diff --git a/.gitignore b/.gitignore
index 43c0d5115..3139a29e6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,7 +38,9 @@ tags
 cyassl-config
 wolfssl-config
 cyassl.sublime*
+fips.h
 fips.c
+fipsv2.c
 fips_test.c
 fips
 src/async.c
diff --git a/autogen.sh b/autogen.sh
index e5ea530fa..861a90509 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -18,6 +18,8 @@ if test -e .git; then
   # touch fips files for non fips distribution
   touch ./ctaocrypt/src/fips.c
   touch ./ctaocrypt/src/fips_test.c
+  touch ./wolfcrypt/src/fipsv2.c
+  touch ./wolfssl/wolfcrypt/fips.h
 
   # touch async crypt files
   touch ./wolfcrypt/src/async.c
diff --git a/configure.ac b/configure.ac
index 8e17c1823..d45cc9111 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1934,7 +1934,8 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
     # Add the FIPS flag.
     AS_IF([test "x$FIPS_VERSION" = "xv2"],
-          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2"])
+          [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN"
+           ENABLED_KEYGEN="yes"])
 else
     if test "x$ENABLED_FORTRESS" = "xyes"
     then
diff --git a/src/include.am b/src/include.am
index 125f60cf2..81f9c9faa 100644
--- a/src/include.am
+++ b/src/include.am
@@ -36,6 +36,10 @@ if BUILD_RSA
 src_libwolfssl_la_SOURCES += ctaocrypt/src/rsa.c
 endif
 
+if BUILD_ECC
+src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
+endif
+
 if BUILD_AES
 src_libwolfssl_la_SOURCES += ctaocrypt/src/aes.c
 endif
@@ -53,6 +57,7 @@ src_libwolfssl_la_SOURCES += ctaocrypt/src/sha512.c
 endif
 
 src_libwolfssl_la_SOURCES += ctaocrypt/src/fips.c
+src_libwolfssl_la_SOURCES += wolfcrypt/src/fipsv2.c
 src_libwolfssl_la_SOURCES += ctaocrypt/src/fips_test.c
 
 # fips last file
@@ -218,9 +223,11 @@ if BUILD_SLOWMATH
 src_libwolfssl_la_SOURCES += wolfcrypt/src/integer.c
 endif
 
+if !BUILD_FIPS
 if BUILD_ECC
 src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
 endif
+endif
 
 if BUILD_CURVE25519
 src_libwolfssl_la_SOURCES += wolfcrypt/src/curve25519.c
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 01224cddf..1daa330bc 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -93,6 +93,16 @@ ECC Curve Sizes:
 #endif
 
 
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+    /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
+    #define FIPS_NO_WRAPPERS
+
+	#ifdef USE_WINDOWS_API
+		#pragma code_seg(".fipsA$e2")
+		#pragma const_seg(".fipsB$e2")
+	#endif
+#endif
+
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
@@ -3786,10 +3796,10 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
   Free an ECC key from memory
   key   The key you wish to free
 */
-void wc_ecc_free(ecc_key* key)
+int wc_ecc_free(ecc_key* key)
 {
     if (key == NULL) {
-        return;
+        return 0;
     }
 
 #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC)
@@ -3808,6 +3818,7 @@ void wc_ecc_free(ecc_key* key)
 
     mp_forcezero(&key->k);
 #endif /* WOLFSSL_ATECC508A */
+	return 0;
 }
 
 #ifdef ECC_SHAMIR
diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h
index b11ddecc6..93506c5d3 100644
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -27,6 +27,10 @@
 
 #ifdef HAVE_ECC
 
+#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
+    #include <wolfssl/wolfcrypt/fips.h>
+#endif /* HAVE_FIPS_VERSION >= 2 */
+
 #include <wolfssl/wolfcrypt/integer.h>
 #include <wolfssl/wolfcrypt/random.h>
 
@@ -172,6 +176,8 @@ typedef enum ecc_curve_id {
 #endif
 } ecc_curve_id;
 
+#if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)
+
 #ifdef HAVE_OID_ENCODING
 typedef word16 ecc_oid_t;
 #else
@@ -198,6 +204,7 @@ typedef struct ecc_set_type {
     int         cofactor;
 } ecc_set_type;
 
+#endif
 
 #ifdef ALT_ECC_SIZE
 
@@ -258,6 +265,7 @@ typedef struct alt_fp_int {
 #endif /* ALT_ECC_SIZE */
 
 
+#if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)
 /* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
    (x/z^2, y/z^3, 1) when interpreted as affine */
 typedef struct {
@@ -315,6 +323,7 @@ struct ecc_key {
     typedef struct ecc_key ecc_key;
     #define WC_ECCKEY_TYPE_DEFINED
 #endif
+#endif
 
 
 /* ECC predefined curve sets  */
@@ -387,7 +396,7 @@ int wc_ecc_init(ecc_key* key);
 WOLFSSL_API
 int wc_ecc_init_ex(ecc_key* key, void* heap, int devId);
 WOLFSSL_API
-void wc_ecc_free(ecc_key* key);
+int wc_ecc_free(ecc_key* key);
 WOLFSSL_API
 int wc_ecc_set_flags(ecc_key* key, word32 flags);
 WOLFSSL_API
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index b03a51618..956ed84a1 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -20,6 +20,7 @@ nobase_include_HEADERS+= \
                          wolfssl/wolfcrypt/fe_operations.h \
                          wolfssl/wolfcrypt/ge_operations.h \
                          wolfssl/wolfcrypt/error-crypt.h \
+                         wolfssl/wolfcrypt/fips.h \
                          wolfssl/wolfcrypt/fips_test.h \
                          wolfssl/wolfcrypt/hash.h \
                          wolfssl/wolfcrypt/hc128.h \