[Info-vax] SSH/SCP sessions hanging for 7 minutes while reading from "/dev/random"

Thu Sep 30 21:31:37 EDT 2021

On 9/30/2021 12:26 PM, Stephen Hoffman wrote:
> On 2021-09-30 05:39:35 +0000, Lawrence D’Oliveiro said:
>> Lack of system entropy to keep /dev/random fed? This is why we have 
>> /dev/urandom, for all but the most critical uses.
> 
> Within OpenVMS, there is no pseudo-device that provides either 
> pseudo-random number generation or cryptographic pseudo-random number 
> generation.
> 
> That driver (which would be unusual on OpenVMS), and system service APIs 
> (which are common) have been proposed.  Kernel TLS has been proposed, too.
> 
> OpenVMS itself hasn't more generally adopted CPRNG support at its 
> existing APIs, with the common APIs producing PRNGs.

> For one of the previous discussions of OpenVMS and CPRNGs and of seeding 
> an entropy pool: 
> https://groups.google.com/g/comp.os.vms/c/BmIXV0gN3n8/m/mETohq6qAgAJ

I have long time wanted to actually implement that thing.

This thread was a good excuse.

So I did.

https://www.vajhoej.dk/arne/opensource/extran/extran-v0_1.zip

Brief documentation:

/*
  * get_extran_data
  *
  * arguments:
  *     buf - pointer to char array that will receive 32 random bytes 
with SHA-256 of source data
  *     flags - mask of sources to use
  *                 EXTRAN_TIM 8 bytes from SYS$GETTIM (not unpredictable)
  *                 EXTRAN_SYI 112 bytes from SYS$GETSYIW
  *                 EXTRAN_DVI_SYS 64 bytes from SYS$GETDVIW on 
SYS$SYSDEVIVE
  *                 EXTRAN_DVI_USR 64 bytes from SYS$GETDVIW on SYS$DISK
  *                 EXTRAN_JPI 520 bytes from SYS$GETJPIW
  *                 EXTRAN_CNT 40 bytes from an array of counters (not 
unpredictable but ensures change with multiple calls)
  *                 EXTRAN_HSH 32 bytes of SHA-256 of all other data 
(not unpredictable but may make reversing more difficult)
  *
  * return value:
  *     SS$_NORMAL - 32 random bytes generated
  *     SS$_BADPARAM - non valid flags resulting in no random bytes 
generated
  *
  */
long int get_extran_data(char *buf, long int flag);

How to:

download
unzip
@build
use

Example:

#include <stdio.h>

#include "extran.h"

int main(int argc,char *argv[])
{
     char buf[32];
     int i;
     get_extran_data(buf, EXTRAN_TIM + EXTRAN_SYI + EXTRAN_DVI_SYS + 
EXTRAN_DVI_USR + EXTRAN_JPI + EXTRAN_CNT);
     for(i = 0; i < 32; i++)
     {
         printf("%02X", (unsigned char)buf[i]);
     }
     printf("\n");
     return 0;
}

Have fun.

(I will probably clean it up a bit and release an update later)

Arne