A fix is available
APAR status
Closed as program error.
Error description
Support secure keys for exit DECENAA1 when the ICSF protected key read facility is available. Reduce encryption/decryption processing overhead for exit DECENBB1 by exploiting the CPACF KMF instruction when it and the ICSF protected key read facility are both available. Batch ICSF CHECKAUTH reoccurring bypass processing will only occur when the KMF instruction is being exploited by the exit. Additionally, this APAR addresses the following: The DECENBI0 Module has been updated to resolve an inconsistency in the error reason code, which is used by DECENBI0 for a wrong length output field. The SAMPLIB Member, DECIMSCB, was updated in the Comments section. Encapsulated the retrieval of a CPACF encrypted key in a secure routine. When retrieving a clear key an unencrypted version of the clear key will never exist in user key storage.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users. * **************************************************************** * PROBLEM DESCRIPTION: Secure key support for DECENAA1 and * * performance improvement for DECENBB1 * * (PI83626) * * Support secure keys for exit DECENAA1 * * when the ICSF protected key read * * facility is available. * * Reduce encryption/decryption processing * * overhead for exit DECENBB1 by * * exploiting the CPACF KMF instruction * * when it and the ICSF protected key read * * facility are both available. Batch ICSF * * CHECKAUTH reoccurring bypass processing * * will only occur when the KMF * * instruction is being exploited by the * * exit. * * Encapsulated the retrieval of a CPACF * * encrypted key in a secure routine. When * * retrieving a clear key an unencrypted * * version of the clear key will never * * exist in user key storage. * * Note: The ICSF protected key read * * facility is available with ICSF 2.1 and * * the PTF for APAR OA50450, or any later * * release of ICSF. * * Note: The CPACF KMF instruction is * * available on the z196, and later, * * family of processors. * * Additionally, this APAR addresses the * * following: * * The DECENBI0 Module has been updated * * to resolve an inconsistency in the * * error reason code, which is used by * * DECENBI0 for a wrong length output * * field. The SAMPLIB Member, DECIMSCB, * * was updated in the Comments section * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
PI83626
Reported component name
DATA ENCRYPTION
Reported component ID
5655P0300
Reported release
120
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-06-26
Closed date
2017-09-27
Last modified date
2017-11-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI50628
Modules/Macros
DECENAA1 DECENBB1 DECENBI0 DECF0005 DECIMSCB DECSSI20 DECSSI21 H29F120J
Fix information
Fixed component name
DATA ENCRYPTION
Fixed component ID
5655P0300
Applicable component levels
R120 PSY UI50628
UP17/10/05 P F710
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.2.0","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 November 2017