Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-18242

Remove GetSession Info call before pulling session from pool during HSM signing operation

    XMLWordPrintable

Details

    • Hide
      Enable HSM for Fabric components.
      Turn on pkcs11 debug logs in peer.
      Before each HSM signing operation, you'll see a GetSessionInfo call. Remove that.
      Show
      Enable HSM for Fabric components. Turn on pkcs11 debug logs in peer. Before each HSM signing operation, you'll see a GetSessionInfo call. Remove that.

    Description

      A getSessionInfo call was added recently in Fabric to verify each HSM session when it is taken from the pool but before it is used.  This was done given the issues with the HSM proxy which is being removed.

       

      The issue with this call is in our performance test environment, this call is taking .7 seconds.  Since it is done on each signing operation, that's causing pretty bad performance for HSM enabled components.

       

      There was discussion around moving the check and making it asynchronous which may help.  A better option was to look closely at the error that was returned when a signing operation failed and if it failed due to a bad session, use that failure to remove that session from the tool vs a separate remote grpc call that is expensive.  However, given the urgency, removing the check would be fine for now.

      Attachments

        Issue Links

          Activity

            People

              btl5037 Brett Logan
              ptippett Paul Tippett
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: