Bug 1042479: Accept the OIW sha1WithRSASignature OID, r=keeler

--HG--
extra : rebase_source : 98dfbf1b5130898604e86c54ad4a8453aa87bde4

security/pkix/lib/pkixder.cpp

@@ -184,6 +184,15 @@ SignatureAlgorithmOIDValue(Reader& algorithmID,
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05
   };
 
+  // NIST Open Systems Environment (OSE) Implementor's Workshop (OIW)
+  // http://www.oiw.org/agreements/stable/12s-9412.txt (no longer works).
+  // http://www.imc.org/ietf-pkix/old-archive-97/msg01166.html
+  // We need to support this this non-PKIX OID for compatibility.
+  // python DottedOIDToCode.py sha1WithRSASignature 1.3.14.3.2.29
+  static const uint8_t sha1WithRSASignature[] = {
+    0x2b, 0x0e, 0x03, 0x02, 0x1d
+  };
+
   // RFC 3279 Section 2.2.2
   // python DottedOIDToCode.py id-dsa-with-sha1 1.2.840.10040.4.3
   static const uint8_t id_dsa_with_sha1[] = {
@@ -227,6 +236,9 @@ SignatureAlgorithmOIDValue(Reader& algorithmID,
     algorithm = SignatureAlgorithm::dsa_with_sha1;
   } else if (algorithmID.MatchRest(id_dsa_with_sha256)) {
     algorithm = SignatureAlgorithm::dsa_with_sha256;
+  } else if (algorithmID.MatchRest(sha1WithRSASignature)) {
+    // XXX(bug 1042479): recognize this old OID for compatibility.
+    algorithm = SignatureAlgorithm::rsa_pkcs1_with_sha1;
   } else {
     // Any MD5-based signature algorithm, or any unknown signature algorithm.
     return Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED;

security/pkix/test/gtest/pkixder_pki_types_tests.cpp

@@ -338,10 +338,17 @@ static const AlgorithmIdentifierTestInfo<SignatureAlgorithm>
     13,
   },
   { SignatureAlgorithm::rsa_pkcs1_with_sha1,
+    // IETF Standard OID
     { 0x30, 0x0b, 0x06, 0x09,
       0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05 },
     13,
   },
+  { SignatureAlgorithm::rsa_pkcs1_with_sha1,
+    // Legacy OIW OID (bug 1042479)
+    { 0x30, 0x07, 0x06, 0x05,
+      0x2b, 0x0e, 0x03, 0x02, 0x1d },
+    9,
+  },
 
   // DSA
   { SignatureAlgorithm::dsa_with_sha256,