dalibor.topic at oracle.com
Thu Apr 14 15:05:08 PDT 2011
On 4/14/11 10:55 PM, Sean Mullan wrote:
> On 4/14/11 4:36 PM, mark.reinhold at oracle.com wrote:
>> 2011/4/14 13:28 -0700, sean.mullan at oracle.com:
>>> On 4/14/11 3:54 PM, Mandy Chung wrote:
>>>> Just to be clear - I meant a bug in the implementation.
>>> Ok. But ...
>>> Either way there is a problem when you apply the signature. The csize cannot be
>>> calculated until after you generate the signature, but the signature encrypts a
>>> hash of the module file, which includes the csize.
>>> So either we need to exclude the size of the signature or not include the csize
>>> in the hash.
>> Hrm. Perhaps that's why we didn't include the header in the csize
>> in the first place, and so this is a bug in the specification.
> What if the csize was the size of the file except the header, signature and module-info sections? (i.e. the "rest" of the file). That would seem to align with being able to read the module file in two parts (readStart, readRest).
Yeah, that's what I thought would make sense for it to be, so chances are I (mis)interpreted the spec to fit that worldview. Oops, indeed.
Dalibor Topic | Java F/OSS Ambassador
Phone: +494023646738 <tel:+494023646738> | | | Mobile: +491772664192 <tel:+491772664192>
Oracle Java Platform Group
ORACLE Deutschland B.V. & Co. KG | Nagelsweg 55 | 20097 Hamburg
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Rijnzathe 6, 3454PV De Meern, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to developing practices and products that help protect the environment
More information about the jigsaw-dev