ b/nss-fips-approved-crypto-non-ec.patch
@@ -426,8 +426,8 @@ Index: nss/lib/softoken/pkcs11c.c
          return crv;
      }
  
-+    publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, bitSize);
-+    privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, bitSize);
++    publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, 0);
++    privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, 0);
 +    session->lastOpWasFIPS = privateKey->isFIPS;
 +
      *phPrivateKey = privateKey->handle;
@@ -636,7 +636,20 @@ Index: nss/lib/softoken/fips_algorithms.h
      /* -------------- RSA Multipart Signing Operations -------------------- */
      { CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
      { CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
-@@ -88,21 +116,33 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
+@@ -79,30 +107,42 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
+     { CKM_SHA256_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
+     { CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
+     { CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
+-    { CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+-    { CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+-    { CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+-    { CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
++    { CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
++    { CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
++    { CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
++    { CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
+     { CKM_SHA224_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+     { CKM_SHA256_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
      { CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
      { CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
      /* ------------------------- DSA Operations --------------------------- */