Subject: bin/28627: cgdconfig -g is unreliable
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: Andreas Gustafsson <gson@gson.org>
List: netbsd-bugs
Date: 12/12/2004 10:15:00
>Number: 28627
>Category: bin
>Synopsis: cgdconfig -g is unreliable
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Dec 12 10:15:00 +0000 2004
>Originator: Andreas Gustafsson
>Release: NetBSD 2.99.10
>Organization:
>Environment:
System: NetBSD guam.araneus.fi 2.99.10 NetBSD 2.99.10 (GUAM) #0: Sun Dec 5 15:10:56 EET 2004 gson@guava.araneus.fi:/usr/src/sys/arch/i386/compile/GUAM i386
Architecture: i386
Machine: i386
>Description:
On a lightly loaded Toshiba Libretto L2 laptop, running the command
cgdconfig -g -V disklabel -o /etc/cgd/wd0e aes-cbc 256
fails about nine times out of ten with the error message
cgdconfig: could not calibrate pkcs5_pbkdf2
cgdconfig: Failed to generate defaults for keygen
This is caused by cgdconfig measuring the password encryption
performance of the CPU twice and considering any discrepancy between
the measurements exceeding 5% to be a failure. Perhaps the
performance of the Transmeta Crusoe CPU used in the L2 varies more
over time than that of a typical desktop CPU due to the "code
morphing" technology it uses, or due to some power-saving feature.
>How-To-Repeat:
Run the above command on a Toshiba Libretto L2 or other Crusoe-powered
laptop (taking care not to accidentally overwrite any existing cgd
parameters file).
>Fix:
Unless there is a compelling security argument to the contrary,
the tolerance for variability between timing measurements should be
increased from the current 5%.
Also, it would be helpful if the error message indicated that the
failure is caused by a transient timing issue and that retrying the
command may help.