When verifying entries in the OBJ database, check OIDs rather than names

[levitte]

Other providers, or even the OpenSSL libraries, may register conflicting
names at any time, for the same OIDs. This is unfortunate, but not an
essential problem. Since the OQS provider has its own registry with both
OIDs and names, and really just want to know the central NIDs, the OQS
provider might as well do lookups by OID, since that's the most central ID.

Fixes #623

[baentsch]

Thanks for the proposal @levitte -- but this was the first thing I tried. The real problem is the naming throughout the code and the different forms it needs to take when used in different contexts. This PR as-is allows the provider to register -- but not to work (try running "scripts/runtest.sh").

I clearly never understood the intricacies or which problems names with "-" introduce and in which places this needs to be dealt with -- and it is necessary to do this as there is the desire to use both the standards text naming ("ML-DSA-44") and the current naming "mldsa44" (which still doesn't work with this PR as the algorithm registration is wrong in every spot it occurs, e.g.

oqs-provider/oqsprov/oqsprov_capabilities.c

Lines 707 to 711 in afc1de2

	return oqs_group_capability(cb, arg);
	#ifdef OSSL_CAPABILITY_TLS_SIGALG_NAME
	if (strcasecmp(capability, "TLS-SIGALG") == 0)
	return oqs_sigalg_capability(cb, arg);

oqs-provider/oqsprov/oqsprov.c

Lines 941 to 949 in afc1de2

	return oqsprovider_signatures;
	case OSSL_OP_KEM:
	return oqsprovider_asym_kems;
	case OSSL_OP_KEYMGMT:
	return oqsprovider_keymgmt;
	case OSSL_OP_ENCODER:
	return oqsprovider_encoder;
	case OSSL_OP_DECODER:
	return oqsprovider_decoder;

So again, I'd be grateful if you could take a look at #625 and provide feedback (or better suggestions) there.

[levitte]

Yeah, I'm noticing more things lacking.

[mouse07410]

there is the desire to use both the standards text naming ("ML-DSA-44") and the current naming "mldsa44"

I do not think this is worth spending efforts. If it could come "for free" - then sure, why not. Otherwise - there are standard names, and it should be easy enough to change "mldsa44" to "ML-DSA-44" in the code or shellscript.

[levitte]

Yeah I see now... you've hinged other stuff on the OBJ database, such as:

oqs-provider/oqsprov/oqs_encode_key2any.c

Line 1393 in afc1de2

int type = OBJ_sn2nid(typestr);

That's essentially a mistake, exactly because there's too much risk of competition. And quite frankly, this example shouldn't really need to rely on the OBJ database at all, considering that you (should) have all the necessery data within the provider itself.

[baentsch]

you (should) have all the necessery data within the provider itself.

That's what this array means to hold. And I agree, the sn2nid function indeed would be better replaced by a lookup to the internal oqs_nid_name_t array. Will change in due course as part of implementing #625 (reference to the above added: Thanks!)