Haystack: Forbid DeriveKeysFromSessionKey after a license is loaded

[ Merge of http://go/wvgerrit/199050 ]

Fix to L3 renewal policy bypass attack:
OEMCrypto_DeriveKeysFromSessionKey cannot be called after a license is
loaded.

Re-generated L3 from oemcrypto-v19 branch.
Also needed to update a few tests because it now returns a different
error code.

Test: tested with
https: //widevine-internal-review.git.corp.google.com/c/cdm/+/196392
Bug: 334154045

Merged from https://widevine-internal-review.googlesource.com/197957

Change-Id: Id0e81123b140085654106e99a05ae2405091f101

libwvdrmengine/oemcrypto/test/oemcrypto_license_test.cpp

@@ -213,7 +213,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyNoNonceTwiceAPI16) {
   ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
   ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
   // A second load, should NOT succeed.
-  ASSERT_EQ(OEMCrypto_ERROR_LICENSE_RELOAD, license_messages_.LoadResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
 }
 
 // Verify that a second license may not be loaded in a session.
@@ -223,7 +223,7 @@ TEST_P(OEMCryptoLicenseTest, LoadKeyWithNonceTwiceAPI16) {
   ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
   ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
   // A second load, should NOT succeed.
-  ASSERT_EQ(OEMCrypto_ERROR_LICENSE_RELOAD, license_messages_.LoadResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
 }
 
 // This tests load license with an 8k license response.
@@ -496,7 +496,7 @@ TEST_P(OEMCryptoLicenseTest, LoadLicenseAgainFailureAPI16) {
   ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse());
   ASSERT_NO_FATAL_FAILURE(license_messages_.EncryptAndSignResponse());
   ASSERT_EQ(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
-  ASSERT_EQ(OEMCrypto_ERROR_LICENSE_RELOAD, license_messages_.LoadResponse());
+  ASSERT_NE(OEMCrypto_SUCCESS, license_messages_.LoadResponse());
 }
 
 TEST_P(OEMCryptoLicenseTest, LoadKeysBadSignatureAPI16) {