I'm just installed 4.1 on a Soekris net5501 board (i386) with one of
their vpn1411 cards installed. The chip on this card is a Hifn 7955.
dmesg shows the card:

hifn0 at pci0 dev 17 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES
ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 15

But SSH connection attempts die, with "fatal: cipher_init:
EVP_CipherInit: set key failed for aes256-cbc" in the authlog. If I
disable the card with `sysctl -w kern.usercrypto=0` these connections
work fine. I have also tested AES192-CBC, with the same result,
however 3DES-CBC and even AES128-CBC work fine...

dmesg follows:

OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD"
586-class) 500 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 536440832 (523868K)
avail mem = 481771520 (470480K)
using 4278 buffers containing 26947584 bytes (26316K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 20/70/06, BIOS32 rev. 0 @ 0xfac40
pcibios0 at bios0: rev 2.0 @ 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11,
address 00:00:24:c8:e2:e8
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5,
address 00:00:24:c8:e2:e9
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 8 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 9,
address 00:00:24:c8:e2:ea
ukphy2 at vr2 phy 1: ...
[ message continues ]

I do not have experience with the net5501, but as for the vpn1411, you 
may want to check out this thread:

http://marc.info/?l=openbsd-misc&m=117826557508813&w=2

It talks about recompiling the GENERIC kernel minus a few options, which 
has the side effect of fixing SSH connection problems with the vpn1411 
and the net4801. Why? I dunno. I'm not a developer, and my understanding 
of C is roughly equivalent to the average English writing skills of 
children in junior high.

Give it a shot, and please report back to the list if it fixes things 
with the net5501 combined with the vpn1411.

Breeno

[ message continues ]

A new kernel with those options disabled did not change anything.



[ message continues ]

FYI,

I just installed 4.2 on a Soekris net5501 with a vpn1411 and a user
of mine had the same problem.  (I think.)  What I see in the authlog
is:

fatal: cipher_init: EVP_CipherInit: set key failed for aes256-cbc

This only seems to happen from MS Windows XP with putty version 0.58.
The problem goes away when using putty beta 0.60.

I also do not see the problem when connecting from a (current) Debian
etch system.



Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein

[ message continues ]

FYI,

Re: http://marc.info/?l=openbsd-misc&m=118982408406151&w=2

I just installed 4.2 on a Soekris net5501 with a vpn1411 and a user
of mine had the same problem.  (I think.)  What I see in the authlog
is:

fatal: cipher_init: EVP_CipherInit: set key failed for aes256-cbc

This only seems to happen from MS Windows XP with putty version 0.58.
The problem goes away when using putty beta 0.60.

I also do not see the problem when connecting from a (current) Debian
etch system.



Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein

[ message continues ]

Sorry.  I did not mean to cross post but goofed.

If the putty list folk would please not reply to the
openbsd list entry that will solve the problem.
There is a separate post on the openbsd list
that does not include the putty list that the
openbsd people can reply to if desired.

Karl <kop@meme.com>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein

[ message continues ]