z/OS Version 1 Release 11 System SSL Security Policy
© Copyright IBM Corp. 2011
Page 26 of 31
14 Application Programming Interfaces (APIs)
The following Services (APIs) in Table 7 can be executed by the user. The approved/allowed services used by
the APIs are:
·
Triple DES, AES
·
SHA-1, SHA2 (SHA-224, SHA-256, SHA-384 and SHA-512)
·
HMAC-SHA, HMAC-MD5
·
RSA sign/verify, encrypt/decrypt, key generation
·
DSA sign/verify, key parameter and key generation
·
Diffie-Hellman key agreement and key generation
·
RNG
Table 7 System SSL Module Services (APIs)
SSL Service Name
Function Description
gsk_attribute_get_buffer
Returns an attribute buffer value for an SSL environment or SSL connection
gsk_attribute_get_cert_info
Returns local or partner certificate from an SSL handshake
gsk_attribute_get_data
Returns information to the application about data in the certificate request SSL
handshake message
gsk_attribute_get_enum
Returns an attribute enumerated value for an SSL environment or connection
gsk_attribute_get_numeric_value
Returns an attribute numeric value for an SSL environment or connection
gsk_attribute_set_buffer
Sets an attribute value for an SSL environment or SSL connection
gsk_attribute_set_callback
Sets the application callback routines
gsk_attribute_set_enum
Sets an attribute enum for an SSL environment or SSL connection
gsk_attribute_set_numeric_value
Sets an attribute numeric value for an SSL environment or SSL connection
gsk_attribute_set_tls_extension
Sets TLS extensions for an SSL environment or SSL connection
gsk_environment_close
Closes an SSL environment
gsk_environment_init
Establishes the SSL environment
gsk_environment_open
Gets storage and initializes SSL default environment attributes
gsk_free_cert_data
Free storage associated with returned certificate
gsk_get_cert_by_label
Gets information about a certificate
gsk_get_cipher_suites
Determines the supported SSL ciphers
gsk_get_ssl_vector
Gets addresses for all SSL functions
gsk_get_update
Checks whether SAF key ring, key database file or PKCS#11 Token has
changed since certificates were read into the SSL environment
gsk_list_free
Frees storage from gsk_attribute_get_data
gsk_secure_socket_close
Closes an SSL connection
gsk_secure_socket_init
SSL handshake is performed
gsk_secure_socket_misc
SSL rehandshake is performed
gsk_secure_socket_open
Gets storage and initializes SSL default connection attributes
gsk_secure_socket_read
Performs a secure SSL read
gsk_secure_socket_shutdown
Sends close notify alert message
gsk_secure_socket_write
Performs secure SSL write
gsk_strerror
Returns text string for an SSL or Certificate Management error code
Certificate Management Service Name
Function Description
gsk_add_record
Adds inputted record to a key or request database
gsk_change_database_password
Changes the password associated with the key database file to the inputted
password
gsk_change_database_record_length
Changes the record length of the key database record
gsk_close_database
Closes the key or request database file
gsk_close_directory
Unbinds from the LDAP directory
gsk_construct_certificate
Constructs a signed X.509 certificate
gsk_construct_private_key_rsa
Constructs an RSA private key from its component values
gsk_construct_public_key_rsa
Constructs an RSA public key from its component values
gsk_construct_renewal_request
Constructs a certification renewal request as described in PKCS #10