It is safe. CSNBOWH only uses CPACF for SHA-1 (and SHA-2/SHA-3). For some of the other CSNBOWH rules, we do use software but none of the rules use CEX coprocessors, which is why the service is not in the CICS WAITLIST (CSFWTL01). Any service in CSFWTL01 could potentially get suspended so needs to be off the QR task but CSFOWH (CSNBOWH) is not one of those services.
Eric Rossman --------------------------------- ICSF Security Architect z/OS Security --------------------------------- -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Farley, Peter Sent: Saturday, February 7, 2026 7:10 PM To: [email protected] Subject: [EXTERNAL] Is it safe to call ICSF service CSNBOWH in CICS? Cross posted to CICS-L and IBM-MAIN. I have a POC that will require me to compute a simple SHA-1 hash of a text value less than 64 bytes long to create a 20-byte value that is unique enough for purposes of the POC. As far as I can tell so far, more complex hashes are not needed for the expected text values. In my testing so far, the first 10 bytes of the SHA-1 value turn out to be unique enough. The ICSF callable service CSNBOWH is what I am using to compute the SHA-1 value, and the batch testing I have done so far shows acceptable performance and 100% uniqueness for purposes of the POC. The hash function will be invoked fairly frequently, at least multiple times (probably less than 20 though) in a single CICS transaction or batch record process. My question is whether it safe to directly call CSNBOWH in a CICS application (dynamic CALL, not CICS LINK) that is running in the QR task? The SHA-1 function of CSNBOWH is documented as only requiring CPACF hardware so I have been ASSUMING that calling this service will not cause a wait in the QR task, but I felt it would be better to ask the assembled expertise on these lists. Alternatively, is there a CICS function or command that I should use instead of calling CSNBOWH to compute a SHA-1 hash? Peter This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
