OCSF Security Context Changes

In z/OS OCSF Version 2 Release 9 (V2R9), a change was made in the way OCSF security contexts are manipulated. Before V2R9, a CSSM_Get... Context call caused a new copy of the OCSF security context, created by a CSSM_CSP_Create...Context call, to be created. That copy had to be freed by a CSSM_FreeContext call. In V2R9, however, a copy of the security context is created during the CSSM_CSP_Create...Context call. When any CSSM_GetContext call is made, a pointer to the copy is returned. Although CSSM_FreeContext should still be issued for compatibility, the security context copy is freed when CSSM_DeleteContext is called. Developers must be careful that in their applications no CSSM_UpdateContextAttribute calls are made while any thread is using a context, either explicitly or implicitly during a CSSM_CSP... call. Also, applications must complete all uses of the CSSM security context before the CSSM_DeleteContext call is made.