sean.mullan at oracle.com
Thu Apr 14 13:55:14 PDT 2011
On 4/14/11 4:36 PM, mark.reinhold at oracle.com wrote:
> 2011/4/14 13:28 -0700, sean.mullan at oracle.com:
>> On 4/14/11 3:54 PM, Mandy Chung wrote:
>>> Just to be clear - I meant a bug in the implementation.
>> Ok. But ...
>> Either way there is a problem when you apply the signature. The csize cannot be
>> calculated until after you generate the signature, but the signature encrypts a
>> hash of the module file, which includes the csize.
>> So either we need to exclude the size of the signature or not include the csize
>> in the hash.
> Hrm. Perhaps that's why we didn't include the header in the csize
> in the first place, and so this is a bug in the specification.
What if the csize was the size of the file except the header, signature and
module-info sections? (i.e. the "rest" of the file). That would seem to align
with being able to read the module file in two parts (readStart, readRest).
More information about the jigsaw-dev