remove FIPS mode support. people who require FIPS can buy something that

meets their needs, but dumping it in here only penalizes the rest of us.
ok beck deraadt

131 files changed, 15 insertions, 1955 deletions

diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile
index 326915d520..5c02ba2844 100644
--- a/src/lib/libcrypto/Attic/Makefile
+++ b/src/lib/libcrypto/Attic/Makefile
@@ -35,9 +35,9 @@ GENERAL=Makefile README crypto-lib.com install.com
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
 LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-        uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+        uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c
 LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
-        uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
+        uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o $(CPUID_OBJ)
 
 SRC= $(LIBSRC)
 
diff --git a/src/lib/libcrypto/aes/aes_misc.c b/src/lib/libcrypto/aes/aes_misc.c
index d666c06409..9380abc46c 100644
--- a/src/lib/libcrypto/aes/aes_misc.c
+++ b/src/lib/libcrypto/aes/aes_misc.c
@@ -71,9 +71,6 @@ int
 AES_set_encrypt_key(const unsigned char *userKey, const int bits,
     AES_KEY *key)
 {
-#ifdef OPENSSL_FIPS
-        fips_cipher_abort(AES);
-#endif
         return private_AES_set_encrypt_key(userKey, bits, key);
 }
 
@@ -81,8 +78,5 @@ int
 AES_set_decrypt_key(const unsigned char *userKey, const int bits,
     AES_KEY *key)
 {
-#ifdef OPENSSL_FIPS
-        fips_cipher_abort(AES);
-#endif
         return private_AES_set_decrypt_key(userKey, bits, key);
 }
diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c
index 3b0bca41ae..d8e6287a32 100644
--- a/src/lib/libcrypto/bf/bf_skey.c
+++ b/src/lib/libcrypto/bf/bf_skey.c
@@ -64,13 +64,6 @@
 #include "bf_pi.h"
 
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(BLOWFISH);
-        private_BF_set_key(key, len, data);
-        }
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#endif
         {
         int i;
         BF_LONG *p,ri,in[2];
diff --git a/src/lib/libcrypto/bf/blowfish.h b/src/lib/libcrypto/bf/blowfish.h
index 4b6c8920a4..65685f478c 100644
--- a/src/lib/libcrypto/bf/blowfish.h
+++ b/src/lib/libcrypto/bf/blowfish.h
@@ -104,9 +104,6 @@ typedef struct bf_key_st
         BF_LONG S[4*256];
         } BF_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 817c773b65..9194e86b39 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -479,10 +479,6 @@ extern "C" {
         }
 #endif /* !BN_LLONG */
 
-#if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
-#undef bn_div_words
-#endif
-
 void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
 void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
 void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
diff --git a/src/lib/libcrypto/camellia/camellia.h b/src/lib/libcrypto/camellia/camellia.h
index 67911e0adf..cf0457dd97 100644
--- a/src/lib/libcrypto/camellia/camellia.h
+++ b/src/lib/libcrypto/camellia/camellia.h
@@ -88,10 +88,6 @@ struct camellia_key_st
         };
 typedef struct camellia_key_st CAMELLIA_KEY;
 
-#ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-        CAMELLIA_KEY *key);
-#endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key);
 
diff --git a/src/lib/libcrypto/camellia/cmll_utl.c b/src/lib/libcrypto/camellia/cmll_utl.c
index 7a35711ec1..b88a996a3f 100644
--- a/src/lib/libcrypto/camellia/cmll_utl.c
+++ b/src/lib/libcrypto/camellia/cmll_utl.c
@@ -57,8 +57,5 @@
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key)
         {
-#ifdef OPENSSL_FIPS
-        fips_cipher_abort(Camellia);
-#endif
         return private_Camellia_set_key(userKey, bits, key);
         }
diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c
index cb6bf9fee3..54ea98cd0b 100644
--- a/src/lib/libcrypto/cast/c_skey.c
+++ b/src/lib/libcrypto/cast/c_skey.c
@@ -73,13 +73,6 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(CAST);
-        private_CAST_set_key(key, len, data);
-        }
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#endif
         {
         CAST_LONG x[16];
         CAST_LONG z[16];
diff --git a/src/lib/libcrypto/cast/cast.h b/src/lib/libcrypto/cast/cast.h
index 203922ea2b..8741532e9e 100644
--- a/src/lib/libcrypto/cast/cast.h
+++ b/src/lib/libcrypto/cast/cast.h
@@ -83,9 +83,6 @@ typedef struct cast_key_st
         int short_key;  /* Use reduced rounds for short key */
         } CAST_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
                       int enc);
diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c
index 8b72b09681..f92a7bb143 100644
--- a/src/lib/libcrypto/cmac/cmac.c
+++ b/src/lib/libcrypto/cmac/cmac.c
@@ -57,10 +57,6 @@
 #include "cryptlib.h"
 #include <openssl/cmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 struct CMAC_CTX_st
         {
         /* Cipher context to use */
@@ -107,13 +103,6 @@ CMAC_CTX *CMAC_CTX_new(void)
 
 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->cctx.engine)
-                {
-                FIPS_cmac_ctx_cleanup(ctx);
-                return;
-                }
-#endif
         EVP_CIPHER_CTX_cleanup(&ctx->cctx);
         OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
         OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
@@ -153,24 +142,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
                         const EVP_CIPHER *cipher, ENGINE *impl)
         {
         static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                /* If we have an ENGINE need to allow non FIPS */
-                if ((impl || ctx->cctx.engine)
-                        && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-
-                        {
-                        EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
-                        return 0;
-                        }
-                /* Other algorithm blocking will be done in FIPS_cmac_init,
-                 * via FIPS_cipherinit().
-                 */
-                if (!impl && !ctx->cctx.engine)
-                        return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
-                }
-#endif
         /* All zeros means restart */
         if (!key && !cipher && !impl && keylen == 0)
                 {
@@ -216,10 +187,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
         {
         const unsigned char *data = in;
         size_t bl;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->cctx.engine)
-                return FIPS_cmac_update(ctx, in, dlen);
-#endif
+
         if (ctx->nlast_block == -1)
                 return 0;
         if (dlen == 0)
@@ -261,10 +229,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
         {
         int i, bl, lb;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->cctx.engine)
-                return FIPS_cmac_final(ctx, out, poutlen);
-#endif
+
         if (ctx->nlast_block == -1)
                 return 0;
         bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index 351ccfd35b..56c5dfadb8 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -538,25 +538,9 @@ void OPENSSL_init(void);
 
 #define fips_md_init(alg) fips_md_init_ctx(alg, alg)
 
-#ifdef OPENSSL_FIPS
-#define fips_md_init_ctx(alg, cx) \
-        int alg##_Init(cx##_CTX *c) \
-        { \
-        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-                "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
-        return private_##alg##_Init(c); \
-        } \
-        int private_##alg##_Init(cx##_CTX *c)
-
-#define fips_cipher_abort(alg) \
-        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-                "Low level API call to cipher " #alg " forbidden in FIPS mode!")
-
-#else
 #define fips_md_init_ctx(alg, cx) \
         int alg##_Init(cx##_CTX *c)
 #define fips_cipher_abort(alg) while(0)
-#endif
 
 /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
  * takes an amount of time dependent on |len|, but independent of the contents
diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile
index e3bb0a2b36..a149537c3f 100644
--- a/src/lib/libcrypto/crypto/Makefile
+++ b/src/lib/libcrypto/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.8 2014/04/15 17:46:16 beck Exp $
+# $OpenBSD: Makefile,v 1.9 2014/04/15 20:06:09 tedu Exp $
 
 LIB=    crypto
 
@@ -43,7 +43,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp
 
 # crypto/
 SRCS+= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c
-SRCS+= uid.c o_time.c o_str.c o_fips.c o_init.c fips_ers.c
+SRCS+= uid.c o_time.c o_str.c o_fips.c o_init.c
 
 # aes/
 SRCS+= aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c
@@ -163,7 +163,7 @@ SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c
 SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c
 SRCS+= c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c
 SRCS+= evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
-SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c
+SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
 SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 
 # hmac/
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
index 1eaedcbd24..92b6663599 100644
--- a/src/lib/libcrypto/des/des.h
+++ b/src/lib/libcrypto/des/des.h
@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#ifdef OPENSSL_FIPS
-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#endif
 void DES_string_to_key(const char *str,DES_cblock *key);
 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
index 99e3555ba9..e8dea50b96 100644
--- a/src/lib/libcrypto/des/set_key.c
+++ b/src/lib/libcrypto/des/set_key.c
@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
         }
 
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(DES);
-        private_DES_set_key_unchecked(key, schedule);
-        }
-void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#endif
         {
         static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
         register DES_LONG c,d,t,s,t2;
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index 7b1fe9c9cb..cfd5b11868 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -66,29 +66,12 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         if(ret->meth->generate_params)
                 return ret->meth->generate_params(ret, prime_len, generator, cb);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_dh_generate_parameters_ex(ret, prime_len,
-                                                        generator, cb);
-#endif
         return dh_builtin_genparams(ret, prime_len, generator, cb);
         }
 
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 89a74db4e6..9596270f7d 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         return dh->meth->generate_key(dh);
         }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         return dh->meth->compute_key(key, pub_key, dh);
         }
 
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 00218f2b92..a40caaf75b 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -64,10 +64,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
@@ -81,14 +77,7 @@ const DH_METHOD *DH_get_default_method(void)
         {
         if(!default_DH_method)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_dh_openssl();
-                else
-                        return DH_OpenSSL();
-#else
                 default_DH_method = DH_OpenSSL();
-#endif
                 }
         return default_DH_method;
         }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index c398761d0d..e6a5452016 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -81,33 +81,13 @@
 #include <openssl/sha.h>
 #include "dsa_locl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                 const unsigned char *seed_in, int seed_len,
                 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-                return 0;
-                }
-#endif
         if(ret->meth->dsa_paramgen)
                 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                 counter_ret, h_ret, cb);
-#ifdef OPENSSL_FIPS
-        else if (FIPS_mode())
-                {
-                return FIPS_dsa_generate_parameters_ex(ret, bits, 
-                                                        seed_in, seed_len,
-                                                        counter_ret, h_ret, cb);
-                }
-#endif
         else
                 {
                 const EVP_MD *evpmd;
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 9cf669b921..c4aa86bc6d 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -64,28 +64,12 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-                return 0;
-                }
-#endif
         if(dsa->meth->dsa_keygen)
                 return dsa->meth->dsa_keygen(dsa);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_dsa_generate_key(dsa);
-#endif
         return dsa_builtin_keygen(dsa);
         }
 
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 96d8d0c4b4..897c085968 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -70,10 +70,6 @@
 #include <openssl/dh.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
@@ -87,14 +83,7 @@ const DSA_METHOD *DSA_get_default_method(void)
         {
         if(!default_DSA_method)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_dsa_openssl();
-                else
-                        return DSA_OpenSSL();
-#else
                 default_DSA_method = DSA_OpenSSL();
-#endif
                 }
         return default_DSA_method;
         }
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index c3cc3642ce..e02365a8b1 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -65,27 +65,11 @@
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
-                return NULL;
-                }
-#endif
         return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
         }
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
-                return 0;
-                }
-#endif
         return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
         }
 
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index 674cb5fa5f..286ed28cfa 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -64,13 +64,5 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                   DSA *dsa)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_NON_FIPS_DSA_METHOD);
-                return -1;
-                }
-#endif
         return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
         }
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index e0e59c7d82..0cf681fa9d 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -73,16 +73,8 @@
 
 #ifndef OPENSSL_NO_EC2M
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
 const EC_METHOD *EC_GF2m_simple_method(void)
         {
-#ifdef OPENSSL_FIPS
-        return fips_ec_gf2m_simple_method();
-#else
         static const EC_METHOD ret = {
                 EC_FLAGS_DEFAULT_OCT,
                 NID_X9_62_characteristic_two_field,
@@ -126,7 +118,6 @@ const EC_METHOD *EC_GF2m_simple_method(void)
                 0 /* field_set_to_one */ };
 
         return &ret;
-#endif
         }
 
 
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index 7fa247593d..d528601036 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -64,9 +64,6 @@
 #include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 EC_KEY *EC_KEY_new(void)
         {
@@ -241,11 +238,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
         BIGNUM  *priv_key = NULL, *order = NULL;
         EC_POINT *pub_key = NULL;
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_ec_key_generate_key(eckey);
-#endif
-
         if (!eckey || !eckey->group)
                 {
                 ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
index f04f132c7a..cee0fee12a 100644
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -63,18 +63,11 @@
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 
 const EC_METHOD *EC_GFp_mont_method(void)
         {
-#ifdef OPENSSL_FIPS
-        return fips_ec_gfp_mont_method();
-#else
         static const EC_METHOD ret = {
                 EC_FLAGS_DEFAULT_OCT,
                 NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
                 ec_GFp_mont_field_set_to_one };
 
         return &ret;
-#endif
         }
 
 
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
index aad2d5f443..ac5b814238 100644
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ b/src/lib/libcrypto/ec/ecp_nist.c
@@ -67,15 +67,8 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const EC_METHOD *EC_GFp_nist_method(void)
         {
-#ifdef OPENSSL_FIPS
-        return fips_ec_gfp_nist_method();
-#else
         static const EC_METHOD ret = {
                 EC_FLAGS_DEFAULT_OCT,
                 NID_X9_62_prime_field,
@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
                 0 /* field_set_to_one */ };
 
         return &ret;
-#endif
         }
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index cd05fd1251..bf0ad998dd 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -64,17 +64,10 @@
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
         {
-#ifdef OPENSSL_FIPS
-        return fips_ec_gfp_simple_method();
-#else
         static const EC_METHOD ret = {
                 EC_FLAGS_DEFAULT_OCT,
                 NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(void)
                 0 /* field_set_to_one */ };
 
         return &ret;
-#endif
         }
 
 
diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c
index 0644431b75..ddf226b166 100644
--- a/src/lib/libcrypto/ecdh/ech_lib.c
+++ b/src/lib/libcrypto/ecdh/ech_lib.c
@@ -73,9 +73,6 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 
@@ -94,14 +91,7 @@ const ECDH_METHOD *ECDH_get_default_method(void)
         {
         if(!default_ECDH_method) 
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_ecdh_openssl();
-                else
-                        return ECDH_OpenSSL();
-#else
                 default_ECDH_method = ECDH_OpenSSL();
-#endif
                 }
         return default_ECDH_method;
         }
@@ -234,15 +224,6 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
         }
         else
                 ecdh_data = (ECDH_DATA *)data;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
-                        && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-                {
-                ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
-                return NULL;
-                }
-#endif
-        
 
         return ecdh_data;
         }
diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c
index 814a6bf404..7b53969ffd 100644
--- a/src/lib/libcrypto/ecdsa/ecs_lib.c
+++ b/src/lib/libcrypto/ecdsa/ecs_lib.c
@@ -60,9 +60,6 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
 
@@ -81,14 +78,7 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
         if(!default_ECDSA_method) 
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_ecdsa_openssl();
-                else
-                        return ECDSA_OpenSSL();
-#else
                 default_ECDSA_method = ECDSA_OpenSSL();
-#endif
                 }
         return default_ECDSA_method;
 }
@@ -212,14 +202,6 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
         }
         else
                 ecdsa_data = (ECDSA_DATA *)data;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
-                        && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-                {
-                ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
-                return NULL;
-                }
-#endif
 
         return ecdsa_data;
 }
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index 8eb547d98d..1c4eccd251 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -97,9 +97,6 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -155,9 +152,6 @@ void ERR_load_crypto_strings(void)
 #endif
         ERR_load_OCSP_strings();
         ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
-#endif
 #ifndef OPENSSL_NO_CMS
         ERR_load_CMS_strings();
 #endif
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index 3982f49f81..f94a28d383 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
         bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
         c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
         evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
+        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
         e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 
 LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
@@ -41,7 +41,7 @@ LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
         bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
         c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
         evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
+        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
         e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
 
 SRC= $(LIBSRC)
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index d14e8e48d5..782d3199a5 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -117,10 +117,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
         {
         memset(ctx,'\0',sizeof *ctx);
@@ -229,26 +225,12 @@ skip_to_init:
                 }
         if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
                 return 1;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                if (FIPS_digestinit(ctx, type))
-                        return 1;
-                OPENSSL_free(ctx->md_data);
-                ctx->md_data = NULL;
-                return 0;
-                }
-#endif
         return ctx->digest->init(ctx);
         }
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
         {
-#ifdef OPENSSL_FIPS
-        return FIPS_digestupdate(ctx, data, count);
-#else
         return ctx->update(ctx,data,count);
-#endif
         }
 
 /* The caller can assume that this removes any secret data from the context */
@@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         {
-#ifdef OPENSSL_FIPS
-        return FIPS_digestfinal(ctx, md, size);
-#else
         int ret;
 
         OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                 }
         memset(ctx->md_data,0,ctx->digest->ctx_size);
         return ret;
-#endif
         }
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -376,7 +354,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
         {
-#ifndef OPENSSL_FIPS
         /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
          * because sometimes only copies of the context are ever finalised.
          */
@@ -389,7 +366,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                 OPENSSL_free(ctx->md_data);
                 }
-#endif
         if (ctx->pctx)
                 EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -398,9 +374,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                  * functional reference we held for this reason. */
                 ENGINE_finish(ctx->engine);
 #endif
-#ifdef OPENSSL_FIPS
-        FIPS_md_ctx_cleanup(ctx);
-#endif
         memset(ctx,'\0',sizeof *ctx);
 
         return 1;
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index f0c1f78b5f..98a78499f9 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -61,8 +61,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
-#ifndef OPENSSL_FIPS
-
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 memcpy((char *)out,(const char *)in,inl);
         return 1;
         }
-#endif
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 0c54f05e6e..50403a7578 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -64,17 +64,9 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
 
-#ifdef OPENSSL_FIPS
-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-#endif
-
 
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 
@@ -169,10 +161,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                         ctx->engine = NULL;
 #endif
 
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
                 ctx->cipher=cipher;
                 if (ctx->cipher->ctx_size)
                         {
@@ -206,10 +194,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
 #endif
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
         /* we assume block size is a power of 2 in *cryptUpdate */
         OPENSSL_assert(ctx->cipher->block_size == 1
             || ctx->cipher->block_size == 8
@@ -568,7 +552,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
         {
-#ifndef OPENSSL_FIPS
         if (c->cipher != NULL)
                 {
                 if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -579,16 +562,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                 }
         if (c->cipher_data)
                 OPENSSL_free(c->cipher_data);
-#endif
 #ifndef OPENSSL_NO_ENGINE
         if (c->engine)
                 /* The EVP_CIPHER we used belongs to an ENGINE, release the
                  * functional reference we held for this reason. */
                 ENGINE_finish(c->engine);
 #endif
-#ifdef OPENSSL_FIPS
-        FIPS_cipher_ctx_cleanup(c);
-#endif
         memset(c,0,sizeof(EVP_CIPHER_CTX));
         return 1;
         }
diff --git a/src/lib/libcrypto/evp/evp_fips.c b/src/lib/libcrypto/evp/evp_fips.c
deleted file mode 100644
index cb7f4fc0fa..0000000000
--- a/src/lib/libcrypto/evp/evp_fips.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/evp/evp_fips.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#include <openssl/evp.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-
-const EVP_CIPHER *EVP_aes_128_cbc(void)  { return FIPS_evp_aes_128_cbc(); }
-const EVP_CIPHER *EVP_aes_128_ccm(void)  { return FIPS_evp_aes_128_ccm(); }
-const EVP_CIPHER *EVP_aes_128_cfb1(void)  { return FIPS_evp_aes_128_cfb1(); }
-const EVP_CIPHER *EVP_aes_128_cfb128(void)  { return FIPS_evp_aes_128_cfb128(); }
-const EVP_CIPHER *EVP_aes_128_cfb8(void)  { return FIPS_evp_aes_128_cfb8(); }
-const EVP_CIPHER *EVP_aes_128_ctr(void)  { return FIPS_evp_aes_128_ctr(); }
-const EVP_CIPHER *EVP_aes_128_ecb(void)  { return FIPS_evp_aes_128_ecb(); }
-const EVP_CIPHER *EVP_aes_128_gcm(void)  { return FIPS_evp_aes_128_gcm(); }
-const EVP_CIPHER *EVP_aes_128_ofb(void)  { return FIPS_evp_aes_128_ofb(); }
-const EVP_CIPHER *EVP_aes_128_xts(void)  { return FIPS_evp_aes_128_xts(); }
-const EVP_CIPHER *EVP_aes_192_cbc(void)  { return FIPS_evp_aes_192_cbc(); }
-const EVP_CIPHER *EVP_aes_192_ccm(void)  { return FIPS_evp_aes_192_ccm(); }
-const EVP_CIPHER *EVP_aes_192_cfb1(void)  { return FIPS_evp_aes_192_cfb1(); }
-const EVP_CIPHER *EVP_aes_192_cfb128(void)  { return FIPS_evp_aes_192_cfb128(); }
-const EVP_CIPHER *EVP_aes_192_cfb8(void)  { return FIPS_evp_aes_192_cfb8(); }
-const EVP_CIPHER *EVP_aes_192_ctr(void)  { return FIPS_evp_aes_192_ctr(); }
-const EVP_CIPHER *EVP_aes_192_ecb(void)  { return FIPS_evp_aes_192_ecb(); }
-const EVP_CIPHER *EVP_aes_192_gcm(void)  { return FIPS_evp_aes_192_gcm(); }
-const EVP_CIPHER *EVP_aes_192_ofb(void)  { return FIPS_evp_aes_192_ofb(); }
-const EVP_CIPHER *EVP_aes_256_cbc(void)  { return FIPS_evp_aes_256_cbc(); }
-const EVP_CIPHER *EVP_aes_256_ccm(void)  { return FIPS_evp_aes_256_ccm(); }
-const EVP_CIPHER *EVP_aes_256_cfb1(void)  { return FIPS_evp_aes_256_cfb1(); }
-const EVP_CIPHER *EVP_aes_256_cfb128(void)  { return FIPS_evp_aes_256_cfb128(); }
-const EVP_CIPHER *EVP_aes_256_cfb8(void)  { return FIPS_evp_aes_256_cfb8(); }
-const EVP_CIPHER *EVP_aes_256_ctr(void)  { return FIPS_evp_aes_256_ctr(); }
-const EVP_CIPHER *EVP_aes_256_ecb(void)  { return FIPS_evp_aes_256_ecb(); }
-const EVP_CIPHER *EVP_aes_256_gcm(void)  { return FIPS_evp_aes_256_gcm(); }
-const EVP_CIPHER *EVP_aes_256_ofb(void)  { return FIPS_evp_aes_256_ofb(); }
-const EVP_CIPHER *EVP_aes_256_xts(void)  { return FIPS_evp_aes_256_xts(); }
-const EVP_CIPHER *EVP_des_ede(void)  { return FIPS_evp_des_ede(); }
-const EVP_CIPHER *EVP_des_ede3(void)  { return FIPS_evp_des_ede3(); }
-const EVP_CIPHER *EVP_des_ede3_cbc(void)  { return FIPS_evp_des_ede3_cbc(); }
-const EVP_CIPHER *EVP_des_ede3_cfb1(void)  { return FIPS_evp_des_ede3_cfb1(); }
-const EVP_CIPHER *EVP_des_ede3_cfb64(void)  { return FIPS_evp_des_ede3_cfb64(); }
-const EVP_CIPHER *EVP_des_ede3_cfb8(void)  { return FIPS_evp_des_ede3_cfb8(); }
-const EVP_CIPHER *EVP_des_ede3_ecb(void)  { return FIPS_evp_des_ede3_ecb(); }
-const EVP_CIPHER *EVP_des_ede3_ofb(void)  { return FIPS_evp_des_ede3_ofb(); }
-const EVP_CIPHER *EVP_des_ede_cbc(void)  { return FIPS_evp_des_ede_cbc(); }
-const EVP_CIPHER *EVP_des_ede_cfb64(void)  { return FIPS_evp_des_ede_cfb64(); }
-const EVP_CIPHER *EVP_des_ede_ecb(void)  { return FIPS_evp_des_ede_ecb(); }
-const EVP_CIPHER *EVP_des_ede_ofb(void)  { return FIPS_evp_des_ede_ofb(); }
-const EVP_CIPHER *EVP_enc_null(void)  { return FIPS_evp_enc_null(); }
-
-const EVP_MD *EVP_sha1(void)  { return FIPS_evp_sha1(); }
-const EVP_MD *EVP_sha224(void)  { return FIPS_evp_sha224(); }
-const EVP_MD *EVP_sha256(void)  { return FIPS_evp_sha256(); }
-const EVP_MD *EVP_sha384(void)  { return FIPS_evp_sha384(); }
-const EVP_MD *EVP_sha512(void)  { return FIPS_evp_sha512(); }
-
-const EVP_MD *EVP_dss(void)  { return FIPS_evp_dss(); }
-const EVP_MD *EVP_dss1(void)  { return FIPS_evp_dss1(); }
-const EVP_MD *EVP_ecdsa(void)  { return FIPS_evp_ecdsa(); }
-
-#endif
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 08c0a66d39..9e71f39a47 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -347,39 +347,3 @@ void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                              ASN1_TYPE *param,
                              const EVP_CIPHER *c, const EVP_MD *md, int en_de);
-
-#ifdef OPENSSL_FIPS
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-#undef SHA1_Init
-#undef SHA1_Update
-#undef SHA224_Init
-#undef SHA256_Init
-#undef SHA384_Init
-#undef SHA512_Init
-#undef DES_set_key_unchecked
-#endif
-
-#define RIPEMD160_Init  private_RIPEMD160_Init
-#define WHIRLPOOL_Init  private_WHIRLPOOL_Init
-#define MD5_Init        private_MD5_Init
-#define MD4_Init        private_MD4_Init
-#define MD2_Init        private_MD2_Init
-#define MDC2_Init       private_MDC2_Init
-#define SHA_Init        private_SHA_Init
-#define SHA1_Init       private_SHA1_Init
-#define SHA224_Init     private_SHA224_Init
-#define SHA256_Init     private_SHA256_Init
-#define SHA384_Init     private_SHA384_Init
-#define SHA512_Init     private_SHA512_Init
-
-#define BF_set_key      private_BF_set_key
-#define CAST_set_key    private_CAST_set_key
-#define idea_set_encrypt_key    private_idea_set_encrypt_key
-#define SEED_set_key    private_SEED_set_key
-#define RC2_set_key     private_RC2_set_key
-#define RC4_set_key     private_RC4_set_key
-#define DES_set_key_unchecked   private_DES_set_key_unchecked
-#define Camellia_set_key        private_Camellia_set_key
-
-#endif
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 6fb7e9a861..89ea5b7a6d 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -66,7 +66,6 @@
 #endif
 
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
         { return SHA1_Init(ctx->md_data); }
@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
         return(&dsa_md);
         }
 #endif
-#endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index 2df362a670..a010103b7a 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
 #include <openssl/dsa.h>
 #endif
 
-#ifndef OPENSSL_FIPS 
-
 static int init(EVP_MD_CTX *ctx)
         { return SHA1_Init(ctx->md_data); }
 
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
         return(&dss1_md);
         }
 #endif
-#endif
diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c
index 4b15fb0f6c..a6ed24b0b6 100644
--- a/src/lib/libcrypto/evp/m_ecdsa.c
+++ b/src/lib/libcrypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
 #include <openssl/x509.h>
 
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
         { return SHA1_Init(ctx->md_data); }
@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
         return(&ecdsa_md);
         }
 #endif
-#endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index bd0c01ad3c..f39ae77925 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -59,8 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 
-#ifndef OPENSSL_FIPS
-
 #ifndef OPENSSL_NO_SHA
 
 #include <openssl/evp.h>
@@ -205,5 +203,3 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
         { return(&sha512_md); }
 #endif  /* ifndef OPENSSL_NO_SHA512 */
-
-#endif
diff --git a/src/lib/libcrypto/fips_ers.c b/src/lib/libcrypto/fips_ers.c
deleted file mode 100644
index 1788ed2884..0000000000
--- a/src/lib/libcrypto/fips_ers.c
+++ /dev/null
@@ -1,7 +0,0 @@
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-# include "fips_err.h"
-#else
-static void *dummy = &dummy;
-#endif
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index ba27cbf56f..6c98fc43a3 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -61,34 +61,12 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                   const EVP_MD *md, ENGINE *impl)
         {
         int i,j,reset=0;
         unsigned char pad[HMAC_MAX_MD_CBLOCK];
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                /* If we have an ENGINE need to allow non FIPS */
-                if ((impl || ctx->i_ctx.engine)
-                        &&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-                        {
-                        EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
-                        return 0;
-                        }
-                /* Other algorithm blocking will be done in FIPS_cmac_init,
-                 * via FIPS_hmac_init_ex().
-                 */
-                if (!impl && !ctx->i_ctx.engine)
-                        return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
-                }
-#endif
-
         if (md != NULL)
                 {
                 reset=1;
@@ -155,10 +133,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                return FIPS_hmac_update(ctx, data, len);
-#endif
         return EVP_DigestUpdate(&ctx->md_ctx,data,len);
         }
 
@@ -166,10 +140,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
         {
         unsigned int i;
         unsigned char buf[EVP_MAX_MD_SIZE];
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                return FIPS_hmac_final(ctx, md, len);
-#endif
 
         if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
                 goto err;
@@ -209,13 +179,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                {
-                FIPS_hmac_ctx_cleanup(ctx);
-                return;
-                }
-#endif
         EVP_MD_CTX_cleanup(&ctx->i_ctx);
         EVP_MD_CTX_cleanup(&ctx->o_ctx);
         EVP_MD_CTX_cleanup(&ctx->md_ctx);
diff --git a/src/lib/libcrypto/idea/i_skey.c b/src/lib/libcrypto/idea/i_skey.c
index afb830964d..244562e690 100644
--- a/src/lib/libcrypto/idea/i_skey.c
+++ b/src/lib/libcrypto/idea/i_skey.c
@@ -62,13 +62,6 @@
 
 static IDEA_INT inverse(unsigned int xin);
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(IDEA);
-        private_idea_set_encrypt_key(key, ks);
-        }
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#endif
         {
         int i;
         register IDEA_INT *kt,*kf,r0,r1,r2;
diff --git a/src/lib/libcrypto/idea/idea.h b/src/lib/libcrypto/idea/idea.h
index e9a1e7f1a5..5782e54b0f 100644
--- a/src/lib/libcrypto/idea/idea.h
+++ b/src/lib/libcrypto/idea/idea.h
@@ -83,9 +83,6 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
         IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/src/lib/libcrypto/md2/md2.h b/src/lib/libcrypto/md2/md2.h
index d59c9f2593..a46120e7d4 100644
--- a/src/lib/libcrypto/md2/md2.h
+++ b/src/lib/libcrypto/md2/md2.h
@@ -81,9 +81,6 @@ typedef struct MD2state_st
         } MD2_CTX;
 
 const char *MD2_options(void);
-#ifdef OPENSSL_FIPS
-int private_MD2_Init(MD2_CTX *c);
-#endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);
diff --git a/src/lib/libcrypto/md4/md4.h b/src/lib/libcrypto/md4/md4.h
index a55368a790..c3ed9b3f75 100644
--- a/src/lib/libcrypto/md4/md4.h
+++ b/src/lib/libcrypto/md4/md4.h
@@ -105,9 +105,6 @@ typedef struct MD4state_st
         unsigned int num;
         } MD4_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);
diff --git a/src/lib/libcrypto/md5/md5.h b/src/lib/libcrypto/md5/md5.h
index 541cc925fe..4cbf84386b 100644
--- a/src/lib/libcrypto/md5/md5.h
+++ b/src/lib/libcrypto/md5/md5.h
@@ -105,9 +105,6 @@ typedef struct MD5state_st
         unsigned int num;
         } MD5_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);
diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h
index f3e8e579d2..72778a5212 100644
--- a/src/lib/libcrypto/mdc2/mdc2.h
+++ b/src/lib/libcrypto/mdc2/mdc2.h
@@ -81,9 +81,6 @@ typedef struct mdc2_ctx_st
         } MDC2_CTX;
 
 
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);
diff --git a/src/lib/libcrypto/o_fips.c b/src/lib/libcrypto/o_fips.c
index 9c185cfb18..43312ae23f 100644
--- a/src/lib/libcrypto/o_fips.c
+++ b/src/lib/libcrypto/o_fips.c
@@ -56,42 +56,20 @@
  */
 
 #include "cryptlib.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/rand.h>
-#endif
 
 int
 FIPS_mode(void)
 {
         OPENSSL_init();
-#ifdef OPENSSL_FIPS
-        return FIPS_module_mode();
-#else
         return 0;
-#endif
 }
 
 int
 FIPS_mode_set(int r)
 {
         OPENSSL_init();
-#ifdef OPENSSL_FIPS
-#ifndef FIPS_AUTH_USER_PASS
-#define FIPS_AUTH_USER_PASS     "Default FIPS Crypto User Password"
-#endif
-        if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
-                return 0;
-        if (r)
-                RAND_set_rand_method(FIPS_rand_get_method());
-        else
-                RAND_set_rand_method(NULL);
-        return 1;
-#else
         if (r == 0)
                 return 1;
         CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
         return 0;
-#endif
 }
diff --git a/src/lib/libcrypto/o_init.c b/src/lib/libcrypto/o_init.c
index 07c8e0d694..5e905d9315 100644
--- a/src/lib/libcrypto/o_init.c
+++ b/src/lib/libcrypto/o_init.c
@@ -54,10 +54,6 @@
 
 #include <e_os.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#endif
 
 /* Perform any essential OpenSSL initialization operations.
  * Currently only sets FIPS callbacks
@@ -70,12 +66,6 @@ OPENSSL_init(void)
         if (done)
                 return;
         done = 1;
-#ifdef OPENSSL_FIPS
-        FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
-        FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-        FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
-        RAND_init_fips();
-#endif
 #if 0
         fprintf(stderr, "Called OPENSSL_init\n");
 #endif
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index ebe7180723..7ba6281f28 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -26,11 +26,7 @@
  *  major minor fix final patch/beta)
  */
 #define OPENSSL_VERSION_NUMBER  0x1000107fL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g-fips 7 Apr 2014"
-#else
 #define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g 7 Apr 2014"
-#endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
 
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index eac0460e3e..6ff6be7fbe 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -193,61 +193,8 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_RSA(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
-                                        PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-
-                EVP_PKEY_set1_RSA(k, x);
-
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
-                                        PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -277,59 +224,8 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
         return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_DSA(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
-                                        PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_DSA(k, x);
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
-                                        PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -377,61 +273,8 @@ IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKPa
 
 
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_EC_KEY(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
-                                                PEM_STRING_ECPRIVATEKEY,
-                                                bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_EC_KEY(k, x);
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
-                                                PEM_STRING_ECPRIVATEKEY,
-                                                fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index a34915d02d..0c5e8dc992 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -91,11 +91,6 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
         /* Set defaults */
         if (!nid_cert)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-                else
-#endif
                 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
                 }
         if (!nid_key)
diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h
index e542ec94ff..4c737f5b90 100644
--- a/src/lib/libcrypto/rc2/rc2.h
+++ b/src/lib/libcrypto/rc2/rc2.h
@@ -79,9 +79,6 @@ typedef struct rc2_key_st
         RC2_INT data[64];
         } RC2_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                      int enc);
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c
index 6668ac011f..26b8dd63f6 100644
--- a/src/lib/libcrypto/rc2/rc2_skey.c
+++ b/src/lib/libcrypto/rc2/rc2_skey.c
@@ -96,13 +96,6 @@ static const unsigned char key_table[256]={
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(RC2);
-        private_RC2_set_key(key, len, data, bits);
-        }
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
         {
         int i,j;
         unsigned char *k;
diff --git a/src/lib/libcrypto/rc4/rc4_utl.c b/src/lib/libcrypto/rc4/rc4_utl.c
index ab3f02fe6a..bd39a76543 100644
--- a/src/lib/libcrypto/rc4/rc4_utl.c
+++ b/src/lib/libcrypto/rc4/rc4_utl.c
@@ -55,8 +55,5 @@
 
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
         {
-#ifdef OPENSSL_FIPS
-        fips_cipher_abort(RC4);
-#endif
         private_RC4_set_key(key, len, data);
         }
diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h
index 189bd8c90e..5942eb6180 100644
--- a/src/lib/libcrypto/ripemd/ripemd.h
+++ b/src/lib/libcrypto/ripemd/ripemd.h
@@ -91,9 +91,6 @@ typedef struct RIPEMD160state_st
         unsigned int   num;
         } RIPEMD160_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c
index d3e44785dc..7750366613 100644
--- a/src/lib/libcrypto/rsa/rsa_crpt.c
+++ b/src/lib/libcrypto/rsa/rsa_crpt.c
@@ -75,56 +75,24 @@ int RSA_size(const RSA *r)
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-                return -1;
-                }
-#endif
         return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
         }
 
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-                return -1;
-                }
-#endif
         return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
         }
 
 int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-                return -1;
-                }
-#endif
         return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
         }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-                return -1;
-                }
-#endif
         return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
         }
 
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 42290cce66..767f7ab682 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -67,9 +67,6 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
@@ -80,20 +77,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
         if(rsa->meth->rsa_keygen)
                 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
-#endif
         return rsa_builtin_keygen(rsa, bits, e_value, cb);
         }
 
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index c95ceafc82..9e3f7dafcd 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,10 +67,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -91,18 +87,11 @@ const RSA_METHOD *RSA_get_default_method(void)
         {
         if (default_RSA_meth == NULL)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_rsa_pkcs1_ssleay();
-                else
-                        return RSA_PKCS1_SSLeay();
-#else
 #ifdef RSA_NULL
                 default_RSA_meth=RSA_null_method();
 #else
                 default_RSA_meth=RSA_PKCS1_SSLeay();
 #endif
-#endif
                 }
 
         return default_RSA_meth;
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 157aa5c41d..d706d35ff6 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -66,9 +66,6 @@
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
 #include "rsa_locl.h"
 
@@ -156,32 +153,6 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
                 OPENSSL_free(rctx);
                 }
         }
-#ifdef OPENSSL_FIPS
-/* FIP checker. Return value indicates status of context parameters:
- * 1  : redirect to FIPS.
- * 0  : don't redirect to FIPS.
- * -1 : illegal operation in FIPS mode.
- */
-
-static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
-        {
-        RSA_PKEY_CTX *rctx = ctx->data;
-        RSA *rsa = ctx->pkey->pkey.rsa;
-        int rv = -1;
-        if (!FIPS_mode())
-                return 0;
-        if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-                rv = 0;
-        if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
-                return -1;
-        if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
-                return rv;
-        if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
-                return rv;
-        return 1;
-        }
-#endif
-
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                         const unsigned char *tbs, size_t tbslen)
         {
@@ -189,15 +160,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
         RSA_PKEY_CTX *rctx = ctx->data;
         RSA *rsa = ctx->pkey->pkey.rsa;
 
-#ifdef OPENSSL_FIPS
-        ret = pkey_fips_check_ctx(ctx);
-        if (ret < 0)
-                {
-                RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return -1;
-                }
-#endif
-
         if (rctx->md)
                 {
                 if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -206,22 +168,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                         RSA_R_INVALID_DIGEST_LENGTH);
                         return -1;
                         }
-#ifdef OPENSSL_FIPS
-                if (ret > 0)
-                        {
-                        unsigned int slen;
-                        ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
-                                                        rctx->pad_mode,
-                                                        rctx->saltlen,
-                                                        rctx->mgf1md,
-                                                        sig, &slen);
-                        if (ret > 0)
-                                *siglen = slen;
-                        else
-                                *siglen = 0;
-                        return ret;
-                        }
-#endif
 
                 if (EVP_MD_type(rctx->md) == NID_mdc2)
                         {
@@ -343,30 +289,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
         RSA_PKEY_CTX *rctx = ctx->data;
         RSA *rsa = ctx->pkey->pkey.rsa;
         size_t rslen;
-#ifdef OPENSSL_FIPS
-        int rv;
-        rv = pkey_fips_check_ctx(ctx);
-        if (rv < 0)
-                {
-                RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return -1;
-                }
-#endif
         if (rctx->md)
                 {
-#ifdef OPENSSL_FIPS
-                if (rv > 0)
-                        {
-                        return FIPS_rsa_verify_digest(rsa,
-                                                        tbs, tbslen,
-                                                        rctx->md,
-                                                        rctx->pad_mode,
-                                                        rctx->saltlen,
-                                                        rctx->mgf1md,
-                                                        sig, siglen);
-                                                        
-                        }
-#endif
                 if (rctx->pad_mode == RSA_PKCS1_PADDING)
                         return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                                         sig, siglen, rsa);
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index b6f6037ae0..fa3239ab30 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
         const unsigned char *s = NULL;
         X509_ALGOR algor;
         ASN1_OCTET_STRING digest;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
         if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
                 {
                 return rsa->meth->rsa_sign(type, m, m_len,
@@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
         unsigned char *s;
         X509_SIG *sig=NULL;
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
-
         if (siglen != (unsigned int)RSA_size(rsa))
                 {
                 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
diff --git a/src/lib/libcrypto/seed/seed.c b/src/lib/libcrypto/seed/seed.c
index 3e675a8d75..934664ddb6 100644
--- a/src/lib/libcrypto/seed/seed.c
+++ b/src/lib/libcrypto/seed/seed.c
@@ -198,13 +198,6 @@ static const seed_word KC[] = {
         KC8,    KC9,    KC10,   KC11,   KC12,   KC13,   KC14,   KC15    };
 #endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(SEED);
-        private_SEED_set_key(rawkey, ks);
-        }
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-#endif
 {
         seed_word x1, x2, x3, x4;
         seed_word t0, t1;
diff --git a/src/lib/libcrypto/seed/seed.h b/src/lib/libcrypto/seed/seed.h
index c50fdd3607..6e2ade3fbb 100644
--- a/src/lib/libcrypto/seed/seed.h
+++ b/src/lib/libcrypto/seed/seed.h
@@ -116,9 +116,6 @@ typedef struct seed_key_st {
 #endif
 } SEED_KEY_SCHEDULE;
 
-#ifdef OPENSSL_FIPS
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
-#endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
 
 void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h
index 8a6bf4bbbb..7cbca26ff9 100644
--- a/src/lib/libcrypto/sha/sha.h
+++ b/src/lib/libcrypto/sha/sha.h
@@ -70,10 +70,6 @@ extern "C" {
 #error SHA is disabled.
 #endif
 
-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T size_t
-#endif
-
 /*
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
@@ -106,9 +102,6 @@ typedef struct SHAstate_st
         } SHA_CTX;
 
 #ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
@@ -116,9 +109,6 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
 #ifndef OPENSSL_NO_SHA1
-#ifdef OPENSSL_FIPS
-int private_SHA1_Init(SHA_CTX *c);
-#endif
 int SHA1_Init(SHA_CTX *c);
 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
@@ -141,10 +131,6 @@ typedef struct SHA256state_st
         } SHA256_CTX;
 
 #ifndef OPENSSL_NO_SHA256
-#ifdef OPENSSL_FIPS
-int private_SHA224_Init(SHA256_CTX *c);
-int private_SHA256_Init(SHA256_CTX *c);
-#endif
 int SHA224_Init(SHA256_CTX *c);
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@@ -192,10 +178,6 @@ typedef struct SHA512state_st
 #endif
 
 #ifndef OPENSSL_NO_SHA512
-#ifdef OPENSSL_FIPS
-int private_SHA384_Init(SHA512_CTX *c);
-int private_SHA512_Init(SHA512_CTX *c);
-#endif
 int SHA384_Init(SHA512_CTX *c);
 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
diff --git a/src/lib/libcrypto/whrlpool/whrlpool.h b/src/lib/libcrypto/whrlpool/whrlpool.h
index 9e01f5b076..03c91da115 100644
--- a/src/lib/libcrypto/whrlpool/whrlpool.h
+++ b/src/lib/libcrypto/whrlpool/whrlpool.h
@@ -24,9 +24,6 @@ typedef struct	{
         } WHIRLPOOL_CTX;
 
 #ifndef OPENSSL_NO_WHIRLPOOL
-#ifdef OPENSSL_FIPS
-int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
-#endif
 int WHIRLPOOL_Init      (WHIRLPOOL_CTX *c);
 int WHIRLPOOL_Update    (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);
diff --git a/src/lib/libssl/src/crypto/Makefile b/src/lib/libssl/src/crypto/Makefile
index 326915d520..5c02ba2844 100644
--- a/src/lib/libssl/src/crypto/Makefile
+++ b/src/lib/libssl/src/crypto/Makefile
@@ -35,9 +35,9 @@ GENERAL=Makefile README crypto-lib.com install.com
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
 LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
-        uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+        uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c
 LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
-        uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
+        uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o $(CPUID_OBJ)
 
 SRC= $(LIBSRC)
 
diff --git a/src/lib/libssl/src/crypto/aes/aes_misc.c b/src/lib/libssl/src/crypto/aes/aes_misc.c
index d666c06409..9380abc46c 100644
--- a/src/lib/libssl/src/crypto/aes/aes_misc.c
+++ b/src/lib/libssl/src/crypto/aes/aes_misc.c
@@ -71,9 +71,6 @@ int
 AES_set_encrypt_key(const unsigned char *userKey, const int bits,
     AES_KEY *key)
 {
-#ifdef OPENSSL_FIPS
-        fips_cipher_abort(AES);
-#endif
         return private_AES_set_encrypt_key(userKey, bits, key);
 }
 
@@ -81,8 +78,5 @@ int
 AES_set_decrypt_key(const unsigned char *userKey, const int bits,
     AES_KEY *key)
 {
-#ifdef OPENSSL_FIPS
-        fips_cipher_abort(AES);
-#endif
         return private_AES_set_decrypt_key(userKey, bits, key);
 }
diff --git a/src/lib/libssl/src/crypto/bf/bf_skey.c b/src/lib/libssl/src/crypto/bf/bf_skey.c
index 3b0bca41ae..d8e6287a32 100644
--- a/src/lib/libssl/src/crypto/bf/bf_skey.c
+++ b/src/lib/libssl/src/crypto/bf/bf_skey.c
@@ -64,13 +64,6 @@
 #include "bf_pi.h"
 
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(BLOWFISH);
-        private_BF_set_key(key, len, data);
-        }
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#endif
         {
         int i;
         BF_LONG *p,ri,in[2];
diff --git a/src/lib/libssl/src/crypto/bf/blowfish.h b/src/lib/libssl/src/crypto/bf/blowfish.h
index 4b6c8920a4..65685f478c 100644
--- a/src/lib/libssl/src/crypto/bf/blowfish.h
+++ b/src/lib/libssl/src/crypto/bf/blowfish.h
@@ -104,9 +104,6 @@ typedef struct bf_key_st
         BF_LONG S[4*256];
         } BF_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h
index 817c773b65..9194e86b39 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -479,10 +479,6 @@ extern "C" {
         }
 #endif /* !BN_LLONG */
 
-#if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
-#undef bn_div_words
-#endif
-
 void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
 void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
 void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
diff --git a/src/lib/libssl/src/crypto/camellia/camellia.h b/src/lib/libssl/src/crypto/camellia/camellia.h
index 67911e0adf..cf0457dd97 100644
--- a/src/lib/libssl/src/crypto/camellia/camellia.h
+++ b/src/lib/libssl/src/crypto/camellia/camellia.h
@@ -88,10 +88,6 @@ struct camellia_key_st
         };
 typedef struct camellia_key_st CAMELLIA_KEY;
 
-#ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
-        CAMELLIA_KEY *key);
-#endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key);
 
diff --git a/src/lib/libssl/src/crypto/camellia/cmll_utl.c b/src/lib/libssl/src/crypto/camellia/cmll_utl.c
index 7a35711ec1..b88a996a3f 100644
--- a/src/lib/libssl/src/crypto/camellia/cmll_utl.c
+++ b/src/lib/libssl/src/crypto/camellia/cmll_utl.c
@@ -57,8 +57,5 @@
 int Camellia_set_key(const unsigned char *userKey, const int bits,
         CAMELLIA_KEY *key)
         {
-#ifdef OPENSSL_FIPS
-        fips_cipher_abort(Camellia);
-#endif
         return private_Camellia_set_key(userKey, bits, key);
         }
diff --git a/src/lib/libssl/src/crypto/cast/c_skey.c b/src/lib/libssl/src/crypto/cast/c_skey.c
index cb6bf9fee3..54ea98cd0b 100644
--- a/src/lib/libssl/src/crypto/cast/c_skey.c
+++ b/src/lib/libssl/src/crypto/cast/c_skey.c
@@ -73,13 +73,6 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(CAST);
-        private_CAST_set_key(key, len, data);
-        }
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
-#endif
         {
         CAST_LONG x[16];
         CAST_LONG z[16];
diff --git a/src/lib/libssl/src/crypto/cast/cast.h b/src/lib/libssl/src/crypto/cast/cast.h
index 203922ea2b..8741532e9e 100644
--- a/src/lib/libssl/src/crypto/cast/cast.h
+++ b/src/lib/libssl/src/crypto/cast/cast.h
@@ -83,9 +83,6 @@ typedef struct cast_key_st
         int short_key;  /* Use reduced rounds for short key */
         } CAST_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
                       int enc);
diff --git a/src/lib/libssl/src/crypto/cmac/cmac.c b/src/lib/libssl/src/crypto/cmac/cmac.c
index 8b72b09681..f92a7bb143 100644
--- a/src/lib/libssl/src/crypto/cmac/cmac.c
+++ b/src/lib/libssl/src/crypto/cmac/cmac.c
@@ -57,10 +57,6 @@
 #include "cryptlib.h"
 #include <openssl/cmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 struct CMAC_CTX_st
         {
         /* Cipher context to use */
@@ -107,13 +103,6 @@ CMAC_CTX *CMAC_CTX_new(void)
 
 void CMAC_CTX_cleanup(CMAC_CTX *ctx)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->cctx.engine)
-                {
-                FIPS_cmac_ctx_cleanup(ctx);
-                return;
-                }
-#endif
         EVP_CIPHER_CTX_cleanup(&ctx->cctx);
         OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
         OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
@@ -153,24 +142,6 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
                         const EVP_CIPHER *cipher, ENGINE *impl)
         {
         static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                /* If we have an ENGINE need to allow non FIPS */
-                if ((impl || ctx->cctx.engine)
-                        && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-
-                        {
-                        EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
-                        return 0;
-                        }
-                /* Other algorithm blocking will be done in FIPS_cmac_init,
-                 * via FIPS_cipherinit().
-                 */
-                if (!impl && !ctx->cctx.engine)
-                        return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
-                }
-#endif
         /* All zeros means restart */
         if (!key && !cipher && !impl && keylen == 0)
                 {
@@ -216,10 +187,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
         {
         const unsigned char *data = in;
         size_t bl;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->cctx.engine)
-                return FIPS_cmac_update(ctx, in, dlen);
-#endif
+
         if (ctx->nlast_block == -1)
                 return 0;
         if (dlen == 0)
@@ -261,10 +229,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
         {
         int i, bl, lb;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->cctx.engine)
-                return FIPS_cmac_final(ctx, out, poutlen);
-#endif
+
         if (ctx->nlast_block == -1)
                 return 0;
         bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
index 351ccfd35b..56c5dfadb8 100644
--- a/src/lib/libssl/src/crypto/crypto.h
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -538,25 +538,9 @@ void OPENSSL_init(void);
 
 #define fips_md_init(alg) fips_md_init_ctx(alg, alg)
 
-#ifdef OPENSSL_FIPS
-#define fips_md_init_ctx(alg, cx) \
-        int alg##_Init(cx##_CTX *c) \
-        { \
-        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-                "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
-        return private_##alg##_Init(c); \
-        } \
-        int private_##alg##_Init(cx##_CTX *c)
-
-#define fips_cipher_abort(alg) \
-        if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-                "Low level API call to cipher " #alg " forbidden in FIPS mode!")
-
-#else
 #define fips_md_init_ctx(alg, cx) \
         int alg##_Init(cx##_CTX *c)
 #define fips_cipher_abort(alg) while(0)
-#endif
 
 /* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
  * takes an amount of time dependent on |len|, but independent of the contents
diff --git a/src/lib/libssl/src/crypto/des/des.h b/src/lib/libssl/src/crypto/des/des.h
index 1eaedcbd24..92b6663599 100644
--- a/src/lib/libssl/src/crypto/des/des.h
+++ b/src/lib/libssl/src/crypto/des/des.h
@@ -224,9 +224,6 @@ int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#ifdef OPENSSL_FIPS
-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#endif
 void DES_string_to_key(const char *str,DES_cblock *key);
 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c
index 99e3555ba9..e8dea50b96 100644
--- a/src/lib/libssl/src/crypto/des/set_key.c
+++ b/src/lib/libssl/src/crypto/des/set_key.c
@@ -336,13 +336,6 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
         }
 
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(DES);
-        private_DES_set_key_unchecked(key, schedule);
-        }
-void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#endif
         {
         static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
         register DES_LONG c,d,t,s,t2;
diff --git a/src/lib/libssl/src/crypto/dh/dh_gen.c b/src/lib/libssl/src/crypto/dh/dh_gen.c
index 7b1fe9c9cb..cfd5b11868 100644
--- a/src/lib/libssl/src/crypto/dh/dh_gen.c
+++ b/src/lib/libssl/src/crypto/dh/dh_gen.c
@@ -66,29 +66,12 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         if(ret->meth->generate_params)
                 return ret->meth->generate_params(ret, prime_len, generator, cb);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_dh_generate_parameters_ex(ret, prime_len,
-                                                        generator, cb);
-#endif
         return dh_builtin_genparams(ret, prime_len, generator, cb);
         }
 
diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c
index 89a74db4e6..9596270f7d 100644
--- a/src/lib/libssl/src/crypto/dh/dh_key.c
+++ b/src/lib/libssl/src/crypto/dh/dh_key.c
@@ -73,27 +73,11 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         return dh->meth->generate_key(dh);
         }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-                        && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-                {
-                DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
         return dh->meth->compute_key(key, pub_key, dh);
         }
 
diff --git a/src/lib/libssl/src/crypto/dh/dh_lib.c b/src/lib/libssl/src/crypto/dh/dh_lib.c
index 00218f2b92..a40caaf75b 100644
--- a/src/lib/libssl/src/crypto/dh/dh_lib.c
+++ b/src/lib/libssl/src/crypto/dh/dh_lib.c
@@ -64,10 +64,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
@@ -81,14 +77,7 @@ const DH_METHOD *DH_get_default_method(void)
         {
         if(!default_DH_method)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_dh_openssl();
-                else
-                        return DH_OpenSSL();
-#else
                 default_DH_method = DH_OpenSSL();
-#endif
                 }
         return default_DH_method;
         }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_gen.c b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
index c398761d0d..e6a5452016 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_gen.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
@@ -81,33 +81,13 @@
 #include <openssl/sha.h>
 #include "dsa_locl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                 const unsigned char *seed_in, int seed_len,
                 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-                return 0;
-                }
-#endif
         if(ret->meth->dsa_paramgen)
                 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                 counter_ret, h_ret, cb);
-#ifdef OPENSSL_FIPS
-        else if (FIPS_mode())
-                {
-                return FIPS_dsa_generate_parameters_ex(ret, bits, 
-                                                        seed_in, seed_len,
-                                                        counter_ret, h_ret, cb);
-                }
-#endif
         else
                 {
                 const EVP_MD *evpmd;
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_key.c b/src/lib/libssl/src/crypto/dsa/dsa_key.c
index 9cf669b921..c4aa86bc6d 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_key.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_key.c
@@ -64,28 +64,12 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-                return 0;
-                }
-#endif
         if(dsa->meth->dsa_keygen)
                 return dsa->meth->dsa_keygen(dsa);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_dsa_generate_key(dsa);
-#endif
         return dsa_builtin_keygen(dsa);
         }
 
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_lib.c b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
index 96d8d0c4b4..897c085968 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_lib.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_lib.c
@@ -70,10 +70,6 @@
 #include <openssl/dh.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
@@ -87,14 +83,7 @@ const DSA_METHOD *DSA_get_default_method(void)
         {
         if(!default_DSA_method)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_dsa_openssl();
-                else
-                        return DSA_OpenSSL();
-#else
                 default_DSA_method = DSA_OpenSSL();
-#endif
                 }
         return default_DSA_method;
         }
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_sign.c b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
index c3cc3642ce..e02365a8b1 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_sign.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_sign.c
@@ -65,27 +65,11 @@
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
-                return NULL;
-                }
-#endif
         return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
         }
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
-                return 0;
-                }
-#endif
         return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
         }
 
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
index 674cb5fa5f..286ed28cfa 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_vrf.c
@@ -64,13 +64,5 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                   DSA *dsa)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-                        && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-                {
-                DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_NON_FIPS_DSA_METHOD);
-                return -1;
-                }
-#endif
         return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
         }
diff --git a/src/lib/libssl/src/crypto/ec/ec2_smpl.c b/src/lib/libssl/src/crypto/ec/ec2_smpl.c
index e0e59c7d82..0cf681fa9d 100644
--- a/src/lib/libssl/src/crypto/ec/ec2_smpl.c
+++ b/src/lib/libssl/src/crypto/ec/ec2_smpl.c
@@ -73,16 +73,8 @@
 
 #ifndef OPENSSL_NO_EC2M
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
 const EC_METHOD *EC_GF2m_simple_method(void)
         {
-#ifdef OPENSSL_FIPS
-        return fips_ec_gf2m_simple_method();
-#else
         static const EC_METHOD ret = {
                 EC_FLAGS_DEFAULT_OCT,
                 NID_X9_62_characteristic_two_field,
@@ -126,7 +118,6 @@ const EC_METHOD *EC_GF2m_simple_method(void)
                 0 /* field_set_to_one */ };
 
         return &ret;
-#endif
         }
 
 
diff --git a/src/lib/libssl/src/crypto/ec/ec_key.c b/src/lib/libssl/src/crypto/ec/ec_key.c
index 7fa247593d..d528601036 100644
--- a/src/lib/libssl/src/crypto/ec/ec_key.c
+++ b/src/lib/libssl/src/crypto/ec/ec_key.c
@@ -64,9 +64,6 @@
 #include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 EC_KEY *EC_KEY_new(void)
         {
@@ -241,11 +238,6 @@ int EC_KEY_generate_key(EC_KEY *eckey)
         BIGNUM  *priv_key = NULL, *order = NULL;
         EC_POINT *pub_key = NULL;
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_ec_key_generate_key(eckey);
-#endif
-
         if (!eckey || !eckey->group)
                 {
                 ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
diff --git a/src/lib/libssl/src/crypto/ec/ecp_mont.c b/src/lib/libssl/src/crypto/ec/ecp_mont.c
index f04f132c7a..cee0fee12a 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_mont.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_mont.c
@@ -63,18 +63,11 @@
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 
 const EC_METHOD *EC_GFp_mont_method(void)
         {
-#ifdef OPENSSL_FIPS
-        return fips_ec_gfp_mont_method();
-#else
         static const EC_METHOD ret = {
                 EC_FLAGS_DEFAULT_OCT,
                 NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
                 ec_GFp_mont_field_set_to_one };
 
         return &ret;
-#endif
         }
 
 
diff --git a/src/lib/libssl/src/crypto/ec/ecp_nist.c b/src/lib/libssl/src/crypto/ec/ecp_nist.c
index aad2d5f443..ac5b814238 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_nist.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_nist.c
@@ -67,15 +67,8 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const EC_METHOD *EC_GFp_nist_method(void)
         {
-#ifdef OPENSSL_FIPS
-        return fips_ec_gfp_nist_method();
-#else
         static const EC_METHOD ret = {
                 EC_FLAGS_DEFAULT_OCT,
                 NID_X9_62_prime_field,
@@ -116,7 +109,6 @@ const EC_METHOD *EC_GFp_nist_method(void)
                 0 /* field_set_to_one */ };
 
         return &ret;
-#endif
         }
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
diff --git a/src/lib/libssl/src/crypto/ec/ecp_smpl.c b/src/lib/libssl/src/crypto/ec/ecp_smpl.c
index cd05fd1251..bf0ad998dd 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_smpl.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_smpl.c
@@ -64,17 +64,10 @@
 
 #include <openssl/err.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
         {
-#ifdef OPENSSL_FIPS
-        return fips_ec_gfp_simple_method();
-#else
         static const EC_METHOD ret = {
                 EC_FLAGS_DEFAULT_OCT,
                 NID_X9_62_prime_field,
@@ -115,7 +108,6 @@ const EC_METHOD *EC_GFp_simple_method(void)
                 0 /* field_set_to_one */ };
 
         return &ret;
-#endif
         }
 
 
diff --git a/src/lib/libssl/src/crypto/ecdh/ech_lib.c b/src/lib/libssl/src/crypto/ecdh/ech_lib.c
index 0644431b75..ddf226b166 100644
--- a/src/lib/libssl/src/crypto/ecdh/ech_lib.c
+++ b/src/lib/libssl/src/crypto/ecdh/ech_lib.c
@@ -73,9 +73,6 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 
@@ -94,14 +91,7 @@ const ECDH_METHOD *ECDH_get_default_method(void)
         {
         if(!default_ECDH_method) 
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_ecdh_openssl();
-                else
-                        return ECDH_OpenSSL();
-#else
                 default_ECDH_method = ECDH_OpenSSL();
-#endif
                 }
         return default_ECDH_method;
         }
@@ -234,15 +224,6 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
         }
         else
                 ecdh_data = (ECDH_DATA *)data;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
-                        && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-                {
-                ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
-                return NULL;
-                }
-#endif
-        
 
         return ecdh_data;
         }
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
index 814a6bf404..7b53969ffd 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
@@ -60,9 +60,6 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
 
@@ -81,14 +78,7 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
         if(!default_ECDSA_method) 
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_ecdsa_openssl();
-                else
-                        return ECDSA_OpenSSL();
-#else
                 default_ECDSA_method = ECDSA_OpenSSL();
-#endif
                 }
         return default_ECDSA_method;
 }
@@ -212,14 +202,6 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
         }
         else
                 ecdsa_data = (ECDSA_DATA *)data;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
-                        && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-                {
-                ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
-                return NULL;
-                }
-#endif
 
         return ecdsa_data;
 }
diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c
index 8eb547d98d..1c4eccd251 100644
--- a/src/lib/libssl/src/crypto/err/err_all.c
+++ b/src/lib/libssl/src/crypto/err/err_all.c
@@ -97,9 +97,6 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -155,9 +152,6 @@ void ERR_load_crypto_strings(void)
 #endif
         ERR_load_OCSP_strings();
         ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
-#endif
 #ifndef OPENSSL_NO_CMS
         ERR_load_CMS_strings();
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/Makefile b/src/lib/libssl/src/crypto/evp/Makefile
index 3982f49f81..f94a28d383 100644
--- a/src/lib/libssl/src/crypto/evp/Makefile
+++ b/src/lib/libssl/src/crypto/evp/Makefile
@@ -28,7 +28,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
         bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
         c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
         evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
+        e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
         e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 
 LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
@@ -41,7 +41,7 @@ LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
         bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
         c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
         evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
+        e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
         e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
 
 SRC= $(LIBSRC)
diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c
index d14e8e48d5..782d3199a5 100644
--- a/src/lib/libssl/src/crypto/evp/digest.c
+++ b/src/lib/libssl/src/crypto/evp/digest.c
@@ -117,10 +117,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
         {
         memset(ctx,'\0',sizeof *ctx);
@@ -229,26 +225,12 @@ skip_to_init:
                 }
         if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
                 return 1;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                if (FIPS_digestinit(ctx, type))
-                        return 1;
-                OPENSSL_free(ctx->md_data);
-                ctx->md_data = NULL;
-                return 0;
-                }
-#endif
         return ctx->digest->init(ctx);
         }
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
         {
-#ifdef OPENSSL_FIPS
-        return FIPS_digestupdate(ctx, data, count);
-#else
         return ctx->update(ctx,data,count);
-#endif
         }
 
 /* The caller can assume that this removes any secret data from the context */
@@ -263,9 +245,6 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         {
-#ifdef OPENSSL_FIPS
-        return FIPS_digestfinal(ctx, md, size);
-#else
         int ret;
 
         OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -279,7 +258,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                 }
         memset(ctx->md_data,0,ctx->digest->ctx_size);
         return ret;
-#endif
         }
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -376,7 +354,6 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
         {
-#ifndef OPENSSL_FIPS
         /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
          * because sometimes only copies of the context are ever finalised.
          */
@@ -389,7 +366,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                 OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                 OPENSSL_free(ctx->md_data);
                 }
-#endif
         if (ctx->pctx)
                 EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -398,9 +374,6 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                  * functional reference we held for this reason. */
                 ENGINE_finish(ctx->engine);
 #endif
-#ifdef OPENSSL_FIPS
-        FIPS_md_ctx_cleanup(ctx);
-#endif
         memset(ctx,'\0',sizeof *ctx);
 
         return 1;
diff --git a/src/lib/libssl/src/crypto/evp/e_null.c b/src/lib/libssl/src/crypto/evp/e_null.c
index f0c1f78b5f..98a78499f9 100644
--- a/src/lib/libssl/src/crypto/evp/e_null.c
+++ b/src/lib/libssl/src/crypto/evp/e_null.c
@@ -61,8 +61,6 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
-#ifndef OPENSSL_FIPS
-
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -101,4 +99,3 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 memcpy((char *)out,(const char *)in,inl);
         return 1;
         }
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c
index 0c54f05e6e..50403a7578 100644
--- a/src/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/src/lib/libssl/src/crypto/evp/evp_enc.c
@@ -64,17 +64,9 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
 
-#ifdef OPENSSL_FIPS
-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
 #define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-#endif
-
 
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 
@@ -169,10 +161,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                         ctx->engine = NULL;
 #endif
 
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
                 ctx->cipher=cipher;
                 if (ctx->cipher->ctx_size)
                         {
@@ -206,10 +194,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
 #endif
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
         /* we assume block size is a power of 2 in *cryptUpdate */
         OPENSSL_assert(ctx->cipher->block_size == 1
             || ctx->cipher->block_size == 8
@@ -568,7 +552,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
         {
-#ifndef OPENSSL_FIPS
         if (c->cipher != NULL)
                 {
                 if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -579,16 +562,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                 }
         if (c->cipher_data)
                 OPENSSL_free(c->cipher_data);
-#endif
 #ifndef OPENSSL_NO_ENGINE
         if (c->engine)
                 /* The EVP_CIPHER we used belongs to an ENGINE, release the
                  * functional reference we held for this reason. */
                 ENGINE_finish(c->engine);
 #endif
-#ifdef OPENSSL_FIPS
-        FIPS_cipher_ctx_cleanup(c);
-#endif
         memset(c,0,sizeof(EVP_CIPHER_CTX));
         return 1;
         }
diff --git a/src/lib/libssl/src/crypto/evp/evp_fips.c b/src/lib/libssl/src/crypto/evp/evp_fips.c
deleted file mode 100644
index cb7f4fc0fa..0000000000
--- a/src/lib/libssl/src/crypto/evp/evp_fips.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/evp/evp_fips.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#include <openssl/evp.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-
-const EVP_CIPHER *EVP_aes_128_cbc(void)  { return FIPS_evp_aes_128_cbc(); }
-const EVP_CIPHER *EVP_aes_128_ccm(void)  { return FIPS_evp_aes_128_ccm(); }
-const EVP_CIPHER *EVP_aes_128_cfb1(void)  { return FIPS_evp_aes_128_cfb1(); }
-const EVP_CIPHER *EVP_aes_128_cfb128(void)  { return FIPS_evp_aes_128_cfb128(); }
-const EVP_CIPHER *EVP_aes_128_cfb8(void)  { return FIPS_evp_aes_128_cfb8(); }
-const EVP_CIPHER *EVP_aes_128_ctr(void)  { return FIPS_evp_aes_128_ctr(); }
-const EVP_CIPHER *EVP_aes_128_ecb(void)  { return FIPS_evp_aes_128_ecb(); }
-const EVP_CIPHER *EVP_aes_128_gcm(void)  { return FIPS_evp_aes_128_gcm(); }
-const EVP_CIPHER *EVP_aes_128_ofb(void)  { return FIPS_evp_aes_128_ofb(); }
-const EVP_CIPHER *EVP_aes_128_xts(void)  { return FIPS_evp_aes_128_xts(); }
-const EVP_CIPHER *EVP_aes_192_cbc(void)  { return FIPS_evp_aes_192_cbc(); }
-const EVP_CIPHER *EVP_aes_192_ccm(void)  { return FIPS_evp_aes_192_ccm(); }
-const EVP_CIPHER *EVP_aes_192_cfb1(void)  { return FIPS_evp_aes_192_cfb1(); }
-const EVP_CIPHER *EVP_aes_192_cfb128(void)  { return FIPS_evp_aes_192_cfb128(); }
-const EVP_CIPHER *EVP_aes_192_cfb8(void)  { return FIPS_evp_aes_192_cfb8(); }
-const EVP_CIPHER *EVP_aes_192_ctr(void)  { return FIPS_evp_aes_192_ctr(); }
-const EVP_CIPHER *EVP_aes_192_ecb(void)  { return FIPS_evp_aes_192_ecb(); }
-const EVP_CIPHER *EVP_aes_192_gcm(void)  { return FIPS_evp_aes_192_gcm(); }
-const EVP_CIPHER *EVP_aes_192_ofb(void)  { return FIPS_evp_aes_192_ofb(); }
-const EVP_CIPHER *EVP_aes_256_cbc(void)  { return FIPS_evp_aes_256_cbc(); }
-const EVP_CIPHER *EVP_aes_256_ccm(void)  { return FIPS_evp_aes_256_ccm(); }
-const EVP_CIPHER *EVP_aes_256_cfb1(void)  { return FIPS_evp_aes_256_cfb1(); }
-const EVP_CIPHER *EVP_aes_256_cfb128(void)  { return FIPS_evp_aes_256_cfb128(); }
-const EVP_CIPHER *EVP_aes_256_cfb8(void)  { return FIPS_evp_aes_256_cfb8(); }
-const EVP_CIPHER *EVP_aes_256_ctr(void)  { return FIPS_evp_aes_256_ctr(); }
-const EVP_CIPHER *EVP_aes_256_ecb(void)  { return FIPS_evp_aes_256_ecb(); }
-const EVP_CIPHER *EVP_aes_256_gcm(void)  { return FIPS_evp_aes_256_gcm(); }
-const EVP_CIPHER *EVP_aes_256_ofb(void)  { return FIPS_evp_aes_256_ofb(); }
-const EVP_CIPHER *EVP_aes_256_xts(void)  { return FIPS_evp_aes_256_xts(); }
-const EVP_CIPHER *EVP_des_ede(void)  { return FIPS_evp_des_ede(); }
-const EVP_CIPHER *EVP_des_ede3(void)  { return FIPS_evp_des_ede3(); }
-const EVP_CIPHER *EVP_des_ede3_cbc(void)  { return FIPS_evp_des_ede3_cbc(); }
-const EVP_CIPHER *EVP_des_ede3_cfb1(void)  { return FIPS_evp_des_ede3_cfb1(); }
-const EVP_CIPHER *EVP_des_ede3_cfb64(void)  { return FIPS_evp_des_ede3_cfb64(); }
-const EVP_CIPHER *EVP_des_ede3_cfb8(void)  { return FIPS_evp_des_ede3_cfb8(); }
-const EVP_CIPHER *EVP_des_ede3_ecb(void)  { return FIPS_evp_des_ede3_ecb(); }
-const EVP_CIPHER *EVP_des_ede3_ofb(void)  { return FIPS_evp_des_ede3_ofb(); }
-const EVP_CIPHER *EVP_des_ede_cbc(void)  { return FIPS_evp_des_ede_cbc(); }
-const EVP_CIPHER *EVP_des_ede_cfb64(void)  { return FIPS_evp_des_ede_cfb64(); }
-const EVP_CIPHER *EVP_des_ede_ecb(void)  { return FIPS_evp_des_ede_ecb(); }
-const EVP_CIPHER *EVP_des_ede_ofb(void)  { return FIPS_evp_des_ede_ofb(); }
-const EVP_CIPHER *EVP_enc_null(void)  { return FIPS_evp_enc_null(); }
-
-const EVP_MD *EVP_sha1(void)  { return FIPS_evp_sha1(); }
-const EVP_MD *EVP_sha224(void)  { return FIPS_evp_sha224(); }
-const EVP_MD *EVP_sha256(void)  { return FIPS_evp_sha256(); }
-const EVP_MD *EVP_sha384(void)  { return FIPS_evp_sha384(); }
-const EVP_MD *EVP_sha512(void)  { return FIPS_evp_sha512(); }
-
-const EVP_MD *EVP_dss(void)  { return FIPS_evp_dss(); }
-const EVP_MD *EVP_dss1(void)  { return FIPS_evp_dss1(); }
-const EVP_MD *EVP_ecdsa(void)  { return FIPS_evp_ecdsa(); }
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/evp_locl.h b/src/lib/libssl/src/crypto/evp/evp_locl.h
index 08c0a66d39..9e71f39a47 100644
--- a/src/lib/libssl/src/crypto/evp/evp_locl.h
+++ b/src/lib/libssl/src/crypto/evp/evp_locl.h
@@ -347,39 +347,3 @@ void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                              ASN1_TYPE *param,
                              const EVP_CIPHER *c, const EVP_MD *md, int en_de);
-
-#ifdef OPENSSL_FIPS
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-#undef SHA1_Init
-#undef SHA1_Update
-#undef SHA224_Init
-#undef SHA256_Init
-#undef SHA384_Init
-#undef SHA512_Init
-#undef DES_set_key_unchecked
-#endif
-
-#define RIPEMD160_Init  private_RIPEMD160_Init
-#define WHIRLPOOL_Init  private_WHIRLPOOL_Init
-#define MD5_Init        private_MD5_Init
-#define MD4_Init        private_MD4_Init
-#define MD2_Init        private_MD2_Init
-#define MDC2_Init       private_MDC2_Init
-#define SHA_Init        private_SHA_Init
-#define SHA1_Init       private_SHA1_Init
-#define SHA224_Init     private_SHA224_Init
-#define SHA256_Init     private_SHA256_Init
-#define SHA384_Init     private_SHA384_Init
-#define SHA512_Init     private_SHA512_Init
-
-#define BF_set_key      private_BF_set_key
-#define CAST_set_key    private_CAST_set_key
-#define idea_set_encrypt_key    private_idea_set_encrypt_key
-#define SEED_set_key    private_SEED_set_key
-#define RC2_set_key     private_RC2_set_key
-#define RC4_set_key     private_RC4_set_key
-#define DES_set_key_unchecked   private_DES_set_key_unchecked
-#define Camellia_set_key        private_Camellia_set_key
-
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/m_dss.c b/src/lib/libssl/src/crypto/evp/m_dss.c
index 6fb7e9a861..89ea5b7a6d 100644
--- a/src/lib/libssl/src/crypto/evp/m_dss.c
+++ b/src/lib/libssl/src/crypto/evp/m_dss.c
@@ -66,7 +66,6 @@
 #endif
 
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
         { return SHA1_Init(ctx->md_data); }
@@ -98,4 +97,3 @@ const EVP_MD *EVP_dss(void)
         return(&dsa_md);
         }
 #endif
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/m_dss1.c b/src/lib/libssl/src/crypto/evp/m_dss1.c
index 2df362a670..a010103b7a 100644
--- a/src/lib/libssl/src/crypto/evp/m_dss1.c
+++ b/src/lib/libssl/src/crypto/evp/m_dss1.c
@@ -68,8 +68,6 @@
 #include <openssl/dsa.h>
 #endif
 
-#ifndef OPENSSL_FIPS 
-
 static int init(EVP_MD_CTX *ctx)
         { return SHA1_Init(ctx->md_data); }
 
@@ -100,4 +98,3 @@ const EVP_MD *EVP_dss1(void)
         return(&dss1_md);
         }
 #endif
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/m_ecdsa.c b/src/lib/libssl/src/crypto/evp/m_ecdsa.c
index 4b15fb0f6c..a6ed24b0b6 100644
--- a/src/lib/libssl/src/crypto/evp/m_ecdsa.c
+++ b/src/lib/libssl/src/crypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
 #include <openssl/x509.h>
 
 #ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
         { return SHA1_Init(ctx->md_data); }
@@ -148,4 +147,3 @@ const EVP_MD *EVP_ecdsa(void)
         return(&ecdsa_md);
         }
 #endif
-#endif
diff --git a/src/lib/libssl/src/crypto/evp/m_sha1.c b/src/lib/libssl/src/crypto/evp/m_sha1.c
index bd0c01ad3c..f39ae77925 100644
--- a/src/lib/libssl/src/crypto/evp/m_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/m_sha1.c
@@ -59,8 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 
-#ifndef OPENSSL_FIPS
-
 #ifndef OPENSSL_NO_SHA
 
 #include <openssl/evp.h>
@@ -205,5 +203,3 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
         { return(&sha512_md); }
 #endif  /* ifndef OPENSSL_NO_SHA512 */
-
-#endif
diff --git a/src/lib/libssl/src/crypto/fips_ers.c b/src/lib/libssl/src/crypto/fips_ers.c
deleted file mode 100644
index 1788ed2884..0000000000
--- a/src/lib/libssl/src/crypto/fips_ers.c
+++ /dev/null
@@ -1,7 +0,0 @@
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-# include "fips_err.h"
-#else
-static void *dummy = &dummy;
-#endif
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c
index ba27cbf56f..6c98fc43a3 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.c
+++ b/src/lib/libssl/src/crypto/hmac/hmac.c
@@ -61,34 +61,12 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                   const EVP_MD *md, ENGINE *impl)
         {
         int i,j,reset=0;
         unsigned char pad[HMAC_MAX_MD_CBLOCK];
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                {
-                /* If we have an ENGINE need to allow non FIPS */
-                if ((impl || ctx->i_ctx.engine)
-                        &&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-                        {
-                        EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
-                        return 0;
-                        }
-                /* Other algorithm blocking will be done in FIPS_cmac_init,
-                 * via FIPS_hmac_init_ex().
-                 */
-                if (!impl && !ctx->i_ctx.engine)
-                        return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
-                }
-#endif
-
         if (md != NULL)
                 {
                 reset=1;
@@ -155,10 +133,6 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                return FIPS_hmac_update(ctx, data, len);
-#endif
         return EVP_DigestUpdate(&ctx->md_ctx,data,len);
         }
 
@@ -166,10 +140,6 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
         {
         unsigned int i;
         unsigned char buf[EVP_MAX_MD_SIZE];
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                return FIPS_hmac_final(ctx, md, len);
-#endif
 
         if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
                 goto err;
@@ -209,13 +179,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !ctx->i_ctx.engine)
-                {
-                FIPS_hmac_ctx_cleanup(ctx);
-                return;
-                }
-#endif
         EVP_MD_CTX_cleanup(&ctx->i_ctx);
         EVP_MD_CTX_cleanup(&ctx->o_ctx);
         EVP_MD_CTX_cleanup(&ctx->md_ctx);
diff --git a/src/lib/libssl/src/crypto/idea/i_skey.c b/src/lib/libssl/src/crypto/idea/i_skey.c
index afb830964d..244562e690 100644
--- a/src/lib/libssl/src/crypto/idea/i_skey.c
+++ b/src/lib/libssl/src/crypto/idea/i_skey.c
@@ -62,13 +62,6 @@
 
 static IDEA_INT inverse(unsigned int xin);
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(IDEA);
-        private_idea_set_encrypt_key(key, ks);
-        }
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#endif
         {
         int i;
         register IDEA_INT *kt,*kf,r0,r1,r2;
diff --git a/src/lib/libssl/src/crypto/idea/idea.h b/src/lib/libssl/src/crypto/idea/idea.h
index e9a1e7f1a5..5782e54b0f 100644
--- a/src/lib/libssl/src/crypto/idea/idea.h
+++ b/src/lib/libssl/src/crypto/idea/idea.h
@@ -83,9 +83,6 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
         IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/src/lib/libssl/src/crypto/md2/md2.h b/src/lib/libssl/src/crypto/md2/md2.h
index d59c9f2593..a46120e7d4 100644
--- a/src/lib/libssl/src/crypto/md2/md2.h
+++ b/src/lib/libssl/src/crypto/md2/md2.h
@@ -81,9 +81,6 @@ typedef struct MD2state_st
         } MD2_CTX;
 
 const char *MD2_options(void);
-#ifdef OPENSSL_FIPS
-int private_MD2_Init(MD2_CTX *c);
-#endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);
diff --git a/src/lib/libssl/src/crypto/md4/md4.h b/src/lib/libssl/src/crypto/md4/md4.h
index a55368a790..c3ed9b3f75 100644
--- a/src/lib/libssl/src/crypto/md4/md4.h
+++ b/src/lib/libssl/src/crypto/md4/md4.h
@@ -105,9 +105,6 @@ typedef struct MD4state_st
         unsigned int num;
         } MD4_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);
diff --git a/src/lib/libssl/src/crypto/md5/md5.h b/src/lib/libssl/src/crypto/md5/md5.h
index 541cc925fe..4cbf84386b 100644
--- a/src/lib/libssl/src/crypto/md5/md5.h
+++ b/src/lib/libssl/src/crypto/md5/md5.h
@@ -105,9 +105,6 @@ typedef struct MD5state_st
         unsigned int num;
         } MD5_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2.h b/src/lib/libssl/src/crypto/mdc2/mdc2.h
index f3e8e579d2..72778a5212 100644
--- a/src/lib/libssl/src/crypto/mdc2/mdc2.h
+++ b/src/lib/libssl/src/crypto/mdc2/mdc2.h
@@ -81,9 +81,6 @@ typedef struct mdc2_ctx_st
         } MDC2_CTX;
 
 
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);
diff --git a/src/lib/libssl/src/crypto/o_fips.c b/src/lib/libssl/src/crypto/o_fips.c
index 9c185cfb18..43312ae23f 100644
--- a/src/lib/libssl/src/crypto/o_fips.c
+++ b/src/lib/libssl/src/crypto/o_fips.c
@@ -56,42 +56,20 @@
  */
 
 #include "cryptlib.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/rand.h>
-#endif
 
 int
 FIPS_mode(void)
 {
         OPENSSL_init();
-#ifdef OPENSSL_FIPS
-        return FIPS_module_mode();
-#else
         return 0;
-#endif
 }
 
 int
 FIPS_mode_set(int r)
 {
         OPENSSL_init();
-#ifdef OPENSSL_FIPS
-#ifndef FIPS_AUTH_USER_PASS
-#define FIPS_AUTH_USER_PASS     "Default FIPS Crypto User Password"
-#endif
-        if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
-                return 0;
-        if (r)
-                RAND_set_rand_method(FIPS_rand_get_method());
-        else
-                RAND_set_rand_method(NULL);
-        return 1;
-#else
         if (r == 0)
                 return 1;
         CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
         return 0;
-#endif
 }
diff --git a/src/lib/libssl/src/crypto/o_init.c b/src/lib/libssl/src/crypto/o_init.c
index 07c8e0d694..5e905d9315 100644
--- a/src/lib/libssl/src/crypto/o_init.c
+++ b/src/lib/libssl/src/crypto/o_init.c
@@ -54,10 +54,6 @@
 
 #include <e_os.h>
 #include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#endif
 
 /* Perform any essential OpenSSL initialization operations.
  * Currently only sets FIPS callbacks
@@ -70,12 +66,6 @@ OPENSSL_init(void)
         if (done)
                 return;
         done = 1;
-#ifdef OPENSSL_FIPS
-        FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
-        FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-        FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
-        RAND_init_fips();
-#endif
 #if 0
         fprintf(stderr, "Called OPENSSL_init\n");
 #endif
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index ebe7180723..7ba6281f28 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -26,11 +26,7 @@
  *  major minor fix final patch/beta)
  */
 #define OPENSSL_VERSION_NUMBER  0x1000107fL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g-fips 7 Apr 2014"
-#else
 #define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g 7 Apr 2014"
-#endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
 
diff --git a/src/lib/libssl/src/crypto/pem/pem_all.c b/src/lib/libssl/src/crypto/pem/pem_all.c
index eac0460e3e..6ff6be7fbe 100644
--- a/src/lib/libssl/src/crypto/pem/pem_all.c
+++ b/src/lib/libssl/src/crypto/pem/pem_all.c
@@ -193,61 +193,8 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_RSA(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
-                                        PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-
-                EVP_PKEY_set1_RSA(k, x);
-
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
-                                        PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -277,59 +224,8 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
         return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_DSA(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
-                                        PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_DSA(k, x);
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
-                                        PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -377,61 +273,8 @@ IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKPa
 
 
 
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_EC_KEY(k, x);
-
-                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
-                                                PEM_STRING_ECPRIVATEKEY,
-                                                bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-        if (FIPS_mode())
-                {
-                EVP_PKEY *k;
-                int ret;
-                k = EVP_PKEY_new();
-                if (!k)
-                        return 0;
-                EVP_PKEY_set1_EC_KEY(k, x);
-                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EVP_PKEY_free(k);
-                return ret;
-                }
-        else
-                return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
-                                                PEM_STRING_ECPRIVATEKEY,
-                                                fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
-#endif
-
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
index a34915d02d..0c5e8dc992 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -91,11 +91,6 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
         /* Set defaults */
         if (!nid_cert)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-                else
-#endif
                 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
                 }
         if (!nid_key)
diff --git a/src/lib/libssl/src/crypto/rc2/rc2.h b/src/lib/libssl/src/crypto/rc2/rc2.h
index e542ec94ff..4c737f5b90 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2.h
+++ b/src/lib/libssl/src/crypto/rc2/rc2.h
@@ -79,9 +79,6 @@ typedef struct rc2_key_st
         RC2_INT data[64];
         } RC2_KEY;
 
-#ifdef OPENSSL_FIPS 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                      int enc);
diff --git a/src/lib/libssl/src/crypto/rc2/rc2_skey.c b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
index 6668ac011f..26b8dd63f6 100644
--- a/src/lib/libssl/src/crypto/rc2/rc2_skey.c
+++ b/src/lib/libssl/src/crypto/rc2/rc2_skey.c
@@ -96,13 +96,6 @@ static const unsigned char key_table[256]={
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(RC2);
-        private_RC2_set_key(key, len, data, bits);
-        }
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
         {
         int i,j;
         unsigned char *k;
diff --git a/src/lib/libssl/src/crypto/rc4/rc4_utl.c b/src/lib/libssl/src/crypto/rc4/rc4_utl.c
index ab3f02fe6a..bd39a76543 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4_utl.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4_utl.c
@@ -55,8 +55,5 @@
 
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
         {
-#ifdef OPENSSL_FIPS
-        fips_cipher_abort(RC4);
-#endif
         private_RC4_set_key(key, len, data);
         }
diff --git a/src/lib/libssl/src/crypto/ripemd/ripemd.h b/src/lib/libssl/src/crypto/ripemd/ripemd.h
index 189bd8c90e..5942eb6180 100644
--- a/src/lib/libssl/src/crypto/ripemd/ripemd.h
+++ b/src/lib/libssl/src/crypto/ripemd/ripemd.h
@@ -91,9 +91,6 @@ typedef struct RIPEMD160state_st
         unsigned int   num;
         } RIPEMD160_CTX;
 
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_crpt.c b/src/lib/libssl/src/crypto/rsa/rsa_crpt.c
index d3e44785dc..7750366613 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_crpt.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_crpt.c
@@ -75,56 +75,24 @@ int RSA_size(const RSA *r)
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-                return -1;
-                }
-#endif
         return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
         }
 
 int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-                return -1;
-                }
-#endif
         return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
         }
 
 int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-                return -1;
-                }
-#endif
         return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
         }
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
              RSA *rsa, int padding)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-                return -1;
-                }
-#endif
         return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
         }
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
index 42290cce66..767f7ab682 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -67,9 +67,6 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
@@ -80,20 +77,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
         if(rsa->meth->rsa_keygen)
                 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode())
-                return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
-#endif
         return rsa_builtin_keygen(rsa, bits, e_value, cb);
         }
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index c95ceafc82..9e3f7dafcd 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -67,10 +67,6 @@
 #include <openssl/engine.h>
 #endif
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
 const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -91,18 +87,11 @@ const RSA_METHOD *RSA_get_default_method(void)
         {
         if (default_RSA_meth == NULL)
                 {
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return FIPS_rsa_pkcs1_ssleay();
-                else
-                        return RSA_PKCS1_SSLeay();
-#else
 #ifdef RSA_NULL
                 default_RSA_meth=RSA_null_method();
 #else
                 default_RSA_meth=RSA_PKCS1_SSLeay();
 #endif
-#endif
                 }
 
         return default_RSA_meth;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 157aa5c41d..d706d35ff6 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -66,9 +66,6 @@
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 #include "evp_locl.h"
 #include "rsa_locl.h"
 
@@ -156,32 +153,6 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
                 OPENSSL_free(rctx);
                 }
         }
-#ifdef OPENSSL_FIPS
-/* FIP checker. Return value indicates status of context parameters:
- * 1  : redirect to FIPS.
- * 0  : don't redirect to FIPS.
- * -1 : illegal operation in FIPS mode.
- */
-
-static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
-        {
-        RSA_PKEY_CTX *rctx = ctx->data;
-        RSA *rsa = ctx->pkey->pkey.rsa;
-        int rv = -1;
-        if (!FIPS_mode())
-                return 0;
-        if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-                rv = 0;
-        if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
-                return -1;
-        if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
-                return rv;
-        if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
-                return rv;
-        return 1;
-        }
-#endif
-
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                         const unsigned char *tbs, size_t tbslen)
         {
@@ -189,15 +160,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
         RSA_PKEY_CTX *rctx = ctx->data;
         RSA *rsa = ctx->pkey->pkey.rsa;
 
-#ifdef OPENSSL_FIPS
-        ret = pkey_fips_check_ctx(ctx);
-        if (ret < 0)
-                {
-                RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return -1;
-                }
-#endif
-
         if (rctx->md)
                 {
                 if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -206,22 +168,6 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                         RSA_R_INVALID_DIGEST_LENGTH);
                         return -1;
                         }
-#ifdef OPENSSL_FIPS
-                if (ret > 0)
-                        {
-                        unsigned int slen;
-                        ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
-                                                        rctx->pad_mode,
-                                                        rctx->saltlen,
-                                                        rctx->mgf1md,
-                                                        sig, &slen);
-                        if (ret > 0)
-                                *siglen = slen;
-                        else
-                                *siglen = 0;
-                        return ret;
-                        }
-#endif
 
                 if (EVP_MD_type(rctx->md) == NID_mdc2)
                         {
@@ -343,30 +289,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
         RSA_PKEY_CTX *rctx = ctx->data;
         RSA *rsa = ctx->pkey->pkey.rsa;
         size_t rslen;
-#ifdef OPENSSL_FIPS
-        int rv;
-        rv = pkey_fips_check_ctx(ctx);
-        if (rv < 0)
-                {
-                RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-                return -1;
-                }
-#endif
         if (rctx->md)
                 {
-#ifdef OPENSSL_FIPS
-                if (rv > 0)
-                        {
-                        return FIPS_rsa_verify_digest(rsa,
-                                                        tbs, tbslen,
-                                                        rctx->md,
-                                                        rctx->pad_mode,
-                                                        rctx->saltlen,
-                                                        rctx->mgf1md,
-                                                        sig, siglen);
-                                                        
-                        }
-#endif
                 if (rctx->pad_mode == RSA_PKCS1_PADDING)
                         return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                                         sig, siglen, rsa);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index b6f6037ae0..fa3239ab30 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
         const unsigned char *s = NULL;
         X509_ALGOR algor;
         ASN1_OCTET_STRING digest;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
         if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
                 {
                 return rsa->meth->rsa_sign(type, m, m_len,
@@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
         unsigned char *s;
         X509_SIG *sig=NULL;
 
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
-
         if (siglen != (unsigned int)RSA_size(rsa))
                 {
                 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
diff --git a/src/lib/libssl/src/crypto/seed/seed.c b/src/lib/libssl/src/crypto/seed/seed.c
index 3e675a8d75..934664ddb6 100644
--- a/src/lib/libssl/src/crypto/seed/seed.c
+++ b/src/lib/libssl/src/crypto/seed/seed.c
@@ -198,13 +198,6 @@ static const seed_word KC[] = {
         KC8,    KC9,    KC10,   KC11,   KC12,   KC13,   KC14,   KC15    };
 #endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-#ifdef OPENSSL_FIPS
-        {
-        fips_cipher_abort(SEED);
-        private_SEED_set_key(rawkey, ks);
-        }
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-#endif
 {
         seed_word x1, x2, x3, x4;
         seed_word t0, t1;
diff --git a/src/lib/libssl/src/crypto/seed/seed.h b/src/lib/libssl/src/crypto/seed/seed.h
index c50fdd3607..6e2ade3fbb 100644
--- a/src/lib/libssl/src/crypto/seed/seed.h
+++ b/src/lib/libssl/src/crypto/seed/seed.h
@@ -116,9 +116,6 @@ typedef struct seed_key_st {
 #endif
 } SEED_KEY_SCHEDULE;
 
-#ifdef OPENSSL_FIPS
-void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
-#endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
 
 void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
diff --git a/src/lib/libssl/src/crypto/sha/sha.h b/src/lib/libssl/src/crypto/sha/sha.h
index 8a6bf4bbbb..7cbca26ff9 100644
--- a/src/lib/libssl/src/crypto/sha/sha.h
+++ b/src/lib/libssl/src/crypto/sha/sha.h
@@ -70,10 +70,6 @@ extern "C" {
 #error SHA is disabled.
 #endif
 
-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T size_t
-#endif
-
 /*
  * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
@@ -106,9 +102,6 @@ typedef struct SHAstate_st
         } SHA_CTX;
 
 #ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
@@ -116,9 +109,6 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
 #ifndef OPENSSL_NO_SHA1
-#ifdef OPENSSL_FIPS
-int private_SHA1_Init(SHA_CTX *c);
-#endif
 int SHA1_Init(SHA_CTX *c);
 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
@@ -141,10 +131,6 @@ typedef struct SHA256state_st
         } SHA256_CTX;
 
 #ifndef OPENSSL_NO_SHA256
-#ifdef OPENSSL_FIPS
-int private_SHA224_Init(SHA256_CTX *c);
-int private_SHA256_Init(SHA256_CTX *c);
-#endif
 int SHA224_Init(SHA256_CTX *c);
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@@ -192,10 +178,6 @@ typedef struct SHA512state_st
 #endif
 
 #ifndef OPENSSL_NO_SHA512
-#ifdef OPENSSL_FIPS
-int private_SHA384_Init(SHA512_CTX *c);
-int private_SHA512_Init(SHA512_CTX *c);
-#endif
 int SHA384_Init(SHA512_CTX *c);
 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
diff --git a/src/lib/libssl/src/crypto/whrlpool/whrlpool.h b/src/lib/libssl/src/crypto/whrlpool/whrlpool.h
index 9e01f5b076..03c91da115 100644
--- a/src/lib/libssl/src/crypto/whrlpool/whrlpool.h
+++ b/src/lib/libssl/src/crypto/whrlpool/whrlpool.h
@@ -24,9 +24,6 @@ typedef struct	{
         } WHIRLPOOL_CTX;
 
 #ifndef OPENSSL_NO_WHIRLPOOL
-#ifdef OPENSSL_FIPS
-int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
-#endif
 int WHIRLPOOL_Init      (WHIRLPOOL_CTX *c);
 int WHIRLPOOL_Update    (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);