Add PKCS#12 test

[iyanmv]

OpenSSL supports PKCS#12 and can be used to store in a single encrypted file the private key and certificate.

This PR adds a new test that tries to generate .p12 files for all the supported algorithms. Unfortunately, when oqsprovider is not enabled and -provider oqsprovider is used instead, this generation fails. OpenSSL still returns 0, so I don't know how to catch this issue. Ideas are welcome.

When oqsprovider is not enabled in the config file, errors are printed in the terminal, but the .p12 files are still generated and openssl exits with 0.

See also: #398

[baentsch]

Thanks for this PR, @iyanmv ! This is exactly how I'd hoped to see a new test.

As everything seems to pass, I'm now trying to understand where the error becomes visible, though: When I run the new script, there's no error appearing; .p12 files get generated, even if commenting out the 2 lines after the "pkcs12 test" comment and using the tests with the tweaked oqsprovider.cnf file (commented as "fails"): Suggestions how to trigger the problem very welcome. I've been using openssl3.0.2 in the hope that as the oldest version it should show the problem easiest... Which version did you use?

[iyanmv]

I'm using OpenSSL 3.2.1. I just realized that even though errors are printed (and saved to interop.log), the .p12 files are (sometimes) correctly generated. I will double check again the particular example where I was getting the error but also no file at all, because I know I forgot.

[baentsch]

I will double check again the particular example where I was getting the error but also no file at all, because I know I forgot.

Looking forward to your instructions how to trigger this then.

As and when you have time, please also rebase your PR to the latest main as I had to add a workaround to cygwin testing to get this to pass CI (openssl "master" seems to crash with the provider).

[iyanmv]

@baentsch I cannot replicate the original issue anymore, so probably I did something else wrong. What I still observe (and can be seen in the interop.log file) is that an error message is shown when oqsprovider is not enabled in the config file, but the .p12 file is still generated correctly.

I have rebased the PR with the latest main, and modify the test a little bit. Let me know if it's still useful or not.

[baentsch]

Let me thing if it's still useful or not?

The added test definitely is useful (to confirm P12 generation works OK) -- but the tests should pass....

[iyanmv]

Ups, I think it fails now because of how I check the hashes (sha256sum does not exist in macOS). But I can do that with openssl directly.

[iyanmv]

Fixed

[baentsch]

Thanks again for this improved testing! LGTM with one nit (single comment). I'd squash all into one comment upon merge. Also a question whether you'd like to add yourself to the "Contributors" section in the README (?). Surely good would be an additional statement pertaining to PKCS12 support in https://github.com/open-quantum-safe/oqs-provider?tab=readme-ov-file#status.