From nobody Tue Oct 04 15:58:23 2022
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mhj6T6y7Qz4f84V
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Tue,  4 Oct 2022 15:58:25 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Mhj6T6BgFz3xkH;
	Tue,  4 Oct 2022 15:58:25 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1664899105;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=9yDpAy3INkVUN9eQzDrm75O6dYjsM8SJZzCt1RganQ8=;
	b=v8Xwjt7RVmkv8qtSzVp0kq0EW//gj1Xd6qYCi0OsIq+jo5g60MbNLDLpQhq2DDLR/xrMG3
	zrz2Pa1hRrNG37v6+pCi3Zk85OLpffZ/MsdU4h19AIFh9p+bM04gWZuEXCi+dtc5Ujf2pW
	QIaNgPa6T6wI5gan+Nn7PblUo6UTwHEUnZLXLjjyEdvcd1lkNyA34x+z1jlnjsqsA1PmpZ
	MuHrI175vvZ9w18hlzZ93Snz0/g8Pm17Y7su2GMWUG9r6dJr0l3zPqhyKr79K5haOGcGdJ
	quYCQ615mvEmrL0KEgd78A/5M3zTjdAhr5ccn/X9F2OaNqdAfDnqYBHAgkxamQ==
Received: from [IPV6:2601:648:8684:ad0:c138:fd94:ebf2:bb32] (unknown [IPv6:2601:648:8684:ad0:c138:fd94:ebf2:bb32])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: jhb)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4Mhj6T3JJRz1MwG;
	Tue,  4 Oct 2022 15:58:25 +0000 (UTC)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <79536835-6ebe-4bad-c5b7-71632323cbb9@FreeBSD.org>
Date: Tue, 4 Oct 2022 08:58:23 -0700
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
 Gecko/20100101 Thunderbird/91.13.1
Content-Language: en-US
To: alfadev <alfadev@protonmail.com>,
 "freebsd-current@FreeBSD.org" <freebsd-current@FreeBSD.org>
References: <FrYE0Wy9SlEb4a6GfDGsEjms1MiVhEhVcWwdvc0SvLck_mxAfGwY4DwXYdzZajZrMxuqkho6pRa5rbwXDJUA39ZlYwJuGuHX4YmXOT-Medw=@protonmail.com>
From: John Baldwin <jhb@FreeBSD.org>
Subject: Re: How to Enable support for IPsec deprecated algorithms: 3DES,
 MD5-HMAC
In-Reply-To: <FrYE0Wy9SlEb4a6GfDGsEjms1MiVhEhVcWwdvc0SvLck_mxAfGwY4DwXYdzZajZrMxuqkho6pRa5rbwXDJUA39ZlYwJuGuHX4YmXOT-Medw=@protonmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1664899105;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=9yDpAy3INkVUN9eQzDrm75O6dYjsM8SJZzCt1RganQ8=;
	b=tRWFGKMNrl/C8C4g1mdQ3UXW71LaGBypsuTXxBwIGkMqibJjqmHqbrURDEJuePyIgD/BCX
	V9YjP5awzgNoCD2CVZisDXKKpRwOuJFf6gA9h4whlr3x/d3/O6FmEJ+ZdT1U9/qUpm8XLB
	lut7FByRkxCEJ405+tLXRwsgbO7rwdoVv11T7kZyLcW/sUVuXIMAAwao3Fsap+fcNCch8O
	bsMmwzXMYvRixWjhuNcVas6rDbqeom/Kf9cXpFIZgOb26cwPyuxXvGzt0naHCcPLErEoxL
	6gGBY1ufK37NKUbhEgW3tX4G5cufebOsCbzwXlmgilZ5HEXldok0snu6hDWi2A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1664899105; a=rsa-sha256; cv=none;
	b=QrUT4Kp3YXCVCZBpzgdOnWsgoPi8l0kfU8gnWccv5ooMfdABonriSELgpt11VK86RgPdYG
	dqEHKy/UGq+9J34xHixJcyO1uyQi4w052t1gCsreb9YJIVh1G77U0Xhrj7ZFR2RTncxkC/
	lKPIkRK4Qxszv9vqsG5F3tqwUy6LnAkGYqKneSTpdeQms8veJUOBe3TMwCjSTYAWK+k+cZ
	cP4Uvo1lPXiXUYFdP4BImuGdp9OLNxjrAdphbzqor7m+gutSHK+7ch/zQvGiIJh0B7Uarg
	RM1zfUOGTaImSIf0vLwhSqKKfoTZ9fPzhtMYJiNcZNWsrt5iucyPuemVCB5eoQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

On 10/4/22 1:53 AM, alfadev wrote:
> Hi, i am trying to move my gateway from FreeBSD 11.0 to FreeBSD 14.0 to use
> newly added ipfw table lookup for mac addresses (https://reviews.freebsd.org/D35103)
> 
> Also I have too many IPSec connections between fortigate, cisco etc.
> And their operators use only 3DES algorithms and they have no intention to change it for me.
> So, now i have to enable 3DES support for FreeBSD 14.0 .
> 
> To add 3DES support again i changed some files shown below.
> I am not sure what i did any help welcomes.

You do not want to just restore the files as-is.  You instead want to revert some of the
diffs from the first commit.  The second commit for /dev/crypto doesn't matter for IPsec
and you can ignore it.

However, you will need to also partially revert commit 0e00c709d7f1cdaeb584d244df9534bcdd0ac527
which removes DES and 3DES from OCF itself.  This is what removed enc_xform_des for example.

-- 
John Baldwin