On 02/12/2018 01:32 PM, Renaud Allard wrote:
> Hello,
> I am running OpenBSD 6.2 i386 on a VIA CPU with padlock.
> cpu0: VIA Eden Processor 1000MHz ("CentaurHauls" 686-class) 1 GHz
> ipsec with SHA/AES was running fine until I upgraded to 6.2. I could not
> reproduce this issue anywhere else than on that hardware.
> When I run an ipsec tunnel (ikev1) with AES and SHA, I can see flows and
> SA with ipsecctl -s. But no packet ever goes through enc0.
> If I configure the tunnel to use hmac-md5 and 3des, for which there is
> no padlock support (everything else being the same), the tunnel just
> works fine.
> I am now running -current and the issue is still present.
> I suppose there is an issue that appeared some time between 6.1 and 6.2
> which made the crypto acceleration fail with that CPU (and probably with
> other padlock enabled CPUs too).

I tried multiple configurations, and actually, only AES doesn't work.
SHA1 till SHA2-512 work, 3DES and blowfish work.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to