A fix is available
APAR status
Closed as program error.
Error description
Prior to APAR PI58702 the Guardium encryption exit routines DECENA01, DECENB01, and DECENC01 always added one byte of control information when IMS data was encrypted. This caused the following implementation concerns- º For uncompressed variable length segments, the maximum segment size in the DBD had to be increased by 1 when the COMPRTN was added to allow for the additional byte of data when encrypting a maximum length segment. º For compressed variable or fixed length segments, if the compressed data length was equal to the DBD maximum variable length segment size, or the fixed length segment size plus 10, it is not possible to add the additional byte of data when encrypting it and an exit failure will occur. APAR PI58702 removes the addition of the one byte of control data to address the implementation concerns. This change, however, is an incompatible change. Any IMS data encrypted using an exit built with a pre-PI58702 level of DECENA01, DECENB01, or DECENC01 code can not be properly decrypted using an exit built with the PI58702, or later, level of code if the documented migration actions are not performed. Migration Actions If an existing exit built with a pre-PI58702 level of DECENA01, DECENB01, or DECENC01 must be rebuilt with the PI58702, or later, level of code the following migration actions must be performed for the data to be properly decrypted with the rebuilt exit- 1. Unload all of the data that has been encrypted using an exit built with a pre-PI58702 level of code. The data must be decrypted when it is unloaded. 2. Rebuild the exit using the PI58702, or later, level of code. 3. Reload all of the data using the rebuilt exit. IMS BMP Jobs may abend with U0002 and also cause the IMS Control Region to abend with U4095.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All IBM InfoSphere Guardium Data Encryption * * for DB2 and IMS Databases Version 1 Release * * 2 users. * **************************************************************** * PROBLEM DESCRIPTION: IMS BMP jobs may abend with U0002 and * * also cause the IMS Control Region to * * abend with U4095 * **************************************************************** * RECOMMENDATION: * **************************************************************** IMS BMP jobs may abend with U0002 and also cause the IMS Control Region to abend with U4095.
Problem conclusion
1. After successful SMP/E apply, the Modules DECENA01, DECENB01, and DECENC01, are updated. 2. After successful SMP/E apply, if Customer wishes to use the DECENA01, DECENB01, or DECENC01 Modules, they should execute the necessary link samplib member and verify that their IMS Exit library is refreshed. Execute DECIMSCK, for DECENA01. Execute DECIMSCB, for DECENB01. Execute DECIMSSK, for DECENC01. 3. Customer should note that changes have been made to the SDECCEXE library, to use PI58702, in the ISPF Panels. 4. Customer should note that IMS Exits, linked with DECENA01, DECENB01, and DECENC01, which use an Error Key, will have new error messages, which indicate the problem cause, issued either in the DLI Batch Output, or for BMP issued in the IMS DLI and System Log outputs. The Messages: DEC0001E, DEC0002E, DEC0003E, DEC0004E, DEC0005E, and DEC0006E. 5. After successful linking of the DEC V1.2 DECENA01, DECENB01, and DECENC01 Modules, for this APAR, Customer should do either of the following actions: a. Determine if the IMS EXIT library, for the IMS Subsystem where DEC V1.2 is used, is in the System Linklist concatenation. If so, issue the LLA Refresh command on that System LPAR. This will allow Customer to use the updated code, without need to Cycle the IMS Subsystem. b. If the IMS EXIT library, for the IMS Subsystem where DEC V1.2 is used, is not in the System Linklist concatenation, Customer will need to Cycle the IMS Subsystem, in order to use the updated code. New Messages - Coming in a Future Doc update: DEC0001E DECENxx1 encryption exit error. DEC0002E Function: funcname Function code: 000000nn DEC0003E ICSF debug data: DEC0004E Retcode: 000000xx Reason code: xxxxxxxx DEC0005E Key len: 000000xx Text length: xxxxxxxx DEC0006E The IMS U2990 message also displays a reason code.
Temporary fix
Comments
×**** PE16/09/01 FIX IN ERROR. SEE APAR PI68520 FOR DESCRIPTION
APAR Information
APAR number
PI58702
Reported component name
DATA ENCRYPTION
Reported component ID
5655P0300
Reported release
120
Status
CLOSED PER
PE
YesPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-03-07
Closed date
2016-07-21
Last modified date
2017-03-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI39585
Modules/Macros
DECENA01 DECENB01 DECENC01 DECENC07
Fix information
Fixed component name
DATA ENCRYPTION
Fixed component ID
5655P0300
Applicable component levels
R120 PSY UI39585
UP16/07/29 P F607 Ø
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.2.0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
15 March 2017