diff --git a/configure.ac b/configure.ac
index 5099ec39c..8e17c1823 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1903,8 +1903,10 @@ AC_ARG_ENABLE([fips],
     [ ENABLED_FIPS=no ]
     )
 
-if test "x$ENABLED_FIPS" = "xyes"
+if test "x$ENABLED_FIPS" != "xno"
 then
+    FIPS_VERSION=$ENABLED_FIPS
+    ENABLED_FIPS=yes
     # requires thread local storage
     if test "$thread_ls_on" = "no"
     then
@@ -1930,6 +1932,9 @@ then
         ENABLED_DES3="yes"
     fi
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
+    # Add the FIPS flag.
+    AS_IF([test "x$FIPS_VERSION" = "xv2"],
+          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2"])
 else
     if test "x$ENABLED_FORTRESS" = "xyes"
     then
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 08991da0e..a333f4636 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -147,20 +147,12 @@ int  wc_RsaEncryptSize(RsaKey* key)
 }
 
 
-#ifndef WOLFSSL_KEY_GEN
+/* New FIPS functions. */
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+
     int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
                                word32* bSz)
     {
-
-        /* not specified as fips so not needing _fips */
-        return RsaFlattenPublicKey(key, a, aSz, b, bSz);
-    }
-#else
-    int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
-                               word32* bSz)
-    {
-
-        /* not specified as fips so not needing _fips */
         return RsaFlattenPublicKey_fips(key, a, aSz, b, bSz);
     }
 
@@ -169,8 +161,6 @@ int  wc_RsaEncryptSize(RsaKey* key)
                         byte* d, word32* dSz, byte* p, word32* pSz,
                         byte* q, word32* qSz)
     {
-
-        /* not specified as fips so not needing _fips */
         return RsaExportKey_fips(key, e, eSz, n, nSz, d, dSz, p, pSz, q, qSz);
     }
 
@@ -189,6 +179,24 @@ int  wc_RsaEncryptSize(RsaKey* key)
     {
         return MakeRsaKey_fips(key, size, e, rng);
     }
+
+#else /* Use old version of FIPS functions. */
+
+    int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
+                               word32* bSz)
+    {
+
+        /* not specified as fips so not needing _fips */
+        return RsaFlattenPublicKey(key, a, aSz, b, bSz);
+    }
+
+    #ifdef WOLFSSL_KEY_GEN
+        int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
+        {
+            return MakeRsaKey(key, size, e, rng);
+        }
+    #endif
+
 #endif
 
 
@@ -2256,9 +2264,7 @@ static const byte lower_bound[] = {
 static INLINE int RsaSizeCheck(int size)
 {
     switch (size) {
-#ifndef HAVE_FIPS
         case 1024:
-#endif
         case 2048:
         case 3072:
         case 4096: