[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: fatal: evp_crypt: EVP_Cipher failed
From:       Hans-Joerg Hoexer <Hans-Joerg.Hoexer () yerbouti ! franken ! de>
Date:       2006-01-31 10:03:01
Message-ID: 20060131100301.GA28676 () yerbouti ! franken ! de
[Download RAW message or body]

yes, these cards have issues.  The only advice I can give is to set
kern.usercrypto=0.  I tried to debug this several times, but I did
not find a test case that produces this issue reliably.

On Mon, Jan 30, 2006 at 04:46:49PM -0600, Sean Cody wrote:
> I have been having issues lately with the HiFn based crypto cards  
> locking up in 3.7 and 3.8.
> They are usually fine but under some undefined load they lock up and  
> it seems rather random as to when it happens and how much load causes  
> it.
> 
> The cards are used to help out with a VPN between a few far flung  
> machines but they are all i386.
> I've encountered this on two Soekris NET4501's and on a single Athlon  
> machine.
> 
> The only real clue is in the authlog where sshd reports:
> sshd [####]: fatal: evp_crypt: EVP_Cipher failed
> 
> SSHD and isakmpd are both seeminly locked up but I can get into the  
> machine if I use the blowfish protocol which isn't supported on the  
> HiFn card thereby leading me to think there is a bug in the driver or  
> the card itself where it's not servicing an interrupt or is stuck  
> waiting for an interrupt which will never come.
> 
> The dmesg on the machines have the following line:
> hifn0 at pci0 dev 13 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES  
> ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 9
> 
> As well the cards in question are the VPN1401 (PCI) and VPN1411  
> (MiniPCI).
> Since there is no kernel panic I'm sort of at a loss as to how to  
> track this down better.
> 
> As far as the kernels go, I am using 3.8_GENERIC on the Athlon and a  
> stripped (via flashdist) version of 3.8 on the NET4501's.
> 
> Again these lockups are always under some sort of load over the VPN  
> (VNC, file transfers ....) and are for the most part random.
> 
> Does anyone have any suggestions on how to track this down?
> My current solution is just 'ssh somehost -c blowfish reboot' though  
> that is obviously far from optimal.
> 
> -- 
> Sean

[prev in list] [next in list] [prev in thread] [next in thread]