diff --git a/CHANGES b/CHANGES
index e1cbe370c1b7e8bb7900f51eacff134a7474e566..6b803975eab22dd01a3f914f2f8a3438e9ad1ef7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Modify fipscanisteronly build option to only build the necessary object
+     files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile.
+     [Steve Henson]
+
   *) Add experimental option FIPSSYMS to give all symbols in
      fipscanister.o and FIPS or fips prefix. This will avoid
      conflicts with future versions of OpenSSL. Add perl script
diff --git a/Makefile.fips b/Makefile.fips
index f8307cbf692010fb55eb6f20bddf3b2c4d7ad440..929fa95c502bf2c43f4e739742f41c754c92008f 100644
--- a/Makefile.fips
+++ b/Makefile.fips
@@ -147,8 +147,8 @@ SHLIBDIRS= crypto
 # dirs in crypto to build
 SDIRS=  \
 	sha hmac des aes modes \
-	bn ec rsa dsa ecdsa dh ecdh \
-	buffer rand evp cmac
+	bn ec rsa dsa ecdsa dh \
+	buffer rand evp # ecdh cmac
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 
@@ -372,7 +372,7 @@ build_crypto:
 	else \
 		AS='$(CC) -c' ; \
 	fi ; export AS ; \
-		dir=crypto; target=all; $(BUILD_ONE_CMD)
+		dir=crypto; target=fips; $(BUILD_ONE_CMD)
 build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
 build_engines:
diff --git a/crypto/Makefile b/crypto/Makefile
index 4147d2d6384c883b1a9d38e4432c25ddd30b9fe3..eb066f03a540a6122c910278fcdc2d871ffad9dd 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -50,6 +50,13 @@ top:
 
 all: shared
 
+fips: cryptlib.o thr_id.o uid.o $(CPUID_OBJ)
+	[ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
+		    ( obj=`$(PERL) $(TOP)/util/fipsobj.pl $$i` && \
+			cd $$i && echo "making fips in $(DIR)/$$i..." && \
+		    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$obj ) || exit 1; \
+		done;
+
 buildinf.h: ../Makefile
 	( echo "#ifndef MK1MF_BUILD"; \
 	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
diff --git a/util/fipsobj.pl b/util/fipsobj.pl
new file mode 100644
index 0000000000000000000000000000000000000000..09fe34a244fcee5eb8507a193b2e984e54f0fc71
--- /dev/null
+++ b/util/fipsobj.pl
@@ -0,0 +1,31 @@
+
+# Filter script. Take all FIPS object files from the environment
+# and print out only those in the given directory.
+
+my $dir = $ARGV[0];
+
+my $asmobjs = "";
+
+# Add any needed assembly languagr files.
+
+$asmobjs = $ENV{AES_ENC} if $dir eq "aes";
+$asmobjs = $ENV{BN_ASM} if $dir eq "bn";
+$asmobjs = $ENV{DES_ENC} if $dir eq "des";
+$asmobjs = $ENV{SHA1_ASM_OBJ} if $dir eq "sha";
+$asmobjs = $ENV{MODES_ASM_OBJ} if $dir eq "modes";
+
+# Get all other FIPS object files, filtered by directory.
+
+my @objlist = grep {/crypto\/$dir\//} split / /, $ENV{FIPS_EX_OBJ};
+
+push @objlist, split / /, $asmobjs;
+
+# Fatal error if no matches
+die "No objects in $dir!" if (scalar @objlist == 0);
+
+# Output all matches removing pathname.
+foreach (@objlist)
+	{
+	s|../crypto/$dir/||;
+	print "$_\n";
+	}