[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: fatal: evp_crypt: EVP_Cipher failed
From: Hans-Joerg Hoexer <Hans-Joerg.Hoexer () yerbouti ! franken ! de>
Date: 2006-01-31 10:03:01
Message-ID: 20060131100301.GA28676 () yerbouti ! franken ! de
[Download RAW message or body]
yes, these cards have issues. The only advice I can give is to set
kern.usercrypto=0. I tried to debug this several times, but I did
not find a test case that produces this issue reliably.
On Mon, Jan 30, 2006 at 04:46:49PM -0600, Sean Cody wrote:
> I have been having issues lately with the HiFn based crypto cards
> locking up in 3.7 and 3.8.
> They are usually fine but under some undefined load they lock up and
> it seems rather random as to when it happens and how much load causes
> it.
>
> The cards are used to help out with a VPN between a few far flung
> machines but they are all i386.
> I've encountered this on two Soekris NET4501's and on a single Athlon
> machine.
>
> The only real clue is in the authlog where sshd reports:
> sshd [####]: fatal: evp_crypt: EVP_Cipher failed
>
> SSHD and isakmpd are both seeminly locked up but I can get into the
> machine if I use the blowfish protocol which isn't supported on the
> HiFn card thereby leading me to think there is a bug in the driver or
> the card itself where it's not servicing an interrupt or is stuck
> waiting for an interrupt which will never come.
>
> The dmesg on the machines have the following line:
> hifn0 at pci0 dev 13 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES
> ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 9
>
> As well the cards in question are the VPN1401 (PCI) and VPN1411
> (MiniPCI).
> Since there is no kernel panic I'm sort of at a loss as to how to
> track this down better.
>
> As far as the kernels go, I am using 3.8_GENERIC on the Athlon and a
> stripped (via flashdist) version of 3.8 on the NET4501's.
>
> Again these lockups are always under some sort of load over the VPN
> (VNC, file transfers ....) and are for the most part random.
>
> Does anyone have any suggestions on how to track this down?
> My current solution is just 'ssh somehost -c blowfish reboot' though
> that is obviously far from optimal.
>
> --
> Sean
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic