OpenBSD IPSEC backdoored?

It's entirely possible for a backdoor to look like a regular bug of no particular consequence. For example, having the second and third arguments to memset backwards is a common mistake that doesn't usually cause crashes or corruption but may leak data, and usually isn't particularly security-critical either (because the leaked data doesn't end up going anywhere anyway). So there are a lot of memset bugs that have been made and fixed over the past ten years, and people fixing them ordinarily don't consider whether they might have been intentionally introduced to leak key material to observers. So, even if no backdoors were found, and even if reviewers would find any flaw in the code in that period, it doesn't mean that there weren't backdoors.

Obviously, people frequently find security flaws that were accidental, had been there for a while, and could be exploited with detailed knowledge. Among these, one that was intentional but of a common form wouldn't stand out.