Bug 1304924 - Rename SignatureScheme to SSLSignatureScheme, r=ekr
authorMartin Thomson <martin.thomson@gmail.com>
Wed, 28 Sep 2016 10:50:18 +1000
changeset 12642 edecfb87990fbf28303f34c7fd7a7f5b8103fa19
parent 12641 e5938b5613837b183e7db672e36d98f2a7943233
child 12643 c7accc68b3c8380ab204deddcd65224539de625d
push id1601
push usermartin.thomson@gmail.com
push dateFri, 30 Sep 2016 03:35:58 +0000
reviewersekr
bugs1304924
Bug 1304924 - Rename SignatureScheme to SSLSignatureScheme, r=ekr
lib/ssl/ssl.h
lib/ssl/ssl3con.c
lib/ssl/ssl3ecc.c
lib/ssl/ssl3prot.h
lib/ssl/sslimpl.h
lib/ssl/tls13con.c
--- a/lib/ssl/ssl.h
+++ b/lib/ssl/ssl.h
@@ -358,17 +358,17 @@ SSL_IMPORT SECStatus SSL_CipherPolicyGet
 **
 ** Omitting SHA-256 from this list might be foolish.  Support is mandatory in
 ** TLS 1.2 and there might be interoperability issues.
 **
 ** NSS doesn't support the full combinatorial matrix of hash and signature
 ** algorithms with all keys.  NSS preferentially uses the schemes that are
 ** defined in TLS 1.3.
 **
-** To select TLS 1.3 signature schemes, split the SignatureScheme into an most
+** To select TLS 1.3 signature schemes, split the SSLSignatureScheme into an most
 ** significant octet (the hash) and a less significant octet (the signature) and
 ** then use this structure.
 */
 SSL_IMPORT SECStatus SSL_SignaturePrefSet(
     PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
     unsigned int count);
 
 /*
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -71,17 +71,17 @@ static SECStatus ssl3_HandlePostHelloHan
 static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
 
 static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
                              int maxOutputLen, const unsigned char *input,
                              int inputLen);
 
 static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
 static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
-PRBool ssl_IsRsaPssSignatureScheme(SignatureScheme scheme);
+PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
 
 #define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */
 #define MIN_SEND_BUF_LENGTH 4000
 
 /* This list of SSL3 cipher suites is sorted in descending order of
  * precedence (desirability).  It only includes cipher suites we implement.
  * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites
  * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c)
@@ -181,17 +181,17 @@ static ssl3CipherSuiteCfg cipherSuites[s
 
 /* This is the default supported set of signature schemes.  The order of the
  * hashes here is all that is important, since that will (sometimes) determine
  * which hash we use.  The key pair (i.e., cert) is the primary thing that
  * determines what we use and this doesn't affect how we select key pairs.  The
  * order of signature types is based on the same rules for ordering we use for
  * cipher suites just for consistency.
  */
-static const SignatureScheme defaultSignatureSchemes[] = {
+static const SSLSignatureScheme defaultSignatureSchemes[] = {
     ssl_sig_ecdsa_secp256r1_sha256,
     ssl_sig_ecdsa_secp384r1_sha384,
     ssl_sig_ecdsa_secp521r1_sha512,
     ssl_sig_ecdsa_sha1,
     ssl_sig_rsa_pss_sha256,
     ssl_sig_rsa_pss_sha384,
     ssl_sig_rsa_pss_sha512,
     ssl_sig_rsa_pkcs1_sha256,
@@ -1168,17 +1168,17 @@ done:
         PORT_Free(buf->data);
         buf->data = NULL;
     }
     return rv;
 }
 
 /* Called from ssl3_HandleServerKeyExchange, ssl3_HandleCertificateVerify */
 SECStatus
-ssl3_VerifySignedHashes(sslSocket *ss, SignatureScheme scheme, SSL3Hashes *hash,
+ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme, SSL3Hashes *hash,
                         SECItem *buf)
 {
     SECKEYPublicKey *key;
     SECItem *signature = NULL;
     SECStatus rv;
     SECItem hashItem;
     SECOidTag encAlg;
     SECOidTag hashAlg;
@@ -4338,17 +4338,17 @@ ssl3_HashTypeToOID(SSLHashType hashType)
             return SEC_OID_SHA512;
         default:
             break;
     }
     return SEC_OID_UNKNOWN;
 }
 
 SSLHashType
-ssl_SignatureSchemeToHashType(SignatureScheme scheme)
+ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme)
 {
     switch (scheme) {
         case ssl_sig_rsa_pkcs1_sha1:
         case ssl_sig_dsa_sha1:
         case ssl_sig_ecdsa_sha1:
             return ssl_hash_sha1;
         case ssl_sig_rsa_pkcs1_sha256:
         case ssl_sig_ecdsa_secp256r1_sha256:
@@ -4370,17 +4370,17 @@ ssl_SignatureSchemeToHashType(SignatureS
         case ssl_sig_ed448:
             break;
     }
     PORT_Assert(0);
     return ssl_hash_none;
 }
 
 KeyType
-ssl_SignatureSchemeToKeyType(SignatureScheme scheme)
+ssl_SignatureSchemeToKeyType(SSLSignatureScheme scheme)
 {
     switch (scheme) {
         case ssl_sig_rsa_pkcs1_sha256:
         case ssl_sig_rsa_pkcs1_sha384:
         case ssl_sig_rsa_pkcs1_sha512:
         case ssl_sig_rsa_pkcs1_sha1:
         case ssl_sig_rsa_pss_sha256:
         case ssl_sig_rsa_pss_sha384:
@@ -4402,26 +4402,26 @@ ssl_SignatureSchemeToKeyType(SignatureSc
             break;
     }
     PORT_Assert(0);
     return nullKey;
 }
 
 static SECStatus
 ssl_ValidateSignatureScheme(PRBool isTLS13, KeyType keyType,
-                            SignatureScheme scheme)
+                            SSLSignatureScheme scheme)
 {
     /* Match key type to the scheme; also, SHA1 is forbidden in TLS 1.3. */
     return ssl_IsSupportedSignatureScheme(scheme) &&
            keyType == ssl_SignatureSchemeToKeyType(scheme) &&
            (!isTLS13 || ssl_SignatureSchemeToHashType(scheme) != ssl_hash_sha1);
 }
 
 static SSLNamedGroup
-ssl_NamedGroupForSignatureScheme(SignatureScheme scheme)
+ssl_NamedGroupForSignatureScheme(SSLSignatureScheme scheme)
 {
     switch (scheme) {
         case ssl_sig_ecdsa_secp256r1_sha256:
             return ssl_grp_ec_secp256r1;
         case ssl_sig_ecdsa_secp384r1_sha384:
             return ssl_grp_ec_secp384r1;
         case ssl_sig_ecdsa_secp521r1_sha512:
             return ssl_grp_ec_secp521r1;
@@ -4430,17 +4430,17 @@ ssl_NamedGroupForSignatureScheme(Signatu
     }
     PORT_Assert(0);
     return 0;
 }
 
 static PRBool
 ssl_SignatureSchemeValidForKey(PRBool isTLS13, KeyType keyType,
                                const sslNamedGroupDef *ecGroup,
-                               SignatureScheme scheme)
+                               SSLSignatureScheme scheme)
 {
     if (!ssl_ValidateSignatureScheme(isTLS13, keyType, scheme)) {
         return PR_FALSE;
     }
     if (keyType != ecKey) {
         return PR_TRUE;
     }
     if (!ecGroup) {
@@ -4454,17 +4454,17 @@ ssl_SignatureSchemeValidForKey(PRBool is
 
 /* ssl3_CheckSignatureSchemeConsistency checks that the signature
  * algorithm identifier in |sigAndHash| is consistent with the public key in
  * |cert|. It also checks the hash algorithm against the configured signature
  * algorithms.  If all the tests pass, SECSuccess is returned. Otherwise,
  * PORT_SetError is called and SECFailure is returned. */
 SECStatus
 ssl_CheckSignatureSchemeConsistency(
-    sslSocket *ss, SignatureScheme scheme, CERTCertificate *cert)
+    sslSocket *ss, SSLSignatureScheme scheme, CERTCertificate *cert)
 {
     unsigned int i;
     const sslNamedGroupDef *group = NULL;
     SECKEYPublicKey *key;
     KeyType keyType;
     PRBool isTLS13 = ss->version == SSL_LIBRARY_VERSION_TLS_1_3;
 
     key = CERT_ExtractPublicKey(cert);
@@ -4499,17 +4499,17 @@ ssl_CheckSignatureSchemeConsistency(
             return SECSuccess;
         }
     }
     PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
     return SECFailure;
 }
 
 PRBool
-ssl_IsSupportedSignatureScheme(SignatureScheme scheme)
+ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme)
 {
     switch (scheme) {
         case ssl_sig_rsa_pkcs1_sha1:
         case ssl_sig_rsa_pkcs1_sha256:
         case ssl_sig_rsa_pkcs1_sha384:
         case ssl_sig_rsa_pkcs1_sha512:
         case ssl_sig_rsa_pss_sha256:
         case ssl_sig_rsa_pss_sha384:
@@ -4528,50 +4528,50 @@ ssl_IsSupportedSignatureScheme(Signature
         case ssl_sig_ed25519:
         case ssl_sig_ed448:
             return PR_FALSE;
     }
     return PR_FALSE;
 }
 
 PRBool
-ssl_IsRsaPssSignatureScheme(SignatureScheme scheme)
+ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme)
 {
     switch (scheme) {
         case ssl_sig_rsa_pss_sha256:
         case ssl_sig_rsa_pss_sha384:
         case ssl_sig_rsa_pss_sha512:
             return PR_TRUE;
 
         default:
             return PR_FALSE;
     }
     return PR_FALSE;
 }
 
-/* ssl_ConsumeSignatureScheme reads a SignatureScheme (formerly
+/* ssl_ConsumeSignatureScheme reads a SSLSignatureScheme (formerly
  * SignatureAndHashAlgorithm) structure from |b| and puts the resulting value
  * into |out|. |b| and |length| are updated accordingly.
  *
  * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
 SECStatus
 ssl_ConsumeSignatureScheme(sslSocket *ss, SSL3Opaque **b,
-                           PRUint32 *length, SignatureScheme *out)
+                           PRUint32 *length, SSLSignatureScheme *out)
 {
     PRInt32 tmp;
 
     tmp = ssl3_ConsumeHandshakeNumber(ss, 2, b, length);
     if (tmp < 0) {
         return SECFailure; /* Error code set already. */
     }
-    if (!ssl_IsSupportedSignatureScheme((SignatureScheme)tmp)) {
+    if (!ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) {
         PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
         return SECFailure;
     }
-    *out = (SignatureScheme)tmp;
+    *out = (SSLSignatureScheme)tmp;
     return SECSuccess;
 }
 
 /**************************************************************************
  * end of Consume Handshake functions.
  **************************************************************************/
 
 static SECStatus
@@ -6212,17 +6212,17 @@ ssl3_SendClientKeyExchange(sslSocket *ss
                 SSL_GETPID(), ss->fd));
 
     SECKEY_DestroyPublicKey(serverKey);
     return rv; /* err code already set. */
 }
 
 SECStatus
 ssl_PickSignatureScheme(sslSocket *ss, SECKEYPublicKey *key,
-                        const SignatureScheme *peerSchemes,
+                        const SSLSignatureScheme *peerSchemes,
                         unsigned int peerSchemeCount,
                         PRBool requireSha1)
 {
     unsigned int i, j;
     const sslNamedGroupDef *group = NULL;
     KeyType keyType;
     PRBool isTLS13 = ss->version == SSL_LIBRARY_VERSION_TLS_1_3;
 
@@ -6236,17 +6236,17 @@ ssl_PickSignatureScheme(sslSocket *ss, S
         group = ssl_ECPubKey2NamedGroup(key);
     }
 
     /* Here we look for the first local preference that the client has
      * indicated support for in their signature_algorithms extension. */
     for (i = 0; i < ss->ssl3.signatureSchemeCount; ++i) {
         SSLHashType hashType;
         SECOidTag hashOID;
-        SignatureScheme preferred = ss->ssl3.signatureSchemes[i];
+        SSLSignatureScheme preferred = ss->ssl3.signatureSchemes[i];
         PRUint32 policy;
 
         if (!ssl_SignatureSchemeValidForKey(isTLS13, keyType, group,
                                             preferred)) {
             continue;
         }
 
         hashType = ssl_SignatureSchemeToHashType(preferred);
@@ -6305,17 +6305,17 @@ ssl3_PickServerSignatureScheme(sslSocket
     /* Sets error code, if needed. */
     return ssl_PickSignatureScheme(ss, keyPair->pubKey,
                                    ss->ssl3.hs.clientSigSchemes,
                                    ss->ssl3.hs.numClientSigScheme,
                                    PR_FALSE);
 }
 
 static SECStatus
-ssl_PickClientSignatureScheme(sslSocket *ss, const SignatureScheme *schemes,
+ssl_PickClientSignatureScheme(sslSocket *ss, const SSLSignatureScheme *schemes,
                               unsigned int numSchemes)
 {
     SECKEYPublicKey *key;
     SECStatus rv;
 
     key = CERT_ExtractPublicKey(ss->ssl3.clientCertificate);
     PORT_Assert(key);
     if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 &&
@@ -6930,17 +6930,17 @@ loser:
 static SECStatus
 ssl_HandleDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 {
     SECStatus rv;
     int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
     SSL3AlertDescription desc = illegal_parameter;
     SSLHashType hashAlg;
     PRBool isTLS = ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0;
-    SignatureScheme sigScheme;
+    SSLSignatureScheme sigScheme;
 
     SECItem dh_p = { siBuffer, NULL, 0 };
     SECItem dh_g = { siBuffer, NULL, 0 };
     SECItem dh_Ys = { siBuffer, NULL, 0 };
     unsigned dh_p_bits;
     unsigned dh_g_bits;
     PRInt32 minDH;
 
@@ -7208,23 +7208,23 @@ alert_loser:
                          ss->version < SSL_LIBRARY_VERSION_TLS_1_0 ? illegal_parameter
                                                                    : decode_error);
     PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_REQUEST);
     return SECFailure;
 }
 
 SECStatus
 ssl_ParseSignatureSchemes(sslSocket *ss, PLArenaPool *arena,
-                          SignatureScheme **schemesOut,
+                          SSLSignatureScheme **schemesOut,
                           unsigned int *numSchemesOut,
                           unsigned char **b, unsigned int *len)
 {
     SECStatus rv;
     SECItem buf;
-    SignatureScheme *schemes;
+    SSLSignatureScheme *schemes;
     unsigned int numSchemes = 0;
     unsigned int max;
 
     rv = ssl3_ConsumeHandshakeVariable(ss, &buf, 2, b, len);
     if (rv != SECSuccess) {
         return SECFailure;
     }
     /* An empty or odd-length value is invalid. */
@@ -7232,35 +7232,35 @@ ssl_ParseSignatureSchemes(sslSocket *ss,
         (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
         return SECFailure;
     }
 
     /* Limit the number of schemes we read. */
     max = PR_MIN(buf.len / 2, MAX_SIGNATURE_SCHEMES);
 
     if (arena) {
-        schemes = PORT_ArenaZNewArray(arena, SignatureScheme, max);
+        schemes = PORT_ArenaZNewArray(arena, SSLSignatureScheme, max);
     } else {
-        schemes = PORT_ZNewArray(SignatureScheme, max);
+        schemes = PORT_ZNewArray(SSLSignatureScheme, max);
     }
     if (!schemes) {
         (void)SSL3_SendAlert(ss, alert_fatal, internal_error);
         return SECFailure;
     }
 
     for (; max; --max) {
         PRInt32 tmp;
         tmp = ssl3_ConsumeHandshakeNumber(ss, 2, &buf.data, &buf.len);
         if (tmp < 0) {
             PORT_Assert(0);
             PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
             return SECFailure;
         }
-        if (ssl_IsSupportedSignatureScheme((SignatureScheme)tmp)) {
-            schemes[numSchemes++] = (SignatureScheme)tmp;
+        if (ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) {
+            schemes[numSchemes++] = (SSLSignatureScheme)tmp;
         }
     }
 
     if (!numSchemes) {
         PORT_Free(schemes);
         schemes = NULL;
     }
 
@@ -7278,17 +7278,17 @@ ssl3_HandleCertificateRequest(sslSocket 
 {
     PLArenaPool *arena = NULL;
     PRBool isTLS = PR_FALSE;
     PRBool isTLS12 = PR_FALSE;
     int errCode = SSL_ERROR_RX_MALFORMED_CERT_REQUEST;
     SECStatus rv;
     SSL3AlertDescription desc = illegal_parameter;
     SECItem cert_types = { siBuffer, NULL, 0 };
-    SignatureScheme *signatureSchemes = NULL;
+    SSLSignatureScheme *signatureSchemes = NULL;
     unsigned int signatureSchemeCount = 0;
     CERTDistNames ca_list;
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
                 SSL_GETPID(), ss->fd));
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
@@ -7357,17 +7357,17 @@ loser:
 done:
     if (arena != NULL)
         PORT_FreeArena(arena, PR_FALSE);
     return rv;
 }
 
 SECStatus
 ssl3_CompleteHandleCertificateRequest(sslSocket *ss,
-                                      const SignatureScheme *signatureSchemes,
+                                      const SSLSignatureScheme *signatureSchemes,
                                       unsigned int signatureSchemeCount,
                                       CERTDistNames *ca_list)
 {
     SECStatus rv;
 
     if (ss->getClientAuthData != NULL) {
         PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
                     ssl_preinfo_all);
@@ -9579,17 +9579,17 @@ static SECStatus
 ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
                              SSL3Hashes *hashes)
 {
     SECItem signed_hash = { siBuffer, NULL, 0 };
     SECStatus rv;
     int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY;
     SSL3AlertDescription desc = handshake_failure;
     PRBool isTLS;
-    SignatureScheme sigScheme = ssl_sig_none;
+    SSLSignatureScheme sigScheme = ssl_sig_none;
     SSLHashType hashAlg;
     SSL3Hashes localHashes;
     SSL3Hashes *hashesForVerify = NULL;
 
     SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake",
                 SSL_GETPID(), ss->fd));
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
@@ -12856,17 +12856,17 @@ SSL_SignaturePrefSet(PRFileDesc *fd, con
 
     if (!count || count > MAX_SIGNATURE_SCHEMES) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
     ss->ssl3.signatureSchemeCount = 0;
     for (i = 0; i < count; ++i) {
-        SignatureScheme scheme =
+        SSLSignatureScheme scheme =
             (algorithms[i].hashAlg << 8) | algorithms[i].sigAlg;
         if (!ssl_IsSupportedSignatureScheme(scheme)) {
             SSL_DBG(("%d: SSL[%d]: invalid signature algorithm set %d/%d",
                      SSL_GETPID(), fd, algorithms[i].sigAlg,
                      algorithms[i].hashAlg));
             continue;
         }
 
--- a/lib/ssl/ssl3ecc.c
+++ b/lib/ssl/ssl3ecc.c
@@ -508,17 +508,17 @@ ssl3_HandleECDHServerKeyExchange(sslSock
     SECKEYPublicKey *peerKey = NULL;
     PRBool isTLS;
     SECStatus rv;
     int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
     SSL3AlertDescription desc = illegal_parameter;
     SSL3Hashes hashes;
     SECItem signature = { siBuffer, NULL, 0 };
     SSLHashType hashAlg;
-    SignatureScheme sigScheme;
+    SSLSignatureScheme sigScheme;
 
     SECItem ec_params = { siBuffer, NULL, 0 };
     SECItem ec_point = { siBuffer, NULL, 0 };
     unsigned char paramBuf[3];
     const sslNamedGroupDef *ecGroup;
 
     isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
 
--- a/lib/ssl/ssl3prot.h
+++ b/lib/ssl/ssl3prot.h
@@ -346,11 +346,11 @@ typedef enum {
     ssl_sig_ed25519 = 0x0807,
     ssl_sig_ed448 = 0x0808,
 
     ssl_sig_dsa_sha1 = 0x0202,
     ssl_sig_dsa_sha256 = 0x0402,
     ssl_sig_dsa_sha384 = 0x0502,
     ssl_sig_dsa_sha512 = 0x0602,
     ssl_sig_ecdsa_sha1 = 0x0203
-} SignatureScheme;
+} SSLSignatureScheme;
 
 #endif /* __ssl3proto_h_ */
--- a/lib/ssl/sslimpl.h
+++ b/lib/ssl/sslimpl.h
@@ -836,17 +836,17 @@ typedef enum {
     handshake_hash_single = 2, /* A single hash */
     handshake_hash_record
 } SSL3HandshakeHashType;
 
 /* This holds state for TLS 1.3 CertificateRequest handling. */
 typedef struct TLS13CertificateRequestStr {
     PLArenaPool *arena;
     SECItem context;
-    SignatureScheme *signatureSchemes;
+    SSLSignatureScheme *signatureSchemes;
     unsigned int signatureSchemeCount;
     CERTDistNames ca_list;
 } TLS13CertificateRequest;
 
 /*
 ** This is the "hs" member of the "ssl3" struct.
 ** This entire struct is protected by ssl3HandshakeLock
 */
@@ -859,17 +859,17 @@ typedef struct SSL3HandshakeStateStr {
     SSL3HandshakeHashType hashType;
     sslBuffer messages; /* Accumulated handshake messages */
     /* PKCS #11 mode:
      * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and
      * |sha| for SHA-1.
      * TLS 1.2 and later use only |sha|, for SHA-256. */
     PK11Context *md5;
     PK11Context *sha;
-    SignatureScheme signatureScheme;
+    SSLSignatureScheme signatureScheme;
     const ssl3KEADef *kea_def;
     ssl3CipherSuite cipher_suite;
     const ssl3CipherSuiteDef *suite_def;
     SSLCompressionMethod compression;
     sslBuffer msg_body; /* protected by recvBufLock */
                         /* partial handshake message from record layer */
     unsigned int header_bytes;
     /* number of bytes consumed from handshake */
@@ -907,17 +907,17 @@ typedef struct SSL3HandshakeStateStr {
     /* Which preliminaryinfo values have been set. */
     PRUint32 preliminaryInfo;
 
     PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */
 
     /* clientSigAndHash contains the contents of the signature_algorithms
      * extension (if any) from the client. This is only valid for TLS 1.2
      * or later. */
-    SignatureScheme *clientSigSchemes;
+    SSLSignatureScheme *clientSigSchemes;
     unsigned int numClientSigScheme;
 
     /* This group of values is used for DTLS */
     PRUint16 sendMessageSeq;       /* The sending message sequence
                                     * number */
     PRCList lastMessageFlight;     /* The last message flight we
                                     * sent */
     PRUint16 maxMessageSent;       /* The largest message we sent */
@@ -1019,17 +1019,17 @@ struct ssl3StateStr {
     PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
     PRBool fatalAlertSent;
     PRBool dheWeakGroupEnabled; /* used by server */
     const sslNamedGroupDef *dhePreferredGroup;
 
     /* TLS 1.2 introduces separate signature algorithm negotiation.
      * TLS 1.3 combined signature and hash into a single enum.
      * This is our preference order. */
-    SignatureScheme signatureSchemes[MAX_SIGNATURE_SCHEMES];
+    SSLSignatureScheme signatureSchemes[MAX_SIGNATURE_SCHEMES];
     unsigned int signatureSchemeCount;
 
     /* The version to check if we fell back from our highest version
      * of TLS. Default is 0 in which case we check against the maximum
      * configured version for this socket. Used only on the client. */
     SSL3ProtocolVersion downgradeCheckVersion;
 };
 
@@ -1749,29 +1749,29 @@ extern SECStatus ssl3_ConsumeHandshake(s
                                        SSL3Opaque **b, PRUint32 *length);
 extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes,
                                            SSL3Opaque **b, PRUint32 *length);
 extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
                                                PRInt32 bytes, SSL3Opaque **b,
                                                PRUint32 *length);
 extern PRUint8 *ssl_EncodeUintX(PRUint64 value, unsigned int bytes,
                                 PRUint8 *to);
-extern PRBool ssl_IsSupportedSignatureScheme(SignatureScheme scheme);
+extern PRBool ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme);
 extern SECStatus ssl_CheckSignatureSchemeConsistency(
-    sslSocket *ss, SignatureScheme scheme, CERTCertificate *cert);
+    sslSocket *ss, SSLSignatureScheme scheme, CERTCertificate *cert);
 extern SECStatus ssl_ParseSignatureSchemes(sslSocket *ss, PLArenaPool *arena,
-                                           SignatureScheme **schemesOut,
+                                           SSLSignatureScheme **schemesOut,
                                            unsigned int *numSchemesOut,
                                            unsigned char **b,
                                            unsigned int *len);
 extern SECStatus ssl_ConsumeSignatureScheme(
-    sslSocket *ss, SSL3Opaque **b, PRUint32 *length, SignatureScheme *out);
+    sslSocket *ss, SSL3Opaque **b, PRUint32 *length, SSLSignatureScheme *out);
 extern SECStatus ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash,
                                  SECKEYPrivateKey *key, SECItem *buf);
-extern SECStatus ssl3_VerifySignedHashes(sslSocket *ss, SignatureScheme scheme,
+extern SECStatus ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme,
                                          SSL3Hashes *hash, SECItem *buf);
 extern SECStatus ssl3_CacheWrappedMasterSecret(
     sslSocket *ss, sslSessionID *sid,
     ssl3CipherSpec *spec, SSLAuthType authType);
 extern void ssl3_FreeSniNameArray(TLSExtensionData *xtnData);
 
 /* Functions that handle ClientHello and ServerHello extensions. */
 extern SECStatus ssl3_HandleServerNameXtn(sslSocket *ss,
@@ -1918,17 +1918,17 @@ SECStatus ssl_ReadCertificateStatus(sslS
 SECStatus ssl3_EncodeSigAlgs(sslSocket *ss, PRUint8 *buf,
                              unsigned maxLen, PRUint32 *len);
 void ssl3_GetCertificateRequestCAs(sslSocket *ss, int *calenp, SECItem **namesp,
                                    int *nnamesp);
 SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b,
                                           PRUint32 *length, PLArenaPool *arena,
                                           CERTDistNames *ca_list);
 SECStatus ssl3_CompleteHandleCertificateRequest(
-    sslSocket *ss, const SignatureScheme *signatureSchemes,
+    sslSocket *ss, const SSLSignatureScheme *signatureSchemes,
     unsigned int signatureSchemeCount, CERTDistNames *ca_list);
 SECStatus ssl3_SendServerHello(sslSocket *ss);
 SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss,
                                       ssl3CipherSpec *spec,
                                       SSL3Hashes *hashes,
                                       PRUint32 sender);
 PRInt32 tls13_ServerSendKeyShareXtn(sslSocket *ss, PRBool append,
                                     PRUint32 maxBytes);
@@ -1953,22 +1953,22 @@ PRInt32 tls13_ServerSendSigAlgsXtn(sslSo
                                    PRUint32 maxBytes);
 PRBool ssl3_ClientExtensionAdvertised(sslSocket *ss, PRUint16 ex_type);
 SECStatus ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid);
 const ssl3CipherSuiteDef *ssl_LookupCipherSuiteDef(ssl3CipherSuite suite);
 const ssl3BulkCipherDef *
 ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def);
 SECStatus ssl3_SelectServerCert(sslSocket *ss);
 SECStatus ssl_PickSignatureScheme(sslSocket *ss, SECKEYPublicKey *key,
-                                  const SignatureScheme *peerSchemes,
+                                  const SSLSignatureScheme *peerSchemes,
                                   unsigned int peerSchemeCount,
                                   PRBool requireSha1);
 SECOidTag ssl3_HashTypeToOID(SSLHashType hashType);
-SSLHashType ssl_SignatureSchemeToHashType(SignatureScheme scheme);
-KeyType ssl_SignatureSchemeToKeyType(SignatureScheme scheme);
+SSLHashType ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme);
+KeyType ssl_SignatureSchemeToKeyType(SSLSignatureScheme scheme);
 
 SECStatus ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite,
                               PRBool initHashes);
 
 /* Pull in TLS 1.3 functions */
 #include "tls13con.h"
 
 /********************** misc calls *********************/
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -2939,17 +2939,17 @@ done:
  * Caller must hold Handshake and RecvBuf locks.
  */
 SECStatus
 tls13_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
                               TLS13CombinedHash *hashes)
 {
     SECItem signed_hash = { siBuffer, NULL, 0 };
     SECStatus rv;
-    SignatureScheme sigScheme;
+    SSLSignatureScheme sigScheme;
     SSLHashType hashAlg;
     SSL3Hashes tbsHash;
 
     SSL_TRC(3, ("%d: TLS13[%d]: handle certificate_verify handshake",
                 SSL_GETPID(), ss->fd));
     PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));