widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merges to android Pi release (part 6)

Browse Source 
These are a set of CLs merged from the wv cdm repo to the android repo.

* Enable Cast for Android Things build.

  Author: Thoren Paulson <thoren@google.com>

  [ Merge of http://go/wvgerrit/29941 ]

  Added a path to make_cast_libwvlevel3 for Android Things. Added the new
  system id to the preprocessor guards in android_keybox.cpp. Guarded the
  references to stderr in page_allocator.cpp because for some reason they
  don't get resolved when we link against the resulting library.

  BUG: 63443584

* Resolve memory leaks in use of OpenSSL.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32700 ]

  Use of EVP_CIPHER_CTX requires a call to EVP_CIPHER_CTX_cleanup().

* Memory leak in OpenSSL RSA key handling.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32621 ]

  This fixes a range of tests. --gtest_filter="CdmDecrypt*" runs
  five tests and still loses 5 objects totalling 1320 bytes (down
  from 6200 bytes).

* Unit test and mock OEMCrypto memory leaks.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32640 ]

  More memory leak cleanup. All remaining leaks are due
  to calls to CRYPTO_malloc() without the matching free
  (i.e., calls into openssl).

* Clean up memory leaks in tests.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32600 ]

  This is the first pass at cleaning up memory leaks. These leaks
  were affecting a lot of tests, making it hard to identify more
  serious leaks.

  Switch to unique_ptr<> pointers for CdmEngine in
  generic_crypto_unittest tests for FileSystem object in
  mock OEMCrypto's CryptoEngine object.

* Fix broken tests - linux-only & address sanitizer failures.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32460 ]

  Fix broken test:
    WvCdmEnginePreProvTestStaging.ServiceCertificateInitialNoneTest

  Fix failures found by address sanitizer:
    DeviceFilesUsageInfoTest.RetrieveByProviderSessionToken
    DeviceFilesUsageInfoTest.UpdateUsageInfo

  NOTE: address sanitizer cannot handle EXPECT_CALL macros containing
  a call with a Contains matcher as an argument, e.g.:

  EXPECT_CALL(file,
              Write(Contains(certificate, wrapped_private_key, 0),
                    Gt(certificate.size() + wrapped_private_key.size())))

  The address sanitizer reports a crash, issues a report, and stops. A
  temporary fix is to replace the "Contains()" argument with "_".

* Usage license handling corrections

  Author: Rahul Frias <rfrias@google.com>

  [ Merge of http://go/wvgerrit/28540 ]

  Validate that offline licenses that do not contain a provider session
  token are not handled by the TEE.

  BUG: 38490468

  Test: WV Unit/integration tests, GtsMediaTestCases,
        WvCdmRequestLicenseTest.ReleaseRetryL3OfflineKeySessionUsageDisabledTest

* UsageTableEntry::CopyOldUsageEntry memcpy read out of range.

  Author: Gene Morgan <gmorgan@google.com>

  [ Merge of http://go/wvgerrit/32220 ]

  The function copies the pst from a variable length input vector
  into a 256 byte character array. But the length argument was a
  fixed value - MAC_KEY_SIZE. Depending on the actual PST length this
  can lead to memcpy reading out of bounds or the PST getting truncated.

BUG: 71650075
Test: Not currently passing. Will be addressed in a subsequent
  commit in the chain.

Change-Id: I81a4593d7d04d0ef6069ce48d0601b6fbdd85de9
This commit is contained in:
Rahul Frias
2018-01-09 22:56:21 -08:00
parent b7c9ad57c9
commit 00da44bb68
63 changed files with 977 additions and 582 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libwvdrmengine/oemcrypto/mock/src/oemcrypto_session.cpp
View File

@@ -74,8 +74,14 @@ bool SessionContext::DeriveKey(const std::vector<uint8_t>& key,
const EVP_CIPHER* cipher = EVP_aes_128_cbc();
CMAC_CTX* cmac_ctx = CMAC_CTX_new();
if (!cmac_ctx) {
LOGE("[DeriveKey(): OEMCrypto_ERROR_CMAC_FAILURE]");
return false;
}
if (!CMAC_Init(cmac_ctx, &key[0], key.size(), cipher, 0)) {
LOGE("[DeriveKey(): OEMCrypto_ERROR_CMAC_FAILURE]");
CMAC_CTX_free(cmac_ctx);
return false;
}
@@ -85,6 +91,7 @@ bool SessionContext::DeriveKey(const std::vector<uint8_t>& key,
if (!CMAC_Update(cmac_ctx, &message[0], message.size())) {
LOGE("[DeriveKey(): OEMCrypto_ERROR_CMAC_FAILURE]");
CMAC_CTX_free(cmac_ctx);
return false;
}
@@ -92,6 +99,7 @@ bool SessionContext::DeriveKey(const std::vector<uint8_t>& key,
uint8_t res[128];
if (!CMAC_Final(cmac_ctx, res, &reslen)) {
LOGE("[DeriveKey(): OEMCrypto_ERROR_CMAC_FAILURE]");
CMAC_CTX_free(cmac_ctx);
return false;
}
@@ -1291,6 +1299,7 @@ OEMCryptoResult SessionContext::DecryptCTR(const uint8_t* key_u8,
EVP_CIPHER_CTX_set_padding(&ctx, 0);
if (!EVP_DecryptInit_ex(&ctx, EVP_aes_128_ctr(), NULL, key_u8, aes_iv_u8)) {
LOGE("[DecryptCTR(): EVP_INIT ERROR]");
EVP_CIPHER_CTX_cleanup(&ctx);
return OEMCrypto_ERROR_DECRYPT_FAILED;
}
@@ -1310,6 +1319,7 @@ OEMCryptoResult SessionContext::DecryptCTR(const uint8_t* key_u8,
if (!EVP_DecryptUpdate(&ctx, &clear_data[l], &out_len, &cipher_data[l],
decrypt_length)) {
LOGE("[DecryptCTR(): EVP_UPDATE_ERROR]");
EVP_CIPHER_CTX_cleanup(&ctx);
return OEMCrypto_ERROR_DECRYPT_FAILED;
}
l += decrypt_length;
@@ -1319,6 +1329,7 @@ OEMCryptoResult SessionContext::DecryptCTR(const uint8_t* key_u8,
if (!EVP_DecryptFinal_ex(
&ctx, &clear_data[cipher_data_length - remaining], & final)) {
LOGE("[DecryptCTR(): EVP_FINAL_ERROR]");
EVP_CIPHER_CTX_cleanup(&ctx);
return OEMCrypto_ERROR_DECRYPT_FAILED;
}
EVP_CIPHER_CTX_cleanup(&ctx);