subject:"Hex error code interpreter\?"

Re: Hex error code interpreter?

2024-04-29 Thread Charles Mills

Wow, @Phil, thanks for the kind words.

I am a BIG fan of GSKSSL (z/OS Cryptographic Services System SSL), having also 
used the "competition" -- OpenSSL. GSKSSL's general approach to errors and 
settings is far superior IMHO to OpenSSL's. Far less prone to inadvertent 
stupidities that create security vulnerabilities.

That said, one of the big flaws of GSKSSL is that to do any serious problem 
determination you have to run a GSK trace, which is a little bit of a PITA of 
its own, particularly if the GSKSSL calls are buried in some other product. 
When you ran a System SSL trace on Phil's problem it turns out the first error 
-- the error returned by ICSF callable services -- was BFE (3070) A 
cryptographic operation that requires FIPS 140-2 compliance is being requested. 
The desired algorithm, mode, or key size is not approved for FIPS 140-2. 

Bingo! Easy problem, once you know what the problem is. I wish there were an 
easier way.

Charles

On Sun, 28 Apr 2024 21:11:20 -0400, Phil Smith III  wrote:

>Interesting, thanks. In this case, a gsktrace showed that it was failing GCM 
>AES in the handshake. A reminder by Charles Mills led me to look at the top of 
>the trace, and they had FIPS enabled. GCM and FIPS don't get along.
>
>So while the answers were correct, they actually wouldn't have led me to the 
>solution; Charles, however, did!
>
>What we really need is BPXMILLS, I guess...
>
>-Original Message-
>From: IBM Mainframe Discussion List  On Behalf Of 
>Ramsey Hallman
>Sent: Sunday, April 28, 2024 5:52 PM
>To: IBM-MAIN@LISTSERV.UA.EDU
>Subject: Re: Hex error code interpreter?
>
>Colin, MVS/Quickref definitely has the IBM z/OS Cryptographic Services System 
>SSL messages. If you have access to Quickref, simply leave the "0x"
>off of the message (as the codes are presented within the IBM
>documentation) and search for an item of 03353084:
>
> - V=IBM P=Z/OS CRYPTO SSL MSGS
>R=V3R1 I=03353084
> * Text Below Copyright (c) 2024, IBM
>*
>03353084 ICSF callable service returned an error.
>
>
>
>Explanation
>
>Ensure that ICSF is operating correctly and if access to the ICSF callable
>
>services are protected with CSFSERV class profiles that the user ID of the
>
>application has READ access to the profiles protecting the ICSF callable
>
>services. See Table 5 on page 15or Table 6 on page 16 for information about
>
>the required resource profile access. If the problem persists, collect a
>
>System SSL trace and contact your service representative.
>
>
>
>User response
>
>Ensure that ICSF is operating correctly and that the user ID of the
>
>application has appropriate access to the CSFSERV class RACF resource
>
>profiles. See Table 5 on page 15 or Table 6 on page 16 for information about 
>required resource profile access. Collect a System SSL trace and verify the
>
>ICSF return code and reason code relating to the error. See z/OS Cryptographic 
>Services ICSF Application Programmer's Guide for more information about ICSF 
>return and reason codes. If the problem persists contact your service
>
>representative.
>
>
>Ramsey Hallman
>MVS/Quickref Support Group
>
>On Sat, Apr 27, 2024 at 7:09 AM Colin Paice < 
>059d4daca697-dmarc-requ...@listserv.ua.edu> wrote:
>
>> See gsk_strerror()
>> <https://www.ibm.com/docs/en/zos/2.4.0?topic=reference-gsk-strerror>
>>
>> On Fri, 26 Apr 2024 at 23:16, Phil Smith III  wrote:
>>
>> > Did I dream it, or is there some utility that can take an error such 
>> > as
>> > gsk_encrypt_tls13_record(): AES GCM Encryption failed: Error 
>> > 0x03353084 and interpret the 0x03353084? I swear I remember seeing 
>> > this but can't find it now. Getting old sucks*.
>> >
>> > *But consider the alternatives.
>> >
>> > 
>> > -- For IBM-MAIN subscribe / signoff / archive access instructions, 
>> > send email to lists...@listserv.ua.edu with the message: INFO 
>> > IBM-MAIN
>> >
>>
>> --
>> For IBM-MAIN subscribe / signoff / archive access instructions, send 
>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>
>
>--
>For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
>lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>--
>For IBM-MAIN subscribe / signoff / archive access instructions,
>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-28 Thread Phil Smith III

Interesting, thanks. In this case, a gsktrace showed that it was failing GCM 
AES in the handshake. A reminder by Charles Mills led me to look at the top of 
the trace, and they had FIPS enabled. GCM and FIPS don't get along.

So while the answers were correct, they actually wouldn't have led me to the 
solution; Charles, however, did!

What we really need is BPXMILLS, I guess...

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Ramsey Hallman
Sent: Sunday, April 28, 2024 5:52 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Hex error code interpreter?

Colin, MVS/Quickref definitely has the IBM z/OS Cryptographic Services System 
SSL messages. If you have access to Quickref, simply leave the "0x"
off of the message (as the codes are presented within the IBM
documentation) and search for an item of 03353084:

 - V=IBM P=Z/OS CRYPTO SSL MSGS
R=V3R1 I=03353084
 * Text Below Copyright (c) 2024, IBM
*
03353084 ICSF callable service returned an error.

Explanation

Ensure that ICSF is operating correctly and if access to the ICSF callable

services are protected with CSFSERV class profiles that the user ID of the

application has READ access to the profiles protecting the ICSF callable

services. See Table 5 on page 15or Table 6 on page 16 for information about

the required resource profile access. If the problem persists, collect a

System SSL trace and contact your service representative.

User response

Ensure that ICSF is operating correctly and that the user ID of the

application has appropriate access to the CSFSERV class RACF resource

profiles. See Table 5 on page 15 or Table 6 on page 16 for information about 
required resource profile access. Collect a System SSL trace and verify the

ICSF return code and reason code relating to the error. See z/OS Cryptographic 
Services ICSF Application Programmer's Guide for more information about ICSF 
return and reason codes. If the problem persists contact your service

representative.

Ramsey Hallman
MVS/Quickref Support Group

On Sat, Apr 27, 2024 at 7:09 AM Colin Paice < 
059d4daca697-dmarc-requ...@listserv.ua.edu> wrote:

> See gsk_strerror()
> <https://www.ibm.com/docs/en/zos/2.4.0?topic=reference-gsk-strerror>
>
> On Fri, 26 Apr 2024 at 23:16, Phil Smith III  wrote:
>
> > Did I dream it, or is there some utility that can take an error such 
> > as
> > gsk_encrypt_tls13_record(): AES GCM Encryption failed: Error 
> > 0x03353084 and interpret the 0x03353084? I swear I remember seeing 
> > this but can't find it now. Getting old sucks*.
> >
> > *But consider the alternatives.
> >
> > 
> > -- For IBM-MAIN subscribe / signoff / archive access instructions, 
> > send email to lists...@listserv.ua.edu with the message: INFO 
> > IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-28 Thread Ramsey Hallman

Colin, MVS/Quickref definitely has the IBM z/OS Cryptographic Services
System SSL messages. If you have access to Quickref, simply leave the "0x"
off of the message (as the codes are presented within the IBM
documentation) and search for an item of 03353084:

 - V=IBM P=Z/OS CRYPTO SSL MSGS
R=V3R1 I=03353084
 * Text Below Copyright (c) 2024, IBM
*
03353084 ICSF callable service returned an error.

Explanation

Ensure that ICSF is operating correctly and if access to the ICSF callable

services are protected with CSFSERV class profiles that the user ID of the

application has READ access to the profiles protecting the ICSF callable

services. See Table 5 on page 15or Table 6 on page 16 for information about

the required resource profile access. If the problem persists, collect a

System SSL trace and contact your service representative.

User response

Ensure that ICSF is operating correctly and that the user ID of the

application has appropriate access to the CSFSERV class RACF resource

profiles. See Table 5 on page 15 or Table 6 on page 16 for information
about
required resource profile access. Collect a System SSL trace and verify the

ICSF return code and reason code relating to the error. See z/OS
Cryptographic
Services ICSF Application Programmer's Guide for more information about
ICSF
return and reason codes. If the problem persists contact your service

representative.

Ramsey Hallman
MVS/Quickref Support Group

On Sat, Apr 27, 2024 at 7:09 AM Colin Paice <
059d4daca697-dmarc-requ...@listserv.ua.edu> wrote:

> See gsk_strerror()
> 
>
> On Fri, 26 Apr 2024 at 23:16, Phil Smith III  wrote:
>
> > Did I dream it, or is there some utility that can take an error such as
> > gsk_encrypt_tls13_record(): AES GCM Encryption failed: Error 0x03353084
> > and interpret the 0x03353084? I swear I remember seeing this but can't
> > find it now. Getting old sucks*.
> >
> > *But consider the alternatives.
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-27 Thread Phil Smith III

Thanks to all; BPXMTEXT is what I was looking for, though it didn't help in 
this case.

-Original Message-
From: Phil Smith III  
Sent: Friday, April 26, 2024 6:16 PM
To: 'IBM Mainframe Discussion List' ; 
'mvs...@vm.marist.edu' 
Subject: Hex error code interpreter?

Did I dream it, or is there some utility that can take an error such as
gsk_encrypt_tls13_record(): AES GCM Encryption failed: Error 0x03353084 and 
interpret the 0x03353084? I swear I remember seeing this but can't find it now. 
Getting old sucks*.

*But consider the alternatives.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-27 Thread Colin Paice

See gsk_strerror()


On Fri, 26 Apr 2024 at 23:16, Phil Smith III  wrote:

> Did I dream it, or is there some utility that can take an error such as
> gsk_encrypt_tls13_record(): AES GCM Encryption failed: Error 0x03353084
> and interpret the 0x03353084? I swear I remember seeing this but can't
> find it now. Getting old sucks*.
>
> *But consider the alternatives.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-27 Thread David Geib

Here is the link (3,1)

https://www.ibm.com/docs/en/zos/3.1.0?topic=errnojrs-description-location-information

Reason codes are sometimes referred to as errnojrs or as errno2 values.

The reason code is made up of 4 bytes in the following format:
   rrr

 is a halfword reason code qualifier. Generally this is used to identify 
the issuing module and represents a module ID.
 is the halfword reason code that is described in this documentation. Only 
this part of the reason code is intended as an interface for programmers.
If the contents of the two high-order bytes are within the range of X'' – 
X'20FF' the error that is represented by the reason code is provided in this 
documentation. The two high-order bytes of the reason codes returned contain a 
value that is used to qualify the contents of the two low-order bytes.

If the contents of the two high-order bytes are outside the range, the error 
that is represented by the reason code is not a z/OS UNIX reason code. Use 
Table 1 to determine where additional information on the reason code can be 
found.
For z/OS® UNIX, zFS, TCP/IP and Language Environment® reason codes, users can 
use either the BPXMTEXT TSO/E command or the bpxmtext shell command to display 
a reason code's meaning and recommended action.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-26 Thread Eric Rossman

BPXMTEXT is for errno. The return value from gskit calls are not errno s.

From: IBM Mainframe Discussion List  on behalf of Sri 
Hari Kolusu 
Sent: Friday, April 26, 2024 8:38:28 PM
To: IBM-MAIN@LISTSERV.UA.EDU 
Subject: [EXTERNAL] Re: Hex error code interpreter?

Phil,

You can use the command TSO EXEC 'SYS1.SBPXEXEC(BPXMTEXT)' 'your 8 digit hex 
code' or $ bpxmtext hexcode from shell to get the description of the errnox .

TSO EXEC 'SYS1.SBPXEXEC(BPXMTEXT)' '0594003D' results in

BPXFVLKP 09/23/23
JRDirNotFound: A directory in the pathname was not found

Action: One of the directories specified was not found.  Verify that the name
specified is spelled correctly.

However, TSO EXEC 'SYS1.SBPXEXEC(BPXMTEXT)' '03353084' just results in BPXFSIT 
10/29/19   which is not that helpful

Thanks,
Kolusu

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-26 Thread Sri Hari Kolusu

Phil,

You can use the command TSO EXEC 'SYS1.SBPXEXEC(BPXMTEXT)' 'your 8 digit hex 
code' or $ bpxmtext hexcode from shell to get the description of the errnox .

TSO EXEC 'SYS1.SBPXEXEC(BPXMTEXT)' '0594003D' results in

BPXFVLKP 09/23/23
JRDirNotFound: A directory in the pathname was not found

Action: One of the directories specified was not found.  Verify that the name
specified is spelled correctly.


However, TSO EXEC 'SYS1.SBPXEXEC(BPXMTEXT)' '03353084' just results in BPXFSIT 
10/29/19   which is not that helpful

Thanks,
Kolusu



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-26 Thread Charles Mills

Well, any UNIX error code interpreter is perforce going to be somewhat 
UNIX-centric.

strerror() I believe interprets errno values. This command interprets errnojr 
values, kind of analogous to reason codes for errno error codes. 

My V2R4 system does not have LOOKAT on it so I can't try it.

I doubt that ChicagoSoft goes to this depth (but I could be wrong). These are 
really obscure and detailed error explanations.

BTW, what is the etymology of errnojr? I always think of it as Errno Junior.

CM

On Fri, 26 Apr 2024 18:20:04 -0500, Paul Gilmartin  wrote:

>On Fri, 26 Apr 2024 18:09:50 -0500, Charles Mills wrote:
>
>>https://www.ibm.com/docs/en/zos-basic-skills?topic=messages-bpxmtext-zos-unix-reason-codes
>> 
>UNIX-centric?  As is SYSCALL STRERROR
>
>Is the network service LOOKAT  current?
>
>Otherwise, there's ChicagoSoft.
>
>-- 
>gil
>
>--
>For IBM-MAIN subscribe / signoff / archive access instructions,
>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-26 Thread Paul Gilmartin

On Fri, 26 Apr 2024 18:09:50 -0500, Charles Mills wrote:

>https://www.ibm.com/docs/en/zos-basic-skills?topic=messages-bpxmtext-zos-unix-reason-codes
> 
UNIX-centric?  As is SYSCALL STRERROR

Is the network service LOOKAT  current?

Otherwise, there's ChicagoSoft.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

2024-04-26 Thread Charles Mills

https://www.ibm.com/docs/en/zos-basic-skills?topic=messages-bpxmtext-zos-unix-reason-codes

Although it is coming up with nonsense for your error code on my V2R4 system. I 
can try it on a V3R1 system if you really need.

I also have code somewhere for calling the underlying service (not the shell 
command) from code if you want.

Charles

On Fri, 26 Apr 2024 18:16:00 -0400, Phil Smith III  wrote:

>Did I dream it, or is there some utility that can take an error such as
>gsk_encrypt_tls13_record(): AES GCM Encryption failed: Error 0x03353084
>and interpret the 0x03353084? I swear I remember seeing this but can't find it 
>now. Getting old sucks*.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Hex error code interpreter?

2024-04-26 Thread Phil Smith III

Did I dream it, or is there some utility that can take an error such as
gsk_encrypt_tls13_record(): AES GCM Encryption failed: Error 0x03353084
and interpret the 0x03353084? I swear I remember seeing this but can't find it 
now. Getting old sucks*.

*But consider the alternatives.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Re: Hex error code interpreter?

Hex error code interpreter?

12 matches

Site Navigation

Mail list logo

Footer information