Hello,
I am running OpenBSD 6.2 i386 on a VIA CPU with padlock.
cpu0: VIA Eden Processor 1000MHz ("CentaurHauls" 686-class) 1 GHz
cpu0: RNG AES AES-CTR SHA1 SHA256 RSAipsec with SHA/AES was running fine until I upgraded to 6.2. I could not reproduce this issue anywhere else than on that hardware. When I run an ipsec tunnel (ikev1) with AES and SHA, I can see flows and SA with ipsecctl -s. But no packet ever goes through enc0. If I configure the tunnel to use hmac-md5 and 3des, for which there is no padlock support (everything else being the same), the tunnel just works fine. I am now running -current and the issue is still present. I suppose there is an issue that appeared some time between 6.1 and 6.2 which made the crypto acceleration fail with that CPU (and probably with other padlock enabled CPUs too). Best Regards
smime.p7s
Description: S/MIME Cryptographic Signature
