Edition SC34-7732-01 - 2025
This edition enhances the original version of this document by describing the following features:
- A new tool called cpacfinfo is available as part of the
s390-tools package, which you can use to retrieve information about CPACF functions and instructions installed
on the system.
On IBM® z17™ and IBM LinuxONE 5 machines, this tool exploits the new query authentication function per CPACF instruction introduced with MSA 13.
- Table 1 shows additional algorithms and functions that are accelerated by OpenSSL out of the box.
- The cpacfstats utility provides new and enhanced counters for monitoring the CPACF activities.
- The description of use cases is enhanced. There are now two separate chapters that describe use cases for connecting OpenSSL with IBMCA and with PKCS#11. Each chapter contains a sub-chapter with a use case how to configure OpenSSL to invoke either a provider or an engine. The use case for connecting OpenSSL with PKCS#11 using a PKCS#11 provider is new.
- The new IBMCA provider
version 2.5.0 supports new parameters and APIs that have previously been introduced into newer
OpenSSL releases. These following features are now
supported by the IBMCA provider:
- ECC (since OpenSSL 3.2.0):
- support of ECDH-KEM key generation
- support of deterministic ECDSA signatures
- ECC and RSA (since OpenSSL 3.4.0):
- support of new sign and verify message APIs for composite hash-then-sign algorithms
- ECC (since OpenSSL 3.2.0):