Subject: Re: Hifn crypto driver: does it work for anyone?
To: None <tech-kern@netbsd.org, tech-security@netbsd.org,>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-crypto
Date: 10/16/2005 18:08:02
On Sun, Oct 16, 2005 at 05:49:28PM -0400, Thor Lancelot Simon wrote:
> 
> This seems to be the same problem described by an OpenBSD user at
> http://archives.neohapsis.com/archives/openbsd/2004-08/2054.html and
> I have, in fact, seen the "overrun" and "resetting" messages once (albeit
> before upgrading the Soekris BIOS).

One last data point about the VPN1411 (Hifn 7955) in the Net4501:  If I
run with "pseudo-device crypto" but no FAST_IPSEC, I can trigger what
seems to be the same bug with a simple benchmark:

time dd if=/dev/zero bs=1m count=100 | openssl aes-128-cbc -out /dev/null
 
This hangs after one output block from dd, and I get:

        hifn0: abort, resetting.
        hifn0: proc unit did not reset

in the message buffer.  Sometimes I get

	hifn0: overrun ffffffff

first (I saw it when testing with des-ede3-cbc, which also fails) and
sometimes I just get the "abort" message first.

Thor