Subject: Re: Hifn crypto driver: does it work for anyone?
To: None <tech-kern@netbsd.org, tech-security@netbsd.org,>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-crypto
Date: 10/16/2005 18:08:02
On Sun, Oct 16, 2005 at 05:49:28PM -0400, Thor Lancelot Simon wrote:
>
> This seems to be the same problem described by an OpenBSD user at
> http://archives.neohapsis.com/archives/openbsd/2004-08/2054.html and
> I have, in fact, seen the "overrun" and "resetting" messages once (albeit
> before upgrading the Soekris BIOS).
One last data point about the VPN1411 (Hifn 7955) in the Net4501: If I
run with "pseudo-device crypto" but no FAST_IPSEC, I can trigger what
seems to be the same bug with a simple benchmark:
time dd if=/dev/zero bs=1m count=100 | openssl aes-128-cbc -out /dev/null
This hangs after one output block from dd, and I get:
hifn0: abort, resetting.
hifn0: proc unit did not reset
in the message buffer. Sometimes I get
hifn0: overrun ffffffff
first (I saw it when testing with des-ede3-cbc, which also fails) and
sometimes I just get the "abort" message first.
Thor