makefiles/suit: use OpenSSL to generate key

makefiles/suit.base.inc.mk

@@ -35,10 +35,17 @@ SUIT_PUB_HDR_DIR = $(dir $(SUIT_PUB_HDR))
 CFLAGS += -I$(SUIT_PUB_HDR_DIR)
 BUILDDEPS += $(SUIT_PUB_HDR)
 
+ifneq (,$(SUIT_SEC_PASSWORD))
+  OPENSSL_GENPKEY_ARGS += -aes-256-cbc
+endif
+
+# OpenSSL leaves an empty file if key generation fails - remove it manually
+# see https://github.com/openssl/openssl/issues/25440
 $(SUIT_SEC): | $(CLEAN)
 	$(Q)echo suit: generating key in $(SUIT_KEY_DIR)
 	$(Q)mkdir -p $(SUIT_KEY_DIR)
-	$(Q)$(RIOTBASE)/dist/tools/suit/gen_key.py $@ $(SUIT_SEC_PASSWORD)
+	-$(Q)openssl genpkey -algorithm ed25519 $(OPENSSL_GENPKEY_ARGS) -out $@
+	$(Q)if [ ! -s $@ ]; then rm $@; fi
 
 %.pem.pub: %.pem
 	$(Q)openssl ec -inform pem -in $< -outform pem -pubout -out $@