trustfence-cst: update to cst 3.4.1

Now that the tool supports OpenSSL 3.2.3, the same version provided by Yocto
5.0 poky, we can simply use the regular Yocto version of the package and link
to it dynamically instead of building a separate version specific for the tool.
Reflect this change in the recipe and include the new binary "mac_dump" in the
package.

Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>

meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1.inc

@@ -1,44 +1,38 @@
-# Copyright (C) 2017-2023, Digi International Inc.
+# Copyright (C) 2017-2024, Digi International Inc.
 
 SUMMARY = "NXP Code signing Tool for the High Assurance Boot library"
 DESCRIPTION = "Provides software code signing support designed for use with \
 i.MX processors that integrate the HAB library in the internal boot ROM."
 HOMEPAGE = "https://www.nxp.com/webapp/Download?colCode=IMX_CST_TOOL"
 LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=1fbcd66ae51447aa94da10cbf6271530"
+LIC_FILES_CHKSUM = "file://LICENSE.bsd3;md5=14aba05f9fa6c25527297c8aac95fcf6"
 
-DEPENDS = "byacc-native flex-native"
-
-OPENSSL1_VERSION = "1.1.1t"
+DEPENDS = "byacc-native flex-native openssl"
 
 SRC_URI = " \
     ${DIGI_PKG_SRC}/cst-${PV}.tgz;name=cst \
-    https://www.openssl.org/source/openssl-${OPENSSL1_VERSION}.tar.gz;name=openssl \
     file://0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch \
     file://0002-openssl_helper-use-dev-urandom-as-seed-source.patch \
     file://0003-hab4_pki_tree.sh-adapt-script-for-DEY.patch \
     file://0004-ahab_pki_tree.sh-adapt-script-for-DEY.patch \
 "
 
-SRC_URI[cst.md5sum] = "4b9fccac381fa412cba8ba7028c154c7"
-SRC_URI[cst.sha256sum] = "517b11dca181e8c438a6249f56f0a13a0eb251b30e690760be3bf6191ee06c68"
-SRC_URI[openssl.md5sum] = "1cfee919e0eac6be62c88c5ae8bcd91e"
-SRC_URI[openssl.sha256sum] = "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b"
+SRC_URI[cst.md5sum] = "b23ed5983734d4812fcf1da33eac8f31"
+SRC_URI[cst.sha256sum] = "0715fffe43d82708696af3f5d721bf36edd1d9be1ec482f21b9f1c48bc699097"
 
 S = "${WORKDIR}/cst-${PV}"
 
 EXTRA_OEMAKE = 'CC="${CC}" LD="${CC}" AR="${AR}" OBJCOPY="${OBJCOPY}"'
 
 do_compile() {
-	cd code/cst
-	oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 openssl
-	oe_runmake OPENSSL_PATH=${WORKDIR}/openssl-${OPENSSL1_VERSION} OSTYPE=linux64 os_bin
+	oe_runmake -C code/obj.linux64 OSTYPE=linux64 ENCRYPTION=yes COPTIONS="${CFLAGS} ${CPPFLAGS}" LDOPTIONS="${LDFLAGS}"
 }
 
 do_install() {
 	install -d ${D}${bindir}
-	install -m 0755 code/cst/code/obj.linux64/cst ${D}${bindir}
-	install -m 0755 code/cst/code/obj.linux64/srktool ${D}${bindir}
+	install -m 0755 code/obj.linux64/cst ${D}${bindir}
+	install -m 0755 code/obj.linux64/mac_dump ${D}${bindir}
+	install -m 0755 code/obj.linux64/srktool ${D}${bindir}
 	if [ "${TRUSTFENCE_SIGN_MODE}" = "AHAB" ]; then
 		install -m 0755 keys/ahab_pki_tree.sh ${D}${bindir}/trustfence-gen-pki.sh
 	elif [ "${TRUSTFENCE_SIGN_MODE}" = "HAB" ]; then

meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0001-gen_auth_encrypted_data-reuse-existing-DEK-file.patch

@@ -14,14 +14,14 @@ https://jira.digi.com/browse/DUB-608
 
 Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
 ---
- code/cst/code/back_end-ssl/src/adapt_layer_openssl.c | 1 +
+ code/back_end-ssl/src/adapt_layer_openssl.c | 1 +
  1 file changed, 1 insertion(+)
 
-diff --git a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c
-index d8df54e..86e7e4f 100755
---- a/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c
-+++ b/code/cst/code/back_end-ssl/src/adapt_layer_openssl.c
-@@ -1231,6 +1231,7 @@ int32_t gen_auth_encrypted_data(const char* in_file,
+diff --git a/code/back_end-ssl/src/adapt_layer_openssl.c b/code/back_end-ssl/src/adapt_layer_openssl.c
+index 74a707f..da4df42 100644
+--- a/code/back_end-ssl/src/adapt_layer_openssl.c
++++ b/code/back_end-ssl/src/adapt_layer_openssl.c
+@@ -1211,6 +1211,7 @@ int32_t gen_auth_encrypted_data(const char* in_file,
          printf("\n");
  #endif
          if (0 == key_init_done) {

meta-digi-arm/recipes-bsp/trustfence-cst/trustfence-cst-3.4.1/0002-openssl_helper-use-dev-urandom-as-seed-source.patch

@@ -8,14 +8,14 @@ Upstream-Status: Inappropriate [DEY specific]
 
 Signed-off-by: Diaz de Grenu, Jose <Jose.DiazdeGrenu@digi.com>
 ---
- code/cst/code/common/src/openssl_helper.c | 2 +-
+ code/common/src/openssl_helper.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/code/cst/code/common/src/openssl_helper.c b/code/cst/code/common/src/openssl_helper.c
-index 1e1131b..918c82e 100755
---- a/code/cst/code/common/src/openssl_helper.c
-+++ b/code/cst/code/common/src/openssl_helper.c
-@@ -404,7 +404,7 @@ void print_version(void)
+diff --git a/code/common/src/openssl_helper.c b/code/common/src/openssl_helper.c
+index c6b5292..c2ff0ca 100644
+--- a/code/common/src/openssl_helper.c
++++ b/code/common/src/openssl_helper.c
+@@ -380,7 +380,7 @@ void print_version(void)
  ---------------------------*/
  uint32_t seed_prng(uint32_t bytes)
  {