Index: share/man/man9/crypto_request.9
===================================================================
--- share/man/man9/crypto_request.9
+++ share/man/man9/crypto_request.9
@@ -302,6 +302,25 @@
 In either case,
 .Fa crp_aad_length
 always indicates the amount of AAD in bytes.
+.Ss Request ESN
+The IPsec requests may optionally include the Extended Sequence Numbers (ESN).
+ESN may either be supplied in the
+.Fa crp_esn
+or as an AAD pointed by
+.Fa crp_aad .
+.Pp
+If the ESN is stored in
+.Fa crp_esn ,
+.Dv CSP_F_ESN
+should be set in
+.Fa csp_flags .
+This use case is dedicated for encrypt and authenticate mode, since the
+high-order 32 bits of the sequence number are appended after the Next Header
+(RFC 4303).
+.Pp
+Supplying ESN as part of AAD is dedicated for combined modes, where the
+high-order 32 bits of the sequence number (e.g. RFC 4106, Chapter 5 AAD
+Construction) are part of AAD.
 .Ss Request IV and/or Nonce
 Some cryptographic operations require an IV or nonce as an input.
 An IV may be stored either in the IV region of the data buffer or in
Index: share/man/man9/crypto_session.9
===================================================================
--- share/man/man9/crypto_session.9
+++ share/man/man9/crypto_session.9
@@ -201,6 +201,20 @@
 a region of the input buffer or in a single, virtually-contiguous buffer.
 Sessions without this flag only permit requests with AAD passed in as
 a region in the input buffer.
+.It Dv CSP_F_ESN
+Support requests that use a separate buffer for IPSec ESN (Extended Sequence
+Numbers).
+.Pp
+Sessions with this flag set permit requests with IPSec ESN passed in special
+buffer. It is required for IPSec ESN support of encrypt and authenticate mode
+where the high-order 32 bits of the sequence number are appended after the Next
+Header (RFC 4303).
+.Pp
+Sessions without this flag permit requests with IPSec ESN passed as part of AAD
+(if session with
+.Fa CSP_F_SEPARATE_AAD
+flag is set) and can be used for combined modes where the high-order 32 bits of
+the sequence number (e.g. RFC 4106, Chapter 5 AAD Construction) are part of AAD.
 .El
 .It Fa csp_ivlen
 If either the cipher or authentication algorithms require an explicit
Index: sys/opencrypto/crypto.c
===================================================================
--- sys/opencrypto/crypto.c
+++ sys/opencrypto/crypto.c
@@ -743,6 +743,8 @@
 	return (alg_type(alg) == ALG_AEAD);
 }
 
+#define SUPPORTED_SES (CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD | CSP_F_ESN)
+
 /* Various sanity checks on crypto session parameters. */
 static bool
 check_csp(const struct crypto_session_params *csp)
@@ -750,8 +752,7 @@
 	struct auth_hash *axf;
 
 	/* Mode-independent checks. */
-	if ((csp->csp_flags & ~(CSP_F_SEPARATE_OUTPUT | CSP_F_SEPARATE_AAD)) !=
-	    0)
+	if ((csp->csp_flags & ~(SUPPORTED_SES)) != 0)
 		return (false);
 	if (csp->csp_ivlen < 0 || csp->csp_cipher_klen < 0 ||
 	    csp->csp_auth_klen < 0 || csp->csp_auth_mlen < 0)
Index: sys/opencrypto/cryptodev.h
===================================================================
--- sys/opencrypto/cryptodev.h
+++ sys/opencrypto/cryptodev.h
@@ -377,6 +377,7 @@
 
 #define	CSP_F_SEPARATE_OUTPUT	0x0001	/* Requests can use separate output */
 #define	CSP_F_SEPARATE_AAD	0x0002	/* Requests can use separate AAD */
+#define CSP_F_ESN		0x0004  /* Requests can use seperate ESN field */ 
 
 	int		csp_ivlen;	/* IV length in bytes. */
 
@@ -485,6 +486,8 @@
 	void		*crp_aad;	/* AAD buffer. */
 	int		crp_aad_start;	/* Location of AAD. */
 	int		crp_aad_length;	/* 0 => no AAD. */
+	uint8_t		crp_esn[4];	/* high-order ESN */
+
 	int		crp_iv_start;	/* Location of IV.  IV length is from
 					 * the session.
 					 */