With APAR OA43937, ICSF introduced new callable service rule array keywords for the verification of archived hash values (hashes created prior to APAR OA43937 being applied) by the ICSF callable services One-Way Hash Generate (CSNBOWH or CSNBOWH1 and CSNEOWH or CSNEOWH1) and PKCS #11 One-way hash, sign, or verify (CSFPOWH and CSFPOWH6).
The new legacy rule array keywords are needed only for signature and hash verification that uses a SHA hash method and invoke the service or services passing on any single call a text length greater than or equal to 256 megabytes (or greater than or equal to 512 megabytes when using IBM eServer zSeries 990, IBM eServer zSeries 890, or later hardware on HCR7770).
Determine if you have any applications that need to be changed to verify these types of legacy hashes or signatures. For additional details on the new keywords, see z/OS Cryptographic Services ICSF Application Programmer's Guide.