lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 18 Jul 2008 17:22:10 -0700
From:	"Adam Langley" <agl@...erialviolet.org>
To:	netdev@...r.kernel.org
Subject: [RFC 1/2] TCP: Renaming md5sig to auth

---

 include/linux/tcp.h      |    8 +
 include/net/tcp.h        |  116 +++++++++---------
 net/ipv4/tcp.c           |  112 +++++++++---------
 net/ipv4/tcp_input.c     |    4 -
 net/ipv4/tcp_ipv4.c      |  283 ++++++++++++++++++++++----------------------
 net/ipv4/tcp_minisocks.c |   36 +++---
 net/ipv4/tcp_output.c    |   72 ++++++-----
 net/ipv6/tcp_ipv6.c      |  294 +++++++++++++++++++++++-----------------------
 8 files changed, 461 insertions(+), 464 deletions(-)

diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 2e25573..65542c6 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -162,7 +162,7 @@ struct tcp_info
 /* for TCP_MD5SIG socket option */
 #define TCP_MD5SIG_MAXKEYLEN	80
 
-struct tcp_md5sig {
+struct tcp_auth {
 	struct __kernel_sockaddr_storage tcpm_addr;	/* address associated */
 	__u16	__tcpm_pad1;				/* zero */
 	__u16	tcpm_keylen;				/* key length */
@@ -407,7 +407,7 @@ struct tcp_sock {
 	struct tcp_sock_af_ops	*af_specific;
 
 /* TCP MD5 Signagure Option information */
-	struct tcp_md5sig_info	*md5sig_info;
+	struct tcp_auth_info	*auth_info;
 #endif
 
 	int			linger2;
@@ -426,8 +426,8 @@ struct tcp_timewait_sock {
 	u32			  tw_ts_recent;
 	long			  tw_ts_recent_stamp;
 #ifdef CONFIG_TCP_MD5SIG
-	u16			  tw_md5_keylen;
-	u8			  tw_md5_key[TCP_MD5SIG_MAXKEYLEN];
+	u16			  tw_auth_keylen;
+	u8			  tw_auth_key[TCP_MD5SIG_MAXKEYLEN];
 #endif
 };
 
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 8983386..9903916 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -397,7 +397,7 @@ extern void			tcp_parse_options(struct sk_buff *skb,
 						  struct tcp_options_received *opt_rx,
 						  int estab);
 
-extern u8			*tcp_parse_md5sig_option(struct tcphdr *th);
+extern u8			*tcp_auth_parse_option(struct tcphdr *th);
 
 /*
  *	TCP v4 functions exported for the inet6 API
@@ -1052,18 +1052,18 @@ static inline void tcp_clear_all_retrans_hints(struct tcp_sock *tp)
 struct crypto_hash;
 
 /* - key database */
-struct tcp_md5sig_key {
+struct tcp_auth_key {
 	u8			*key;
 	u8			keylen;
 };
 
-struct tcp4_md5sig_key {
-	struct tcp_md5sig_key	base;
+struct tcp4_auth_key {
+	struct tcp_auth_key	base;
 	__be32			addr;
 };
 
-struct tcp6_md5sig_key {
-	struct tcp_md5sig_key	base;
+struct tcp6_auth_key {
+	struct tcp_auth_key	base;
 #if 0
 	u32			scope_id;	/* XXX */
 #endif
@@ -1071,10 +1071,10 @@ struct tcp6_md5sig_key {
 };
 
 /* - sock block */
-struct tcp_md5sig_info {
-	struct tcp4_md5sig_key	*keys4;
+struct tcp_auth_info {
+	struct tcp4_auth_key	*keys4;
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-	struct tcp6_md5sig_key	*keys6;
+	struct tcp6_auth_key	*keys6;
 	u32			entries6;
 	u32			alloced6;
 #endif
@@ -1098,7 +1098,7 @@ struct tcp6_pseudohdr {
 	__be32		protocol;	/* including padding */
 };
 
-union tcp_md5sum_block {
+union tcp_auth_block {
 	struct tcp4_pseudohdr ip4;
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 	struct tcp6_pseudohdr ip6;
@@ -1106,65 +1106,63 @@ union tcp_md5sum_block {
 };
 
 /* - pool: digest algorithm, hash description and scratch buffer */
-struct tcp_md5sig_pool {
+struct tcp_auth_pool {
 	struct hash_desc	md5_desc;
-	union tcp_md5sum_block	md5_blk;
+	union tcp_auth_block	md5_blk;
 };
 
 #define TCP_MD5SIG_MAXKEYS	(~(u32)0)	/* really?! */
 
 /* - functions */
-extern int			tcp_v4_md5_hash_skb(char *md5_hash,
-						    struct tcp_md5sig_key *key,
-						    struct sock *sk,
-						    struct request_sock *req,
-						    struct sk_buff *skb);
+extern int			tcp_v4_auth_hash_skb(char *md5_hash,
+						     struct tcp_md5sig_key *key,
+						     struct sock *sk,
+						     struct request_sock *req,
+						     struct sk_buff *skb);
 
-extern struct tcp_md5sig_key	*tcp_v4_md5_lookup(struct sock *sk,
-						   struct sock *addr_sk);
+extern struct tcp_md5sig_key	*tcp_v4_auth_lookup(struct sock *sk,
+						    struct sock *addr_sk);
 
-extern int			tcp_v4_md5_do_add(struct sock *sk,
-						  __be32 addr,
-						  u8 *newkey,
-						  u8 newkeylen);
+extern int			tcp_v4_auth_do_add(struct sock *sk,
+						   __be32 addr,
+						   u8 *newkey,
+						   u8 newkeylen);
 
-extern int			tcp_v4_md5_do_del(struct sock *sk,
-						  __be32 addr);
+extern int			tcp_v4_auth_do_del(struct sock *sk,
+						   __be32 addr);
 
 #ifdef CONFIG_TCP_MD5SIG
-#define tcp_twsk_md5_key(twsk)	((twsk)->tw_md5_keylen ? 		 \
-				 &(struct tcp_md5sig_key) {		 \
-					.key = (twsk)->tw_md5_key,	 \
-					.keylen = (twsk)->tw_md5_keylen, \
+#define tcp_twsk_auth_key(twsk)	((twsk)->tw_auth_keylen ? 		 \
+				 &(struct tcp_auth_key) {		 \
+					.key = (twsk)->tw_auth_key,	 \
+					.keylen = (twsk)->tw_auth_keylen, \
 				} : NULL)
 #else
-#define tcp_twsk_md5_key(twsk)	NULL
+#define tcp_twsk_auth_key(twsk)	NULL
 #endif
 
-extern struct tcp_md5sig_pool	**tcp_alloc_md5sig_pool(void);
-extern void			tcp_free_md5sig_pool(void);
+extern struct tcp_auth_pool	**tcp_auth_alloc_pool(void);
+extern void			tcp_auth_free_pool(void);
 
-extern struct tcp_md5sig_pool	*__tcp_get_md5sig_pool(int cpu);
-extern void			__tcp_put_md5sig_pool(void);
-extern int tcp_md5_hash_header(struct tcp_md5sig_pool *, struct tcphdr *);
-extern int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *, struct sk_buff *,
-				 unsigned header_len);
-extern int tcp_md5_hash_key(struct tcp_md5sig_pool *hp,
-			    struct tcp_md5sig_key *key);
+extern struct tcp_auth_pool	*__tcp_auth_get_pool(int cpu);
+extern void			__tcp_auth_put_pool(void);
+extern int tcp_auth_hash_header(struct tcp_auth_pool *, struct tcphdr *);
+extern int tcp_auth_hash_skb_data(struct tcp_auth_pool *, struct sk_buff *,
+				  unsigned header_len);
 
 static inline
-struct tcp_md5sig_pool		*tcp_get_md5sig_pool(void)
+struct tcp_auth_pool		*tcp_auth_get_pool(void)
 {
 	int cpu = get_cpu();
-	struct tcp_md5sig_pool *ret = __tcp_get_md5sig_pool(cpu);
+	struct tcp_auth_pool *ret = __tcp_auth_get_pool(cpu);
 	if (!ret)
 		put_cpu();
 	return ret;
 }
 
-static inline void		tcp_put_md5sig_pool(void)
+static inline void		tcp_auth_put_pool(void)
 {
-	__tcp_put_md5sig_pool();
+	__tcp_auth_put_pool();
 	put_cpu();
 }
 
@@ -1375,27 +1373,27 @@ extern void tcp4_proc_exit(void);
 /* TCP af-specific functions */
 struct tcp_sock_af_ops {
 #ifdef CONFIG_TCP_MD5SIG
-	struct tcp_md5sig_key	*(*md5_lookup) (struct sock *sk,
-						struct sock *addr_sk);
-	int			(*calc_md5_hash) (char *location,
-						  struct tcp_md5sig_key *md5,
-						  struct sock *sk,
-						  struct request_sock *req,
-						  struct sk_buff *skb);
-	int			(*md5_add) (struct sock *sk,
-					    struct sock *addr_sk,
-					    u8 *newkey,
-					    u8 len);
-	int			(*md5_parse) (struct sock *sk,
-					      char __user *optval,
-					      int optlen);
+	struct tcp_auth_key	*(*auth_lookup) (struct sock *sk,
+						 struct sock *addr_sk);
+	int			(*auth_calc_hash) (char *location,
+						   struct tcp_auth_key *auth,
+						   struct sock *sk,
+						   struct request_sock *req,
+						   struct sk_buff *skb);
+	int			(*auth_add) (struct sock *sk,
+					     struct sock *addr_sk,
+					     u8 *newkey,
+					     u8 len);
+	int			(*auth_parse) (struct sock *sk,
+					       char __user *optval,
+					       int optlen);
 #endif
 };
 
 struct tcp_request_sock_ops {
 #ifdef CONFIG_TCP_MD5SIG
-	struct tcp_md5sig_key	*(*md5_lookup) (struct sock *sk,
-						struct request_sock *req);
+	struct tcp_auth_key	*(*auth_lookup) (struct sock *sk,
+						 struct request_sock *req);
 #endif
 };
 
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 0b491bf..021bb72 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2157,7 +2157,7 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
 #ifdef CONFIG_TCP_MD5SIG
 	case TCP_MD5SIG:
 		/* Read the IP->Key mappings from userspace */
-		err = tp->af_specific->md5_parse(sk, optval, optlen);
+		err = tp->af_specific->auth_parse(sk, optval, optlen);
 		break;
 #endif
 
@@ -2461,15 +2461,15 @@ out:
 EXPORT_SYMBOL(tcp_tso_segment);
 
 #ifdef CONFIG_TCP_MD5SIG
-static unsigned long tcp_md5sig_users;
-static struct tcp_md5sig_pool **tcp_md5sig_pool;
-static DEFINE_SPINLOCK(tcp_md5sig_pool_lock);
+static unsigned long tcp_auth_users;
+static struct tcp_auth_pool **tcp_auth_pool;
+static DEFINE_SPINLOCK(tcp_auth_pool_lock);
 
-static void __tcp_free_md5sig_pool(struct tcp_md5sig_pool **pool)
+static void __tcp_auth_free_pool(struct tcp_auth_pool **pool)
 {
 	int cpu;
 	for_each_possible_cpu(cpu) {
-		struct tcp_md5sig_pool *p = *per_cpu_ptr(pool, cpu);
+		struct tcp_auth_pool *p = *per_cpu_ptr(pool, cpu);
 		if (p) {
 			if (p->md5_desc.tfm)
 				crypto_free_hash(p->md5_desc.tfm);
@@ -2480,33 +2480,33 @@ static void __tcp_free_md5sig_pool(struct tcp_md5sig_pool **pool)
 	free_percpu(pool);
 }
 
-void tcp_free_md5sig_pool(void)
+void tcp_auth_free_pool(void)
 {
-	struct tcp_md5sig_pool **pool = NULL;
+	struct tcp_auth_pool **pool = NULL;
 
-	spin_lock_bh(&tcp_md5sig_pool_lock);
-	if (--tcp_md5sig_users == 0) {
-		pool = tcp_md5sig_pool;
-		tcp_md5sig_pool = NULL;
+	spin_lock_bh(&tcp_auth_pool_lock);
+	if (--tcp_auth_users == 0) {
+		pool = tcp_auth_pool;
+		tcp_auth_pool = NULL;
 	}
-	spin_unlock_bh(&tcp_md5sig_pool_lock);
+	spin_unlock_bh(&tcp_auth_pool_lock);
 	if (pool)
-		__tcp_free_md5sig_pool(pool);
+		__tcp_auth_free_pool(pool);
 }
 
-EXPORT_SYMBOL(tcp_free_md5sig_pool);
+EXPORT_SYMBOL(tcp_auth_free_pool);
 
-static struct tcp_md5sig_pool **__tcp_alloc_md5sig_pool(void)
+static struct tcp_auth_pool **__tcp_auth_alloc_pool(void)
 {
 	int cpu;
-	struct tcp_md5sig_pool **pool;
+	struct tcp_auth_pool **pool;
 
-	pool = alloc_percpu(struct tcp_md5sig_pool *);
+	pool = alloc_percpu(struct tcp_auth_pool *);
 	if (!pool)
 		return NULL;
 
 	for_each_possible_cpu(cpu) {
-		struct tcp_md5sig_pool *p;
+		struct tcp_auth_pool *p;
 		struct crypto_hash *hash;
 
 		p = kzalloc(sizeof(*p), GFP_KERNEL);
@@ -2522,75 +2522,75 @@ static struct tcp_md5sig_pool **__tcp_alloc_md5sig_pool(void)
 	}
 	return pool;
 out_free:
-	__tcp_free_md5sig_pool(pool);
+	__tcp_auth_free_pool(pool);
 	return NULL;
 }
 
-struct tcp_md5sig_pool **tcp_alloc_md5sig_pool(void)
+struct tcp_auth_pool **tcp_auth_alloc_pool(void)
 {
-	struct tcp_md5sig_pool **pool;
+	struct tcp_auth_pool **pool;
 	int alloc = 0;
 
 retry:
-	spin_lock_bh(&tcp_md5sig_pool_lock);
-	pool = tcp_md5sig_pool;
-	if (tcp_md5sig_users++ == 0) {
+	spin_lock_bh(&tcp_auth_pool_lock);
+	pool = tcp_auth_pool;
+	if (tcp_auth_users++ == 0) {
 		alloc = 1;
-		spin_unlock_bh(&tcp_md5sig_pool_lock);
+		spin_unlock_bh(&tcp_auth_pool_lock);
 	} else if (!pool) {
-		tcp_md5sig_users--;
-		spin_unlock_bh(&tcp_md5sig_pool_lock);
+		tcp_auth_users--;
+		spin_unlock_bh(&tcp_auth_pool_lock);
 		cpu_relax();
 		goto retry;
 	} else
-		spin_unlock_bh(&tcp_md5sig_pool_lock);
+		spin_unlock_bh(&tcp_auth_pool_lock);
 
 	if (alloc) {
 		/* we cannot hold spinlock here because this may sleep. */
-		struct tcp_md5sig_pool **p = __tcp_alloc_md5sig_pool();
-		spin_lock_bh(&tcp_md5sig_pool_lock);
+		struct tcp_auth_pool **p = __tcp_auth_alloc_pool();
+		spin_lock_bh(&tcp_auth_pool_lock);
 		if (!p) {
-			tcp_md5sig_users--;
-			spin_unlock_bh(&tcp_md5sig_pool_lock);
+			tcp_auth_users--;
+			spin_unlock_bh(&tcp_auth_pool_lock);
 			return NULL;
 		}
-		pool = tcp_md5sig_pool;
+		pool = tcp_auth_pool;
 		if (pool) {
 			/* oops, it has already been assigned. */
-			spin_unlock_bh(&tcp_md5sig_pool_lock);
-			__tcp_free_md5sig_pool(p);
+			spin_unlock_bh(&tcp_auth_pool_lock);
+			__tcp_auth_free_pool(p);
 		} else {
-			tcp_md5sig_pool = pool = p;
-			spin_unlock_bh(&tcp_md5sig_pool_lock);
+			tcp_auth_pool = pool = p;
+			spin_unlock_bh(&tcp_auth_pool_lock);
 		}
 	}
 	return pool;
 }
 
-EXPORT_SYMBOL(tcp_alloc_md5sig_pool);
+EXPORT_SYMBOL(tcp_auth_alloc_pool);
 
-struct tcp_md5sig_pool *__tcp_get_md5sig_pool(int cpu)
+struct tcp_auth_pool *__tcp_auth_get_pool(int cpu)
 {
-	struct tcp_md5sig_pool **p;
-	spin_lock_bh(&tcp_md5sig_pool_lock);
-	p = tcp_md5sig_pool;
+	struct tcp_auth_pool **p;
+	spin_lock_bh(&tcp_auth_pool_lock);
+	p = tcp_auth_pool;
 	if (p)
-		tcp_md5sig_users++;
-	spin_unlock_bh(&tcp_md5sig_pool_lock);
+		tcp_auth_users++;
+	spin_unlock_bh(&tcp_auth_pool_lock);
 	return (p ? *per_cpu_ptr(p, cpu) : NULL);
 }
 
-EXPORT_SYMBOL(__tcp_get_md5sig_pool);
+EXPORT_SYMBOL(__tcp_auth_get_pool);
 
-void __tcp_put_md5sig_pool(void)
+void __tcp_auth_put_pool(void)
 {
-	tcp_free_md5sig_pool();
+	tcp_auth_free_pool();
 }
 
-EXPORT_SYMBOL(__tcp_put_md5sig_pool);
+EXPORT_SYMBOL(__tcp_auth_put_pool);
 
-int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
-			struct tcphdr *th)
+int tcp_auth_hash_header(struct tcp_auth_pool *hp,
+			 struct tcphdr *th)
 {
 	struct scatterlist sg;
 	int err;
@@ -2604,10 +2604,10 @@ int tcp_md5_hash_header(struct tcp_md5sig_pool *hp,
 	return err;
 }
 
-EXPORT_SYMBOL(tcp_md5_hash_header);
+EXPORT_SYMBOL(tcp_auth_hash_header);
 
-int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
-			  struct sk_buff *skb, unsigned header_len)
+int tcp_auth_hash_skb_data(struct tcp_auth_pool *hp,
+			   struct sk_buff *skb, unsigned header_len)
 {
 	struct scatterlist sg;
 	const struct tcphdr *tp = tcp_hdr(skb);
@@ -2633,9 +2633,9 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp,
 	return 0;
 }
 
-EXPORT_SYMBOL(tcp_md5_hash_skb_data);
+EXPORT_SYMBOL(tcp_auth_hash_skb_data);
 
-int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, struct tcp_md5sig_key *key)
+int tcp_auth_hash_key(struct tcp_auth_pool *hp, struct tcp_auth_key *key)
 {
 	struct scatterlist sg;
 
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index fa91c13..f89c4c5 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -3468,7 +3468,7 @@ static int tcp_fast_parse_options(struct sk_buff *skb, struct tcphdr *th,
 /*
  * Parse MD5 Signature option
  */
-u8 *tcp_parse_md5sig_option(struct tcphdr *th)
+u8 *tcp_auth_parse_option(struct tcphdr *th)
 {
 	int length = (th->doff << 2) - sizeof (*th);
 	u8 *ptr = (u8*)(th + 1);
@@ -5477,7 +5477,7 @@ EXPORT_SYMBOL(sysctl_tcp_reordering);
 EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
 EXPORT_SYMBOL(tcp_parse_options);
 #ifdef CONFIG_TCP_MD5SIG
-EXPORT_SYMBOL(tcp_parse_md5sig_option);
+EXPORT_SYMBOL(tcp_auth_parse_option);
 #endif
 EXPORT_SYMBOL(tcp_rcv_established);
 EXPORT_SYMBOL(tcp_rcv_state_process);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 5400d75..8282634 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -85,13 +85,13 @@ int sysctl_tcp_low_latency __read_mostly;
 
 
 #ifdef CONFIG_TCP_MD5SIG
-static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
-						   __be32 addr);
-static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
-			       __be32 daddr, __be32 saddr, struct tcphdr *th);
+static struct tcp_auth_key *tcp_v4_auth_do_lookup(struct sock *sk,
+						  __be32 addr);
+static int tcp_v4_auth_hash_hdr(char *hash, struct tcp_auth_key *key,
+			        __be32 daddr, __be32 saddr, struct tcphdr *th);
 #else
 static inline
-struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
+struct tcp_auth_key *tcp_v4_auth_do_lookup(struct sock *sk, __be32 addr)
 {
 	return NULL;
 }
@@ -541,7 +541,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
 	} rep;
 	struct ip_reply_arg arg;
 #ifdef CONFIG_TCP_MD5SIG
-	struct tcp_md5sig_key *key;
+	struct tcp_auth_key *key;
 #endif
 	struct net *net;
 
@@ -572,7 +572,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
 	arg.iov[0].iov_len  = sizeof(rep.th);
 
 #ifdef CONFIG_TCP_MD5SIG
-	key = sk ? tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr) : NULL;
+	key = sk ? tcp_v4_auth_do_lookup(sk, ip_hdr(skb)->daddr) : NULL;
 	if (key) {
 		rep.opt[0] = htonl((TCPOPT_NOP << 24) |
 				   (TCPOPT_NOP << 16) |
@@ -582,7 +582,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
 		arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
 		rep.th.doff = arg.iov[0].iov_len / 4;
 
-		tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
+		tcp_v4_auth_hash_hdr((__u8 *) &rep.opt[1],
 				     key, ip_hdr(skb)->daddr,
 				     ip_hdr(skb)->saddr, &rep.th);
 	}
@@ -606,7 +606,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
 
 static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
 			    u32 win, u32 ts, int oif,
-			    struct tcp_md5sig_key *key)
+			    struct tcp_auth_key *key)
 {
 	struct tcphdr *th = tcp_hdr(skb);
 	struct {
@@ -654,9 +654,9 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
 		arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
 		rep.th.doff = arg.iov[0].iov_len/4;
 
-		tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
-				    key, ip_hdr(skb)->daddr,
-				    ip_hdr(skb)->saddr, &rep.th);
+		tcp_v4_auth_hash_hdr((__u8 *) &rep.opt[offset],
+				     key, ip_hdr(skb)->daddr,
+				     ip_hdr(skb)->saddr, &rep.th);
 	}
 #endif
 	arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
@@ -681,7 +681,7 @@ static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
 			tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
 			tcptw->tw_ts_recent,
 			tw->tw_bound_dev_if,
-			tcp_twsk_md5_key(tcptw)
+			tcp_twsk_auth_key(tcptw)
 			);
 
 	inet_twsk_put(tw);
@@ -694,7 +694,7 @@ static void tcp_v4_reqsk_send_ack(struct sk_buff *skb,
 			tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd,
 			req->ts_recent,
 			0,
-			tcp_v4_md5_do_lookup(skb->sk, ip_hdr(skb)->daddr));
+			tcp_v4_auth_do_lookup(skb->sk, ip_hdr(skb)->daddr));
 }
 
 /*
@@ -791,135 +791,134 @@ static struct ip_options *tcp_v4_save_options(struct sock *sk,
  */
 
 /* Find the Key structure for an address.  */
-static struct tcp_md5sig_key *
-			tcp_v4_md5_do_lookup(struct sock *sk, __be32 addr)
+static struct tcp_auth_key *tcp_v4_auth_do_lookup(struct sock *sk, __be32 addr)
 {
 	struct tcp_sock *tp = tcp_sk(sk);
 	int i;
 
-	if (!tp->md5sig_info || !tp->md5sig_info->entries4)
+	if (!tp->auth_info || !tp->auth_info->entries4)
 		return NULL;
-	for (i = 0; i < tp->md5sig_info->entries4; i++) {
-		if (tp->md5sig_info->keys4[i].addr == addr)
-			return &tp->md5sig_info->keys4[i].base;
+	for (i = 0; i < tp->auth_info->entries4; i++) {
+		if (tp->auth_info->keys4[i].addr == addr)
+			return &tp->auth_info->keys4[i].base;
 	}
 	return NULL;
 }
 
-struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk,
-					 struct sock *addr_sk)
+struct tcp_auth_key *tcp_v4_auth_lookup(struct sock *sk,
+					struct sock *addr_sk)
 {
-	return tcp_v4_md5_do_lookup(sk, inet_sk(addr_sk)->daddr);
+	return tcp_v4_auth_do_lookup(sk, inet_sk(addr_sk)->daddr);
 }
 
-EXPORT_SYMBOL(tcp_v4_md5_lookup);
+EXPORT_SYMBOL(tcp_v4_auth_lookup);
 
-static struct tcp_md5sig_key *tcp_v4_reqsk_md5_lookup(struct sock *sk,
-						      struct request_sock *req)
+static struct tcp_auth_key *tcp_v4_reqsk_auth_lookup(struct sock *sk,
+						     struct request_sock *req)
 {
-	return tcp_v4_md5_do_lookup(sk, inet_rsk(req)->rmt_addr);
+	return tcp_v4_auth_do_lookup(sk, inet_rsk(req)->rmt_addr);
 }
 
 /* This can be called on a newly created socket, from other files */
-int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
-		      u8 *newkey, u8 newkeylen)
+int tcp_v4_auth_do_add(struct sock *sk, __be32 addr,
+		       u8 *newkey, u8 newkeylen)
 {
 	/* Add Key to the list */
-	struct tcp_md5sig_key *key;
+	struct tcp_auth_key *key;
 	struct tcp_sock *tp = tcp_sk(sk);
-	struct tcp4_md5sig_key *keys;
+	struct tcp4_auth_key *keys;
 
-	key = tcp_v4_md5_do_lookup(sk, addr);
+	key = tcp_v4_auth_do_lookup(sk, addr);
 	if (key) {
 		/* Pre-existing entry - just update that one. */
 		kfree(key->key);
 		key->key = newkey;
 		key->keylen = newkeylen;
 	} else {
-		struct tcp_md5sig_info *md5sig;
+		struct tcp_auth_info *auth;
 
-		if (!tp->md5sig_info) {
-			tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info),
-						  GFP_ATOMIC);
-			if (!tp->md5sig_info) {
+		if (!tp->auth_info) {
+			tp->auth_info = kzalloc(sizeof(*tp->auth_info),
+						GFP_ATOMIC);
+			if (!tp->auth_info) {
 				kfree(newkey);
 				return -ENOMEM;
 			}
 			sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
 		}
-		if (tcp_alloc_md5sig_pool() == NULL) {
+		if (tcp_auth_alloc_pool() == NULL) {
 			kfree(newkey);
 			return -ENOMEM;
 		}
-		md5sig = tp->md5sig_info;
+		auth = tp->auth_info;
 
-		if (md5sig->alloced4 == md5sig->entries4) {
+		if (auth->alloced4 == auth->entries4) {
 			keys = kmalloc((sizeof(*keys) *
-					(md5sig->entries4 + 1)), GFP_ATOMIC);
+					(auth->entries4 + 1)), GFP_ATOMIC);
 			if (!keys) {
 				kfree(newkey);
-				tcp_free_md5sig_pool();
+				tcp_auth_free_pool();
 				return -ENOMEM;
 			}
 
-			if (md5sig->entries4)
-				memcpy(keys, md5sig->keys4,
-				       sizeof(*keys) * md5sig->entries4);
+			if (auth->entries4)
+				memcpy(keys, auth->keys4,
+				       sizeof(*keys) * auth->entries4);
 
 			/* Free old key list, and reference new one */
-			kfree(md5sig->keys4);
-			md5sig->keys4 = keys;
-			md5sig->alloced4++;
+			kfree(auth->keys4);
+			auth->keys4 = keys;
+			auth->alloced4++;
 		}
-		md5sig->entries4++;
-		md5sig->keys4[md5sig->entries4 - 1].addr        = addr;
-		md5sig->keys4[md5sig->entries4 - 1].base.key    = newkey;
-		md5sig->keys4[md5sig->entries4 - 1].base.keylen = newkeylen;
+		auth->entries4++;
+		auth->keys4[auth->entries4 - 1].addr        = addr;
+		auth->keys4[auth->entries4 - 1].base.key    = newkey;
+		auth->keys4[auth->entries4 - 1].base.keylen = newkeylen;
 	}
 	return 0;
 }
 
-EXPORT_SYMBOL(tcp_v4_md5_do_add);
+EXPORT_SYMBOL(tcp_v4_auth_do_add);
 
-static int tcp_v4_md5_add_func(struct sock *sk, struct sock *addr_sk,
-			       u8 *newkey, u8 newkeylen)
+static int tcp_v4_auth_add_func(struct sock *sk, struct sock *addr_sk,
+			        u8 *newkey, u8 newkeylen)
 {
-	return tcp_v4_md5_do_add(sk, inet_sk(addr_sk)->daddr,
-				 newkey, newkeylen);
+	return tcp_v4_auth_do_add(sk, inet_sk(addr_sk)->daddr,
+				  newkey, newkeylen);
 }
 
-int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
+int tcp_v4_auth_do_del(struct sock *sk, __be32 addr)
 {
 	struct tcp_sock *tp = tcp_sk(sk);
 	int i;
 
-	for (i = 0; i < tp->md5sig_info->entries4; i++) {
-		if (tp->md5sig_info->keys4[i].addr == addr) {
+	for (i = 0; i < tp->auth_info->entries4; i++) {
+		if (tp->auth_info->keys4[i].addr == addr) {
 			/* Free the key */
-			kfree(tp->md5sig_info->keys4[i].base.key);
-			tp->md5sig_info->entries4--;
-
-			if (tp->md5sig_info->entries4 == 0) {
-				kfree(tp->md5sig_info->keys4);
-				tp->md5sig_info->keys4 = NULL;
-				tp->md5sig_info->alloced4 = 0;
-			} else if (tp->md5sig_info->entries4 != i) {
+			kfree(tp->auth_info->keys4[i].base.key);
+			tp->auth_info->entries4--;
+
+			if (tp->auth_info->entries4 == 0) {
+				kfree(tp->auth_info->keys4);
+				tp->auth_info->keys4 = NULL;
+				tp->auth_info->alloced4 = 0;
+			} else if (tp->auth_info->entries4 != i) {
 				/* Need to do some manipulation */
-				memmove(&tp->md5sig_info->keys4[i],
-					&tp->md5sig_info->keys4[i+1],
-					(tp->md5sig_info->entries4 - i) *
-					 sizeof(struct tcp4_md5sig_key));
+				memmove(&tp->auth_info->keys4[i],
+					&tp->auth_info->keys4[i+1],
+					(tp->auth_info->entries4 - i) *
+					 sizeof(struct tcp4_auth_key));
 			}
-			tcp_free_md5sig_pool();
+			tcp_auth_free_pool();
 			return 0;
 		}
 	}
 	return -ENOENT;
 }
 
-EXPORT_SYMBOL(tcp_v4_md5_do_del);
+EXPORT_SYMBOL(tcp_v4_auth_do_del);
 
-static void tcp_v4_clear_md5_list(struct sock *sk)
+static void tcp_v4_auth_clear_list(struct sock *sk)
 {
 	struct tcp_sock *tp = tcp_sk(sk);
 
@@ -927,24 +926,24 @@ static void tcp_v4_clear_md5_list(struct sock *sk)
 	 * the crypto element, and then decrement our
 	 * hold on the last resort crypto.
 	 */
-	if (tp->md5sig_info->entries4) {
+	if (tp->auth_info->entries4) {
 		int i;
-		for (i = 0; i < tp->md5sig_info->entries4; i++)
-			kfree(tp->md5sig_info->keys4[i].base.key);
-		tp->md5sig_info->entries4 = 0;
-		tcp_free_md5sig_pool();
+		for (i = 0; i < tp->auth_info->entries4; i++)
+			kfree(tp->auth_info->keys4[i].base.key);
+		tp->auth_info->entries4 = 0;
+		tcp_auth_free_pool();
 	}
-	if (tp->md5sig_info->keys4) {
-		kfree(tp->md5sig_info->keys4);
-		tp->md5sig_info->keys4 = NULL;
-		tp->md5sig_info->alloced4  = 0;
+	if (tp->auth_info->keys4) {
+		kfree(tp->auth_info->keys4);
+		tp->auth_info->keys4 = NULL;
+		tp->auth_info->alloced4  = 0;
 	}
 }
 
-static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
-				 int optlen)
+static int tcp_v4_auth_parse_keys(struct sock *sk, char __user *optval,
+				  int optlen)
 {
-	struct tcp_md5sig cmd;
+	struct tcp_auth cmd;
 	struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
 	u8 *newkey;
 
@@ -958,39 +957,39 @@ static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
 		return -EINVAL;
 
 	if (!cmd.tcpm_key || !cmd.tcpm_keylen) {
-		if (!tcp_sk(sk)->md5sig_info)
+		if (!tcp_sk(sk)->auth_info)
 			return -ENOENT;
-		return tcp_v4_md5_do_del(sk, sin->sin_addr.s_addr);
+		return tcp_v4_auth_do_del(sk, sin->sin_addr.s_addr);
 	}
 
 	if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
 		return -EINVAL;
 
-	if (!tcp_sk(sk)->md5sig_info) {
+	if (!tcp_sk(sk)->auth_info) {
 		struct tcp_sock *tp = tcp_sk(sk);
-		struct tcp_md5sig_info *p = kzalloc(sizeof(*p), GFP_KERNEL);
+		struct tcp_auth_info *p = kzalloc(sizeof(*p), GFP_KERNEL);
 
 		if (!p)
 			return -EINVAL;
 
-		tp->md5sig_info = p;
+		tp->auth_info = p;
 		sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
 	}
 
 	newkey = kmemdup(cmd.tcpm_key, cmd.tcpm_keylen, GFP_KERNEL);
 	if (!newkey)
 		return -ENOMEM;
-	return tcp_v4_md5_do_add(sk, sin->sin_addr.s_addr,
-				 newkey, cmd.tcpm_keylen);
+	return tcp_v4_auth_do_add(sk, sin->sin_addr.s_addr,
+				  newkey, cmd.tcpm_keylen);
 }
 
-static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
-					__be32 daddr, __be32 saddr, int nbytes)
+static int tcp_v4_auth_hash_pseudoheader(struct tcp_auth_pool *hp,
+					 __be32 daddr, __be32 saddr, int nbytes)
 {
 	struct tcp4_pseudohdr *bp;
 	struct scatterlist sg;
 
-	bp = &hp->md5_blk.ip4;
+	bp = &hp->auth_blk.ip4;
 
 	/*
 	 * 1. the TCP pseudo-header (in the order: source IP address,
@@ -1007,43 +1006,43 @@ static int tcp_v4_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
 	return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
 }
 
-static int tcp_v4_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
-			       __be32 daddr, __be32 saddr, struct tcphdr *th)
+static int tcp_v4_auth_hash_hdr(char *hash, struct tcp_auth_key *key,
+				__be32 daddr, __be32 saddr, struct tcphdr *th)
 {
-	struct tcp_md5sig_pool *hp;
+	struct tcp_auth_pool *hp;
 	struct hash_desc *desc;
 
-	hp = tcp_get_md5sig_pool();
+	hp = tcp_auth_get_pool();
 	if (!hp)
 		goto clear_hash_noput;
 	desc = &hp->md5_desc;
 
 	if (crypto_hash_init(desc))
 		goto clear_hash;
-	if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
+	if (tcp_v4_auth_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
 		goto clear_hash;
-	if (tcp_md5_hash_header(hp, th))
+	if (tcp_auth_hash_header(hp, th))
 		goto clear_hash;
-	if (tcp_md5_hash_key(hp, key))
+	if (tcp_auth_hash_key(hp, key))
 		goto clear_hash;
-	if (crypto_hash_final(desc, md5_hash))
+	if (crypto_hash_final(desc, hash))
 		goto clear_hash;
 
-	tcp_put_md5sig_pool();
+	tcp_auth_put_pool();
 	return 0;
 
 clear_hash:
-	tcp_put_md5sig_pool();
+	tcp_auth_put_pool();
 clear_hash_noput:
-	memset(md5_hash, 0, 16);
+	memset(hash, 0, 16);
 	return 1;
 }
 
-int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
-			struct sock *sk, struct request_sock *req,
-			struct sk_buff *skb)
+int tcp_v4_auth_hash_skb(char *hash, struct tcp_auth_key *key,
+			 struct sock *sk, struct request_sock *req,
+			 struct sk_buff *skb)
 {
-	struct tcp_md5sig_pool *hp;
+	struct tcp_auth_pool *hp;
 	struct hash_desc *desc;
 	struct tcphdr *th = tcp_hdr(skb);
 	__be32 saddr, daddr;
@@ -1060,7 +1059,7 @@ int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
 		daddr = iph->daddr;
 	}
 
-	hp = tcp_get_md5sig_pool();
+	hp = tcp_auth_get_pool();
 	if (!hp)
 		goto clear_hash_noput;
 	desc = &hp->md5_desc;
@@ -1068,30 +1067,30 @@ int tcp_v4_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
 	if (crypto_hash_init(desc))
 		goto clear_hash;
 
-	if (tcp_v4_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
+	if (tcp_v4_auth_hash_pseudoheader(hp, daddr, saddr, skb->len))
 		goto clear_hash;
-	if (tcp_md5_hash_header(hp, th))
+	if (tcp_auth_hash_header(hp, th))
 		goto clear_hash;
-	if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
+	if (tcp_auth_hash_skb_data(hp, skb, th->doff << 2))
 		goto clear_hash;
-	if (tcp_md5_hash_key(hp, key))
+	if (tcp_auth_hash_key(hp, key))
 		goto clear_hash;
-	if (crypto_hash_final(desc, md5_hash))
+	if (crypto_hash_final(desc, hash))
 		goto clear_hash;
 
-	tcp_put_md5sig_pool();
+	tcp_auth_put_pool();
 	return 0;
 
 clear_hash:
-	tcp_put_md5sig_pool();
+	tcp_auth_put_pool();
 clear_hash_noput:
-	memset(md5_hash, 0, 16);
+	memset(hash, 0, 16);
 	return 1;
 }
 
-EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
+EXPORT_SYMBOL(tcp_v4_auth_hash_skb);
 
-static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
+static int tcp_v4_auth_inbound_hash(struct sock *sk, struct sk_buff *skb)
 {
 	/*
 	 * This gets called for each TCP segment that arrives
@@ -1102,14 +1101,14 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
 	 * o MD5 hash and its wrong.
 	 */
 	__u8 *hash_location = NULL;
-	struct tcp_md5sig_key *hash_expected;
+	struct tcp_auth_key *hash_expected;
 	const struct iphdr *iph = ip_hdr(skb);
 	struct tcphdr *th = tcp_hdr(skb);
 	int genhash;
 	unsigned char newhash[16];
 
-	hash_expected = tcp_v4_md5_do_lookup(sk, iph->saddr);
-	hash_location = tcp_parse_md5sig_option(th);
+	hash_expected = tcp_v4_auth_do_lookup(sk, iph->saddr);
+	hash_location = tcp_auth_parse_option(th);
 
 	/* We've parsed the options - do we have a hash? */
 	if (!hash_expected && !hash_location)
@@ -1134,7 +1133,7 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
 	/* Okay, so this is hash_expected and hash_location -
 	 * so we need to calculate the checksum.
 	 */
-	genhash = tcp_v4_md5_hash_skb(newhash,
+	genhash = tcp_v4_auth_hash_skb(newhash,
 				      hash_expected,
 				      NULL, NULL, skb);
 
@@ -1144,7 +1143,7 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
 			       "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)%s\n",
 			       NIPQUAD(iph->saddr), ntohs(th->source),
 			       NIPQUAD(iph->daddr), ntohs(th->dest),
-			       genhash ? " tcp_v4_calc_md5_hash failed" : "");
+			       genhash ? " tcp_v4_auth_hash_skb failed" : "");
 		}
 		return 1;
 	}
@@ -1164,7 +1163,7 @@ struct request_sock_ops tcp_request_sock_ops __read_mostly = {
 
 #ifdef CONFIG_TCP_MD5SIG
 static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
-	.md5_lookup	=	tcp_v4_reqsk_md5_lookup,
+	.auth_lookup	=	tcp_v4_reqsk_auth_lookup,
 };
 #endif
 
@@ -1336,7 +1335,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
 	struct tcp_sock *newtp;
 	struct sock *newsk;
 #ifdef CONFIG_TCP_MD5SIG
-	struct tcp_md5sig_key *key;
+	struct tcp_auth_key *key;
 #endif
 
 	if (sk_acceptq_is_full(sk))
@@ -1374,7 +1373,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
 
 #ifdef CONFIG_TCP_MD5SIG
 	/* Copy over the MD5 key from the original socket */
-	if ((key = tcp_v4_md5_do_lookup(sk, newinet->daddr)) != NULL) {
+	if ((key = tcp_v4_auth_do_lookup(sk, newinet->daddr)) != NULL) {
 		/*
 		 * We're using one, so create a matching key
 		 * on the newsk structure. If we fail to get
@@ -1383,8 +1382,8 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
 		 */
 		char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
 		if (newkey != NULL)
-			tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr,
-					  newkey, key->keylen);
+			tcp_v4_auth_do_add(newsk, inet_sk(sk)->daddr,
+					   newkey, key->keylen);
 		newsk->sk_route_caps &= ~NETIF_F_GSO_MASK;
 	}
 #endif
@@ -1473,7 +1472,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
 	 *  o We're expecting an MD5'd packet and this is no MD5 tcp option
 	 *  o There is an MD5 option and we're not expecting one
 	 */
-	if (tcp_v4_inbound_md5_hash(sk, skb))
+	if (tcp_v4_auth_inbound_hash(sk, skb))
 		goto discard;
 #endif
 
@@ -1748,10 +1747,10 @@ struct inet_connection_sock_af_ops ipv4_specific = {
 
 #ifdef CONFIG_TCP_MD5SIG
 static struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
-	.md5_lookup		= tcp_v4_md5_lookup,
-	.calc_md5_hash		= tcp_v4_md5_hash_skb,
-	.md5_add		= tcp_v4_md5_add_func,
-	.md5_parse		= tcp_v4_parse_md5_keys,
+	.auth_lookup		= tcp_v4_auth_lookup,
+	.auth_calc_hash		= tcp_v4_auth_hash_skb,
+	.auth_add		= tcp_v4_auth_add_func,
+	.auth_parse		= tcp_v4_auth_parse_keys,
 };
 #endif
 
@@ -1822,10 +1821,10 @@ void tcp_v4_destroy_sock(struct sock *sk)
 
 #ifdef CONFIG_TCP_MD5SIG
 	/* Clean up the MD5 key list, if any */
-	if (tp->md5sig_info) {
-		tcp_v4_clear_md5_list(sk);
-		kfree(tp->md5sig_info);
-		tp->md5sig_info = NULL;
+	if (tp->auth_info) {
+		tcp_v4_auth_clear_list(sk);
+		kfree(tp->auth_info);
+		tp->auth_info = NULL;
 	}
 #endif
 
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 204c421..6f282d6 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -310,18 +310,18 @@ void tcp_time_wait(struct sock *sk, int state, int timeo)
 		/*
 		 * The timewait bucket does not have the key DB from the
 		 * sock structure. We just make a quick copy of the
-		 * md5 key being used (if indeed we are using one)
+		 * auth key being used (if indeed we are using one)
 		 * so the timewait ack generating code has the key.
 		 */
 		do {
-			struct tcp_md5sig_key *key;
-			memset(tcptw->tw_md5_key, 0, sizeof(tcptw->tw_md5_key));
-			tcptw->tw_md5_keylen = 0;
-			key = tp->af_specific->md5_lookup(sk, sk);
+			struct tcp_auth_key *key;
+			memset(tcptw->tw_auth_key, 0, sizeof(tcptw->tw_auth_key));
+			tcptw->tw_auth_keylen = 0;
+			key = tp->af_specific->auth_lookup(sk, sk);
 			if (key != NULL) {
-				memcpy(&tcptw->tw_md5_key, key->key, key->keylen);
-				tcptw->tw_md5_keylen = key->keylen;
-				if (tcp_alloc_md5sig_pool() == NULL)
+				memcpy(&tcptw->tw_auth_key, key->key, key->keylen);
+				tcptw->tw_auth_keylen = key->keylen;
+				if (tcp_auth_alloc_pool() == NULL)
 					BUG();
 			}
 		} while (0);
@@ -361,8 +361,8 @@ void tcp_twsk_destructor(struct sock *sk)
 {
 #ifdef CONFIG_TCP_MD5SIG
 	struct tcp_timewait_sock *twsk = tcp_twsk(sk);
-	if (twsk->tw_md5_keylen)
-		tcp_put_md5sig_pool();
+	if (twsk->tw_auth_keylen)
+		tcp_auth_put_pool();
 #endif
 }
 
@@ -471,8 +471,8 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req,
 			newtp->tcp_header_len = sizeof(struct tcphdr);
 		}
 #ifdef CONFIG_TCP_MD5SIG
-		newtp->md5sig_info = NULL;	/*XXX*/
-		if (newtp->af_specific->md5_lookup(sk, newsk))
+		newtp->auth_info = NULL;	/*XXX*/
+		if (newtp->af_specific->auth_lookup(sk, newsk))
 			newtp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
 #endif
 		if (skb->len >= TCP_MIN_RCVMSS+newtp->tcp_header_len)
@@ -660,9 +660,9 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
 #ifdef CONFIG_TCP_MD5SIG
 		else {
 			/* Copy over the MD5 key from the original socket */
-			struct tcp_md5sig_key *key;
+			struct tcp_auth_key *key;
 			struct tcp_sock *tp = tcp_sk(sk);
-			key = tp->af_specific->md5_lookup(sk, child);
+			key = tp->af_specific->auth_lookup(sk, child);
 			if (key != NULL) {
 				/*
 				 * We're using one, so create a matching key on the
@@ -672,11 +672,11 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
 				char *newkey = kmemdup(key->key, key->keylen,
 						       GFP_ATOMIC);
 				if (newkey) {
-					if (!tcp_alloc_md5sig_pool())
+					if (!tcp_auth_alloc_pool())
 						BUG();
-					tp->af_specific->md5_add(child, child,
-								 newkey,
-								 key->keylen);
+					tp->af_specific->auth_add(child, child,
+								  newkey,
+								  key->keylen);
 				}
 			}
 		}
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 1fa683c..4fe610f 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -359,16 +359,16 @@ struct tcp_out_options {
 
 static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
 			      const struct tcp_out_options *opts,
-			      __u8 **md5_hash) {
+			      __u8 **hash) {
 	if (unlikely(OPTION_MD5 & opts->options)) {
 		*ptr++ = htonl((TCPOPT_NOP << 24) |
 			       (TCPOPT_NOP << 16) |
 			       (TCPOPT_MD5SIG << 8) |
 			       TCPOLEN_MD5SIG);
-		*md5_hash = (__u8 *)ptr;
+		*hash = (__u8 *)ptr;
 		ptr += 4;
 	} else {
-		*md5_hash = NULL;
+		*hash = NULL;
 	}
 
 	if (likely(OPTION_TS & opts->options)) {
@@ -434,18 +434,18 @@ static void tcp_options_write(__be32 *ptr, struct tcp_sock *tp,
 
 static unsigned tcp_syn_options(struct sock *sk, struct sk_buff *skb,
 				struct tcp_out_options *opts,
-				struct tcp_md5sig_key **md5) {
+				struct tcp_auth_key **key) {
 	struct tcp_sock *tp = tcp_sk(sk);
 	unsigned size = 0;
 
 #ifdef CONFIG_TCP_MD5SIG
-	*md5 = tp->af_specific->md5_lookup(sk, sk);
-	if (*md5) {
+	*key = tp->af_specific->auth_lookup(sk, sk);
+	if (*key) {
 		opts->options |= OPTION_MD5;
 		size += TCPOLEN_MD5SIG_ALIGNED;
 	}
 #else
-	*md5 = NULL;
+	*key = NULL;
 #endif
 
 	/* We always get an MSS option.  The option bytes which will be seen in
@@ -460,7 +460,7 @@ static unsigned tcp_syn_options(struct sock *sk, struct sk_buff *skb,
 	opts->mss = tcp_advertise_mss(sk);
 	size += TCPOLEN_MSS_ALIGNED;
 
-	if (likely(sysctl_tcp_timestamps && *md5 == NULL)) {
+	if (likely(sysctl_tcp_timestamps && *key == NULL)) {
 		opts->options |= OPTION_TS;
 		opts->tsval = TCP_SKB_CB(skb)->when;
 		opts->tsecr = tp->rx_opt.ts_recent;
@@ -483,26 +483,26 @@ static unsigned tcp_synack_options(struct sock *sk,
 				   struct request_sock *req,
 				   unsigned mss, struct sk_buff *skb,
 				   struct tcp_out_options *opts,
-				   struct tcp_md5sig_key **md5) {
+				   struct tcp_auth_key **key) {
 	unsigned size = 0;
 	struct inet_request_sock *ireq = inet_rsk(req);
 	char doing_ts;
 
 #ifdef CONFIG_TCP_MD5SIG
-	*md5 = tcp_rsk(req)->af_specific->md5_lookup(sk, req);
-	if (*md5) {
+	*key = tcp_rsk(req)->af_specific->auth_lookup(sk, req);
+	if (*key) {
 		opts->options |= OPTION_MD5;
 		size += TCPOLEN_MD5SIG_ALIGNED;
 	}
 #else
-	*md5 = NULL;
+	*key = NULL;
 #endif
 
 	/* we can't fit any SACK blocks in a packet with MD5 + TS
 	   options. There was discussion about disabling SACK rather than TS in
 	   order to fit in better with old, buggy kernels, but that was deemed
 	   to be unnecessary. */
-	doing_ts = ireq->tstamp_ok && !(*md5 && ireq->sack_ok);
+	doing_ts = ireq->tstamp_ok && !(*key && ireq->sack_ok);
 
 	opts->mss = mss;
 	size += TCPOLEN_MSS_ALIGNED;
@@ -528,19 +528,19 @@ static unsigned tcp_synack_options(struct sock *sk,
 
 static unsigned tcp_established_options(struct sock *sk, struct sk_buff *skb,
 					struct tcp_out_options *opts,
-					struct tcp_md5sig_key **md5) {
+					struct tcp_auth_key **key) {
 	struct tcp_skb_cb *tcb = skb ? TCP_SKB_CB(skb) : NULL;
 	struct tcp_sock *tp = tcp_sk(sk);
 	unsigned size = 0;
 
 #ifdef CONFIG_TCP_MD5SIG
-	*md5 = tp->af_specific->md5_lookup(sk, sk);
-	if (unlikely(*md5)) {
+	*key = tp->af_specific->auth_lookup(sk, sk);
+	if (unlikely(*key)) {
 		opts->options |= OPTION_MD5;
 		size += TCPOLEN_MD5SIG_ALIGNED;
 	}
 #else
-	*md5 = NULL;
+	*key = NULL;
 #endif
 
 	if (likely(tp->rx_opt.tstamp_ok)) {
@@ -583,8 +583,8 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
 	struct tcp_skb_cb *tcb;
 	struct tcp_out_options opts;
 	unsigned tcp_options_size, tcp_header_size;
-	struct tcp_md5sig_key *md5;
-	__u8 *md5_hash_location;
+	struct tcp_auth_key *key;
+	__u8 *hash_location;
 	struct tcphdr *th;
 	int err;
 
@@ -611,10 +611,10 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
 	memset(&opts, 0, sizeof(opts));
 
 	if (unlikely(tcb->flags & TCPCB_FLAG_SYN))
-		tcp_options_size = tcp_syn_options(sk, skb, &opts, &md5);
+		tcp_options_size = tcp_syn_options(sk, skb, &opts, &key);
 	else
 		tcp_options_size = tcp_established_options(sk, skb, &opts,
-							   &md5);
+							   &key);
 	tcp_header_size = tcp_options_size + sizeof(struct tcphdr);
 
 	if (tcp_packets_in_flight(tp) == 0)
@@ -650,16 +650,16 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
 		th->urg			= 1;
 	}
 
-	tcp_options_write((__be32 *)(th + 1), tp, &opts, &md5_hash_location);
+	tcp_options_write((__be32 *)(th + 1), tp, &opts, &hash_location);
 	if (likely((tcb->flags & TCPCB_FLAG_SYN) == 0))
 		TCP_ECN_send(sk, skb, tcp_header_size);
 
 #ifdef CONFIG_TCP_MD5SIG
 	/* Calculate the MD5 hash, as we have all we need now */
-	if (md5) {
+	if (key) {
 		sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
-		tp->af_specific->calc_md5_hash(md5_hash_location,
-					       md5, sk, NULL, skb);
+		tp->af_specific->auth_calc_hash(hash_location,
+						key, sk, NULL, skb);
 	}
 #endif
 
@@ -1023,7 +1023,7 @@ unsigned int tcp_current_mss(struct sock *sk, int large_allowed)
 	int doing_tso = 0;
 	unsigned header_len;
 	struct tcp_out_options opts;
-	struct tcp_md5sig_key *md5;
+	struct tcp_auth_key *key;
 
 	mss_now = tp->mss_cache;
 
@@ -1036,7 +1036,7 @@ unsigned int tcp_current_mss(struct sock *sk, int large_allowed)
 			mss_now = tcp_sync_mss(sk, mtu);
 	}
 
-	header_len = tcp_established_options(sk, NULL, &opts, &md5) +
+	header_len = tcp_established_options(sk, NULL, &opts, &key) +
 		     sizeof(struct tcphdr);
 	/* The mss_cache is sized based on tp->tcp_header_len, which assumes
 	 * some common options. If this is an odd packet (because we have SACK
@@ -2237,8 +2237,8 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
 	int tcp_header_size;
 	struct tcp_out_options opts;
 	struct sk_buff *skb;
-	struct tcp_md5sig_key *md5;
-	__u8 *md5_hash_location;
+	struct tcp_auth_key *key;
+	__u8 *hash_location;
 
 	skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC);
 	if (skb == NULL)
@@ -2267,7 +2267,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
 	TCP_SKB_CB(skb)->when = tcp_time_stamp;
 	tcp_header_size = tcp_synack_options(sk, req,
 					     dst_metric(dst, RTAX_ADVMSS),
-					     skb, &opts, &md5) +
+					     skb, &opts, &key) +
 			  sizeof(struct tcphdr);
 
 	skb_push(skb, tcp_header_size);
@@ -2295,15 +2295,15 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
 		TCP_SKB_CB(skb)->when = cookie_init_timestamp(req);
 	else
 #endif
-	tcp_options_write((__be32 *)(th + 1), tp, &opts, &md5_hash_location);
+	tcp_options_write((__be32 *)(th + 1), tp, &opts, &hash_location);
 	th->doff = (tcp_header_size >> 2);
 	TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS);
 
 #ifdef CONFIG_TCP_MD5SIG
-	/* Okay, we have all we need - do the md5 hash if needed */
-	if (md5) {
-		tp->af_specific->calc_md5_hash(md5_hash_location,
-					       md5, NULL, req, skb);
+	/* Okay, we have all we need - do the auth hash if needed */
+	if (key) {
+		tp->af_specific->calc_auth_hash(hash_location,
+					        key, NULL, req, skb);
 	}
 #endif
 
@@ -2326,7 +2326,7 @@ static void tcp_connect_init(struct sock *sk)
 		(sysctl_tcp_timestamps ? TCPOLEN_TSTAMP_ALIGNED : 0);
 
 #ifdef CONFIG_TCP_MD5SIG
-	if (tp->af_specific->md5_lookup(sk, sk) != NULL)
+	if (tp->af_specific->auth_lookup(sk, sk) != NULL)
 		tp->tcp_header_len += TCPOLEN_MD5SIG_ALIGNED;
 #endif
 
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index ae45f98..ffac593 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -79,8 +79,8 @@ static struct inet_connection_sock_af_ops ipv6_specific;
 static struct tcp_sock_af_ops tcp_sock_ipv6_specific;
 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
 #else
-static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
-						   struct in6_addr *addr)
+static struct tcp_auth_key *tcp_v6_auth_do_lookup(struct sock *sk,
+						  struct in6_addr *addr)
 {
 	return NULL;
 }
@@ -534,45 +534,45 @@ static void tcp_v6_reqsk_destructor(struct request_sock *req)
 }
 
 #ifdef CONFIG_TCP_MD5SIG
-static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
-						   struct in6_addr *addr)
+static struct tcp_auth_key *tcp_v6_auth_do_lookup(struct sock *sk,
+						  struct in6_addr *addr)
 {
 	struct tcp_sock *tp = tcp_sk(sk);
 	int i;
 
 	BUG_ON(tp == NULL);
 
-	if (!tp->md5sig_info || !tp->md5sig_info->entries6)
+	if (!tp->auth_info || !tp->auth_info->entries6)
 		return NULL;
 
-	for (i = 0; i < tp->md5sig_info->entries6; i++) {
-		if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
-			return &tp->md5sig_info->keys6[i].base;
+	for (i = 0; i < tp->auth_info->entries6; i++) {
+		if (ipv6_addr_equal(&tp->auth_info->keys6[i].addr, addr))
+			return &tp->auth_info->keys6[i].base;
 	}
 	return NULL;
 }
 
-static struct tcp_md5sig_key *tcp_v6_md5_lookup(struct sock *sk,
-						struct sock *addr_sk)
+static struct tcp_auth_key *tcp_v6_auth_lookup(struct sock *sk,
+					       struct sock *addr_sk)
 {
-	return tcp_v6_md5_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
+	return tcp_v6_auth_do_lookup(sk, &inet6_sk(addr_sk)->daddr);
 }
 
-static struct tcp_md5sig_key *tcp_v6_reqsk_md5_lookup(struct sock *sk,
-						      struct request_sock *req)
+static struct tcp_auth_key *tcp_v6_reqsk_auth_lookup(struct sock *sk,
+						     struct request_sock *req)
 {
-	return tcp_v6_md5_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
+	return tcp_v6_auth_do_lookup(sk, &inet6_rsk(req)->rmt_addr);
 }
 
-static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
-			     char *newkey, u8 newkeylen)
+static int tcp_v6_auth_do_add(struct sock *sk, struct in6_addr *peer,
+			      char *newkey, u8 newkeylen)
 {
 	/* Add key to the list */
-	struct tcp_md5sig_key *key;
+	struct tcp_auth_key *key;
 	struct tcp_sock *tp = tcp_sk(sk);
-	struct tcp6_md5sig_key *keys;
+	struct tcp6_auth_key *keys;
 
-	key = tcp_v6_md5_do_lookup(sk, peer);
+	key = tcp_v6_auth_do_lookup(sk, peer);
 	if (key) {
 		/* modify existing entry - just update that one */
 		kfree(key->key);
@@ -580,117 +580,117 @@ static int tcp_v6_md5_do_add(struct sock *sk, struct in6_addr *peer,
 		key->keylen = newkeylen;
 	} else {
 		/* reallocate new list if current one is full. */
-		if (!tp->md5sig_info) {
-			tp->md5sig_info = kzalloc(sizeof(*tp->md5sig_info), GFP_ATOMIC);
-			if (!tp->md5sig_info) {
+		if (!tp->auth_info) {
+			tp->auth_info = kzalloc(sizeof(*tp->auth_info), GFP_ATOMIC);
+			if (!tp->auth_info) {
 				kfree(newkey);
 				return -ENOMEM;
 			}
 			sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
 		}
-		if (tcp_alloc_md5sig_pool() == NULL) {
+		if (tcp_auth_alloc_pool() == NULL) {
 			kfree(newkey);
 			return -ENOMEM;
 		}
-		if (tp->md5sig_info->alloced6 == tp->md5sig_info->entries6) {
-			keys = kmalloc((sizeof (tp->md5sig_info->keys6[0]) *
-				       (tp->md5sig_info->entries6 + 1)), GFP_ATOMIC);
+		if (tp->auth_info->alloced6 == tp->auth_info->entries6) {
+			keys = kmalloc((sizeof (tp->auth_info->keys6[0]) *
+				       (tp->auth_info->entries6 + 1)), GFP_ATOMIC);
 
 			if (!keys) {
-				tcp_free_md5sig_pool();
+				tcp_auth_free_pool();
 				kfree(newkey);
 				return -ENOMEM;
 			}
 
-			if (tp->md5sig_info->entries6)
-				memmove(keys, tp->md5sig_info->keys6,
-					(sizeof (tp->md5sig_info->keys6[0]) *
-					 tp->md5sig_info->entries6));
+			if (tp->auth_info->entries6)
+				memmove(keys, tp->auth_info->keys6,
+					(sizeof (tp->auth_info->keys6[0]) *
+					 tp->auth_info->entries6));
 
-			kfree(tp->md5sig_info->keys6);
-			tp->md5sig_info->keys6 = keys;
-			tp->md5sig_info->alloced6++;
+			kfree(tp->auth_info->keys6);
+			tp->auth_info->keys6 = keys;
+			tp->auth_info->alloced6++;
 		}
 
-		ipv6_addr_copy(&tp->md5sig_info->keys6[tp->md5sig_info->entries6].addr,
+		ipv6_addr_copy(&tp->auth_info->keys6[tp->auth_info->entries6].addr,
 			       peer);
-		tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.key = newkey;
-		tp->md5sig_info->keys6[tp->md5sig_info->entries6].base.keylen = newkeylen;
+		tp->auth_info->keys6[tp->auth_info->entries6].base.key = newkey;
+		tp->auth_info->keys6[tp->auth_info->entries6].base.keylen = newkeylen;
 
-		tp->md5sig_info->entries6++;
+		tp->auth_info->entries6++;
 	}
 	return 0;
 }
 
-static int tcp_v6_md5_add_func(struct sock *sk, struct sock *addr_sk,
+static int tcp_v6_auth_add_func(struct sock *sk, struct sock *addr_sk,
 			       u8 *newkey, __u8 newkeylen)
 {
-	return tcp_v6_md5_do_add(sk, &inet6_sk(addr_sk)->daddr,
-				 newkey, newkeylen);
+	return tcp_v6_auth_do_add(sk, &inet6_sk(addr_sk)->daddr,
+				  newkey, newkeylen);
 }
 
-static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
+static int tcp_v6_auth_do_del(struct sock *sk, struct in6_addr *peer)
 {
 	struct tcp_sock *tp = tcp_sk(sk);
 	int i;
 
-	for (i = 0; i < tp->md5sig_info->entries6; i++) {
-		if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
+	for (i = 0; i < tp->auth_info->entries6; i++) {
+		if (ipv6_addr_equal(&tp->auth_info->keys6[i].addr, peer)) {
 			/* Free the key */
-			kfree(tp->md5sig_info->keys6[i].base.key);
-			tp->md5sig_info->entries6--;
+			kfree(tp->auth_info->keys6[i].base.key);
+			tp->auth_info->entries6--;
 
-			if (tp->md5sig_info->entries6 == 0) {
-				kfree(tp->md5sig_info->keys6);
-				tp->md5sig_info->keys6 = NULL;
-				tp->md5sig_info->alloced6 = 0;
+			if (tp->auth_info->entries6 == 0) {
+				kfree(tp->auth_info->keys6);
+				tp->auth_info->keys6 = NULL;
+				tp->auth_info->alloced6 = 0;
 			} else {
 				/* shrink the database */
-				if (tp->md5sig_info->entries6 != i)
-					memmove(&tp->md5sig_info->keys6[i],
-						&tp->md5sig_info->keys6[i+1],
-						(tp->md5sig_info->entries6 - i)
-						* sizeof (tp->md5sig_info->keys6[0]));
+				if (tp->auth_info->entries6 != i)
+					memmove(&tp->auth_info->keys6[i],
+						&tp->auth_info->keys6[i+1],
+						(tp->auth_info->entries6 - i)
+						* sizeof (tp->auth_info->keys6[0]));
 			}
-			tcp_free_md5sig_pool();
+			tcp_auth_free_pool();
 			return 0;
 		}
 	}
 	return -ENOENT;
 }
 
-static void tcp_v6_clear_md5_list (struct sock *sk)
+static void tcp_v6_auth_clear_list(struct sock *sk)
 {
 	struct tcp_sock *tp = tcp_sk(sk);
 	int i;
 
-	if (tp->md5sig_info->entries6) {
-		for (i = 0; i < tp->md5sig_info->entries6; i++)
-			kfree(tp->md5sig_info->keys6[i].base.key);
-		tp->md5sig_info->entries6 = 0;
-		tcp_free_md5sig_pool();
+	if (tp->auth_info->entries6) {
+		for (i = 0; i < tp->auth_info->entries6; i++)
+			kfree(tp->auth_info->keys6[i].base.key);
+		tp->auth_info->entries6 = 0;
+		tcp_auth_free_pool();
 	}
 
-	kfree(tp->md5sig_info->keys6);
-	tp->md5sig_info->keys6 = NULL;
-	tp->md5sig_info->alloced6 = 0;
+	kfree(tp->auth_info->keys6);
+	tp->auth_info->keys6 = NULL;
+	tp->auth_info->alloced6 = 0;
 
-	if (tp->md5sig_info->entries4) {
-		for (i = 0; i < tp->md5sig_info->entries4; i++)
-			kfree(tp->md5sig_info->keys4[i].base.key);
-		tp->md5sig_info->entries4 = 0;
-		tcp_free_md5sig_pool();
+	if (tp->auth_info->entries4) {
+		for (i = 0; i < tp->auth_info->entries4; i++)
+			kfree(tp->auth_info->keys4[i].base.key);
+		tp->auth_info->entries4 = 0;
+		tcp_auth_free_pool();
 	}
 
-	kfree(tp->md5sig_info->keys4);
-	tp->md5sig_info->keys4 = NULL;
-	tp->md5sig_info->alloced4 = 0;
+	kfree(tp->auth_info->keys4);
+	tp->auth_info->keys4 = NULL;
+	tp->auth_info->alloced4 = 0;
 }
 
-static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
+static int tcp_v6_auth_parse_keys(struct sock *sk, char __user *optval,
 				  int optlen)
 {
-	struct tcp_md5sig cmd;
+	struct tcp_auth cmd;
 	struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
 	u8 *newkey;
 
@@ -704,25 +704,25 @@ static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
 		return -EINVAL;
 
 	if (!cmd.tcpm_keylen) {
-		if (!tcp_sk(sk)->md5sig_info)
+		if (!tcp_sk(sk)->auth_info)
 			return -ENOENT;
 		if (ipv6_addr_v4mapped(&sin6->sin6_addr))
-			return tcp_v4_md5_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
-		return tcp_v6_md5_do_del(sk, &sin6->sin6_addr);
+			return tcp_v4_auth_do_del(sk, sin6->sin6_addr.s6_addr32[3]);
+		return tcp_v6_auth_do_del(sk, &sin6->sin6_addr);
 	}
 
 	if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
 		return -EINVAL;
 
-	if (!tcp_sk(sk)->md5sig_info) {
+	if (!tcp_sk(sk)->auth_info) {
 		struct tcp_sock *tp = tcp_sk(sk);
-		struct tcp_md5sig_info *p;
+		struct tcp_auth_info *p;
 
-		p = kzalloc(sizeof(struct tcp_md5sig_info), GFP_KERNEL);
+		p = kzalloc(sizeof(struct tcp_auth_info), GFP_KERNEL);
 		if (!p)
 			return -ENOMEM;
 
-		tp->md5sig_info = p;
+		tp->auth_info = p;
 		sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
 	}
 
@@ -730,20 +730,20 @@ static int tcp_v6_parse_md5_keys (struct sock *sk, char __user *optval,
 	if (!newkey)
 		return -ENOMEM;
 	if (ipv6_addr_v4mapped(&sin6->sin6_addr)) {
-		return tcp_v4_md5_do_add(sk, sin6->sin6_addr.s6_addr32[3],
+		return tcp_v4_auth_do_add(sk, sin6->sin6_addr.s6_addr32[3],
 					 newkey, cmd.tcpm_keylen);
 	}
-	return tcp_v6_md5_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
+	return tcp_v6_auth_do_add(sk, &sin6->sin6_addr, newkey, cmd.tcpm_keylen);
 }
 
-static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
-					struct in6_addr *daddr,
-					struct in6_addr *saddr, int nbytes)
+static int tcp_v6_auth_hash_pseudoheader(struct tcp_auth_pool *hp,
+					 struct in6_addr *daddr,
+					 struct in6_addr *saddr, int nbytes)
 {
 	struct tcp6_pseudohdr *bp;
 	struct scatterlist sg;
 
-	bp = &hp->md5_blk.ip6;
+	bp = &hp->auth_blk.ip6;
 	/* 1. TCP pseudo-header (RFC2460) */
 	ipv6_addr_copy(&bp->saddr, saddr);
 	ipv6_addr_copy(&bp->daddr, daddr);
@@ -754,45 +754,45 @@ static int tcp_v6_md5_hash_pseudoheader(struct tcp_md5sig_pool *hp,
 	return crypto_hash_update(&hp->md5_desc, &sg, sizeof(*bp));
 }
 
-static int tcp_v6_md5_hash_hdr(char *md5_hash, struct tcp_md5sig_key *key,
-			       struct in6_addr *daddr, struct in6_addr *saddr,
-			       struct tcphdr *th)
+static int tcp_v6_auth_hash_hdr(char *hash, struct tcp_auth_key *key,
+			        struct in6_addr *daddr, struct in6_addr *saddr,
+			        struct tcphdr *th)
 {
-	struct tcp_md5sig_pool *hp;
+	struct tcp_auth_pool *hp;
 	struct hash_desc *desc;
 
-	hp = tcp_get_md5sig_pool();
+	hp = tcp_auth_get_pool();
 	if (!hp)
 		goto clear_hash_noput;
 	desc = &hp->md5_desc;
 
 	if (crypto_hash_init(desc))
 		goto clear_hash;
-	if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
+	if (tcp_v6_auth_hash_pseudoheader(hp, daddr, saddr, th->doff << 2))
 		goto clear_hash;
-	if (tcp_md5_hash_header(hp, th))
+	if (tcp_auth_hash_header(hp, th))
 		goto clear_hash;
-	if (tcp_md5_hash_key(hp, key))
+	if (tcp_auth_hash_key(hp, key))
 		goto clear_hash;
-	if (crypto_hash_final(desc, md5_hash))
+	if (crypto_hash_final(desc, hash))
 		goto clear_hash;
 
-	tcp_put_md5sig_pool();
+	tcp_auth_put_pool();
 	return 0;
 
 clear_hash:
-	tcp_put_md5sig_pool();
+	tcp_auth_put_pool();
 clear_hash_noput:
-	memset(md5_hash, 0, 16);
+	memset(hash, 0, 16);
 	return 1;
 }
 
-static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
-			       struct sock *sk, struct request_sock *req,
-			       struct sk_buff *skb)
+static int tcp_v6_auth_hash_skb(char *hash, struct tcp_auth_key *key,
+			        struct sock *sk, struct request_sock *req,
+			        struct sk_buff *skb)
 {
 	struct in6_addr *saddr, *daddr;
-	struct tcp_md5sig_pool *hp;
+	struct tcp_auth_pool *hp;
 	struct hash_desc *desc;
 	struct tcphdr *th = tcp_hdr(skb);
 
@@ -808,7 +808,7 @@ static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
 		daddr = &ip6h->daddr;
 	}
 
-	hp = tcp_get_md5sig_pool();
+	hp = tcp_auth_get_pool();
 	if (!hp)
 		goto clear_hash_noput;
 	desc = &hp->md5_desc;
@@ -816,38 +816,38 @@ static int tcp_v6_md5_hash_skb(char *md5_hash, struct tcp_md5sig_key *key,
 	if (crypto_hash_init(desc))
 		goto clear_hash;
 
-	if (tcp_v6_md5_hash_pseudoheader(hp, daddr, saddr, skb->len))
+	if (tcp_v6_auth_hash_pseudoheader(hp, daddr, saddr, skb->len))
 		goto clear_hash;
-	if (tcp_md5_hash_header(hp, th))
+	if (tcp_auth_hash_header(hp, th))
 		goto clear_hash;
-	if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
+	if (tcp_auth_hash_skb_data(hp, skb, th->doff << 2))
 		goto clear_hash;
-	if (tcp_md5_hash_key(hp, key))
+	if (tcp_auth_hash_key(hp, key))
 		goto clear_hash;
-	if (crypto_hash_final(desc, md5_hash))
+	if (crypto_hash_final(desc, hash))
 		goto clear_hash;
 
-	tcp_put_md5sig_pool();
+	tcp_auth_put_pool();
 	return 0;
 
 clear_hash:
-	tcp_put_md5sig_pool();
+	tcp_auth_put_pool();
 clear_hash_noput:
-	memset(md5_hash, 0, 16);
+	memset(hash, 0, 16);
 	return 1;
 }
 
-static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
+static int tcp_v6_auth_inbound_hash(struct sock *sk, struct sk_buff *skb)
 {
 	__u8 *hash_location = NULL;
-	struct tcp_md5sig_key *hash_expected;
+	struct tcp_auth_key *hash_expected;
 	struct ipv6hdr *ip6h = ipv6_hdr(skb);
 	struct tcphdr *th = tcp_hdr(skb);
 	int genhash;
 	u8 newhash[16];
 
-	hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
-	hash_location = tcp_parse_md5sig_option(th);
+	hash_expected = tcp_v6_auth_do_lookup(sk, &ip6h->saddr);
+	hash_location = tcp_auth_parse_option(th);
 
 	/* do we have a hash as expected? */
 	if (!hash_expected) {
@@ -875,9 +875,9 @@ static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
 	}
 
 	/* check the signature */
-	genhash = tcp_v6_md5_hash_skb(newhash,
-				      hash_expected,
-				      NULL, NULL, skb);
+	genhash = tcp_v6_auth_hash_skb(newhash,
+				       hash_expected,
+				       NULL, NULL, skb);
 
 	if (genhash || memcmp(hash_location, newhash, 16) != 0) {
 		if (net_ratelimit()) {
@@ -905,7 +905,7 @@ struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
 
 #ifdef CONFIG_TCP_MD5SIG
 static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
-	.md5_lookup	=	tcp_v6_reqsk_md5_lookup,
+	.auth_lookup	=	tcp_v6_reqsk_auth_lookup,
 };
 #endif
 
@@ -960,7 +960,7 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
 	struct sock *ctl_sk = net->ipv6.tcp_sk;
 	unsigned int tot_len = sizeof(*th);
 #ifdef CONFIG_TCP_MD5SIG
-	struct tcp_md5sig_key *key;
+	struct tcp_auth_key *key;
 #endif
 
 	if (th->rst)
@@ -971,7 +971,7 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
 
 #ifdef CONFIG_TCP_MD5SIG
 	if (sk)
-		key = tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr);
+		key = tcp_v6_auth_do_lookup(sk, &ipv6_hdr(skb)->daddr);
 	else
 		key = NULL;
 
@@ -1015,9 +1015,9 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
 			       (TCPOPT_NOP << 16) |
 			       (TCPOPT_MD5SIG << 8) |
 			       TCPOLEN_MD5SIG);
-		tcp_v6_md5_hash_hdr((__u8 *)&opt[1], key,
-				    &ipv6_hdr(skb)->daddr,
-				    &ipv6_hdr(skb)->saddr, t1);
+		tcp_v6_auth_hash_hdr((__u8 *)&opt[1], key,
+				     &ipv6_hdr(skb)->daddr,
+				     &ipv6_hdr(skb)->saddr, t1);
 	}
 #endif
 
@@ -1055,7 +1055,7 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
 }
 
 static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 ts,
-			    struct tcp_md5sig_key *key)
+			    struct tcp_auth_key *key)
 {
 	struct tcphdr *th = tcp_hdr(skb), *t1;
 	struct sk_buff *buff;
@@ -1104,9 +1104,9 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32
 	if (key) {
 		*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
 				(TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
-		tcp_v6_md5_hash_hdr((__u8 *)topt, key,
-				    &ipv6_hdr(skb)->daddr,
-				    &ipv6_hdr(skb)->saddr, t1);
+		tcp_v6_auth_hash_hdr((__u8 *)topt, key,
+				     &ipv6_hdr(skb)->daddr,
+				     &ipv6_hdr(skb)->saddr, t1);
 	}
 #endif
 
@@ -1144,7 +1144,7 @@ static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
 
 	tcp_v6_send_ack(skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
 			tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
-			tcptw->tw_ts_recent, tcp_twsk_md5_key(tcptw));
+			tcptw->tw_ts_recent, tcp_twsk_auth_key(tcptw));
 
 	inet_twsk_put(tw);
 }
@@ -1152,7 +1152,7 @@ static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
 static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req)
 {
 	tcp_v6_send_ack(skb, tcp_rsk(req)->snt_isn + 1, tcp_rsk(req)->rcv_isn + 1, req->rcv_wnd, req->ts_recent,
-			tcp_v6_md5_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr));
+			tcp_v6_auth_do_lookup(skb->sk, &ipv6_hdr(skb)->daddr));
 }
 
 
@@ -1303,7 +1303,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
 	struct sock *newsk;
 	struct ipv6_txoptions *opt;
 #ifdef CONFIG_TCP_MD5SIG
-	struct tcp_md5sig_key *key;
+	struct tcp_auth_key *key;
 #endif
 
 	if (skb->protocol == htons(ETH_P_IP)) {
@@ -1469,7 +1469,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
 
 #ifdef CONFIG_TCP_MD5SIG
 	/* Copy over the MD5 key from the original socket */
-	if ((key = tcp_v6_md5_do_lookup(sk, &newnp->daddr)) != NULL) {
+	if ((key = tcp_v6_auth_do_lookup(sk, &newnp->daddr)) != NULL) {
 		/* We're using one, so create a matching key
 		 * on the newsk structure. If we fail to get
 		 * memory, then we end up not copying the key
@@ -1477,8 +1477,8 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
 		 */
 		char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
 		if (newkey != NULL)
-			tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr,
-					  newkey, key->keylen);
+			tcp_v6_auth_do_add(newsk, &inet6_sk(sk)->daddr,
+					   newkey, key->keylen);
 	}
 #endif
 
@@ -1543,7 +1543,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
 		return tcp_v4_do_rcv(sk, skb);
 
 #ifdef CONFIG_TCP_MD5SIG
-	if (tcp_v6_inbound_md5_hash (sk, skb))
+	if (tcp_v6_auth_inbound_hash(sk, skb))
 		goto discard;
 #endif
 
@@ -1821,10 +1821,10 @@ static struct inet_connection_sock_af_ops ipv6_specific = {
 
 #ifdef CONFIG_TCP_MD5SIG
 static struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
-	.md5_lookup	=	tcp_v6_md5_lookup,
-	.calc_md5_hash	=	tcp_v6_md5_hash_skb,
-	.md5_add	=	tcp_v6_md5_add_func,
-	.md5_parse	=	tcp_v6_parse_md5_keys,
+	.auth_lookup	=	tcp_v6_auth_lookup,
+	.auth_calc_hash	=	tcp_v6_auth_hash_skb,
+	.auth_add	=	tcp_v6_auth_add_func,
+	.auth_parse	=	tcp_v6_auth_parse_keys,
 };
 #endif
 
@@ -1853,10 +1853,10 @@ static struct inet_connection_sock_af_ops ipv6_mapped = {
 
 #ifdef CONFIG_TCP_MD5SIG
 static struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
-	.md5_lookup	=	tcp_v4_md5_lookup,
-	.calc_md5_hash	=	tcp_v4_md5_hash_skb,
-	.md5_add	=	tcp_v6_md5_add_func,
-	.md5_parse	=	tcp_v6_parse_md5_keys,
+	.auth_lookup	=	tcp_v4_auth_lookup,
+	.auth_calc_hash	=	tcp_v4_auth_hash_skb,
+	.auth_add	=	tcp_v6_auth_add_func,
+	.auth_parse	=	tcp_v6_auth_parse_keys,
 };
 #endif
 
@@ -1915,8 +1915,8 @@ static void tcp_v6_destroy_sock(struct sock *sk)
 {
 #ifdef CONFIG_TCP_MD5SIG
 	/* Clean up the MD5 key list */
-	if (tcp_sk(sk)->md5sig_info)
-		tcp_v6_clear_md5_list(sk);
+	if (tcp_sk(sk)->auth_info)
+		tcp_v6_auth_clear_list(sk);
 #endif
 	tcp_v4_destroy_sock(sk);
 	inet6_destroy_sock(sk);
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists