JDK-8131665 : Bad exception message in HandshakeHash.getFinishedHash
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 9
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2015-07-16
  • Updated: 2016-06-13
  • Resolved: 2015-07-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 JDK 9
7u101Fixed 8u101Fixed 9 b75Fixed
Description
It's possible to end up with this exception in ssl handshake code : 

Exception in thread "main" java.lang.Error: BAD
        at sun.security.ssl.HandshakeHash.getFinishedHash(HandshakeHash.java:249)
        at sun.security.ssl.HandshakeMessage$Finished.getFinished(HandshakeMessage.java:1945)
        at sun.security.ssl.HandshakeMessage$Finished.<init>(HandshakeMessage.java:1892)
        at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1192)
        at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1112)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

That's not too informative. We should set the cause of exception when throwing an Error.


Comments
setting the cause allows us to see much more detail like this example : Exception in thread "main" java.lang.Error: BAD at sun.security.ssl.HandshakeHash.getFinishedHash(HandshakeHash.java:249) at sun.security.ssl.HandshakeMessage$Finished.getFinished(HandshakeMessage.java:1945) at sun.security.ssl.HandshakeMessage$Finished.<init>(HandshakeMessage.java:1892) at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1192) at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1112) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at TestAEADCipher.readWithParticularCipher(TestAEADCipher.java:57) at TestAEADCipher.runCipherTest(TestAEADCipher.java:33) at TestAEADCipher.main(TestAEADCipher.java:23) Caused by: java.lang.RuntimeException: Could not clone digest at sun.security.ssl.HandshakeHash.cloneDigest(HandshakeHash.java:194) at sun.security.ssl.HandshakeHash.getFinishedHash(HandshakeHash.java:247) ... 14 more Caused by: java.lang.CloneNotSupportedException: SHA-256 at sun.security.pkcs11.P11Digest.clone(P11Digest.java:316) at java.security.MessageDigest$Delegate.clone(MessageDigest.java:556) at sun.security.ssl.HandshakeHash.cloneDigest(HandshakeHash.java:191) ... 15 more Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_STATE_UNSAVEABLE at sun.security.pkcs11.wrapper.PKCS11.C_GetOperationState(Native Method) at sun.security.pkcs11.P11Digest.clone(P11Digest.java:311) ... 17 more
16-07-2015