FIPS module checksums: add scripts and Makefile rule

This adds the following scripts:

util/lang-compress.pl:

Compress source code, which language is determined by the first argument.
For the moment, we know 'perl' (perlasm source code), 'C' (C source code)
and 'S' (Assembler with C preprocessor directives).
This removes comments and empty lines, and compresses series of horizontal
spaces to one single space in the languages where that's appropriate.

util/fips-checksums.sh:

Takes source file names as arguments, pushes them through
util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates
the checksum on the result.

Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#8871)

Configurations/unix-Makefile.tmpl

@@ -1055,6 +1055,9 @@ uninstall_html_docs:
 # It's important that generate_buildinfo comes after ordinals, as ordinals
 # is sensitive to build.info changes.
 update: generate errors ordinals generate_buildinfo
+{- output_off() if $disabled{fips}; "" -}
+update: fips-checksums
+{- output_on() if $disabled{fips}; "" -}
 
 generate: generate_apps generate_crypto_bn generate_crypto_objects \
           generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids
@@ -1267,6 +1270,20 @@ tags TAGS: FORCE
 	-ctags -R .
 	-etags `find . -name '*.[ch]' -o -name '*.pm'`
 
+{- output_off() if $disabled{fips}; "" -}
+fips-checksums: generate_fips_sources
+	if which unifdef > /dev/null; then \
+	    ( cd $(SRCDIR) \
+	      && cat providers/fips.module.sources \
+	             | xargs ./util/fips-checksums.sh \
+	             > providers/fips-sources.checksums \
+	      && sha256sum providers/fips-sources.checksums \
+	             > providers/fips.checksum ); \
+	else \
+	    echo >&2 "WARNING: unifdef not in your \$$PATH, FIPS checksums not calculated"; \
+	fi
+{- output_on() if $disabled{fips}; "" -}
+
 # Release targets (note: only available on Unix) #####################
 
 tar: