On 02/12/2018 01:32 PM, Renaud Allard wrote: > Hello, > > I am running OpenBSD 6.2 i386 on a VIA CPU with padlock. > cpu0: VIA Eden Processor 1000MHz ("CentaurHauls" 686-class) 1 GHz > cpu0: RNG AES AES-CTR SHA1 SHA256 RSA > > ipsec with SHA/AES was running fine until I upgraded to 6.2. I could not > reproduce this issue anywhere else than on that hardware. > > When I run an ipsec tunnel (ikev1) with AES and SHA, I can see flows and > SA with ipsecctl -s. But no packet ever goes through enc0. > > If I configure the tunnel to use hmac-md5 and 3des, for which there is > no padlock support (everything else being the same), the tunnel just > works fine. > > I am now running -current and the issue is still present. > > I suppose there is an issue that appeared some time between 6.1 and 6.2 > which made the crypto acceleration fail with that CPU (and probably with > other padlock enabled CPUs too). >
I tried multiple configurations, and actually, only AES doesn't work. SHA1 till SHA2-512 work, 3DES and blowfish work.
smime.p7s
Description: S/MIME Cryptographic Signature