From 0a88bb9779b1355cc833f2b8614a698ee41c30f8 Mon Sep 17 00:00:00 2001
From: Per Allansson <per.allansson@appgate.com>
Date: Mon, 31 Oct 2022 08:42:13 +0100
Subject: [PATCH] Allow DTLS 1.3 to compile when FIPS is enabled

---
 src/dtls13.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/dtls13.c b/src/dtls13.c
index 87c488a50..c5bd3d6b7 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -250,7 +250,12 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
 
         if (c->aes == NULL)
             return BAD_STATE_E;
+#if !defined(HAVE_SELFTEST) && \
+    (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
         return wc_AesEncryptDirect(c->aes, mask, ciphertext);
+#else
+        wc_AesEncryptDirect(c->aes, mask, ciphertext);
+#endif
     }
 #endif /* HAVE_AESGCM || HAVE_AESCCM */