A fix is available
APAR status
Closed as new function.
Error description
New Function FIXCAT - R3931/K , SMFREC/K ********************************************************** THE FOLLOWING PTFS ARE IN ERROR: UJ08368 R7D1 UJ08368 R7D2 THESE PTFS ARE FIXED BY APAR OA64736 ***********************************************************
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * ICSF users * **************************************************************** * PROBLEM DESCRIPTION: * * New function - exploitation and * * toleration support for z16 * * * * Support for z16 hardware is added to * * ICSF (CEX8S) * * * * Dilithium 6-5 R3, 8-7 R2, and 8-7 R3 * * support in CCA and PKCS #11 * * * * Kyber support in CCA and PKCS #11 * * * * Installation options data set support * * for WRAPENH3 * * * * PKCS #11 attribute processing is * * updated to more closely match * * standards * * * * DISPLAY ICSF,CARDS command is enhanced * * * * ICSF Query Facility (CSFIQF and * * CSFIQF6) rule STATP11 updated * * * * New access control points are added to * * both EP11 and CCA. * **************************************************************** * RECOMMENDATION: * **************************************************************** Summary --------------------------------------------------------------- Support for z16 hardware is added to ICSF 1. All messages and panels will report CEX8S when configured. 2. SMF records will report CEX8S when configured. 3. The TKE Host Transaction Program will fully support CEX8S. Dilithium 6-5 R3, 8-7 R2, and 8-7 R3 support is added to appropriate PKCS #11 and CCA callable services. All the services that supported Dilithium 6-5 R2 will also support the new Dilithium key types and sizes. PKCS #11 callable services that support CRYSTALS-Kyber key operations are: - PKCS #11 Derive Key (CSFPDVK and CSFPDVK6) - PKCS #11 Get Attribute Value (CSFPGAV and CSFPGAV6) - PKCS #11 Generate Key Pair (CSFPGKP and CSFPGKP6) - PKCS #11 Set Attribute Value (CSFPSAV and CSFPSAV6) - PKCS #11 Token Record Create (CSFPTRC and CSFPTRC6) CCA callable services that support CRYSTALS-Kyber key operations are: - PKA Encrypt (CSNDPKE and CSNFPKE) - PKA Decrypt (CSNDPKD and CSNFPKD) - PKA Key Generate (CSNDPKG and CSNFPKG) - PKA Key Import (CSNDPKI and CSNFPKI) - PKA Key Token Build (CSNDPKB and CSNFPKB) - PKA Key Token Change (CSNDKTC and CSNFKTC) - PKA Public Key Extract (CSNDPKX and CSNFPKX) - PKA Key Translate (CSNDPKT and CSNFPKT) - ECC Diffie-Hellman (CSNDEDH and CSNFEDH) On HCR77D2 only, PKDS management services will support the new keys (both Dilithium and Kyber): - PKDS Key Record Create (CSNDKRC and CSNFKRC) - PKDS Key Record Delete (CSNDKRD and CSNFKRD) - PKDS Key Record Read and PKDS Key Record Read2 (CSNDKRR or CSNDKRR2 and CSNFKRR or CSNFKRR2) - PKDS Key Record Write (CSNDKRW and CSNFKRW) Installation options data set parameter DEFAULTWRAP has new value (WRAPENH3) for both the internal and external keywords. PKCS #11 attribute processing is updated to more closely match standards. This applies to both the callable services and the TKDS browser. DISPLAY ICSF,CARDS command is enhanced in two ways: 1. Redrive cryptographic coprocessor data collection to reflect the most up-to-date status(es) available. 2. Display more detail about EP11 coprocessor firmware version ICSF Query Facility (CSFIQF and CSFIQF6) with rule STATP11 will return more detail about the EP11 coprocessor firmware version. New access control points are added to both EP11 and CCA.
Problem conclusion
Temporary fix
Comments
All the enhancements included in this APAR will be documented in the HCR77D2 release of the following ICSF publications: ICSF Overview SC14-7505 ICSF Administrator's Guide SC14-7506 ICSF System Programmer's Guide SC14-7507 ICSF Application Programmer's Guide SC14-7508 ICSF Messages SC14-7509 ICSF Writing PKCS #11 Applications SC14-7510 Note that users of the HCR77D1 release can use these same publications with the caveat that QSA tokens cannot be stored in the PKDS. ×**** PE22/06/06 FIX IN ERROR. SEE APAR OA63363 FOR DESCRIPTION ×**** PE23/04/24 FIX IN ERROR. SEE APAR OA64736 FOR DESCRIPTION ×**** PE24/05/01 FIX IN ERROR. SEE APAR OA66472 FOR DESCRIPTION
APAR Information
APAR number
OA61609
Reported component name
ICSF/MVS
Reported component ID
568505101
Reported release
7D1
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2021-06-09
Closed date
2022-05-05
Last modified date
2024-06-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UJ08367 UJ08368
Modules/Macros
CSFKG400 CSFVCPTV CSFKSHTM CSFBHPN3 CSFDDOPT CSFMITSM CSFNCKEX CSFTCSAV CSFVCHSS CSFDCST CSFTBR31 CSFTBR32 CSFDBRKA CSFDPEXP CSFTBR39 CSFTBR37 CSFTBR38 CSFTBR35 CSFTBR36 CSFCCVE CSNPCAPI CSFSMIT CSFBRPN3 CSFNCIQF CSFMKIDT CSFGIOPI CSFMICOL CSFGIOPT CSFBHPK8 CSFVCPRW CSFINXKP CSFMIAKP CSFNCDG2 CSFGISB CSFENOCX CSFDPIMP CSFNCSTC CSFTCTRC CSFGITKD CSFCHP00 CSFNCT4R CSFKSHTB CSFNCHMV CSFVCPRC CSFENGSP CSFNCKTC CSFNCCKC CSFNCCKE CSFMISTU CSFENOSA CSFMISTT CSFNCCKI CSFNCCKM CSFSD001 CSFSD002 CSFSD003 CSFSD004 CSFSD005 CSFSD006 CSFSMFR CSFMIDGP CSFENXCP CSFMIKUT CSFMIDGM CSFNCFPE CSNPCA3X CSFNCPCU CSFMIMGM CSFINAPC CSNPCI3X CSFNCFPT CSFMISTI CSFVCCVG CSFNCKIM CSFNCSYX CSFHL001 CSFNCDKX CSFBHPK3 CSFHL003 CSFNCPCI CSFHL002 CSFNCFPD CSFVCFLE CSFNCDKG CSFNCSYG CSFKG420 CSFDTKBC CSFNCDKM CSFNCSYI CSFNCSY2 CSFVCIQA CSFDTKBS CSFDTKBP CSFKSCMV CSNPCI64 CSFTHTP3 CSFNCSXD CSFNCPRB CSFNCKY2 CSFENICP CSFNCUKD CSFVCBRC CSFVCAPC CSFVCKTB CSFNCKGN CSFDTKB1 CSFBRPK8 CSNPCA64 CSFNCVMK CSFGISMA CSFBRPK3 CSFVCEVT CSFHH003 CSFHH002 CSFHH001 CSFZTKI CSFKSCS4 CSFKSCS2 CSFNCPIC CSFMIKYI CSFHS005 CSFHS006 CSFKSTDL CSFHS007 CSFENCFG CSFNCPXS CSFHS008 CSFHS001 CSFHS002 CSFHS003 CSFHS004 CSFNCPXX CSFENCFM CSFNCRKX CSFVCPKB CSFHX004 CSFHX005 CSFHX002 CSFHX003 CSFGICPA CSFHX001 CSFGICPD CSFPLMRT CSFKSIPD CSFMIOPC CSFHX006 CSFMIOPD CSFVCPKX CSFVCKB2 CSFGICP2 CSFINIT2 CSFNCDPC CSFTCPA6 CSFNCCMK CSFZCOMP CSFNCRKA CSFDDMRL CSFTTKE CSFCV100 CSFMIOP1 CSFHDR01 CSFHDR03 CSFHDR02 CSFGISPB CSFDDUPU CSFGIDTA CSFNCPEX CSFMIWMP CSFNCSKI CSFNCSKM CSFKSROP CSFNCTDR CSFNCT4B CSFDLL64 CSFNCHMG CSFNCT4C CSFNCT4D CSFNCKT2 CSFNCDDK CSFGIPKT CSFNCSBD CSFNCSBC CSNPCU3X CSFINPV2 CSFASPB CSNPCUTL CSFSMCRV CSFSMF82 CSFNCT3I CSFNCPKI CSFNCPKG CSFTCPA4 CSFTCPA5 CSFTCPA2 CSFTCPA3 CSFNCPKT CSFTCPA0 CSFGICST CSFTCPA1 CSFDS61 CSFGISTK CSFNCMDW CSFTBR45 CSFTBR42 CSFTBR43 CSFNCPKD CSFTBR40 CSFNCDSV CSFNCPKE CSFKSIPE CSFNCPKC CSFGIKTB CSFTBR48 CSFNCSPN CSFTBR49 CSFTBR46 CSFCMP41 CSFTBR47 CSNPCU64 CSFGISTC CSFNCTBC CSFENCPN CSFDLL3X CSFGIAPT CSFNCDSG CSFMIDS CSFDLL31 CSFNCKPI CSFTBR55 CSFCHP40 CSFTBR56 CSNPCINT CSFTBR53 CSFGICVE CSFTBR52 CSFNCRNC CSFNCEDH CSFTBR50 CSFGIKDS CSFNCUSK
| SC147505. | SC147506. | SC147507. | SC147508. | SC147509. |
| SC147510. |
Fix information
Fixed component name
ICSF/MVS
Fixed component ID
568505101
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SG19O"},"Platform":[{"code":"PF054","label":"z Systems"}],"Version":"7D1"}]
Document Information
Modified date:
04 June 2024