|
All mainline exits receive the address of an exit parameter
block (EXPB) passed in register 0. Each exit receives the address
of an address list passed in register 1. Each address in the list
points to a parameter.
Figure 7 illustrates the contents of register 0 and
EXPB for the mainline exits.
Both the mainline exits and the services exits receive the address
of EXPB in register 0. Some of the fields in EXPB are used only by
the service exits and are reserved fields for the mainline exits.
The Exit Parameter Block
Table 9 describes
the contents of the exit parameter block.
Table 9. EXPB Control Block Format for Mainline Exits| Offset (Dec) | Number of Bytes | Description |
|---|
| 0 | 4 | Name.
The name of the control
block. This field contains the character string EXPB. | | 4 | 2 | Version.
The version of the control
block. This field contains the character string 01. | | 6 | 2 | Length.
The length of the control
block. The value of this field is 40 in decimal. | | 8 | 4 | Dynamic area address.
The address
of a 400-byte area that the exit can use as a dynamic area. | | 12 | 4 | Exit area address.
The address
of an 8-byte area the exits can use to communicate with each other. ICSF does
not check or change this field. | | 16 | 4 | Exit communication area.
A character
string that can be used for communication between the exits. The
field is initialized to zero before CSFEXIT1 is called, and ICSF does
not modify this field. | | 20 | 4 | Flags.
Reserved.
The flag field is used only by the exits for the services. The field
contains binary zeros for the mainline exits. | | 24 | 4 | Secondary parameter block (SPB) address.
Reserved. The SPB is used only by the exits for
the services. The field contains binary zeros for the mainline exits. | | 28 | 4 | CCVT address.
Address of the Cryptographic
Communication Vector Table (CCVT). The Cryptographic Communication Vector Table (CCVT) describes
the CCVT in greater detail. | | 32 | 8 | Module name.
The installation
exit's load module name. The field contains the value of the load
module name you specified on the EXIT keyword in the installation
options data set. The field is 8 bytes of characters, and the value
is left-justified and padded with blanks. | Parameters
All mainline exits receive an address list that uses standard
entry linkage. Register 1 points to the address list. Each address
in the list points to a parameter. Tables in the next four topics
describe the parameters for each of the mainline exits.
CSFEXIT1
This table describes the parameters for CSFEXIT1:
Table 10. CSFEXIT1 Parameters| Parameter | Number of Bytes | Description |
|---|
| 1 | 8 | The data set name (DDNAME) of the
installation options data set. | | 2 | Variable | The command input block for the START
command. The command control block is mapped by IEZCIB. | When ICSF calls this, the Cryptographic Communication Vector
Table exists, but the table is not yet complete.
CSFEXIT2 and CSFEXIT3
Both CSFEXIT2 and CSFEXIT3 receive the same parameters. Table 11 describes these parameters.
Table 11. CSFEXIT2 and CSFEXIT3 Parameters| Parameter | Number of Bytes | Description |
|---|
| 1 | 44 | A character string that is the CKDS
name specified in the CKDSN installation option. | | 2 | 4 | A decimal value that is the maximum
length permitted for data passed to services specified in the MAXLEN
installation option.
Beginning with z/OS V1 R2, the MAXLEN parameter
may still be specified in the options data set, but only the maximum
value limit will be enforced (2147483647). If a value greater than
this is specified, an error will result and ICSF will not start. | | 3 | 4 | ICSF environmental options.
Note:
Do not change bits 2, 4, and 5.
Byte
1:
- Bit
- Meaning When Set On
- 0
- Special secure mode allowed.
- 1
- Special secure mode enabled.
- 2
- Reserved and must be zero.
- 3
- Key authentication required.
- 4
- The hardware has gone from active to inactive.
- 5
- First start of ICSF during this IPL.
- 6
- Security Sever (RACF) checking required for authorized callers.
- 7
- PCF coexistence.
Bytes 2-4: Reserved | | 4 | 4 | Address of the exit name table. Table 13 describes the exit name table. | CSFEXIT4 and CSFEXIT5
Both CSFEXIT4 and CSFEXIT5 receive the same parameters. Table 12 describes these parameters.
Table 12. CSFEXIT4 and CSFEXIT5 Parameters| Parameter | Number of Bytes | Description |
|---|
| 1 | 44 | A character string that is the CKDS
name specified in the CKDSN installation option. | | 2 | 4 | A decimal value that is the maximum
length permitted for data passed to services specified in the MAXLEN
installation option.
Beginning with z/OS V1 R2, the MAXLEN parameter
may still be specified in the options data set, but only the maximum
value limit will be enforced (2147483647). If a value greater than
this is specified, an error will result and ICSF will not start. | | 3 | 4 | ICSF environmental options.
Note:
Do not change bits 2, 4, and 5.
Byte
1:
- Bit
- Meaning When Set On
- 0
- Special secure mode allowed.
- 1
- Special secure mode enabled.
- 2
- Reserved and must be zero.
- 3
- Key authentication required.
- 4
- The hardware has gone from active to inactive.
- 5
- First start of ICSF during this IPL.
- 6
- Security Server (RACF) checking required for authorized callers.
- 7
- PCF coexistence.
Bytes 2-4: Reserved | | 4 | 4 | Address of the exit name table. Table 13 describes the exit name table. | | 5 | Variable | The command input block. You can
use the IEZCIB mapping macro to map the control block. | The Exit Name Table
The exit name table
contains a list of all of the exits and their load module names. Table 13 describes the format of the exit name table.
Table 13. Format of the Exit Name Table| Offset (Dec) | Number of Bytes | Description |
|---|
| 0 | 4 | Exit name table ID. The value is
always the character string ENT. | | 4 | 2 | Exit name table version. The value
is always the character string 01. | | 6 | 2 | Length of the exit name table. This
value is in decimal. | | 8 | 4 | Number of entries in the array which
is the number of exits ICSF supplies. This value is in decimal. | | 12 | 4 | Subpool that the exit name table
is in. | | 16 | 4 | Reserved. | | 20 | 4 | Reserved. | | 24 | 4 | Reserved. | | 28 | 4 | Reserved. | | 32 | 8 | ICSF exit name 1. This value is
a character string. | | 40 | 8 | Installation load module name 1.
This value is a character string. | | 48 | 4 | Flags.
Flag bytes. Only the first
two bytes are used; bytes 3 and 4 are reserved.
Byte 1:
- Bit
- Meaning When Set On
- 0
- Exit has been requested by the installation.
- 1
- Exit has been loaded.
- 2
- Exit is active.
- 3
- If exit fails, end ICSF.
- 4
- If exit fails, do not call the exit again.
- 5
- If exit fails, fail the service.
- 6
- If exit fails, do nothing.
- 7
- Exit has failed previously.
Byte 2:
- Bit
- Meaning When Set On
- 0
- The exit should be called.
- 1
- The exit is available to the installation.
- 2
- If the security exit fails, fail the service.
- 3-7
- Reserved.
| | 52 | 4 | Address of the exit. | | 56 | 4 | Reserved. | | 60 | 4 | Reserved. | | 64 | 8 | ICSF exit name 2. This value is
a character string. | | 72 | 8 | Installation load module name 2.
This value is a character string. | | 80 | 4 | Flags.
See offset +48 for flag
byte definitions. | | 84 | 4 | Address of the exit. | | 88 | 4 | Reserved. | | 92 | 4 | Reserved. |
| x | 8 | ICSF exit name a. | | x+8 | 8 | Installation load module name a. | | x+16 | 4 | Flags.
See offset +48 for flags. | | x+20 | 4 | Address of the exit. | | x+24 | 4 | Reserved. | | x+28 | 4 | Reserved. |
|
z/OS Cryptographic Services ICSF System Programmer's Guide
Copyright IBM Corporation 1990, 2014
