From eead69f5ed15510b65df545a083a0b63abc6b29d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 21 Feb 2011 14:07:15 +0000
Subject: [PATCH] Make fipscanisteronly build only required files.

---
 CHANGES         |  4 ++++
 Makefile.fips   |  6 +++---
 crypto/Makefile |  7 +++++++
 util/fipsobj.pl | 31 +++++++++++++++++++++++++++++++
 4 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 util/fipsobj.pl

diff --git a/CHANGES b/CHANGES
index e1cbe370c1..6b803975ea 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Modify fipscanisteronly build option to only build the necessary object
+     files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile.
+     [Steve Henson]
+
   *) Add experimental option FIPSSYMS to give all symbols in
      fipscanister.o and FIPS or fips prefix. This will avoid
      conflicts with future versions of OpenSSL. Add perl script
diff --git a/Makefile.fips b/Makefile.fips
index f8307cbf69..929fa95c50 100644
--- a/Makefile.fips
+++ b/Makefile.fips
@@ -147,8 +147,8 @@ SHLIBDIRS= crypto
 # dirs in crypto to build
 SDIRS=  \
 	sha hmac des aes modes \
-	bn ec rsa dsa ecdsa dh ecdh \
-	buffer rand evp cmac
+	bn ec rsa dsa ecdsa dh \
+	buffer rand evp # ecdh cmac
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 
@@ -372,7 +372,7 @@ build_crypto:
 	else \
 		AS='$(CC) -c' ; \
 	fi ; export AS ; \
-		dir=crypto; target=all; $(BUILD_ONE_CMD)
+		dir=crypto; target=fips; $(BUILD_ONE_CMD)
 build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
 build_engines:
diff --git a/crypto/Makefile b/crypto/Makefile
index 4147d2d638..eb066f03a5 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -50,6 +50,13 @@ top:
 
 all: shared
 
+fips: cryptlib.o thr_id.o uid.o $(CPUID_OBJ)
+	[ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
+		    ( obj=`$(PERL) $(TOP)/util/fipsobj.pl $$i` && \
+			cd $$i && echo "making fips in $(DIR)/$$i..." && \
+		    $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='$(INCLUDES)' $$obj ) || exit 1; \
+		done;
+
 buildinf.h: ../Makefile
 	( echo "#ifndef MK1MF_BUILD"; \
 	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
diff --git a/util/fipsobj.pl b/util/fipsobj.pl
new file mode 100644
index 0000000000..09fe34a244
--- /dev/null
+++ b/util/fipsobj.pl
@@ -0,0 +1,31 @@
+
+# Filter script. Take all FIPS object files from the environment
+# and print out only those in the given directory.
+
+my $dir = $ARGV[0];
+
+my $asmobjs = "";
+
+# Add any needed assembly languagr files.
+
+$asmobjs = $ENV{AES_ENC} if $dir eq "aes";
+$asmobjs = $ENV{BN_ASM} if $dir eq "bn";
+$asmobjs = $ENV{DES_ENC} if $dir eq "des";
+$asmobjs = $ENV{SHA1_ASM_OBJ} if $dir eq "sha";
+$asmobjs = $ENV{MODES_ASM_OBJ} if $dir eq "modes";
+
+# Get all other FIPS object files, filtered by directory.
+
+my @objlist = grep {/crypto\/$dir\//} split / /, $ENV{FIPS_EX_OBJ};
+
+push @objlist, split / /, $asmobjs;
+
+# Fatal error if no matches
+die "No objects in $dir!" if (scalar @objlist == 0);
+
+# Output all matches removing pathname.
+foreach (@objlist)
+	{
+	s|../crypto/$dir/||;
+	print "$_\n";
+	}
-- 
GitLab