A fix is available
APAR status
Closed as program error.
Error description
Multiple callers attempting to re-wrap a secure key as a protected key at the same time caused the wrapped key to have the wrong value. Users may either fail now to decrypt data using the wrong data key, or user may have no problem to encrypt data now but will fail to decrypt data in the future with the right data key.
Local fix
Run CSNBSYE to encrypt eight bytes of zeros to check if this is the case. In the case of encrypting data, decrypt the data before refreshing CKDS. In the case of decrypting data, refresh CKDS first and then decrypt the data again. Just a local CKDS refresh will do.
Problem summary
**************************************************************** * USERS AFFECTED: * * Users of CPACF-protected keys * **************************************************************** * PROBLEM DESCRIPTION: * * When multiple callers use the label of * * a protected key nearly simultaneously * * and this is the first time since ICSF * * was started, the CKDS was refreshed, * * or the CKDS was reenciphered, it might * * be possible for the cached protected * * key to be stored incorrectly, leading * * to incorrect data or ABEND18F. * **************************************************************** * RECOMMENDATION: * **************************************************************** Problem Summary ---------------------------------------------------------------- If multiple callers nearly simultaneously use the same label to use a protected key, it might be possible for the cached protected key to be stored incorrectly, leading to incorrect data or ABEND18F.
Problem conclusion
ICSF added serialization when storing the protected key into the cache.
Temporary fix
********* * HIPER * *********
Comments
APAR Information
APAR number
OA56810
Reported component name
ICSF/MVS
Reported component ID
568505101
Reported release
7A1
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-01-18
Closed date
2019-02-18
Last modified date
2019-03-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UA98590 UA98591 UA98592 UA98593 UA98594 UA98595
Modules/Macros
CSFKSICE
Fix information
Fixed component name
ICSF/MVS
Fixed component ID
568505101
Applicable component levels
R7B1 PSY UA98594
UP19/02/19 P F902 ¢
R7A1 PSY UA98592
UP19/02/19 P F902 ¢
R7D0 PSY UA98591
UP19/02/19 P F902 ¢
R7B0 PSY UA98593
UP19/02/19 P F902 ¢
R7C1 PSY UA98590
UP19/02/19 P F902 ¢
R7C0 PSY UA98595
UP19/02/19 P F902 ¢
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7A1","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7A1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 March 2019