refactor(security): upgrade tools to OpenSSL 3.0

Host tools cert_tool and encrypt_fw refactored to be fully
compatible with OpenSSL v3.0.

Changes were made following the OpenSSL 3.0 migration guide:
In some cases, those changes are straightforward and only
a small modification on the types or API calls was needed
(e.g.: replacing BN_pseudo_rand() with BN_rand(). Both identical
since v1.1.0).
The use of low level APIs is now deprecated. In some cases,
the new API provides a simplified solution for our goals and
therefore the code was simplified accordingly (e.g.: generating
RSA keys through EVP_RSA_gen() without the need of handling the
exponent). However, in some cases, a more
sophisticated approach was necessary, as the use of a context
object was required (e.g.: when retrieving the digest value from
an SHA file).

Signed-off-by: Juan Pablo Conde <>
Change-Id: I978e8578fe7ab3e71307450ebe7e7812fbcaedb6
7 files changed