Fixed Android >= 8.0 SSL issue (fixes #105

author: Benoit Foucher <benoit@zeroc.com> 2018-06-21 09:10:28 +0200
committer: Benoit Foucher <benoit@zeroc.com> 2018-06-21 09:10:28 +0200
commit: e1ae31bc62a82255d9aecc38f05271bc04f64cf6 (patch)
tree: a8a22cb0c0c7496439731de18efc9fd2eb29cfc0
parent: Ice/scope fix Android and UWP builds (diff)
download: ice-e1ae31bc62a82255d9aecc38f05271bc04f64cf6.tar.bz2
ice-e1ae31bc62a82255d9aecc38f05271bc04f64cf6.tar.xz
ice-e1ae31bc62a82255d9aecc38f05271bc04f64cf6.zip
5 files changed, 46 insertions, 17 deletions
diff --git a/CHANGELOG-3.7.md b/CHANGELOG-3.7.md
index 161b532131b..827bd919bd1 100644
--- a/CHANGELOG-3.7.md
+++ b/CHANGELOG-3.7.md
@@ -43,6 +43,11 @@ These are the changes since Ice 3.7.1 included in this pre-release.
   with a cbBuffer value of 0. This occurred when running the JavaScript tests
   with Firefox and using a C++ debug build.
 
+## Java Changes
+
+- Fixed Android IceSSL issue which would cause SSL connections to hang
+  with Android >= 8.0.
+
 # Changes in Ice 3.7.1
 
 These are the changes since Ice 3.7.0.
diff --git a/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java b/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java
index 4f76e7cefe5..a4cb19b8723 100644
--- a/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java
+++ b/java-compat/src/Ice/src/main/java/IceSSL/SSLEngine.java
@@ -781,15 +781,23 @@ class SSLEngine
     javax.net.ssl.SSLEngine createSSLEngine(boolean incoming, String host, int port)
     {
         javax.net.ssl.SSLEngine engine;
-        if(host != null)
+        try
         {
-            engine = _context.createSSLEngine(host, port);
+            if(host != null)
+            {
+                engine = _context.createSSLEngine(host, port);
+            }
+            else
+            {
+                engine = _context.createSSLEngine();
+            }
+            engine.setUseClientMode(!incoming);
         }
-        else
+        catch(Exception ex)
         {
-            engine = _context.createSSLEngine();
+            throw new Ice.SecurityException("IceSSL: couldn't create SSL engine", ex);
         }
-        engine.setUseClientMode(!incoming);
+
 
         String[] cipherSuites = filterCiphers(engine.getSupportedCipherSuites(), engine.getEnabledCipherSuites());
         try
diff --git a/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java b/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java
index d3542f79774..912dc1de2e7 100644
--- a/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java
+++ b/java-compat/src/Ice/src/main/java/IceSSL/TransceiverI.java
@@ -51,19 +51,23 @@ final class TransceiverI implements IceInternal.Transceiver
             final String host = _incoming ? (ipInfo != null ? ipInfo.remoteAddress : "") : _host;
             final int port = ipInfo != null ? ipInfo.remotePort : -1;
             _engine = _instance.createSSLEngine(_incoming, host, port);
-            _appInput = ByteBuffer.allocateDirect(_engine.getSession().getApplicationBufferSize() * 2);
+            _appInput = ByteBuffer.allocate(_engine.getSession().getApplicationBufferSize() * 2);
+
+            // Require BIG_ENDIAN byte buffers. This is needed for Android >= 8.0 which can read
+            // the SSL messages directly with these buffers.
             int bufSize = _engine.getSession().getPacketBufferSize() * 2;
-            _netInput = new IceInternal.Buffer(ByteBuffer.allocateDirect(bufSize * 2));
-            _netOutput = new IceInternal.Buffer(ByteBuffer.allocateDirect(bufSize * 2));
+            _netInput = new IceInternal.Buffer(ByteBuffer.allocateDirect(bufSize * 2), java.nio.ByteOrder.BIG_ENDIAN);
+            _netOutput = new IceInternal.Buffer(ByteBuffer.allocateDirect(bufSize * 2), java.nio.ByteOrder.BIG_ENDIAN);
         }
 
+        assert(_engine != null);
+
         int status = handshakeNonBlocking();
         if(status != IceInternal.SocketOperation.None)
         {
             return status;
         }
 
-        assert(_engine != null);
 
         SSLSession session = _engine.getSession();
         _cipher = session.getCipherSuite();
diff --git a/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java b/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java
index ed850eefc3f..36ea805b679 100644
--- a/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java
+++ b/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/SSLEngine.java
@@ -787,15 +787,22 @@ class SSLEngine
     javax.net.ssl.SSLEngine createSSLEngine(boolean incoming, String host, int port)
     {
         javax.net.ssl.SSLEngine engine;
-        if(host != null)
+        try
         {
-            engine = _context.createSSLEngine(host, port);
+            if(host != null)
+            {
+                engine = _context.createSSLEngine(host, port);
+            }
+            else
+            {
+                engine = _context.createSSLEngine();
+            }
+            engine.setUseClientMode(!incoming);
         }
-        else
+        catch(Exception ex)
         {
-            engine = _context.createSSLEngine();
+            throw new com.zeroc.Ice.SecurityException("IceSSL: couldn't create SSL engine", ex);
         }
-        engine.setUseClientMode(!incoming);
 
         String[] cipherSuites = filterCiphers(engine.getSupportedCipherSuites(), engine.getEnabledCipherSuites());
         try
diff --git a/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/TransceiverI.java b/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/TransceiverI.java
index fa2fa1fbeaf..c080bbbc260 100644
--- a/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/TransceiverI.java
+++ b/java/src/IceSSL/src/main/java/com/zeroc/IceSSL/TransceiverI.java
@@ -52,10 +52,15 @@ final class TransceiverI implements com.zeroc.IceInternal.Transceiver
             final String host = _incoming ? (ipInfo != null ? ipInfo.remoteAddress : "") : _host;
             final int port = ipInfo != null ? ipInfo.remotePort : -1;
             _engine = _instance.createSSLEngine(_incoming, host, port);
-            _appInput = ByteBuffer.allocateDirect(_engine.getSession().getApplicationBufferSize() * 2);
+            _appInput = ByteBuffer.allocate(_engine.getSession().getApplicationBufferSize() * 2);
+
+            // Require BIG_ENDIAN byte buffers. This is needed for Android >= 8.0 which can read
+            // the SSL messages directly with these buffers.
             int bufSize = _engine.getSession().getPacketBufferSize() * 2;
-            _netInput = new com.zeroc.IceInternal.Buffer(ByteBuffer.allocateDirect(bufSize * 2));
-            _netOutput = new com.zeroc.IceInternal.Buffer(ByteBuffer.allocateDirect(bufSize * 2));
+            _netInput = new com.zeroc.IceInternal.Buffer(ByteBuffer.allocateDirect(bufSize * 2),
+                                                         java.nio.ByteOrder.BIG_ENDIAN);
+            _netOutput = new com.zeroc.IceInternal.Buffer(ByteBuffer.allocateDirect(bufSize * 2),
+                                                          java.nio.ByteOrder.BIG_ENDIAN);
         }
 
         int status = handshakeNonBlocking();
author	Benoit Foucher <benoit@zeroc.com>	2018-06-21 09:10:28 +0200
committer	Benoit Foucher <benoit@zeroc.com>	2018-06-21 09:10:28 +0200
commit	e1ae31bc62a82255d9aecc38f05271bc04f64cf6 (patch)
tree	a8a22cb0c0c7496439731de18efc9fd2eb29cfc0
parent	Ice/scope fix Android and UWP builds (diff)
download	ice-e1ae31bc62a82255d9aecc38f05271bc04f64cf6.tar.bz2 ice-e1ae31bc62a82255d9aecc38f05271bc04f64cf6.tar.xz ice-e1ae31bc62a82255d9aecc38f05271bc04f64cf6.zip