diff --git a/.gitignore b/.gitignore
index 4c9cadffa..08cd17d60 100644
--- a/.gitignore
+++ b/.gitignore
@@ -224,6 +224,11 @@ wrapper/CSharp/x64/
 # Visual Studio Code Workspace Files
 *.vscode
 *.userprefs
+*.exe
+*.dll
+.vs
+Backup
+UpgradeLog.htm
 
 IDE/INTIME-RTOS/Debug_*
 IDE/VS-ARM/.vs
diff --git a/IDE/WIN/user_settings.h b/IDE/WIN/user_settings.h
index d13c2d98c..f1ad214ea 100755
--- a/IDE/WIN/user_settings.h
+++ b/IDE/WIN/user_settings.h
@@ -22,6 +22,24 @@
     #define NO_RABBIT
     #define NO_DSA
     #define NO_MD4
+
+    #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+        #define WOLFSSL_SHA224
+        #define WOLFSSL_SHA3
+        #define WC_RSA_PSS
+        #define WC_RSA_NO_PADDING
+        #define HAVE_ECC
+        #define ECC_SHAMIR
+        #define HAVE_ECC_CDH
+        #define ECC_TIMING_RESISTANT
+        #define WOLFSSL_AES_COUNTER
+        #define WOLFSSL_AES_DIRECT
+        #define HAVE_AES_ECB
+        #define HAVE_AESCCM
+        #define WOLFSSL_CMAC
+        #define HAVE_HKDF
+        #define WOLFSSL_PUBLIC_MP
+    #endif /* FIPS v2 */
 #else
     /* Enables blinding mode, to prevent timing attacks */
     #define WC_RSA_BLINDING
diff --git a/src/ssl.c b/src/ssl.c
index fc65e21e8..3410ee1fb 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -24380,64 +24380,6 @@ int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src)
         return WOLFSSL_SUCCESS;
 }
 
-#ifdef HAVE_FIPS
-int _InitHmac(Hmac* hmac, int type, void* heap)
-{
-    int ret = 0;
-
-    switch (type) {
-    #ifndef NO_MD5
-        case WC_MD5:
-            ret = wc_InitMd5(&hmac->hash.md5);
-            break;
-    #endif /* !NO_MD5 */
-
-    #ifndef NO_SHA
-        case WC_SHA:
-            ret = wc_InitSha(&hmac->hash.sha);
-            break;
-    #endif /* !NO_SHA */
-
-    #ifdef WOLFSSL_SHA224
-        case WC_SHA224:
-            ret = wc_InitSha224(&hmac->hash.sha224);
-            break;
-    #endif /* WOLFSSL_SHA224 */
-
-    #ifndef NO_SHA256
-        case WC_SHA256:
-            ret = wc_InitSha256(&hmac->hash.sha256);
-            break;
-    #endif /* !NO_SHA256 */
-
-    #ifdef WOLFSSL_SHA512
-    #ifdef WOLFSSL_SHA384
-        case WC_SHA384:
-            ret = wc_InitSha384(&hmac->hash.sha384);
-            break;
-    #endif /* WOLFSSL_SHA384 */
-        case WC_SHA512:
-            ret = wc_InitSha512(&hmac->hash.sha512);
-            break;
-    #endif /* WOLFSSL_SHA512 */
-
-    #ifdef HAVE_BLAKE2
-        case BLAKE2B_ID:
-            ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256);
-            break;
-    #endif /* HAVE_BLAKE2 */
-
-        default:
-            ret = BAD_FUNC_ARG;
-            break;
-    }
-
-    (void)heap;
-
-    return ret;
-}
-#endif /* HAVE_FIPS */
-
 
 int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
                   const EVP_MD* type)
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index edf805d40..8ff61f274 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -1247,7 +1247,7 @@ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g,
 int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh)
 {
     mp_int  tmp, tmp2;
-    int     groupSz, bufSz = 0,
+    int     groupSz = 0, bufSz = 0,
             primeCheckCount = 0,
             primeCheck = MP_NO,
             ret = 0;
@@ -1407,7 +1407,7 @@ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz,
                          byte* q, word32* qSz, byte* g, word32* gSz)
 {
     int ret = 0;
-    word32 pLen, qLen, gLen;
+    word32 pLen = 0, qLen = 0, gLen = 0;
 
     if (dh == NULL || pSz == NULL || qSz == NULL || gSz == NULL)
         ret = BAD_FUNC_ARG;
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 2d7703a41..8239b4367 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -2684,7 +2684,7 @@ int wc_CheckProbablePrime(const byte* pRaw, word32 pRawSz,
 int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {
     mp_int p, q, tmp1, tmp2, tmp3;
-    int err, i, failCount, primeSz, isPrime;
+    int err, i, failCount, primeSz, isPrime = 0;
     byte* buf = NULL;
 
     if (key == NULL || rng == NULL)
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 90b1eab45..2cbcb7c4a 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -14002,8 +14002,8 @@ done:
 static int ecc_test_make_pub(WC_RNG* rng)
 {
     ecc_key key;
-    unsigned char* exportBuf;
-    unsigned char* tmp;
+    unsigned char* exportBuf = NULL;
+    unsigned char* tmp = NULL;
     unsigned char msg[] = "test wolfSSL ECC public gen";
     word32 x, tmpSz;
     int ret = 0;
@@ -14018,14 +14018,15 @@ static int ecc_test_make_pub(WC_RNG* rng)
     FILE* file;
 #endif
 
+    wc_ecc_init(&key);
+
     tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (tmp == NULL) {
-        return -6810;
+        ERROR_OUT(-6810, done);
     }
     exportBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (exportBuf == NULL) {
-        XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        return -6811;
+        ERROR_OUT(-6811, done);
     }
 
 #ifdef USE_CERT_BUFFERS_256
@@ -14041,8 +14042,6 @@ static int ecc_test_make_pub(WC_RNG* rng)
     fclose(file);
 #endif /* USE_CERT_BUFFERS_256 */
 
-    wc_ecc_init(&key);
-
     /* import private only then test with */
     ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
     if (ret == 0) {
diff --git a/wolfssl/wolfcrypt/fips_test.h b/wolfssl/wolfcrypt/fips_test.h
index 2124e1105..65c453223 100644
--- a/wolfssl/wolfcrypt/fips_test.h
+++ b/wolfssl/wolfcrypt/fips_test.h
@@ -24,7 +24,7 @@
 #ifndef WOLF_CRYPT_FIPS_TEST_H
 #define WOLF_CRYPT_FIPS_TEST_H
 
-#include <cyassl/ctaocrypt/types.h>
+#include <wolfssl/wolfcrypt/types.h>
 
 
 #ifdef __cplusplus
@@ -32,22 +32,22 @@
 #endif
 
 /* Known Answer Test string inputs are hex, internal */
-CYASSL_LOCAL int DoKnownAnswerTests(char*, int);
+WOLFSSL_LOCAL int DoKnownAnswerTests(char*, int);
 
 
 /* FIPS failure callback */
 typedef void(*wolfCrypt_fips_cb)(int ok, int err, const char* hash);
 
 /* Public set function */
-CYASSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
+WOLFSSL_API int wolfCrypt_SetCb_fips(wolfCrypt_fips_cb cbf);
 
 /* Public get status functions */
-CYASSL_API int wolfCrypt_GetStatus_fips(void);
-CYASSL_API const char* wolfCrypt_GetCoreHash_fips(void);
+WOLFSSL_API int wolfCrypt_GetStatus_fips(void);
+WOLFSSL_API const char* wolfCrypt_GetCoreHash_fips(void);
 
 #ifdef HAVE_FORCE_FIPS_FAILURE
     /* Public function to force failure mode for operational testing */
-    CYASSL_API int wolfCrypt_SetStatus_fips(int);
+    WOLFSSL_API int wolfCrypt_SetStatus_fips(int);
 #endif
 
 
diff --git a/wolfssl/wolfcrypt/visibility.h b/wolfssl/wolfcrypt/visibility.h
index 78191aa49..a8c929514 100644
--- a/wolfssl/wolfcrypt/visibility.h
+++ b/wolfssl/wolfcrypt/visibility.h
@@ -27,7 +27,10 @@
 
 
 /* for compatibility and so that fips is using same name of macro @wc_fips */
-#ifdef HAVE_FIPS
+/* The following visibility wrappers are for old FIPS. New FIPS should use
+ * the same as a non-FIPS build. */
+#if defined(HAVE_FIPS) && \
+    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
     #include <cyassl/ctaocrypt/visibility.h>
     #define WOLFSSL_API   CYASSL_API
 	#define WOLFSSL_LOCAL CYASSL_LOCAL