From 4004e6886fd8beb1bfc33bb53216e3fa569ec208 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Wed, 3 Jul 2024 10:39:51 -0700
Subject: [PATCH] Fix the FIPS Shake logic.

---
 wolfssl/wolfcrypt/settings.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 4eec4878c..e3f14951b 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -3483,8 +3483,9 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_SHAKE256
 #endif
 
-/* SHAKE - Not allowed in FIPS */
-#if defined(WOLFSSL_SHA3) && (defined(HAVE_SELFTEST) || defined(HAVE_FIPS))
+/* SHAKE - Not allowed in FIPS v5.2 or older */
+#if defined(WOLFSSL_SHA3) && (defined(HAVE_SELFTEST) || \
+    (defined(HAVE_FIPS) && FIPS_VERSION_LE(5,2)))
     #undef  WOLFSSL_NO_SHAKE128
     #define WOLFSSL_NO_SHAKE128
     #undef  WOLFSSL_NO_SHAKE256