From 2658d88a991e11019f13fd122f9d3933a8600e6b Mon Sep 17 00:00:00 2001
From: Joseph Birr-Pixton <jpixton@gmail.com>
Date: Fri, 4 Aug 2023 16:04:51 +0100
Subject: [PATCH] Make `SignatureScheme` enum names closer to IANA

Having our naming close to the standard makes things a bit clearer.

- ECDSA_SHA1_Legacy -> ECDSA_SHA1.
- RSA_PSS_SHA* -> RSA_PSS_RSAE_*.
- add RSA_PSS_PSS_* enums (not implemented on our side, but could be).
- ECDSA_NISTP* -> ECDSA_SECP*.
- complete supported_in_tls13(), in case these are encountered via
  pluggable crypto.

This is a breaking API change.
---
 rustls/examples/internal/bogo_shim.rs | 10 +++---
 rustls/src/enums.rs                   | 47 +++++++++++++++++----------
 rustls/src/msgs/handshake_test.rs     | 10 +++---
 rustls/src/sign.rs                    | 20 ++++++------
 rustls/src/tls12/mod.rs               | 13 ++++----
 rustls/src/verify.rs                  |  8 ++---
 rustls/src/webpki/verify.rs           | 36 ++++++++++----------
 rustls/tests/api.rs                   | 30 ++++++++---------
 8 files changed, 93 insertions(+), 81 deletions(-)

diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs
index 57bfc74b..cb85df91 100644
--- a/rustls/examples/internal/bogo_shim.rs
+++ b/rustls/examples/internal/bogo_shim.rs
@@ -343,11 +343,11 @@ fn lookup_scheme(scheme: u16) -> SignatureScheme {
         0x0401 => SignatureScheme::RSA_PKCS1_SHA256,
         0x0501 => SignatureScheme::RSA_PKCS1_SHA384,
         0x0601 => SignatureScheme::RSA_PKCS1_SHA512,
-        0x0403 => SignatureScheme::ECDSA_NISTP256_SHA256,
-        0x0503 => SignatureScheme::ECDSA_NISTP384_SHA384,
-        0x0804 => SignatureScheme::RSA_PSS_SHA256,
-        0x0805 => SignatureScheme::RSA_PSS_SHA384,
-        0x0806 => SignatureScheme::RSA_PSS_SHA512,
+        0x0403 => SignatureScheme::ECDSA_SECP256R1_SHA256,
+        0x0503 => SignatureScheme::ECDSA_SECP384R1_SHA384,
+        0x0804 => SignatureScheme::RSA_PSS_RSAE_SHA256,
+        0x0805 => SignatureScheme::RSA_PSS_RSAE_SHA384,
+        0x0806 => SignatureScheme::RSA_PSS_RSAE_SHA512,
         0x0807 => SignatureScheme::ED25519,
         // TODO: add support for Ed448
         // 0x0808 => SignatureScheme::ED448,
diff --git a/rustls/src/enums.rs b/rustls/src/enums.rs
index 087e92f3..d3221c47 100644
--- a/rustls/src/enums.rs
+++ b/rustls/src/enums.rs
@@ -503,16 +503,19 @@ enum_builder! {
     EnumName: SignatureScheme;
     EnumVal{
         RSA_PKCS1_SHA1 => 0x0201,
-        ECDSA_SHA1_Legacy => 0x0203,
         RSA_PKCS1_SHA256 => 0x0401,
-        ECDSA_NISTP256_SHA256 => 0x0403,
         RSA_PKCS1_SHA384 => 0x0501,
-        ECDSA_NISTP384_SHA384 => 0x0503,
         RSA_PKCS1_SHA512 => 0x0601,
-        ECDSA_NISTP521_SHA512 => 0x0603,
-        RSA_PSS_SHA256 => 0x0804,
-        RSA_PSS_SHA384 => 0x0805,
-        RSA_PSS_SHA512 => 0x0806,
+        ECDSA_SHA1 => 0x0203,
+        ECDSA_SECP256R1_SHA256 => 0x0403,
+        ECDSA_SECP384R1_SHA384 => 0x0503,
+        ECDSA_SECP521R1_SHA512 => 0x0603,
+        RSA_PSS_RSAE_SHA256 => 0x0804,
+        RSA_PSS_RSAE_SHA384 => 0x0805,
+        RSA_PSS_RSAE_SHA512 => 0x0806,
+        RSA_PSS_PSS_SHA256 => 0x0809,
+        RSA_PSS_PSS_SHA384 => 0x080a,
+        RSA_PSS_PSS_SHA512 => 0x080b,
         ED25519 => 0x0807,
         ED448 => 0x0808
     }
@@ -525,12 +528,15 @@ impl SignatureScheme {
             | Self::RSA_PKCS1_SHA256
             | Self::RSA_PKCS1_SHA384
             | Self::RSA_PKCS1_SHA512
-            | Self::RSA_PSS_SHA256
-            | Self::RSA_PSS_SHA384
-            | Self::RSA_PSS_SHA512 => SignatureAlgorithm::RSA,
-            Self::ECDSA_NISTP256_SHA256
-            | Self::ECDSA_NISTP384_SHA384
-            | Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA,
+            | Self::RSA_PSS_RSAE_SHA256
+            | Self::RSA_PSS_RSAE_SHA384
+            | Self::RSA_PSS_RSAE_SHA512
+            | Self::RSA_PSS_PSS_SHA256
+            | Self::RSA_PSS_PSS_SHA384
+            | Self::RSA_PSS_PSS_SHA512 => SignatureAlgorithm::RSA,
+            Self::ECDSA_SECP256R1_SHA256
+            | Self::ECDSA_SECP384R1_SHA384
+            | Self::ECDSA_SECP521R1_SHA512 => SignatureAlgorithm::ECDSA,
             _ => SignatureAlgorithm::Unknown(0),
         }
     }
@@ -545,12 +551,17 @@ impl SignatureScheme {
     pub(crate) fn supported_in_tls13(&self) -> bool {
         matches!(
             *self,
-            Self::ECDSA_NISTP384_SHA384
-                | Self::ECDSA_NISTP256_SHA256
-                | Self::RSA_PSS_SHA512
-                | Self::RSA_PSS_SHA384
-                | Self::RSA_PSS_SHA256
+            Self::ECDSA_SECP256R1_SHA256
+                | Self::ECDSA_SECP384R1_SHA384
+                | Self::ECDSA_SECP521R1_SHA512
+                | Self::RSA_PSS_RSAE_SHA256
+                | Self::RSA_PSS_RSAE_SHA384
+                | Self::RSA_PSS_RSAE_SHA512
+                | Self::RSA_PSS_PSS_SHA256
+                | Self::RSA_PSS_PSS_SHA384
+                | Self::RSA_PSS_PSS_SHA512
                 | Self::ED25519
+                | Self::ED448
         )
     }
 }
diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs
index 64025928..c99dafea 100644
--- a/rustls/src/msgs/handshake_test.rs
+++ b/rustls/src/msgs/handshake_test.rs
@@ -364,7 +364,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload {
         extensions: vec![
             ClientExtension::ECPointFormats(ECPointFormat::SUPPORTED.to_vec()),
             ClientExtension::NamedGroups(vec![NamedGroup::X25519]),
-            ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]),
+            ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_SECP256R1_SHA256]),
             ClientExtension::make_sni(DnsNameRef::try_from("hello").unwrap()),
             ClientExtension::SessionTicket(ClientSessionTicket::Request),
             ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload(vec![]))),
@@ -817,7 +817,7 @@ fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload {
             },
             public: PayloadU8(vec![1, 2, 3]),
         },
-        dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]),
+        dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_RSAE_SHA256, vec![1, 2, 3]),
     })
 }
 
@@ -828,7 +828,7 @@ fn get_sample_serverkeyexchangepayload_unknown() -> ServerKeyExchangePayload {
 fn get_sample_certificaterequestpayload() -> CertificateRequestPayload {
     CertificateRequestPayload {
         certtypes: vec![ClientCertificateType::RSASign],
-        sigschemes: vec![SignatureScheme::ECDSA_NISTP256_SHA256],
+        sigschemes: vec![SignatureScheme::ECDSA_SECP256R1_SHA256],
         canames: vec![DistinguishedName::from(vec![1, 2, 3])],
     }
 }
@@ -837,7 +837,7 @@ fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTLS13
     CertificateRequestPayloadTLS13 {
         context: PayloadU8(vec![1, 2, 3]),
         extensions: vec![
-            CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]),
+            CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_SECP256R1_SHA256]),
             CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]),
             CertReqExtension::Unknown(UnknownExtension {
                 typ: ExtensionType::Unknown(12345),
@@ -1048,7 +1048,7 @@ fn get_all_tls13_handshake_payloads() -> Vec<HandshakeMessagePayload> {
         HandshakeMessagePayload {
             typ: HandshakeType::CertificateVerify,
             payload: HandshakePayload::CertificateVerify(DigitallySignedStruct::new(
-                SignatureScheme::ECDSA_NISTP256_SHA256,
+                SignatureScheme::ECDSA_SECP256R1_SHA256,
                 vec![1, 2, 3],
             )),
         },
diff --git a/rustls/src/sign.rs b/rustls/src/sign.rs
index e2e30b48..2732baa9 100644
--- a/rustls/src/sign.rs
+++ b/rustls/src/sign.rs
@@ -86,7 +86,7 @@ pub fn any_supported_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>,
 pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>, SignError> {
     if let Ok(ecdsa_p256) = EcdsaSigningKey::new(
         der,
-        SignatureScheme::ECDSA_NISTP256_SHA256,
+        SignatureScheme::ECDSA_SECP256R1_SHA256,
         &signature::ECDSA_P256_SHA256_ASN1_SIGNING,
     ) {
         return Ok(Arc::new(ecdsa_p256));
@@ -94,7 +94,7 @@ pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>, Sign
 
     if let Ok(ecdsa_p384) = EcdsaSigningKey::new(
         der,
-        SignatureScheme::ECDSA_NISTP384_SHA384,
+        SignatureScheme::ECDSA_SECP384R1_SHA384,
         &signature::ECDSA_P384_SHA384_ASN1_SIGNING,
     ) {
         return Ok(Arc::new(ecdsa_p384));
@@ -124,9 +124,9 @@ pub struct RsaSigningKey {
 }
 
 static ALL_RSA_SCHEMES: &[SignatureScheme] = &[
-    SignatureScheme::RSA_PSS_SHA512,
-    SignatureScheme::RSA_PSS_SHA384,
-    SignatureScheme::RSA_PSS_SHA256,
+    SignatureScheme::RSA_PSS_RSAE_SHA512,
+    SignatureScheme::RSA_PSS_RSAE_SHA384,
+    SignatureScheme::RSA_PSS_RSAE_SHA256,
     SignatureScheme::RSA_PKCS1_SHA512,
     SignatureScheme::RSA_PKCS1_SHA384,
     SignatureScheme::RSA_PKCS1_SHA256,
@@ -168,9 +168,9 @@ impl RsaSigner {
             SignatureScheme::RSA_PKCS1_SHA256 => &signature::RSA_PKCS1_SHA256,
             SignatureScheme::RSA_PKCS1_SHA384 => &signature::RSA_PKCS1_SHA384,
             SignatureScheme::RSA_PKCS1_SHA512 => &signature::RSA_PKCS1_SHA512,
-            SignatureScheme::RSA_PSS_SHA256 => &signature::RSA_PSS_SHA256,
-            SignatureScheme::RSA_PSS_SHA384 => &signature::RSA_PSS_SHA384,
-            SignatureScheme::RSA_PSS_SHA512 => &signature::RSA_PSS_SHA512,
+            SignatureScheme::RSA_PSS_RSAE_SHA256 => &signature::RSA_PSS_SHA256,
+            SignatureScheme::RSA_PSS_RSAE_SHA384 => &signature::RSA_PSS_SHA384,
+            SignatureScheme::RSA_PSS_RSAE_SHA512 => &signature::RSA_PSS_SHA512,
             _ => unreachable!(),
         };
 
@@ -241,8 +241,8 @@ impl EcdsaSigningKey {
         maybe_sec1_der: &[u8],
     ) -> Result<EcdsaKeyPair, ()> {
         let pkcs8_prefix = match scheme {
-            SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256,
-            SignatureScheme::ECDSA_NISTP384_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384,
+            SignatureScheme::ECDSA_SECP256R1_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256,
+            SignatureScheme::ECDSA_SECP384R1_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384,
             _ => unreachable!(), // all callers are in this file
         };
 
diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs
index ed044287..0a119f12 100644
--- a/rustls/src/tls12/mod.rs
+++ b/rustls/src/tls12/mod.rs
@@ -118,15 +118,16 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite =
 
 static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[
     SignatureScheme::ED25519,
-    SignatureScheme::ECDSA_NISTP521_SHA512,
-    SignatureScheme::ECDSA_NISTP384_SHA384,
-    SignatureScheme::ECDSA_NISTP256_SHA256,
+    SignatureScheme::ED448,
+    SignatureScheme::ECDSA_SECP521R1_SHA512,
+    SignatureScheme::ECDSA_SECP384R1_SHA384,
+    SignatureScheme::ECDSA_SECP256R1_SHA256,
 ];
 
 static TLS12_RSA_SCHEMES: &[SignatureScheme] = &[
-    SignatureScheme::RSA_PSS_SHA512,
-    SignatureScheme::RSA_PSS_SHA384,
-    SignatureScheme::RSA_PSS_SHA256,
+    SignatureScheme::RSA_PSS_RSAE_SHA512,
+    SignatureScheme::RSA_PSS_RSAE_SHA384,
+    SignatureScheme::RSA_PSS_RSAE_SHA256,
     SignatureScheme::RSA_PKCS1_SHA512,
     SignatureScheme::RSA_PKCS1_SHA384,
     SignatureScheme::RSA_PKCS1_SHA256,
diff --git a/rustls/src/verify.rs b/rustls/src/verify.rs
index 376912bc..cd222483 100644
--- a/rustls/src/verify.rs
+++ b/rustls/src/verify.rs
@@ -105,7 +105,7 @@ pub trait ServerCertVerifier: Send + Sync {
     /// connection.
     ///
     /// This method is only called for TLS1.2 handshakes.  Note that, in TLS1.2,
-    /// SignatureSchemes such as `SignatureScheme::ECDSA_NISTP256_SHA256` are not
+    /// SignatureSchemes such as `SignatureScheme::ECDSA_SECP256R1_SHA256` are not
     /// in fact bound to the specific curve implied in their name.
     fn verify_tls12_signature(
         &self,
@@ -119,7 +119,7 @@ pub trait ServerCertVerifier: Send + Sync {
     /// This method is only called for TLS1.3 handshakes.
     ///
     /// This method is very similar to `verify_tls12_signature`: but note the
-    /// tighter ECDSA SignatureScheme semantics -- e.g. `SignatureScheme::ECDSA_NISTP256_SHA256`
+    /// tighter ECDSA SignatureScheme semantics -- e.g. `SignatureScheme::ECDSA_SECP256R1_SHA256`
     /// must only validate signatures using public keys on the right curve --
     /// rustls does not enforce this requirement for you.
     ///
@@ -213,7 +213,7 @@ pub trait ClientCertVerifier: Send + Sync {
     /// connection.
     ///
     /// This method is only called for TLS1.2 handshakes.  Note that, in TLS1.2,
-    /// SignatureSchemes such as `SignatureScheme::ECDSA_NISTP256_SHA256` are not
+    /// SignatureSchemes such as `SignatureScheme::ECDSA_SECP256R1_SHA256` are not
     /// in fact bound to the specific curve implied in their name.
     fn verify_tls12_signature(
         &self,
@@ -228,7 +228,7 @@ pub trait ClientCertVerifier: Send + Sync {
     ///
     /// This method is very similar to `verify_tls12_signature`, but note the
     /// tighter ECDSA SignatureScheme semantics in TLS 1.3. For example,
-    /// `SignatureScheme::ECDSA_NISTP256_SHA256`
+    /// `SignatureScheme::ECDSA_SECP256R1_SHA256`
     /// must only validate signatures using public keys on the right curve --
     /// rustls does not enforce this requirement for you.
     fn verify_tls13_signature(
diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs
index 8d8f52e5..b346d6cf 100644
--- a/rustls/src/webpki/verify.rs
+++ b/rustls/src/webpki/verify.rs
@@ -162,12 +162,12 @@ impl WebPkiServerVerifier {
     /// Which signature verification schemes the `webpki` crate supports.
     pub fn default_supported_verify_schemes() -> Vec<SignatureScheme> {
         vec![
-            SignatureScheme::ECDSA_NISTP384_SHA384,
-            SignatureScheme::ECDSA_NISTP256_SHA256,
+            SignatureScheme::ECDSA_SECP384R1_SHA384,
+            SignatureScheme::ECDSA_SECP256R1_SHA256,
             SignatureScheme::ED25519,
-            SignatureScheme::RSA_PSS_SHA512,
-            SignatureScheme::RSA_PSS_SHA384,
-            SignatureScheme::RSA_PSS_SHA256,
+            SignatureScheme::RSA_PSS_RSAE_SHA512,
+            SignatureScheme::RSA_PSS_RSAE_SHA384,
+            SignatureScheme::RSA_PSS_RSAE_SHA256,
             SignatureScheme::RSA_PKCS1_SHA512,
             SignatureScheme::RSA_PKCS1_SHA384,
             SignatureScheme::RSA_PKCS1_SHA256,
@@ -474,15 +474,15 @@ static ED25519: SignatureAlgorithms = &[webpki::ED25519];
 static RSA_SHA256: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA256];
 static RSA_SHA384: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA384];
 static RSA_SHA512: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA512];
-static RSA_PSS_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY];
-static RSA_PSS_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY];
-static RSA_PSS_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY];
+static RSA_PSS_RSAE_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY];
+static RSA_PSS_RSAE_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY];
+static RSA_PSS_RSAE_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY];
 
 fn convert_scheme(scheme: SignatureScheme) -> Result<SignatureAlgorithms, Error> {
     match scheme {
         // nb. for TLS1.2 the curve is not fixed by SignatureScheme.
-        SignatureScheme::ECDSA_NISTP256_SHA256 => Ok(ECDSA_SHA256),
-        SignatureScheme::ECDSA_NISTP384_SHA384 => Ok(ECDSA_SHA384),
+        SignatureScheme::ECDSA_SECP256R1_SHA256 => Ok(ECDSA_SHA256),
+        SignatureScheme::ECDSA_SECP384R1_SHA384 => Ok(ECDSA_SHA384),
 
         SignatureScheme::ED25519 => Ok(ED25519),
 
@@ -490,9 +490,9 @@ fn convert_scheme(scheme: SignatureScheme) -> Result<SignatureAlgorithms, Error>
         SignatureScheme::RSA_PKCS1_SHA384 => Ok(RSA_SHA384),
         SignatureScheme::RSA_PKCS1_SHA512 => Ok(RSA_SHA512),
 
-        SignatureScheme::RSA_PSS_SHA256 => Ok(RSA_PSS_SHA256),
-        SignatureScheme::RSA_PSS_SHA384 => Ok(RSA_PSS_SHA384),
-        SignatureScheme::RSA_PSS_SHA512 => Ok(RSA_PSS_SHA512),
+        SignatureScheme::RSA_PSS_RSAE_SHA256 => Ok(RSA_PSS_RSAE_SHA256),
+        SignatureScheme::RSA_PSS_RSAE_SHA384 => Ok(RSA_PSS_RSAE_SHA384),
+        SignatureScheme::RSA_PSS_RSAE_SHA512 => Ok(RSA_PSS_RSAE_SHA512),
 
         _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()),
     }
@@ -535,12 +535,12 @@ fn convert_alg_tls13(
     use crate::enums::SignatureScheme::*;
 
     match scheme {
-        ECDSA_NISTP256_SHA256 => Ok(webpki::ECDSA_P256_SHA256),
-        ECDSA_NISTP384_SHA384 => Ok(webpki::ECDSA_P384_SHA384),
+        ECDSA_SECP256R1_SHA256 => Ok(webpki::ECDSA_P256_SHA256),
+        ECDSA_SECP384R1_SHA384 => Ok(webpki::ECDSA_P384_SHA384),
         ED25519 => Ok(webpki::ED25519),
-        RSA_PSS_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY),
-        RSA_PSS_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY),
-        RSA_PSS_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY),
+        RSA_PSS_RSAE_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY),
+        RSA_PSS_RSAE_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY),
+        RSA_PSS_RSAE_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY),
         _ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()),
     }
 }
diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs
index afc9eee5..54ad4f35 100644
--- a/rustls/tests/api.rs
+++ b/rustls/tests/api.rs
@@ -841,9 +841,9 @@ fn server_cert_resolve_reduces_sigalgs_for_rsa_ciphersuite() {
         KeyType::Rsa,
         CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
         vec![
-            SignatureScheme::RSA_PSS_SHA512,
-            SignatureScheme::RSA_PSS_SHA384,
-            SignatureScheme::RSA_PSS_SHA256,
+            SignatureScheme::RSA_PSS_RSAE_SHA512,
+            SignatureScheme::RSA_PSS_RSAE_SHA384,
+            SignatureScheme::RSA_PSS_RSAE_SHA256,
             SignatureScheme::RSA_PKCS1_SHA512,
             SignatureScheme::RSA_PKCS1_SHA384,
             SignatureScheme::RSA_PKCS1_SHA256,
@@ -858,8 +858,8 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() {
         KeyType::Ecdsa,
         CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
         vec![
-            SignatureScheme::ECDSA_NISTP384_SHA384,
-            SignatureScheme::ECDSA_NISTP256_SHA256,
+            SignatureScheme::ECDSA_SECP384R1_SHA384,
+            SignatureScheme::ECDSA_SECP256R1_SHA256,
             SignatureScheme::ED25519,
         ],
     );
@@ -1053,23 +1053,23 @@ fn client_cert_resolve() {
         for version in rustls::ALL_VERSIONS {
             let expected_sigschemes = match version.version {
                 ProtocolVersion::TLSv1_2 => vec![
-                    SignatureScheme::ECDSA_NISTP384_SHA384,
-                    SignatureScheme::ECDSA_NISTP256_SHA256,
+                    SignatureScheme::ECDSA_SECP384R1_SHA384,
+                    SignatureScheme::ECDSA_SECP256R1_SHA256,
                     SignatureScheme::ED25519,
-                    SignatureScheme::RSA_PSS_SHA512,
-                    SignatureScheme::RSA_PSS_SHA384,
-                    SignatureScheme::RSA_PSS_SHA256,
+                    SignatureScheme::RSA_PSS_RSAE_SHA512,
+                    SignatureScheme::RSA_PSS_RSAE_SHA384,
+                    SignatureScheme::RSA_PSS_RSAE_SHA256,
                     SignatureScheme::RSA_PKCS1_SHA512,
                     SignatureScheme::RSA_PKCS1_SHA384,
                     SignatureScheme::RSA_PKCS1_SHA256,
                 ],
                 ProtocolVersion::TLSv1_3 => vec![
-                    SignatureScheme::ECDSA_NISTP384_SHA384,
-                    SignatureScheme::ECDSA_NISTP256_SHA256,
+                    SignatureScheme::ECDSA_SECP384R1_SHA384,
+                    SignatureScheme::ECDSA_SECP256R1_SHA256,
                     SignatureScheme::ED25519,
-                    SignatureScheme::RSA_PSS_SHA512,
-                    SignatureScheme::RSA_PSS_SHA384,
-                    SignatureScheme::RSA_PSS_SHA256,
+                    SignatureScheme::RSA_PSS_RSAE_SHA512,
+                    SignatureScheme::RSA_PSS_RSAE_SHA384,
+                    SignatureScheme::RSA_PSS_RSAE_SHA256,
                 ],
                 _ => unreachable!(),
             };