From 67029dc4e7dc2baec689edfec57ef118b1b0186d Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 26 Apr 2022 15:39:54 -0700
Subject: [PATCH] Fix to make sure the old public DH API's are not enabled
 unless FIPS v2 or older. Broken in PR #5018.

---
 wolfssl/wolfcrypt/settings.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 9565c4192..3097a65d8 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2027,7 +2027,9 @@ extern void uITRON4_free(void *p) ;
 
 #if !defined(HAVE_PUBLIC_FFDHE) && !defined(NO_DH) && \
     !defined(WOLFSSL_NO_PUBLIC_FFDHE) && \
-    (defined(HAVE_SELFTEST) || FIPS_VERSION_GE(2,0))
+    (defined(HAVE_SELFTEST) || FIPS_VERSION_LE(2,0))
+    /* This should only be enabled for FIPS v2 or older. It enables use of the
+     * older wc_Dh_ffdhe####_Get() API's */
     #define HAVE_PUBLIC_FFDHE
 #endif